Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

October 08, 2024

Apigee Advanced API Security

On October 8, 2024 we released an updated version of Advanced API Security.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

New features added to the Risk Assessment v2 preview

This release introduces new features to the Risk Assessment v2 preview:

  • Support for custom security profiles. You can create your own security profiles, with unique combinations of risk assessment checks and weights, to use for proxy risk assessment.
  • New assessment checks. We've added additional checks you can use when assessing proxy risk.
  • Assess proxies across multiple profiles. You can now switch between security profiles to see differences in scoring across profiles.

For usage information and a list of all features in Risk Assessment v2, see the Risk Assessment v2 customer documentation.

Apigee X

On October 8, 2024, we released an updated version of Apigee (1-13-0-apigee-6).

This release addresses the security concerns in GCP-2024-052 from Google Anthos Service Mesh.

Bug ID Description
361714906 Fixed synchronization issue with Cloud KMS keys

Implemented recovery mechanism for the Apigee dataplane in the event of an extended disruption in the CloudKMS key service.

361044374 Resolved issue with incorrect payloads shown in debug trace

When using debug trace with the AssignMessage policy, the UI now displays the correct request and response payloads.

N/A Updates to security infrastructure and libraries.
BigQuery

You can now use pipe syntax anywhere you write GoogleSQL. Pipe syntax supports a linear query structure designed to make your queries easier to read, write, and maintain. This feature is in Preview.

Bigtable

Hot backups, optimized backups to restore your data to production performance availability more efficiently, are now generally available (GA). For more information, see Backups overview.

Cloud Database Migration Service

Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL does not automatically enable point-in-time recovery (PITR) for the destination instance when you promote the migration job. You can enable PITR after the migration is complete.

For more information, see Promote a migration and Known limitations.

Compute Engine

Preview: An updated version of the gVNIC driver for Windows offers improved network performance and support for Jumbo frames. For more information, see Update to the latest gVNIC driver for Windows.

Security Command Center

Vulnerability management dashboard released to Preview

The new Vulnerability management dashboard lets you investigate CVE vulnerabilities identified in your Google Cloud and AWS environments.

This feature is available in Preview.

October 07, 2024

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.63.1 (2024-10-01)

Bug Fixes
  • bigquery/storage: Increase method timeout to 240s for BigQuery Metastore Partition Service API version v1alpha (fdb4ea9)
  • bigquery: Create read session with client or job projectID (#10932) (f98396e)
  • bigquery: Missing schema for empty result set on stateless queries (#10935) (28a069a)

Java

Changes for google-cloud-bigquery

2.43.0 (2024-10-01)

Features
  • Add max staleness to ExternalTableDefinition (#3499) (f1ebd5b)

2.42.4 (2024-09-30)

Dependencies
  • Update actions/checkout action to v4.2.0 (#3495) (b57fefb)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.51.0 (#3480) (986b036)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.53.0 (#3504) (57ce901)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240905-2.0.0 (#3483) (a6508a2)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.55.0 (#3481) (8908cfd)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.57.0 (#3505) (6e78f56)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.0 (#3490) (a72c582)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#3496) (8f2e5c5)
  • Update dependency ubuntu to v24 (#3498) (4f87ade)
  • Update github/codeql-action action to v2.26.10 (#3506) (ca71294)
  • Update github/codeql-action action to v2.26.7 (#3482) (e2c94b6)
  • Update github/codeql-action action to v2.26.8 (#3488) (a6d75de)
  • Update github/codeql-action action to v2.26.9 (#3494) (8154043)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.45.0 (2024-10-03)

Features
  • Add support for Cloud Bigtable Node Scaling Factor for CBT Clusters (caf879c)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.46.1 (caf879c)
  • Support override monitoring endpoint (#2364) (a341eb8)
Dependencies
  • Downgrade grpc to 1.67.1 (#2366) (1baecb3)
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.45.0 (#2363) (9d24c45)
Cloud Logging

You can now include pipe syntax in the SQL queries you run on the Log Analytics page. For more information, see the BigQuery documentation about pipe syntax.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.3 (2024-10-01)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#1698) (9491512)
  • Update dependency org.apache.maven.plugins:maven-deploy-plugin to v3.1.3 (2b6ea70)
Cloud Monitoring

The user interface for configuring which events to show on a dashboard has been simplified. For more information, see Show events on a dashboard.

Datastream

The maximum row size that Datastream supports when streaming data to Cloud Storage is now increased to 100 MB.

Filestore

Deletion protection is now generally available for Filestore instances.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.22.0 (2024-09-26)

Features
  • Add sample code for multiple inequalities indexing consideration query (#1579) (1286792)
  • Introducing Tracing with OpenTelemetry API #1537 (#1576) (5440c22)
Bug Fixes
  • Update opentelemetry-sdk dependency to be test-only (#1595) (9d719e8)
  • Update opentelemetry.version to 1.42.1 to match the BOM version (#1598) (23c5c26)
Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.43.0 (#1584) (fae3b74)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.0 (#1590) (2db9e43)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#1602) (e1b7d4b)
  • Update dependency com.google.guava:guava-testlib to v33.3.1-jre (#1592) (5d078a4)
  • Update dependency com.google.testparameterinjector:test-parameter-injector to v1.17 (#1585) (8f74a49)
Spanner

Full-text search overview is now generally available.

Speech-to-Text

Speech-to-Text has updated the Generally Available Chirp 2 model, further enhancing its ASR accuracy and multilingual capabilities. Under the existing chirp_2 model flag, you can experience significant improvements in accuracy and speed, as well as support for word-level timestamps, model adaptation, and speech translation. Finally, Chirp 2 can support Streaming Recognizer requests, in addition to the already supported Sync and Batch Recognition requests, allowing its use in realtime applications.

Explore the new chirp_2 model's capabilities and learn how to leverage its full potential by visiting our updated documentation and tutorials.

Workload Manager

Preview: Workload Manager now supports deploying Microsoft SQL Server workloads on Google Cloud. You can configure and deploy a SQL Server system using the Guided Deployment Automation tool in Workload Manager. For more information, see Overview of SQL Server deployment.

October 06, 2024

Application Integration

Local logging in async mode (Generally available (GA))

By default, local logging for new integrations is now enabled in async mode. With this change, the log data is persisted (written) at fixed intervals or after the completion of the integration's execution, whichever is earlier. You can change the default settings by editing the integration details.

For more information, see Local logging.

Test cases (Preview)

You can now test if your integration is working as intended by creating and running test cases on your complex integrations.

For information about test case, see Introduction to test cases. Learn how to do the following:

Diagram mode in the Data Transformer Task (Preview)

The Diagram mode provides a console-based experience to select the input and output variables and perform transformations in the data transformation editor. For more information, see the Data Transformer task.

Replay execution (Preview)

You can now rerun a failed integration with the same parameters as the previous execution. For more information, see Replay executions.

Cancel execution (Preview)

If you have executions that are suspended due to an approval task or a technical issue, you can now choose to cancel those executions. For more information, see Cancel executions.

Google SecOps

When performing a search on entities in the SOAR search page, you can now focus on more precise results by using the new condition Equals, in addition to the default condition Contains.

Google SecOps SOAR

Release 6.3.20 is now in General Availability.

Remote Agents 2.2.0 is now in General Availability.

October 05, 2024

Google SecOps SOAR

Release 6.3.21 is currently in Preview.

When performing a search on entities in the SOAR search page, you can now focus on more precise results by using the new condition Equals, in addition to the default condition Contains.

October 04, 2024

Apigee Advanced API Security

On October 4, 2024 we released an updated version of Advanced API Security.

Fixed: Delay in score generation for Risk Assessment v2 with VPC-SC-enabled organizations only

In Risk Assessment v2, which is in preview, this issue has been resolved:

With VPC-SC-enabled organizations only, when generating scores for new organizations or scoring changes to included proxies, shared flows, and target server configurations, score generation could have take as much as three hours.

See the Risk Assessment v2 customer documentation for information on the functionality.

Risk Assessment v2 is now available in the me-central2 region. See Available Apigee API Analytics Regions for region information.

Apigee hybrid

hybrid v1.13.1

On October 4, 2024 we released an updated version of the Apigee hybrid software, 1.13.1.

Cassandra credential rotation in Vault

Starting in version v1.3.1, You can set up automatic Cassandra credential rotation when your credentials are stored in Hashicorp Vault. See Rotating Cassandra credentials in Hashicorp Vault.

New data pipeline for analytics and debug with data residency

Starting with Apigee Hybrid 1.13.1, Apigee Hybrid can use a new data pipeline to collect data for analytics and debug to allow various runtime components to write data directly to our control plane. This is required for installations using data residency.

For more information see:

Bug ID Description
364282883 Remove check for dc-expansion flag and add timeout to multi-region seed host connection test.
362305438 You can now add additional env variables to the runtime component.
353527851 WebSocket connection drops when using VerifyJwt or OAuthV2 VerifyJWTAccessToken operations.
Bug ID Description
N/A Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
Channel Services

Partners selling Workspace and ChromeOS products can now import customers who currently work with a different reseller or Google.

To import a customer, you must have the purchase consent from the customer for the product group that you want to buy for them.

Learn how to change a reseller's purchase consent.

Generative AI on Vertex AI

The AI assistant in Vertex AI Studio can help you refine and generate prompts. This feature is in Preview. To learn more, see Use AI-powered prompt writing tools.

Prompt Guard and Flux were added to Model Garden.

You can deploy Hugging Face models on Google Cloud that have text embedding inference enabled or pytorch inference enabled. For more information, see the Hugging Face model deployment in the console.

Added multiple deployment settings (with A100-80G and H100) and sample requests for some popular models, including Llama 3.1, Gemma 2, and Mixtral.

Added dynamic LoRA serving for Llama 3.1 and Stable Diffusion XL.

Google Kubernetes Engine

The following beta APIs were added in Kubernetes 1.31 and are available in GKE version 1.31.1-gke.1361000 and later:

  • networking.k8s.io/v1beta1/ipaddresses
  • networking.k8s.io/v1beta1/servicecidrs

Enabling both APIs at the same time enables the Multiple Service CIDRs Kubernetes feature in a GKE cluster. For more information, see the following resources:

During the beta phase, you can only create Service CIDRs in the 34.118.224.0/20 reserved IP address range to avoid possible issues with overlapping IP address ranges.

Ray Operator on GKE is now generally available on 1.29 and later. Ray Operator is a GKE add-on that lets you manage and scale Ray applications. To learn more, see the Ray Operator documentation.

CVE-2024-45016 was discovered in the Linux kernel, which can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more details, see the GCP-2024-057 security bulletin.

Security Command Center

Manage security postures using the Google Cloud console

You can now create, deploy, update, and delete security postures using the Google Cloud console. This feature is available in Preview.

For more information, see Manage a security posture.

Spanner

Spanner now supports the SAFE_TO_JSON function in GoogleSQL-dialect databases. You can use this function to convert SQL objects to JSON objects. Unlike TO_JSON, this function converts invalid JSON types to JSON null values, rather than errors.

October 03, 2024

Access Context Manager

Generally available: App allowlist support for context-aware access

You can now create an access binding with a map of applications to access levels to apply access levels to specific applications, avoiding unintended effects on other applications. For more information, see Create an access binding with a map of applications to access levels.

Apigee UI

On October 3, 2024, we released an updated version of the Apigee UI.

Bug ID Description
369647749 Proxy deployment units counts include shared flows

Fixed issue where proxy deployment unit counts in the UI did not take into account shared flow deployments.

369385955 Fixed the display of the Apigee apps list

Resolved an issue causing Apigee apps to display incorrectly in the Apps list when the search bar is used for filtering.

361497390 Updated the description and calculation of Apigee deployment quotas

The deployment quota displayed on the Apigee overview page now correctly describes and calculates the value of all proxy deployment units, including both API proxy and shared flow deployments across all environments./p>

Artifact Registry

Artifact Registry support for OCI specifications v1.1 is generally available in Docker format repositories.

You can upload containerized metadata about another container image to Artifact Registry as an attachment. To learn more, see Manage container metadata.

Assured Workloads

The following products are now supported by the following control packages. See supported products for more information:

  • Access Context Manager, Eventarc, GKE Hub, and Speech-to-Text
    • Australia Regions
    • Australia Regions with Assured Support
    • Brazil Regions
    • Canada Regions
    • Canada Regions and Support
    • Chile Regions
    • EU Regions
    • EU Regions and Support
    • India Regions
    • Indonesia Regions
    • Israel Regions
    • Israel Regions and Support
    • Japan Regions
    • Singapore Regions
    • South Korea Regions
    • Switzerland Regions
    • Taiwan Regions
    • UK Regions
    • US Regions
    • US Regions and Support
  • Secret Manager
    • EU Regions and Support
    • Israel Regions and Support
    • US Regions and Support

Cloud Run and Filestore are now supported by the following control packages. See supported products for more information:

BigQuery

You can now create an external dataset in BigQuery that links to an existing database in Spanner. This feature is in preview.

ODBC driver update, release 3.0.7 1016

  • [New] Connector authentication on Google Cloud VMs: The connector now supports authentication through Application Default Credentials using the Google internal metadata server, eliminating the need for a keyfile. This feature works only on Google Cloud Compute Engine VMs.
  • [Resolved] The output for PrimaryKeys previously denoted the Key Sequence as a 0-indexed value. This has been corrected to a 1-indexed value, indicating the sequential order of the primary key's column within the primary key itself.
Cloud SQL for MySQL

You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. With server CA mode, you have two options:

  • Per-instance CA: this is the default configuration. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance.
  • Shared CA: with this option, the Cloud SQL instance uses a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service). The subordinate server CAs in a region sign the server certificates and are shared across instances in the region. This option can be used only with MySQL 8.0.30 and later.

For more information about each option, see Certificate authority (CA) hierarchies. This feature is in Preview.

Cloud SQL for PostgreSQL

The pg_ivm extension, version 1.9, is generally available. This extension enables you to make materialized views up-to-date in which only incremental changes are computed and applied on views rather than recomputing the contents from scratch.

Cloud SQL for PostgreSQL, version 16, now supports the pgRouting extension. This extension extends PostGIS and enhances geospatial processing through network routing and analysis.

For more information on these extensions, see Configure PostgreSQL extensions.

The rollout of the following minor versions, extension versions, and plugin versions is underway:

Minor versions

  • 12.19 is upgraded to 12.20.
  • 13.15 is upgraded to 13.16.
  • 14.12 is upgraded to 14.13.
  • 15.7 is upgraded to 15.8.
  • 16.3 is upgraded to 16.4.

Extension and plugin versions

  • google_ml_integration is upgraded from 1.2 to 1.4.2.
  • pgvector is upgraded from 0.7.0 to 0.7.4.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20240910.01.00_02. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. With server CA mode, you have two options:

  • Per-instance CA: this is the default configuration. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance.
  • Shared CA: with this option, the Cloud SQL instance uses a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service). The subordinate server CAs in a region sign the server certificates and are shared across instances in the region.

For more information about each option, see Certificate authority (CA) hierarchies. This feature is in Preview.

Cloud SQL for SQL Server

You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. With server CA mode, you have two options:

  • Per-instance CA: this is the default configuration. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance.
  • Shared CA: with this option, the Cloud SQL instance uses a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service). The subordinate server CAs in a region sign the server certificates and are shared across instances in the region.

For more information about each option, see Certificate authority (CA) hierarchies. This feature is in Preview.

Colab Enterprise

Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, is generally available. Gemini in Colab Enterprise helps you write code by suggesting code as you type. You can also use the Help me code tool to generate code from a description of what you want.

Gemini in Colab Enterprise is available to try at no cost through December 31, 2024.

To learn how to enable and activate Gemini in Colab Enterprise features, see Set up Gemini in Colab Enterprise.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.600-gke.109 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.600-gke.109 runs on Kubernetes v1.29.8-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.

Fixed the following vulnerabilities in 1.29.600-gke.109:

Critical container vulnerabilities:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Kubernetes Engine

(2024-R38) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1000000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1342000
    • 1.28.13-gke.1119000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.31.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1000000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1000000 with this release.

Regular channel

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1057000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1057000 with this release.

Extended channel

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

No channel

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.

(2024-R38) Version updates

  • Version 1.31.1-gke.1000000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1342000
    • 1.28.13-gke.1119000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.31.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1000000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1000000 with this release.

(2024-R38) Version updates

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

(2024-R38) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1057000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1057000 with this release.

(2024-R38) Version updates

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

(2024-R38) Version updates

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
Network Connectivity Center

Producer VPC Spokes is now available in public preview.

If you have a VPC network that consumes a service offered through private services access, you can use a Network Connectivity Center producer VPC spoke to make the service reachable by other spokes on a hub.

Security Command Center

GKE Security Posture vulnerability findings now support attack exposure scores

GKE runtime OS vulnerability findings detected by GKE Security Posture in Google Cloud are now scored by attack path simulations. Use these attack exposure scores on vulnerabilities to help secure the resources that are the most valuable to your business and to address the most significant vulnerabilities in your GKE clusters. For more information, see Attack exposure scores.

Sovereign Controls by Partners Spanner

You can now create an external dataset in BigQuery that links to an existing database in Spanner. This feature is in Preview.

October 02, 2024

Agent Assist

Agent Assist now offers a native UI Connector with Twilio Flex to integrate with voice conversations. See the documentation for details.

AlloyDB for PostgreSQL

The alloydb_scann extension (previously named postgres_scann) is generally available (GA) for the AlloyDB service in Google Cloud. For more information about storing vector embeddings, creating indexes, and tuning indexes to achieve faster query performance and better recall, see Work with vectors.

AlloyDB Omni is in Limited Availability on the Aiven Platform. Aiven provides managed AlloyDB Omni as a service on multiple public clouds. For more information, see Store your data on any major cloud.

Apigee X

On October 2, 2024, we released an updated version of Apigee.

With this release, all remaining Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features.

To learn more about:

Subscription Apigee organizations (without hybrid entitlements) upgraded in this release will see changes to the user experience in the Classic Apigee UI. To support management of the upgraded functionality now available to these organizations, a number of feature administration pages are now only available in the Apigee UI in Cloud console.

For more information, see Apigee UI in Cloud console navigation.

Cloud Logging

You can now use Terraform commands to a create or update a log scope. For more information, see Create a log scope.

Container Optimized OS

cos-117-18613-0-66

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Promoted M117 to stable.

Firestore in Datastore mode

You can now use property transforms like increment in the REST API. This feature is in Preview.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.100-gke.96 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.100-gke.96 runs on Kubernetes v1.30.4-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Fixed the following issues in 1.30.100-gke.96:

  • Fixed the known issue where updating dataplaneV2.forwardMode didn't automatically trigger anetd DaemonSet restart.

Fixed the following vulnerabilities in 1.30.100-gke.96:

Memorystore for Valkey

Added support for Valkey version 8.0 (Preview). For more information, see Supported versions.

Spanner

You can perform vector similarity search using the now Generally Available K-nearest neighbors (KNN) vector distance functions:

  • COSINE_DISTANCE()
  • EUCLIDEAN_DISTANCE()
  • DOT_PRODUCT()

For more information, see Perform vector similarity search in Spanner by finding the K-nearest neighbors.

The FLOAT32 (GoogleSQL) and float4/real (PostgreSQL) data types are Generally Available.

October 01, 2024

Agent Assist

Agent Assist now offers Live transcription adaptation in preview. See the documentation for more details.

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • New recommended field counterparty_account.region_code added to the Transaction table.
  • The new engine version uses this field to account for risks associated with the region of the counterparty account.
Cloud Composer

(Available without upgrading) Fixed the cause of DAG run failures for runs created from the Cloud Console when the [scheduler]allowed_run_id_pattern Airflow configuration option is set to a custom value.

(Airflow 2.9.3 and 2.9.1) The apache-airflow-providers-google package was upgraded to version 10.23.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.22.0 to version 10.23.0.

(Airflow 2.9.3 and 2.9.1) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.4.2 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 8.4.1 to version 8.4.2.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.1
  • composer-3-airflow-2.9.1-build.8 (default)
  • composer-3-airflow-2.7.3-build.17

Cloud Composer 2.9.5 images are available:

  • composer-2.9.5-airflow-2.9.3
  • composer-2.9.5-airflow-2.9.1 (default)
  • composer-2.9.5-airflow-2.7.3

Cloud Composer version 2.4.4 has reached its end of support period.

Cloud Run

Service-level minimum instances are now generally available (GA).

Cloud SQL for MySQL

Cloud SQL for MySQL 8.4 is now generally available. For more information about the differences between MySQL 8.4 and MySQL 8.0, review What Is New in MySQL 8.4 since MySQL 8.0.

By default, if you specify MySQL 8.4 as the version when you create a Cloud SQL instance (either primary or replica) using the gcloud CLI or the REST API, then the Cloud SQL edition is Enterprise Plus.

If you specify a version other than MySQL 8.4 or don't specify a version, then the default Cloud SQL edition of the instance is Enterprise.

For more information about the implementation of MySQL 8.4 in Cloud SQL, see the following topics:

To create a MySQL 8.4 instance in Cloud SQL, see Create instances. Before you upgrade to MySQL 8.4, you must first upgrade to MySQL 8.0.37 or later. To perform a major version upgrade, see Upgrade the database major version in-place. To perform a minor version upgrade of Cloud SQL for MySQL 8.0, see Upgrade the database minor version.

Cloud SQL for SQL Server

You can now use the gcloud sql instances patch command to update the time zone of your Cloud SQL for SQL Server instance after you create the instance. Previously, you could only set a custom time zone for a SQL Server instance when you first created the instance. For more information about setting the time zone for a Cloud SQL for SQL Server instance, see About instance settings.

Cloud Service Mesh

The following images are now rolling out for managed Cloud Service Mesh:

  • 1.19.10-asm.19 is rolling out to the rapid release channel.
  • 1.19.10-asm.19 is rolling out to the regular release channel.
  • 1.19.10-asm.19 is rolling out to the stable release channel.

1.19.10-asm.19 contains the fixes for the security vulnerabilities listed in GCP-2024-052 and uses Envoy v1.27.7.

A known issue with asmcli for 1.23 is now fixed. Customers might have seen the following error when attempting to install in-cluster Cloud Service Mesh 1.23:

asmcli: Downloading ASM..
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now

A new version of asmcli with the fix has released.

Confidential Space

A new Confidential Space image (240900) is now available. This image provides the following fixes:

  • Added tmpfs mount support for Confidential Space workloads
  • Added configurable /dev/shm size for Confidential Space workloads
  • Added retry capability to the container signature fetch.
  • Minor bug fixes.
Config Controller

Config Controller now uses the following versions of its included products:

Document AI

Custom Extractor pretrained-foundation-model-v1.2-2024-05-10 and pretrained-foundation-model-v1.3-2024-08-31 are now Stable versions.

v1.2 and v1.3 now have the following features:

  • Fine-tuning is now available in Public preview.
  • They were internally upgraded to a higher quality model.
  • The labeling system has been upgraded to use the latest version of the OCR model.

v1.2 is recommended for the best quality. v1.3 is recommended for the lowest latency.

We recommend creating a new processor and relabeling the training and evaluation documents to benefit from both the improved quality with the new processor versions of Custom Extractor (v1.2 and v1.3) and the enhanced labeling system.

Firestore

You can now use customer-managed encryption keys (CMEK) in Firestore to protect your data. This feature is generally available (GA) behind an allow-list.

For more information, see Customer-managed encryption keys (CMEK).

Firestore in Datastore mode

You can now use customer-managed encryption keys (CMEK) in Datastore to protect your data. This feature is generally available (GA) behind an allow-list.

For more information, see Customer-managed encryption keys (CMEK).

The Java client library for Firestore in Datastore mode now supports client-side tracing. This feature is in Preview.

Generative AI on Vertex AI

Grounding: Dynamic retrieval for grounded results (GA)

Dynamic retrieval lets you choose when to turn off grounding with Google Search. This is useful when a prompt doesn't require an answer grounded in Google Search, and the supported models can provide an answer based on their knowledge without grounding. Dynamic retrieval helps you manage latency, quality, and cost more effectively.

This feature is Generally Available. For more information, see Dynamic retrieval.

Google Cloud Architecture Center

(New guide) Enterprise application on Compute Engine VMs with Oracle Exadata in Google Cloud: Provides a reference architecture for an application that's hosted on Compute Engine VMs with connectivity to Oracle Cloud Infrastructure (OCI) Exadata databases in Google Cloud.

Google Distributed Cloud (software only) for bare metal

Release 1.29.600-gke.108

Google Distributed Cloud for bare metal 1.29.600-gke.108 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.600-gke.108 runs on Kubernetes 1.29.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

GKE now supports the Parallelstore CSI driver in allowlisted general availability (GA), which means that you can reach out to your Google support team to use the service under GA terms.

Parallelstore accelerates AI/ML training and excels at saturating individual compute clients, ensuring that expensive compute resources are efficiently used. The product demonstrated a 3.9x training time improvement and 3.7x better throughput improvement compared to native ML framework data loaders and saturates single clients NIC bandwidth at 90%+.

For details, see About the GKE Parallelstore CSI driver.

In GKE version 1.30.3-gke.1639000 and later and 1.31.0-gke.1058000 and later, GKE can handle GPU and TPU node disruptions by notifying you in advance of a shutdown and by gracefully terminating your workloads. This feature is generally available. For details, see Manage GKE node disruption for GPUs and TPUs.

Memorystore for Redis

Added support for custom constraints. For more details, see Manage Memorystore for Redis resources with custom constraints.

Memorystore for Redis Cluster

Added support for custom constraints. For more details, see Manage Memorystore for Redis Cluster resources with custom constraints.

Instance configurations are now Generally Available on Memorystore for Redis Cluster.

Pub/Sub

Pub/Sub adds support for OpenTelemetry tracing. OpenTelemetry tracing lets you identify and trace the latency of various Pub/Sub client library operations.

Security Command Center

Data residency for Security Command Center is now available in the Kingdom of Saudi Arabia.

Sensitive Data Protection

The current default LOCATION infoType detection model, which is accessible when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy.

The old detection model that was previously accessible by setting InfoType.version to legacy is no longer accessible.

The region restriction on the LOCATION infoType has been lifted. It is now available in all regions.

Spanner

Spanner now supports end-to-end tracing in preview, along with client-side tracing in the Java and Go client libraries. You can opt-in for end-to-end traces to have more visibility into the application to Spanner latencies. For more information, see Trace collection overview.

Vertex AI Agent Builder

Vertex AI Agent Builder: Dynamic retrieval for grounded results (GA with allowlist)

Dynamic retrieval lets you choose when to turn off grounding with Google Search. This is useful when a prompt doesn't require an answer grounded in Google Search and the supported models can provide an answer based on their own knowledge without grounding. Dynamic retrieval helps you manage latency, quality, and cost more effectively.

This feature is available to select Google Cloud customers (GA with allowlist). For more information, see Dynamic retrieval.

September 30, 2024

AlloyDB for PostgreSQL

AlloyDB outbound public IP connectivity on primary and secondary instances is generally available (GA).

Artifact Registry

Artifact Analysis is gradually rolling out regionalized data storage and endpoints to help support compliance with data residency requirements. The Container Analysis API stores metadata in the same region or multi-region as the Artifact Registry repository where your image is scanned.

For more information, see Metadata storage locations.

Backup and DR

Backup and DR Service added support to view unprotected resource logs in Cloud Logging.

Backup and DR Service added support to view unprotected resource reports in BigQuery.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.9.1 (2024-09-23)

Bug Fixes
  • Throw timeout error when using jobs.query (#1402) (cf962a5)

Python

Changes for google-cloud-bigquery

3.26.0 (2024-09-25)

Features
  • Include LegacyPandasError in init imports (#2014) (3ab5e95)
  • Use bigquery-magics package for the %%bigquery magic (#1965) (60128a5)
Bug Fixes
  • Add docfx to the presubmit configuration and delete docs-presubmit (#1995) (bd83cfd)
  • Add warning when encountering unknown field types (#1989) (8f5a41d)
  • Allow protobuf 5.x; require protobuf >=3.20.2; proto-plus >=1.22.3 (#1976) (57bf873)
  • Do not set job timeout extra property if None (#1987) (edcb79c)
  • Set pyarrow field nullable to False for a BigQuery field in REPEATED mode (#1999) (5352870)
Dependencies
  • Bump min version of google-api-core and google-cloud-core to 2.x (#1972) (a958732)
Documentation

You can now use flexible column names with BigQuery tables and views for extracting, loading, streaming, and querying data. This feature is generally available (GA).

You can now use the operational health dashboard to get a single-pane view of key metrics such as slot usage, shuffle usage, errors, and total storage in real time. This feature is generally available (GA).

You can now create a materialized view replica directly from the Google Cloud console. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.44.1 (2024-09-26)

Bug Fixes
  • Add RetryCallable to the callable chain (#2348) (0330d77)
  • Pass deadline through ExecuteQuery RetrySettings (#2355) (6bc9820)
  • Time based flakiness in execute query deadline test (#2358) (b474173)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#2351) (40c428e)
Cloud Billing

View and manage unexpected costs with Anomaly Detection (in preview)

You can now view and manage cost spikes that deviate from your historical spend patterns using the Anomalies dashboard (preview). Each anomaly comes with a detailed root cause analysis that identifies the top services, regions, and SKUs that contributed to the spike.

Learn more about using Anomaly Detection to manage costs.

Cloud Logging

The layout of the Logs Explorer page has been changed. For more information, see View logs by using the Logs Explorer.

The pricing for vended network logs has changed. For more information see the following:

Cloud Monitoring

You can now apply and modify dashboard-wide filters by selecting the filter option within the cell of a table. For example, if a table has a column named zone and a cell that displays us-east5-b, then selecting the filter button in that cell applies the dashboard-wide filter zone: us-east5-b. For more information about filtering your dashboard, see the following documents:

Cloud NAT

Hybrid NAT is available in General Availability.

Cloud Run functions

You can now manage function resources using custom constraints that get enforced at the project level. This support is at the Preview release level.

Compute Engine
Container Optimized OS

cos-dev-121-18698-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.52 v24.0.9 v1.7.22 See List

Upgraded app-admin/google-guest-configs to v20240924.00.

Upgraded app-admin/google-osconfig-agent to v20240924.02.

Upgraded app-admin/google-guest-configs to v20240905.00.

Upgraded app-admin/fluent-bit to v3.1.8.

Upgraded app-containers/docker-credential-gcr to v2.1.25.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r642.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2449.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2801.

Upgraded chromeos-base/debugd-client to v0.0.1-r2712.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2947.

Upgraded chromeos-base/minijail to v18-r155.

Upgraded chromeos-base/shill-client to v0.0.1-r4688.

Upgraded dev-python/configobj to v5.0.9.

Upgraded net-firewall/iptables to v1.8.10-r1.

Upgraded net-libs/libtirpc to v1.3.5.

Upgraded dev-libs/nss to v3.104.

Upgraded net-dns/c-ares to v1.33.1.

Updated the Linux kernel to v6.6.52.

Update R550, latest driver to v550.90.12.

Updated cos-gpu-installer to v2.4.2. This enables creation of /dev/dri when loading nvidia-drm.ko for COS kernels build with loadable drm and dependent modules.

Removed sys-libs/libsepol and sys-libs/libselinux.

Removed dev-libs/libusb.

Removed sys-libs/gdbm.

Removed dev-python/zope-interface.

Updated net-misc/curl to 8.10.0.

cos-105-17412-448-57

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Fixed A3 Edge VM names in google guest agent configs.

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-42246 in the Linux kernel

cos-beta-117-18613-0-66

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Fixed A3 Edge VM names in google guest agent configs and upgrade to v20240725.

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46762 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46737 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46796 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

cos-113-18244-151-88

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Fixed A3 Edge VM names in google guest agent configs.

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46737 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

cos-109-17800-309-77

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Fixed A3 Edge VM names in google guest agent configs.

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

cos-101-17162-528-54

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-42246 in the Linux kernel

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

Fixed CVE-2024-40905 in the Linux kernel

Cortex Framework

Release 6.0

GitHub Submodules

Submodules are officially removed. Workloads have been migrated as follows:

Previous Submodule New Directory
cortex-dag-generator cortex-data-foundation/tree/main/src/SAP/SAP_CDC
cortex-ml-models cortex-data-foundation/tree/main/src/SAP/SAP_ML_MODELS
cortex-reporting cortex-data-foundation/tree/main/src/SAP/SAP_REPORTING
cortex-salesforce cortex-data-foundation/tree/main/src/SFDC
cortex-marketing cortex-data-foundation/tree/main/src/marketing

Note: As announced in release 5.4, workload specific repositories will continue to receive code updates for at least one more release.

New Data Sources

  • Marketing: YouTube (with DV360). Get comprehensive overview of your campaign spend, performance and audience targeting with actionable insights for paid media campaigns on YouTube purchased in DV360 platform. Access the Looker Block for YouTube (with DV360) with sample dashboards for faster data analysis and exploration.

  • Marketing: Google Analytics 4 (GA4). Understand website engagement and purchases using page views, time spent, call to action ratios, average purchases, lifetime value over time, traffic volumes, and success rates for defined conversion.

  • Oracle EBS: Measure and understand Order to Cash operational metrics around sales performance, order status, order fulfillment, invoicing, and receivables with new BigQuery integration templates and data models. Access the Looker Block for Oracle EBS with sample dashboards for further analytics.

New Cloud Build features support

Added support for the following Cloud Build features:

SAP

  • SAP Raw to CDC DAG: Rewrote logic and became less costly with about 25% improvement in performance.
  • Fiscal dimension: All views now use the new Fiscal Dimension instead of function. ECC/S4 specific Fiscal Functions are now removed as announced in v3.1. Fiscal functions will be removed in the next version.
  • Future deprecation: Legacy Currency_Conversion and Currency_Decimal functions will be deprecated in the next version. Join the views currency_conversion and currency_decimal instead.
  • Finance: New views for FSV, Cost, and Profit center hierarchy that supersedes the old hier_reader local k9, which will be removed in the next version. For more information, see Cortex Framework: integration with SAP.
  • Improved SalesStatus_Items and S/4 Billing logic.
  • Inventory: Moved the following views and functions from src/SAP/SAP_REPORTING/local_k9/inventory_snapshots to src/SAP/SAP_REPORTING/{SAP_FLAVOR}; and renamed them to make the structure more logical and succinct. Also added notes and instructions on this module in the Cortex Framework: integration with SAP . There isn't any content or logic change.

    • From 00_stock_characteristics_config to StockCharacteristicsConfig.
    • From 00_slow_moving_threshold to SlowMovingThreshold.
    • From 0_{weekly|monthly}_inventory_aggregation.sql to Aggregate{Weekly|Monthly}Inventory.
    • From stock_weekly_snapshots_inventory_aggregation_update to UpdateMonthlyInventoryAggregation.
    • From 01_stock_{weekly|monthly}_snapshots to Update{Weekly|Monthly}StockSnapshots.

Data Mesh

  • Added support for annotations on nested fields.
  • Removed inherited default values for lake regions and zone location types. These values need to be provided if deploying lakes and zones.

New documentation page

Misc Technical Notes

  • Upgraded Google Ads API from v15 to v17.1. For field name changes, see Google Ads API upgrade notes.
  • Moved deployment configs for Language and Currency to workload specific sections. This affects SAP and Oracle EBS data sources.
  • Officially dropped Airflow v1 support.
  • Adding test harness support for new BigQuery regions africa-south1 and europe-west10.
  • Deployer log verbosity reduced by 75% for reporting deployment steps across all workloads.
  • Cloud Composer (Airflow) DAGs now use current python and BigQuery operators in place of deprecated airflow.operators.python_operator and airflow.contrib.operators.bigquery_operator operators.
  • Patched multiple Python library vulnerabilities.
  • Deprecated Credly badging.

Known issues and limitations

  • Data Mesh deployments where only column descriptions are deployed require Data Catalog API to be enabled. This will be patched in a future release.
  • Local K9 for SAP produces a temporary folder (tmp*) in the target bucket for DAGs. Please, remove it manually. There is no impact in the execution.
Dataform

The maximum size limit for workspaces encrypted with customer-managed encryption keys (CMEK) is 512 MB. For more information about Dataform quotas and limits, see Quotas and limits. For more information about encrypting Dataform repositories with CMEK, see Use customer-managed encryption keys.

Dataplex

Managed connectivity pipelines are generally available (GA). Use a managed connectivity pipeline to extract metadata from third-party sources and import it into Dataplex Catalog. You develop your own connector that extracts metadata, and use Workflows for orchestration and scheduling.

For more information, see Managed connectivity overview, Import metadata from a custom source using Workflows, and Develop a custom connector for metadata import.

Also, the metadata import API methods are GA. For more information, see Import metadata using a custom pipeline.

Dataproc

Blocklisted the following Dataproc on Compute Engine subminor image versions:

  • 2.0.120-debian10, 2.0.120-rocky8, 2.0.120-ubuntu18
  • 2.1.68-debian11, 2.1.68-rocky8, 2.1.68-ubuntu20, 2.1.68-ubuntu20-arm
  • 2.2.34-debian12, 2.2.34-rocky9, 2.2.34-ubuntu22
Developer Connect

Developer Connect is now Generally Available (GA). This launch introduces the following features:

  • Connectivity with several more source code management tools, including GitHub Enterprise Cloud, GitHub Enterprise, GitLab and GitLab Enterprise

  • Integration with Gemini Code Assist, helping you get coding tips tailored to your private repositories

Gemini Code Assist users can connect their source code on GitHub or GitLab repositories and GitHub Enterprise, GitHub Enterprise Cloud, GitLab Enterprise repositories hosted on networks that can be accessed via the public internet.

Learn more at Developer Connect overview.

Filestore

NFSv4.1 protocol support, integrated with Managed Service for Microsoft Active Directory, is now generally available for zonal, regional, and enterprise instances.

Generative AI on Vertex AI

Prompt templates let you to test how different prompt formats perform with different sets of prompt data. This feature is in Preview. To learn more, see Use prompt templates.

Google SecOps

The case report now includes all information written on the case wall.

It is now possible to merge cases where the requester is not the assignee both in the platform and through the API endpoint: api/external/v1/cases-queue/bulk-operations/MergeCases

Google SecOps SOAR

Remote Agents 2.2.0 Release is currently in Preview.

Logs quality and coverage enhancements.

Identity Platform

Custom organization policies for Identity Platform are generally available (GA). You can use custom organization policies to allow or deny specific operations on Identity Platform resources for the security, compliance, or governance requirements of your application.

For more information, see Use custom organization policies.

Parallelstore

Parallelstore, Google's managed Parallel File System service, is now generally available (GA).

Parallelstore offers extreme IOPS and throughput, at very low latencies. Parallelstore supports capacities between 12 and 100 TiB and is POSIX-compatible.

Please contact your sales representative to use Parallelstore in your Google Cloud project.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.132.3 (2024-09-26)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.3 (#2173) (294d039)
  • Update dependency com.google.cloud:google-cloud-core to v2.44.0 (#2184) (faecb3b)
  • Update dependency com.google.cloud:google-cloud-core to v2.44.1 (#2190) (9ea45dc)
  • Update dependency com.google.cloud:google-cloud-storage to v2.43.0 (#2174) (ae800d7)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.0 (#2185) (5ca2c7c)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#2191) (555216e)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.2 (#2179) (c9bbd2c)

Python

Changes for google-cloud-pubsub

2.25.0 (2024-09-28)

Features

2.24.0 (2024-09-24)

Features
Bug Fixes

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.25.1 (2024-09-29)

Bug Fixes
  • Update the requirements.txt for samples directory (#1263) (5cce8b1)

The message retention duration option for a subscription specifies how long Pub/Sub retains messages after publication. The maximum value for this property is now increased to 31 days. For more information, see Message retention duration.

Sensitive Data Protection

The FINLAND_BUSINESS_ID infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.68.0 (2024-09-25)

Features
  • spanner: Add support for Go 1.23 iterators (84461c0)
Bug Fixes
  • spanner/test: Bump dependencies (2ddeb15)
  • spanner: Bump dependencies (2ddeb15)
  • spanner: Check errors in tests (#10738) (971bfb8)
  • spanner: Enable toStruct support for structs with proto message pointer fields (#10704) (42cdde6)
  • spanner: Ensure defers run at the right time in tests (#9759) (7ef0ded)
  • spanner: Increase spanner ping timeout to give backend more time to process executeSQL requests (#10874) (6997991)
  • spanner: Json null handling (#10660) (4c519e3)
  • spanner: Support custom encoding and decoding of protos (#10799) (d410907)
  • spanner: Unnecessary string formatting fixes (#10736) (1efe5c4)
  • spanner: Wait for things to complete (#10095) (7785cad)
Performance Improvements
Documentation
  • spanner: Fix Key related document code to add package name (#10711) (bbe7b9c)

Java

Changes for google-cloud-spanner

6.74.0 (2024-08-27)

Features
  • spanner: Add edition field to the instance proto (6b7e6ca)
Documentation
  • Change the example timestamps in Spanner Graph java sample code (#3295) (b6490b6)

6.74.1 (2024-09-16)

Bug Fixes
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#3329) (654835f)

6.75.0 (2024-09-19)

Features
  • Support multiplexed session for blind write with single use transaction (#3229) (b3e2b0f)

6.76.0 (2024-09-27)

Features
  • Add opt-in flag and ClientInterceptor to propagate trace context for Spanner end to end tracing (#3162) (0b7fdaf)
  • Add samples for backup schedule feature APIs. (#3339) (8cd5163)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.46.1 (1719f44)

Python

Changes for google-cloud-spanner

3.49.0 (2024-08-27)

Features
  • Create a few code snippets as examples for using Spanner Graph in Python (#1186) (f886ebd)
  • spanner: Add resource reference annotation to backup schedules (#1176) (b503fc9)
  • spanner: Add samples for instance partitions (#1168) (55f83dc)
Bug Fixes
  • JsonObject init when called on JsonObject of list (#1166) (c4af6f0)

3.49.1 (2024-09-06)

Bug Fixes
  • Revert "chore(spanner): Issue#1143 - Update dependency" (92f05ed)
Workflows

A math.floor function has been added to return the largest integer less than or equal to a given number.

September 29, 2024

Google SecOps SOAR

Release 6.3.19 is now in General Availability.

September 28, 2024

Google SecOps SOAR

Release 6.3.20 is currently in Preview.

The case report now includes all information written to the Case wall.

It is now possible to merge cases where the requester is not the assignee both in the platform and through the API endpoint: api/external/v1/cases-queue/bulk-operations/MergeCases

Custom integration is reverted to the latest imported code after saving custom integration settings. (ID #53578268)

Remote agents not visible in the drop-down field. (ID #53299495)

Timeout error when trying to add an alert grouping rule. (ID #00298026)

Time Zone sync issue (ID #52421707)

Inaccurate case tag data in Advanced Reports (ID #00308538)

Tags are displayed in the database after being deleted from the platform (ID #53263012)

Timeout error for playbook action (ID #52418008)

September 27, 2024

Access Approval

Access Approval supports Speech-to-Text in the GA stage.

Access Approval supports Dataplex in the Preview stage.

Access Transparency

Access Transparency supports Dataplex in the Preview stage.

Assured Workloads

The IRS Publication 1075 control package is now available in Preview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Data Lineage API
    • datalineage.googleapis.com/Process
  • Cloud Logging
    • logging.googleapis.com/Link
  • Cloud Next Generation Firewall Enterprise
    • networksecurity.googleapis.com/AddressGroup
  • Gemini for Google Cloud API
    • cloudaicompanion.googleapis.com/CodeRepositoryIndex
    • cloudaicompanion.googleapis.com/RepositoryGroup
Cloud Billing

Avoid charges for underutilized Compute Engine reservations in the FinOps hub

You can now get recommendations to modify or delete your underutilized, on-demand reservations for Compute Engine resources when you haven't consumed your specified threshold of resources for at least 7 days.

Learn about reservation recommendations
View and apply underutilized reservation recommendations

Confidential VM

Support for Intel TDX on c3-standard-* machine types is now released to General Availability.

Google Cloud Architecture Center

(New guide) Business continuity with CI/CD on Google Cloud: Learn how to plan and implement business continuity and disaster recovery (DR) for the CI/CD process.

Retail API

Vertex AI Search for retail: Conversational search API

As part of Search for retail's Guided search package, ConversationalSearchSpec sits on top of the Retail API. When coverage parameters are met, Search for retail users can enable this feature in the console or by setting the followup_conversation_requested flag to true in the search service interface. Conversational search uses an LLM-generated question for each catalog attribute where allowed_in_conversation field is enabled.

For more information, see Conversational search.

Vertex AI Search for retail: Tile navigation

As part of Search for retail's Guided search package, tile navigation allows tiles to appear for each of the most likely to be used dynamic facets across a search page. The objective is to increase filter usage to narrow search faster.

For more information, see Tile navigation.

Virtual Private Cloud

Private Service Connect supports IPv6 in General Availability for the following supported configurations:

For more information, see IP version translation.

September 26, 2024

Agent Assist

Agent Assist now offers a new version of summarization with custom sections in preview. Summarization with custom sections V3.1 reduces latency and improves quality from V3.0.

Anthos Config Management

You can now configure Config Sync fleet defaults with gcloud commands starting in gcloud version 494.0.0. See the Config Sync gcloud documentation for reference.

Config Sync now supports GitHub App authentication for GitHub repositories. See Grant access to Git for more information. This release note was added on October 4, 2024.

Upgraded the git-sync dependency from v4.2.3 to v4.2.4.

Apigee API hub

On September 26, 2024, Apigee announced the GA launch of Apigee API hub.

A new "Get started with API hub" page was added to the user interface. This new page includes valuable getting started information, including a new FAQ, to help you get the most out of API hub.

We added a new Supply chain page where you can create, view and manage your dependencies across API operations. The same dependencies can also be created from the API operations page. See Manage dependencies.

The Semantic Search (formerly Smart Search) user interface has been improved, and search results are shown across all API hub entities, such as APIs, deployments, specifications, and versions. See Search and filter APIs.

We added support for GMEK and CMEK in the provisioning steps. While provisioning, you can also choose to host your Vertex search data in a different location or disable Vertex search altogether. See Provision API hub.

We added support for Cloud audit logging.

The List APIs for specifications, dependencies, and external APIs have been enhanced to return a complete response, including user-defined attributes.

While you can use API hub by making direct REST over HTTP requests, we now provide client libraries for several popular languages. See API hub client libraries.

Significant user interface improvements were made, such as standardization of cards on the API details page, unlinking of deployments, various performance fixes, and more.

Apigee X

On September 26, 2024 we released an updated version of Apigee.

If you have CMEK org policy constraints on your Google Cloud project, Apigee will enforce compliance with those constraints and guide you in choosing valid configuration, and prevent you from using Apigee features that are not CMEK-compliant.

The following documents are new and explain how to use CMEK with Apigee:

The following documents have been updated with the relevant CMEK information:

A known issue was added: Apigee does not support Cloud External Key Manager.

A known issue was added: Apigee does not support key re-encryption, which means even after rotation, the old key version will still be used and you cannot change the CMEK key after org creation.

BigQuery

Cloud console updates: You can now use keyboard shortcuts to control tab navigation in the details pane. This feature is generally available (GA).

Cloud Billing

Use Gemini AI assistant to find or create Billing Reports (preview)

Gemini Cloud Assist in Cloud Billing Reports provides FinOps-focused AI assistance to create the cost reports you need to analyze your cost trends and to summarize key insights from the cost reports.

Gemini Cloud Assist in Cloud Billing Reports helps you to:

  • Use saved reports: Quickly access existing reports to analyze your spending.
  • Create new reports: Configure custom reports with AI assistance to get the exact data you need.
  • Summarize reports: Get AI-powered summaries of your reports to quickly understand key cost trends and insights.

Enable the Gemini for Google Cloud API in a project to turn on Gemini Cloud Assist in Cloud Billing Reports.

For more information about Gemini Cloud Assist features in Cloud Billing Reports, see:

Cloud Data Fusion

The SAP ODP batch source plugin version 0.11.3 is available in Cloud Data Fusion versions 6.8.0 and later. This release includes the following changes:

  • Fixed an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage. To address the issue, you must upgrade the Cloud Storage client library to version 2.3.0 or later.

  • Fixed an issue causing memory errors in the SAP system. You can choose to load changed data without loading historical data first. You can select this option in the plugin properties.

Compute Engine

OS Login POSIX groups support is deprecated. For more information, see OS Login POSIX groups support deprecation.

Deep Learning Containers

M125 release

  • TensorFlow 2.17 container images are now available.
Deep Learning VM Images

M125 release

  • TensorFlow 2.17 VM images are now available.
Dialogflow

Starting in late 2024 and ending in early 2025, there will be changes to some Dialogflow product names, feature names, and consoles. See the documentation for complete details.

Dialogflow CX: You can now enable security checks to prevent prompt injection attacks. See the documentation for details.

Dialogflow CX: Cloud Text-to-Speech europe-west1 and europe-west3 regions for Neural2 voices now use corresponding regions.

Document AI

Effective April 9, 2025, the following Custom Extractor versions will no longer be accessible:

  • pretrained-foundation-model-v1.0-2023-08-22
  • pretrained-foundation-model-v1.1-2024-03-12

You will need to migrate to a later version to avoid any service disruptions, such as pretrained-foundation-model-v1.2-2024-05-10 and pretrained-foundation-model-v1.3-2024-08-31 for improved quality from the latest proprietary vision models and foundation models.

We understand that this update requires planning, but we're here to support you during this process. If you have questions or need assistance, contact Google Cloud support.

The following earlier versions of Document AI Enterprise Document Optical Character Recognition (OCR) and Expense Parser will be discontinued in the United States (US) and European Union (EU) starting April 30, 2025.

Enterprise Document OCR:

  • pretrained-ocr-v1.0-2020-09-23
  • pretrained-ocr-v1.1-2022-09-12

Expense Parser:

  • pretrained-expense-v1.2-2022-02-18
  • pretrained-expense-v1.3-2022-07-15
  • pretrained-expense-v1.4-2022-11-18

To ensure uninterrupted service and benefit from improved extraction quality, we recommend you migrate to the following later versions before April 30, 2025:

Enterprise Document OCR (US and EU):

Expense Parser (US and EU):

To learn more about the migration process, refer to our Manage processor versions documentation.

If you have any questions or require assistance, contact us at Google Cloud support.

Google Cloud VMware Engine

VMware Engine ve2 nodes are available in Frankfurt, Germany, Europe (europe-west3-a).

Google Kubernetes Engine

(2024-R37) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.0-gke.1577000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
    • 1.30.4-gke.1476000
    • 1.31.0-gke.1506000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1577000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1577000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

Stable channel

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

Extended channel

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

No channel

  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1476000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

(2024-R37) Version updates

  • Version 1.31.0-gke.1577000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
    • 1.30.4-gke.1476000
    • 1.31.0-gke.1506000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1577000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1577000 with this release.

(2024-R37) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

(2024-R37) Version updates

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R37) Version updates

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

(2024-R37) Version updates

  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1476000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
Looker Studio

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

New funnel chart option

The new funnel chart option lets you visualize how a metric changes over events in a sequential process.

Learn more about funnel charts in Looker Studio.

Microsoft Excel connector available

The Microsoft Excel connector lets you access the data stored in an Excel worksheet.

Vertex AI Workbench

M125 release

The M125 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Patched a vulnerability with adm and docker permissions when the instance's root access isn't enabled.

The M125 release of Vertex AI Workbench managed notebooks includes the following:

  • Patched a vulnerability with adm and docker permissions when the instance's root access isn't enabled.

M125 release

The M125 release of Vertex AI Workbench instances includes the following:

  • bigframes 1.9.0 is now available in all environments except TensorFlow.
  • Fixed a regression introduced in M124 where Conda was getting downgraded to an older version.
  • Patched a vulnerability with adm and docker permissions when the instance's root access isn't enabled.

September 25, 2024

AlloyDB for PostgreSQL

You can now set up AlloyDB free trial clusters using a copy of your Cloud SQL for PostgreSQL backup. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Application Integration

View logs in Cloud Logging

Viewing integration execution logs in Cloud Logging is now generally available (GA). For more information, see View logs in Cloud Logging

Bigtable

You can perform similarity vector search in Bigtable by finding the K-nearest neighbors. This feature is available as part of the GoogleSQL for Bigtable Preview.

Cloud Identity

Cloud Identity POSIX groups are deprecated. As of September 26, 2024, you can no longer create new POSIX groups, and existing POSIX groups will be removed on or after September 26, 2025. For more information, see POSIX groups deprecation.

Cloud SQL for PostgreSQL

You can now set up AlloyDB free trial clusters using a copy of your Cloud SQL for PostgreSQL backup. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Cloud Storage

Cross-bucket replication is now available in Cloud Storage. You can use cross-bucket replication to copy new and updated objects asynchronously from a source bucket to a destination bucket. For more information on how to use cross-bucket replication, see Using cross-bucket replication.

Generative AI on Vertex AI

The Llama 3.2 90B model is available in Preview on Vertex AI. Llama 3.2 90B enables developers to build and deploy the latest generative AI models and applications that use Llama's capabilities, such as image reasoning. Llama 3.2 is also designed to be more accessible for on-device applications. For more information, see Llama models.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.1000-gke.59 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.1000-gke.59 runs on Kubernetes v1.28.13-gke.600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.

Fixed the following vulnerabilities in 1.28.1000-gke.59:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.100-gke.96

Google Distributed Cloud for bare metal 1.30.100-gke.96 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.100-gke.96 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Added --skip-preflight flag to the bmctl upgrade command to prevent preflight checks from running during an upgrade.

The following container image security vulnerabilities have been fixed in 1.30.100-gke.96:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Security Command Center

YARA rule names that appear in Virtual Machine Threat Detection findings will be renamed

On or after October 28, 2024, YARA rule names that appear in Malware: Malicious file on disk (YARA) findings from Virtual Machine Threat Detection will be renamed. This update will resolve naming inconsistencies in the YARA rules. The new naming convention will contain the prefix, designation, type, name, and iteration of the YARA rule. The following are examples of the new names:

  • Ext_FE_Hunting_Linux_CYCLOPSBLINK_FEBeta
  • M_APT_Controller_REDFLARE_1
  • M_Backdoor_REDSONJA_4
  • M_Cryptomine_XMRIG_1
Spanner

Spanner now supports the spanner.farm_fingerprint() hash function in PostgreSQL-dialect databases.

Vertex AI Agent Builder

Vertex AI Search: gemini-1.5-flash-002/answer_gen/v1 model

The gemini-1.5-flash-002/answer_gen/v1 model is available for answer generation. This model is based on the gemini-1.5-flash-002 model and has been further tuned to address question and answering tasks.

For more information, see Answer generation model versions and lifecycle.

Vertex AI Search: Update to the preview model

The preview model for answer generation has been updated to gemini-1.5-pro-002 from gemini-1.5-pro-001.

For more information, see Answer generation model versions and lifecycle.

September 24, 2024

Access Approval

Access Approval supports Vertex AI Search in the GA stage.

Application Integration

The Resolve JSON Path data transformer function is now available. This function resolves a JSON path on a given JSON object by using the JSONPath reference.

BigQuery

You can now use Cloud KMS Autokey to automate the creation and use of customer-managed encryption keys (CMEKs), including the Cloud HSM service. This feature is generally available (GA).

BigQuery ML now offers the following expanded embedding support features:

Try these capabilities with the following tutorials:

These features are generally available (GA).

BigQuery ML now offers the following AI features:

These BigQuery ML feature are generally available (GA).

Cloud Database Migration Service

Database Migration Service support for homogeneous SQL Server to Cloud SQL for SQL Server migrations is now generally available (GA). For more information, see Database Migration Service for homogeneous SQL Server documentation.

Database Migration Service for homogeneous PostgreSQL migrations to AlloyDB for PostgreSQL now supports PostgreSQL version 16. See Supported source and destination databases in AlloyDB for PostgreSQL migrations.

Cloud Key Management Service

Cloud KMS with Autokey is now in General Availability for Cloud Storage, Compute Engine, BigQuery, Secret Manager, Cloud SQL, and Spanner.

Autokey simplifies creating and using customer-managed encryption keys (CMEKs) by automating provisioning and assignment. With Autokey, key rings, keys, and service accounts don't need to be planned and provisioned before they're needed. Instead, Autokey generates keys on demand as resources are created.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings. For more information, see Autokey overview.

Cloud Run

GPU support (Preview) is now available in the following region: asia-southeast1.

Cloud Storage

Cloud Storage is now enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Customer-managed encryption keys. To learn more about Cloud KMS Autokey, see Autokey overview.

Generative AI on Vertex AI

New stable versions of Gemini 1.5 Pro (gemini-1.5-pro-002) and Gemini 1.5 Flash (gemini-1.5-flash-002) are Generally Available. These models introduce broad quality improvements over the previous 001 versions, with significant gains in the following categories:

  • Factuality and reduce model hallucinations
  • Openbook Q&A for RAG use cases
  • Instruction following
  • Multilingual understanding in 102 languages, especially in Korean, French, German, Spanish, Japanese, Russian, and Chinese.
  • SQL generation
  • Audio understanding
  • Document understanding
  • Long context
  • Math and reasoning

For more information about differences with the previous model versions, see Model versions and lifecycle.

The 2M context window with Gemini 1.5 Pro is now in Generally Available, which opens up long-form multimodal use cases that only Gemini can support.

Use Gemini to directly analyze YouTube videos and publicly available media (such as images, audio, and video) by using a link. This feature is in Public Preview.

The new API parameters audioTimestamp, responseLogprob, and logprobs are in Public Preview. For more information, see API reference.

Gemini 1.5 Pro and Gemini 1.5 Flash now support multimodal input with function calling. This feature is in Preview.

The Vertex AI prompt optimizer adapts your prompts using the optimal instructions and examples to elicit the best performance from your chosen model. This feature is available in Preview. To learn more, see Optimize prompts.

Gemini 1.5 Pro and Gemini 1.5 Flash Tuning is now available in GA. Tune Gemini with text, image, audio, and document data types using the latest models:

  • gemini-1.5-pro-002
  • gemini-1.5-flash-002

Gemini 1.0 tuning remains in preview.

For more information on tuning Gemini, see Tune Gemini models by using supervised fine-tuning.

The latest versions of Gemini 1.5 Flash (gemini-1.5-flash-002) and Gemini 1.5 Pro (gemini-1.5-pro-002) use dynamic shared quota, which distributes on-demand capacity among all queries being processed. Dynamic shared quota is Generally Available.

Google Kubernetes Engine

GKE clusters using the Network Policy feature and Pods specifying a hostPort might have experienced networking connectivity issues after control plane upgrades. As a precaution, GKE disabled auto-upgrades for potentially impacted clusters.

The following GKE versions contain a fix for this issue and are safe to manually upgrade to:

  • 1.27.16-gke.1342000 or later
  • 1.28.13-gke.1078000 or later
  • 1.29.8-gke.1157000 or later
  • 1.30.4-gke.1282000 or later
  • 1.31 or later

GKE control plane upgrades are now resumed and clusters will be auto-upgraded when the patch version becomes an auto-upgrade target for your clusters, honoring maintenance windows and exclusions.

Looker

The following Gemini in Looker features are available in Public Preview:

To learn more about how to activate these features, see Administer Gemini on your Looker (Google Cloud core) instance.

Spanner

Spanner now offers editions, a tier-based pricing model that provides greater flexibility, better cost transparency, and opportunities for cost savings. You can choose between the Standard, Enterprise, and Enterprise Plus editions, letting you pick the right set of capabilities to fit your needs and budget. To learn more, read the Spanner editions overview and blog.

Spanner is now enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Customer-managed encryption keys (CMEK) overview. To learn more about Cloud KMS Autokey, see the Autokey overview.

September 23, 2024

App Engine flexible environment PHP App Engine standard environment PHP BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.63.0 (2024-09-18)

Features
  • bigquery/migration: Update MS API stubs with Unified API (1bb4c84)
  • bigquery: Add support for Go 1.23 iterators (84461c0)
  • bigquery: New client(s) (#10774) (9638b8d)
Bug Fixes
  • bigquery: Bump dependencies (2ddeb15)
  • bigquery: ProcessStream check ctx done when queuing non retryable err (#10675) (60ad7f3)
  • bigquery: Properly handle RANGE type arrays (#10883) (ce3d492)
  • bigquery: Remove retry on FailedPrecondition (#10671) (ab9a961)
  • bigquery: Update dependencies (257c40b)
  • bigquery: Update google.golang.org/api to v0.191.0 (5b32644)
Documentation
  • bigquery/datatransfer: Add a note to the CreateTransferConfigRequest and UpdateTransferConfigRequest to disable restricting service account usage (2710d0f)
  • bigquery/datatransfer: Deprecate authorization_code (84461c0)
  • bigquery/migration: A comment for field name in message .google.cloud.bigquery.migration.v2.MigrationWorkflow is changed to include 'Identifier' (1bb4c84)
  • bigquery/migration: A comment for field translation_config_details in message .google.cloud.bigquery.migration.v2.MigrationTask is changed (1bb4c84)
  • bigquery/migration: A comment for field type in message .google.cloud.bigquery.migration.v2.MigrationTask is changed to include new supported types (1bb4c84)
  • bigquery/storage: A comment for field location_uri in message .google.cloud.bigquery.storage.v1alpha.StorageDescriptor is changed (2710d0f)
  • bigquery/storage: A comment for message StreamMetastorePartitionsRequest is changed (2710d0f)
  • bigquery/storage: A comment for message StreamMetastorePartitionsResponse is changed (2710d0f)

You can now create workflows to execute code assets in sequence at a scheduled time. This feature is in Preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.44.0 (2024-09-16)

Features
Dependencies
Buildpacks Carbon Footprint

Scope 2 market-based emissions data is now Generally Available. This metric represents purchased electricity, incorporating Google's annual renewable energy purchases. Scope 2 emissions on this page are estimated using annual emissions factors from government sources (IEA, EPA & AIB). You can learn more here about the methodology and the difference between location-based and market-based emission metrics.

Scope 2 market-based emissions data is available only from January 2023 onwards and can be accessed in:

Cloud Build

Cloud Build is now available in the africa-south1 region.

For more information, see Cloud Build locations.

Cloud Data Fusion

The Cloud Data Fusion version 6.10.1.1 patch revision is generally available (GA). 6.10.1.1 includes the following changes:

The Cloud Data Fusion version 6.9.2.4 patch revision is GA. 6.9.2.4 includes the following changes:

  • Cloud Data Fusion stores lineage-related information for 30 days by default, in addition to cleaning up run records (CDAP-21053).
  • Added support to disable Field level lineage. For more information, see Explore Data Lineage using metadata (CDAP-21007).
  • Fixed an issue causing the maximum concurrent runs setting not to work as expected for scheduled pipeline runs (CDAP-20988).
  • Fixed an issue causing upgrades to fail when the schedule name had hyphens, spaces, or other symbols (CDAP-20999).
Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Monitoring

The layout of the incident detail page has been updated. You can now view related incidents, and switch between viewing only the time series that caused the condition to be met and viewing all time series that the alerting policy evaluated. For more information, see Incidents for metric-based alerting policies and Incidents for log-based alerting policies.

Cloud Run Cloud Run functions Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.13.0 (2024-09-17)

Features
  • storage: Add support for 'fields' query parameter to getFiles (#2521) (f78fe92)
Bug Fixes

Java

Changes for google-cloud-storage

2.43.0 (2024-09-13)

Features
  • Allow specifying an expected object size for resumable operations. (#2661) (3405611), closes #2511
Bug Fixes
  • Close pending zero-copy responses when Storage#close is called (#2696) (1855308)
  • Github workflow vulnerable to script injection (#2663) (9151ac2)
  • Make ParallelCompositeUploadBlobWriteSessionConfig.ExecutorSupplier#cachedPool a singleton (#2691) (1494809)
Dependencies
  • Promote storage-v2 artifacts to beta (9d22597)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240819-2.0.0 (#2665) (3df1000)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#2698) (1dd51c3)

In order to set a bucket to store Cloud Storage usage logs and storage logs, the bucket must now reside within the same organization as the bucket being logged.

  • If the bucket being logged is not associated with an organization, then the bucket storing the logs must reside within the same project instead.

You can now use hierarchical namespace with Cloud Storage FUSE. To learn more about how mounting buckets with hierarchical namespace enabled can help improve performance, see Mount buckets with hierarchical namespace enabled.

Cloud Workstations

Cloud Workstations is available in the us-west4 region (Las Vegas, Nevada, North America). For more information, see Locations.

Colab Enterprise

You can now use customer-managed encryption keys (CMEK) to protect notebooks in Colab Enterprise.

For more information, see Use customer-managed encryption keys.

Config Connector

Config Connector version 1.123.1 is now available.

Starting from this version, all new CustomResources (CRs) have the cnrm.cloud.google.com/state-into-spec annotation field default to absent. For more information about this behavior, see the spec fields documentation. The behavior of existing CRs is not impacted by this change.

You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on DataflowFlexTemplateJob resource to opt-in the Direct Cloud Reconciler, which provides an advanced status update solution for some timeout issues.

If you use the CloudIdentityGroup, CloudBuildTrigger and FirestoreIndex resources, do not use version 1.123.0, as it contains regression issues for these resources due to the state-into-spec setting.

BigQueryDataTransferConfig (v1alpha1) now uses direct reconciliation.

BigQueryConnectionConnection (v1alpha1) now uses direct reconciliation.

DataformRepository is promoted from alpha to beta.

Added FirestoreDatabase (v1alpha1). This uses direct reconciliation.

Contact Center AI Platform

Version 3.26 is released

All release notes published on this date are part of version 3.26.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Agent-level deflections

With agent-level deflections, you can let your agents set their own deflection options for agent to agent calls. There are deflections for over-capacity, after-hours, and automatic redirection. Agents can choose to deflect to a queue, a phone number, an outbound SIP transfer, voicemail, callback, or keep waiting. Agent-level deflections can also be configured globally. For more information, see Let an agent configure their own deflection options.

Rich messaging

With rich messaging, you can do the following when creating and sending messages: use bold, italic, and underline formatting; create bulleted and numbered lists; and add links. You can also add emojis to messages. This capability is available to agents in the chat adapter. It's also available to administrators when they configure chat shortcuts and the initial chat messages for the web SDK and the mobile SDKs. For more information, see Rich messaging.

First In First Out queue routing

With First In First Out queue routing, you can set equal priority for transferred calls and chats and non-transferred (standard) calls and chats. By default, transferred calls and chats have priority. For more information, see First in first out queue routing.

Direct inbound calling

With direct inbound calling, you can create direct phone numbers and assign them to agents or queues. This lets end-users call directly to an individual agent or queue, bypassing IVR queue trees. Administrators can enable inbound call recording and configure deflection options for direct inbound calls. For more information, see Direct phone numbers.

Fixed an issue where the Interaction JSON metadata file was sometimes not being sent to the Kustomer CRM after a chat or call ended.

Fixed an issue where the queue duration of a chat was sometimes doubled in reporting.

Fixed an issue where messages were not sent to chat participants for chats initiated by the chat API.

Fixed an issue where co-browse metadata was not saved when the recording option was disabled.

Fixed an issue where co-browse session events were not generated at session start and end.

Made improvements to barge.

Fixed an issue where users with a permission group in workforce management could not be created or edited .

Fixed an issue where the generic message was played for custom after hours deflection.

Fixed an issue where agents had more permissions than that role permits.

Fixed an agent assist integration timeout issue.

Implemented a change that prevents the administrator account from being deactivated or changed using bulk user update.

VPC Service Controls are GA

VPC Service Controls in Contact Center AI Platform are GA. For more information, see Product launch stages.

Mobile SDK 2.9 is released

Mobile SDK 2.9 includes the following updates:

  • Android SDK and iOS SDK:
    • Support for rich messaging. End-users can see the rich messaging that agents use in the chat adapter. For more information, see TBD.
  • Android SDK:
    • Text resizing. End-users can increase text size up to 200%. Text is resized using the device settings.

Web SDK 2.24 is released

Web SDK 2.24 includes the following update:

  • Support for rich messaging. End-users can see the rich messaging that agents use in the chat adapter. For more information, see TBD.
Container Optimized OS

cos-113-18244-151-80

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to 1.7.22.

Updated net-misc/curl to 8.10.0.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-42307 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

cos-beta-117-18613-0-57

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Upgraded app-admin/fluent-bit to v3.1.8.

Updated cos-gpu-installer to v2.4.2. This enables creation of /dev/dri when loading nvidia-drm.ko for COS kernels build with loadable drm and dependent modules.

Updated net-misc/curl to 8.10.0.

Fixed CVE-2024-44996 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45020 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 811711 -> 811780

cos-105-17412-448-49

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812689

cos-109-17800-309-69

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated net-misc/curl to 8.10.0.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812253

cos-101-17162-528-49

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-38588 in the Linux kernel

Fixed CVE-2024-38588 in the Linux kernel

Fixed CVE-2024-43853 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-42131 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Dataproc

Dataproc Serverless for Spark: In runtime versions 1.2 and 2.2, minimized the dynamic memory footprint of the Spark application by setting XX:MaxHeapFreeRatio to 30% and XX:MinHeapFreeRatio to 10%.

Dataproc Serverless for Spark: Added the google-cloud-dlp Python package by default to the Dataproc Serverless for Spark runtimes.

Dataproc Serverless for Spark: Fixed an issue that would cause some batches and sessions to fail to start when using the premium compute tier.

Document AI

Models pretrained-expense-v1.3.2-2024-09-11 and pretrained-expense-v1.4.2-2024-09-12 are available as Release Candidates (RC) for Expense Parser. They are upgrades over v1.3 and v1.4 with an enhanced underlying vision model.

For more information about available models, see Expense parser processor versions.

Google Distributed Cloud (software only) for VMware

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and AUTHORITY\Authenticated Users may be able to modify container logs. For more information, see the GCP-2024-054 security bulletin.

Google Distributed Cloud (software only) for bare metal

Release 1.28.1000-gke.60

Google Distributed Cloud for bare metal 1.28.1000-gke.60 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1000-gke.60 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.

The following container image security vulnerabilities have been fixed in 1.28.1000-gke.60:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and AUTHORITY\Authenticated Users may be able to modify container logs. For more information, see the GCP-2024-054 security bulletin.

Google SecOps SOAR

Release 6.3.18 is now in General Availability.

Memorystore for Redis Cluster

Added support for cross-region replication (Preview). For more details, see About cross-region replication.

Network Intelligence Center

Network Analyzer now includes additional information in the IP address utilization summary insights. In the case of Shared VPC, Network Analyzer gives a summary of the IP address utilization of all relevant subnet ranges of the host project, and also provides the insights of the service projects. For more information, see IP address utilization summary insights.

SAP on Google Cloud

New SAP HANA certifications: X4 bare metal machine types for OLTP workloads

SAP has certified the Compute Engine bare metal machine types x4-megamem-960-metal, x4-megamem-1440-metal, and x4-megamem-1920-metal, for use with SAP HANA OLTP workloads in scale-out configurations with up to 4 nodes.

For more information, see X4 memory-optimized bare metal machine types.

Google Cloud storage manager for SAP HANA standby nodes version 2.8

Version 2.8 of the Google Cloud storage manager for SAP HANA standby nodes is generally available (GA). This version includes bug fixes and supportability improvements.

For more information about the storage manager, see Storage Manager for SAP HANA.

September 22, 2024

Google SecOps SOAR

Release 6.3.19 is currently in Preview.

Case Report can now be exported in PDF format.

The comment count on the case wall is not updating correctly. (ID #53266243)

The HTML widget refresh is not affecting the JS code. (ID #00266956)

September 21, 2024

Dataproc

Blocklisted the following Dataproc on Compute Engine subminor image versions:

  • 2.0.119-debian10, 2.0.103-rocky8, 2.0.103-ubuntu18
  • 2.1.67-debian11, 2.1.51-rocky8, 2.1.51-ubuntu20, 2.1.51-ubuntu20-arm
  • 2.2.33-debian12, 2.2.17-rocky9, 2.2.17-ubuntu22

September 20, 2024

Apigee X

On September 20, 2024, we released an updated version of Apigee (1-13-0-apigee-5).

Bug ID Description
366039324 Fixed PEM parsing error in JWT/JWS policies

Resolved a PEM parsing error in JWT/JWS policy execution caused by a problematic PEM format.

353527851 Resolved dropped WebSocket connection

Fixed issue causing a dropped WebSocket connection when using the OAuthV2 policy and the VerifyJWTAccessToken operation or VerifyJWT.

361166073 Fixed issue with JWKS rejection in GenerateJWT policy

Fixed an issue where valid JWKS used to sign encrypted JWTs with the GenerateJWT Policy are incorrectly rejected with steps.jwt.NoMatchingPublicKey.

352593965 Resolved SSL enforcement bug in proxies using the <SSLInfo> block

This release fixes an SSL enforcement bug in proxies where an <SSLInfo> block specifies both <IgnoreValidationErrors> and <Enforce> as true. The bug results in no enforcement for one specific type of SSL violation - a mismatch between the certificate subject name and the real host name of the target (No Subject Alternative Name, or NSAN). With this fix, <Enforce> uniformly overrides <IgnoreValidationErrors> in all cases, including NSAN.

N/A Updates to security infrastructure and libraries.
Confidential VM

Support for AMD SEV on C3D machine types is now released to General Availability.

Document AI

Custom extractor now features property descriptions.

Property description allows you to provide additional context, insights, and prior knowledge for each entity to improve extraction accuracy.

Good examples of property descriptions include location information and text patterns of the property values, which help disambiguate potential sources of confusion in the document, guiding the model with rules that ensure more reliable and consistent extractions, regardless of the specific document structure or content variations.

Generative AI on Vertex AI

Add label metadata to generateContent and streamGenerateContent API calls. For details, see Add labels to API calls.

GitLab on Google Cloud

Gitlab on Google cloud is Generally Available.

The integration enables customers to deploy source from GitLab to Google Cloud run-time environments. The integration simplifies authentication and authorization to Google for GitLab piplines, and uses GitLab and Google CI/CD components.

To get started, try the GitLab end-to-end tutorial.

Identity-Aware Proxy

Preview: You can now use authorization policies to delegate authorization to Identity-Aware Proxy (IAP) and Identity and Access Management (IAM). For more information, see Use authorization policies to delegate authorization to IAP and IAM.

NetApp Volumes

Auto-tiering in Preview is now generally available for allow-listed users. Auto-tiering is now available for Premium and Extreme service levels. Auto-tiering reduces the overall cost of storage by identifying data that is infrequently used and transparently moves it from primary hot storage to less expensive but slower cold storage. For more information, see Auto-tiering.

September 19, 2024

BigQuery

You can perform model monitoring in BigQuery ML. The following model monitoring functions are now generally available (GA):

  • ML.DESCRIBE_DATA: compute descriptive statistics for a set of training or serving data.
  • ML.VALIDATE_DATA_SKEW: compute the statistics for a set of serving data, and then compare them to the statistics for the data used to train a BigQuery ML model in order to identify anomalous differences between the two data sets.
  • ML.VALIDATE_DATA_DRIFT: compute and compare the statistics for two sets of serving data in order to identify anomalous differences between the two data sets.
  • ML.TFDV_DESCRIBE: compute fine-grained descriptive statistics for a set of training or serving data. This function provides the same behavior as the TensorFlow tfdv.generate_statistics_from_csv API.
  • ML.TFDV_VALIDATE: compute and compare the statistics for training and serving data, or two sets of serving data, in order to identify anomalous differences between the two data sets. This function provides the same behavior as the TensorFlow tfdv.validate_statistics API.
Cloud Data Fusion

The SAP SLT No RFC Replication plugin version 0.11.3 is available in Cloud Data Fusion version 6.8.0 and later. This release fixes an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage.

Cloud Logging

You can now query your log data from the Log Analytics page by using reserved BigQuery slots. For more information, see Query and view logs in Log Analytics.

Cloud SQL for PostgreSQL

You can now use gcloud or the Cloud SQL Admin API to switch the storage location of the transaction logs used for point-in-time recovery on your instance without downtime to Cloud Storage. For more information, see Use point-in-time recovery and Switch transaction log storage to Cloud Storage.

Cloud Service Mesh

1.23.2-asm.2 is now available for in-cluster Cloud Service Mesh.

You can now download 1.23.2-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.2 subject to the list of supported features.

Cloud Service Mesh 1.23.2-asm.2 uses Envoy v1.31.1.

This release contains the fix for the security vulnerability listed in GCP-2024-052.

Managed Cloud Service Mesh 1.23 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout.

1.22.5-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-052. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.22.5-asm.1 uses Envoy v1.30.5.

1.21.5-asm.7 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-052. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.5-asm.7 uses Envoy v1.29.8.

1.20.8-asm.7 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-052. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.20.8-asm.7 uses Envoy v1.28.6.

Dialogflow

Dialogflow CX and Vertex AI: The text-bison@002, text-bison and code-bison models will be deprecated on October 21, 2024 and automatically upgraded to the gemini-1.5-flash-001 model. This change applies to Vertex AI agents and the following Dialogflow CX Generative Features:

  • Vertex AI agent apps
  • Data store agents (also known as Chat agents)
  • Generators

After the upgrade on October 21, 2024, gemini-1.5-flash-001 will be automatically selected in the console. We recommend that you upgrade to the new model early to allow enough time for testing and to ensure that your solution works as intended.

Dialogflow CX & ES: Text-to-speech Journey Voices now supports MULAW output audio_encoding (CX, ES) in addition to LINEAR16. Future updates to Journey Voices will appear in the Cloud Text-to-Speech documentation.

Dialogflow CX: Cloud Text-to-Speech europe-west1 and europe-west3 regions for Neural2 voices will temporarily use the eu mulit-region instead.

Google Cloud Architecture Center

(New guide) Migrate from Amazon RDS and Amazon Aurora for PostgreSQL to Cloud SQL and AlloyDB for PostgreSQL: Describes how to design, implement, and validate a plan to migrate from Amazon Relational Database Service (RDS) or Amazon Aurora for PostgreSQL to Cloud SQL.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.500-gke.160 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.500-gke.160 runs on Kubernetes v1.29.7-gke.1200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Fixed the following issues in 1.29.500-gke.160:

  • Fixed the known issue where updating DataplaneV2 ForwardMode didn't automatically trigger anetd DaemonSet restart.
  • Fixed the known issue where the credential.yaml file regenerated incorrectly during admin workstation upgrade.

Fixed the following vulnerabilities in 1.29.500-gke.160:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Kubernetes Engine

(2024-R36) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1296000
    • 1.28.13-gke.1078000
    • 1.29.8-gke.1157000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1282000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1506000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

Regular channel

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

Stable channel

Extended channel

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • Version 1.30.3-gke.1639000 is no longer available in the Extended channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

No channel

(2024-R36) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1296000
    • 1.28.13-gke.1078000
    • 1.29.8-gke.1157000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1282000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1506000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R36) Version updates

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R36) Version updates

(2024-R36) Version updates

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • Version 1.30.3-gke.1639000 is no longer available in the Extended channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R36) Version updates

Looker Studio

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Memorystore for Redis Cluster

Added support for 1, 2, and 4 shard instance shapes (Preview). For more details, see Selecting an instance shape of 1, 2, or 4 shards.

Memorystore for Valkey

Added support for 1, 2, and 4 shard instance shapes (Preview). For more details, see Selecting an instance shape of 1, 2, or 4 shards.

NetApp Volumes

Flex service level now offers regional storage pools and volumes. Regional volumes provide high-availability across zones by synchronously replicating the data between the two zones selected by the user and automatically failing over to the replica zone in the event of a zone failure. This feature is now generally available.

Customer Managed Encryption Keys (CMEK) for the Flex service level which is in Preview is now generally available. For more information, see About CMEK.

Flex service level is now available in all Google Cloud regions.

You can now create more than one active directive policy per region. For more information, see Active Directory.

Flex service level now supports the optional feature Block volume from deletion when clients are connected. This option is required for using NetApp Volumes with Google Cloud VMware Engine (GCVE) datastores. When this option is enabled, it prevents the deletion of a volume if the volume is mounted as a GCVE datastore.

September 18, 2024

AlloyDB for PostgreSQL

The AlloyDB Omni operator is now available in Preview on Google Distributed Cloud (GDC) connected. For more information, see Install AlloyDB Omni on Kubernetes.

Apigee UI

On September 18, 2024, we released an updated version of the Apigee UI.

Bug ID Description
349284447 All API products associated with a key now displayed in the UI

All API products associated with a key can now be viewed in the App detail page of the UI using pagination. Previously, a maximum of 50 API products could be displayed.

Apigee X

On September 18, 2024 we released an updated version of Apigee

Release of Cloud IAM-based authorization and authentication and the VerifyIAM policy.

This release introduces Cloud IAM-based authorization and authentication for Apigee API access. With this IAM-based solution, access to invoke an API requires the API consumer to have a specific Google Cloud IAM role or permissions.

For information, see IAM-based API authentication overview and VerifyIAM policy.

Cloud Composer

Airflow 2.9.3 is available in Cloud Composer images.

(Cloud Composer 2) Fixed the issue where environment create and update operations could fail in rare cases because of the scheduler probe timeouts.

(Cloud Composer 3) Fixed the issue that caused KubernetesPodOperator tasks to fail if they ran for longer than 15 minutes.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.0
  • composer-3-airflow-2.9.1-build.7 (default)
  • composer-3-airflow-2.7.3-build.16

Cloud Composer 2.9.4 images are available:

  • composer-2.9.4-airflow-2.9.3
  • composer-2.9.4-airflow-2.9.1 (default)
  • composer-2.9.4-airflow-2.7.3

Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.9.1 are supported until September 18, 2025.

Cloud Composer versions 2.4.2 and 2.4.3 have reached their end of support period.

Cloud Database Migration Service

Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL now automatically enables point-in-time recovery (PITR) for the destination instance when you promote the migration job. Previously, you had to turn on PITR after you promoted an instance.

For more information, see Promote a migration and Known limitations.

Database Migration Service doesn't automatically enable PITR for homogeneous PostgreSQL migrations to Cloud SQL. For more information, see the release note entry for October 8, 2024.

Compute Engine

You can determine the number of running VMs and reservations that match the properties of a future reservation request. By subtracting this number from the total count specified in a future reservation request, you can determine the number of reserved VMs that an existing future reservation provisions at its start time. For more information, see Determine the number of provisioned VMs.

You can create a future reservation request by reusing the properties of an existing VM. This lets you consume the auto-created reservations for the future reservation by creating VMs with properties that exactly match the reference VM's properties. For more information, see the following:

Generally available: Hyperdisk Balanced volumes can be created in Confidential mode and attached to Confidential VMs.

Generative AI on Vertex AI

Model Garden supports an organization policy so that administrators can limit access to certain models and capabilities. For more information, see Control access to Model Garden models

Security Command Center

Assign high-value resources based on Sensitive Data Protection insights for Amazon S3 buckets

The attack path simulations feature can now automatically set the resource value of an Amazon S3 bucket based on the sensitivity of the data that the bucket contains.

For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.

For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.

Vertex AI Agent Builder

Vertex AI Agent Builder: Redirection URI for grounded results (GA)

When you use Grounding with Google Search, the grounded result contains a redirection URI that leads you to the publisher's URI. This redirection URI remains accessible for up to 30 days after the grounded result is generated.

This feature is Generally available (GA). For more information, see Generate grounded answers with RAG.

September 17, 2024

AlloyDB for PostgreSQL

You can now add the predefined CMEK organization policy for your AlloyDB clusters and backups. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Developer Connect
    • developerconnect.googleapis.com/Connection
    • developerconnect.googleapis.com/GitRepositoryLink
  • Cloud Logging
    • logging.googleapis.com/LogView
    • logging.googleapis.com/Settings
    • logging.googleapis.com/RecentQuery
    • logging.googleapis.com/SavedQuery
Cloud Run

The Direct VPC egress feature of Cloud Run now supports Secure Web Proxy.

Cloud Service Mesh

Cloud Service Mesh with a Traffic Director control plane implementation is still incompatible with Envoy version v1.31.0.

If you manually control your Envoy version, do not upgrade to v1.31.0 as there is an existing issue with connecting to the Traffic Director API. Instead, upgrade to Envoy version 1.31.1 where this issue is fixed, or set GRPC_DNS_RESOLVER=native for v1.31.0 as a workaround.

If you do not manually control your Envoy version, you don't have to do anything. Google's data plane management will not select an incompatible version for you.

Google Cloud Architecture Center

(New guide) Scalable BigQuery backup automation: Build a solution to automate recurrent BigQuery backup operations at scale, with two backup methods: BigQuery snapshots and exports to Cloud Storage. This architecture is accompanied by a deployment guide.

NetApp Volumes

Large capacity volumes in Preview is now generally available for allow-listed users. Premium and Extreme service levels now offer large capacity volumes. Large capacity volumes can be sized between 15TiB and 1 PiB in increments of 1 GiB, and deliver throughput performance of up to 12.5 GiBps. Large capacity volumes offer six storage endpoints (IP addresses) to load-balance client traffic to the volume and achieve higher performance. For more information, see Large capacity volumes.

Sensitive Data Protection

The POLITICAL_TERM infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The NEW_ZEALAND_NHI_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI

To ensure that VM resources are available when your custom training and prediction jobs need them, you can now use Compute Engine reservations. Reservations provide a high level of assurance in obtaining capacity for Compute Engine resources. This feature is available in Preview for A2 and A3 machine series reservations.

For more information, see Use reservations with training and Use reservations with prediction.

To reduce the cost of running your training and prediction jobs, you can now use Spot VMs. Spot VMs are virtual machine (VM) instances that are excess Compute Engine capacity. Spot VMs have significant discounts, but Compute Engine might preemptively stop or delete Spot VMs to reclaim the capacity at any time. This feature is available in Preview.

For more information, see Use Spot VMs with training and Use Spot VMs with prediction.

Vertex AI Agent Builder

Vertex AI Search: Firestore and Cloud SQL import (GA)

Importing data from Firestore and Cloud SQL is Generally available.

For more information, see Import from Firestore and Import from Cloud SQL.

September 16, 2024

AlloyDB for PostgreSQL

The postgres_ann extension has been renamed to alloydb_scann. Before you upgrade to AlloyDB Omni Kubernetes operator version 1.1.1, you must drop any indexes created using the earlier postgres_ann version, then upgrade AlloyDB Omni, and then create the indexes again using the alloydb_scann extension.

Added a tutorial that shows you how to set up a connection from an application running in a Google Kubernetes Engine autopilot cluster to an AlloyDB instance.

AlloyDB Omni Kubernetes operator version 1.1.1 is now available. This patch fixes the following issues:

  • Fixed a regression for the AlloyDB Vertex AI integration.
  • Fixed a bug in which upgrading from version 1.0.0 to version 1.1.0 failed when using injected sidecars.
  • Fixed a bug in which backups weren't reestablished correctly across failovers when using the Commvault sidecar with high availability (HA) configurations.
  • Fixed a bug that caused a status to be incorrectly set by the load balancer, resulting in erroneous reports that the database cluster wasn't ready.

Upgrading to version 1.1.1 of the AlloyDB Omni Kubernetes operator might result in a brief interruption to all database clusters. No data loss is expected.

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • Reduction of the total requirement for Transaction and Account data from 41 to 30 months
  • Performance improvements across several feature families, focusing on more recent high risk activity
  • Adjustment to the calculation of the PartyRecall metric in the rare corner case when many customers have the same prediction score and it's not possible to yield exactly partyInvestigationsPerPeriod positive predictions
  • Uses the latest FATF high risk geos, published in Jan 2024 (High-Risk Jurisdictions subject to a Call for Action and Jurisdictions under Increased Monitoring)
AutoML Translation

AutoML Translation API is deprecated and will no longer be available on Google Cloud after September 30, 2025. You can replicate the functionality of custom models through Cloud Translate - Advanced (v3).

BigQuery

You can now batch migrate classic saved queries to saved queries. This feature is in Preview for projects that have fewer than 2500 classic saved queries.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.42.3 (2024-09-12)

Dependencies
  • Update actions/upload-artifact action to v4.4.0 (#3467) (08b28c5)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#3472) (fa9ac5d)

You can now use a CREATE MODEL statement to create a contribution analysis model in BigQuery ML. You can use a contribution analysis model with the ML.GET_INSIGHTS function to generate insights about changes to key metrics in your multi-dimensional data.

Try this feature with the Get data insights from a contribution analysis model tutorial.

This feature is in preview.

You can store columns in your vector indexes and pre-filter data in your vector searches to improve query efficiency. This feature is Generally Available.

BigQuery Engine for Apache Flink

BigQuery Engine for Apache Flink is now in Preview. BigQuery Engine for Apache Flink is a Google Cloud service that helps you run Apache Flink.

Cloud Load Balancing

Envoy-based Application Load Balancers now support authorization policies that let you establish access control checks for incoming traffic. For details, see Authorization policy.

This feature is available in Preview.

Cloud Logging

You can now create and manage your log scopes by using the Logging API in addition to using the Cloud Console. This feature is in public preview. For more information, see Create and manage log scopes.

There is a new Cloud Observability Overview page in the Google Cloud Console. The new page, which you can customize, introduces the Cloud Observability products, and provides information about your logs, dashboards, incidents, and more. This page can help you detect issues in your resources, view relevant events, and view signals that matter to you.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.2 (2024-09-12)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#1683) (31ec2b9)
Cloud Monitoring

There is a new Cloud Observability Overview page in the Google Cloud Console. The new page, which you can customize, introduces the Cloud Observability products, and provides information about your logs, dashboards, incidents, and more. This page can help you detect issues in your resources, view relevant events, and view signals that matter to you.

Cloud Run

You can now apply custom constraints for projects that get enforced by organization policies on your Cloud Run services and jobs (in Preview).

Cloud SQL for MySQL

Cloud SQL is discontinuing support for legacy high availability (HA) instance configuration on January 6, 2025. After this date, you can't create Cloud SQL for MySQL instances with the legacy configuration for high availability. You also can't enable the legacy configuration for high availability on existing instances. Until January 6, 2025, legacy HA instances are still covered by the Cloud SQL SLA. We recommend that you upgrade your existing legacy HA instances to regional persistent disk HA instances as soon as possible and create new HA instances using regional persistent disk instead.

Starting on May 1, 2025, Cloud SQL will migrate any remaining instances that use the legacy HA configuration to the current HA configuration automatically.

Cloud Workstations

Cloud Workstations preconfigured base images use Ubuntu 24.04. The last images built on Ubuntu 22.04 are tagged with last-ubuntu2204 for building backwards compatible custom images.

Cloud Workstations preconfigured base images default to Python 3.12.3.

Container Optimized OS

cos-beta-117-18613-0-41

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-lang/python to v3.8.19_p1. This fixes CVE-2007-4559.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-44943 in the Linux kernel

Fixed CVE-2024-43891 in the Linux kernel

Fixed CVE-2024-43892 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Fixed CVE-2024-44957 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 811784 -> 811711

cos-109-17800-309-59

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Updated dev-lang/python to 3.8.19_p1. This fixes

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-42307 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-43873 in the Linux kernel

Fixed CVE-2024-42302 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812274 -> 812257

cos-113-18244-151-57

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated dev-lang/python to v3.8.19_p1. This fixes CVE-2007-4559.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-42302 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-43873 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812022 -> 812026

cos-105-17412-448-36

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2024-6232 in dev-lang/python and upgraded to v3.8.19 which fixes CVE-2007-4559.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-43853 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

cos-101-17162-528-40

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-6232 in dev-lang/python.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-39468 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

cos-dev-121-18667-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.51 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Updated the Linux kernel to v6.6.51.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Runtime sysctl changes:

  • Changed: fs.file-max: 811768 -> 811782

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.10.1 (2024-09-12)

Bug Fixes
  • dataflow: Bump dependencies (2ddeb15)
Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.118-debian10, 2.0.118-rocky8, 2.0.118-ubuntu18
  • 2.1.66-debian11, 2.1.66-rocky8, 2.1.66-ubuntu20, 2.1.66-ubuntu20-arm
  • 2.2.32-debian12, 2.2.32-rocky9, 2.2.32-ubuntu22
Dialogflow

Dialogflow CX and Vertex AI Agents: Generative features will migrate to the gemini-1.5-flash-001 model on September 30, 2024. See the email notification.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.21.3 (2024-09-11)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#1561) (5a79fd8)
  • Update dependency com.google.errorprone:error_prone_core to v2.31.0 (#1523) (8d3af32)
  • Update dependency com.google.guava:guava-testlib to v33.3.0-jre (#1548) (18ba37f)
  • Update dependency org.easymock:easymock to v5.4.0 (#1482) (ee788a1)
Google Cloud Architecture Center

Design an optimal storage strategy for your cloud workload: Updated guidance about storage recommendations and storage options decision tree with information about Hyperdisk ML and Hyperdisk Balanced. Updated file storage guidance based on performance scalability and supported file system protocols.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Apache (APACHE)
  • Apigee (GCP_APIGEE_X)
  • Archer Integrated Risk Management (ARCHER_IRM)
  • Arcsight CEF (ARCSIGHT_CEF)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPN (AWS_VPN)
  • Azure AD (AZURE_AD)
  • Azure AD Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Privileged Identity (BEYONDTRUST_PI)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco WSA (CISCO_WSA)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cohesity (COHESITY)
  • Corelight (CORELIGHT)
  • CrowdStrike Falcon (CS_EDR)
  • Cyber 2.0 IDS (CYBER_2_IDS)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • CyberArk PTA Privileged Threat Analytics (CYBERARK_PTA)
  • Darktrace (DARKTRACE)
  • Dell Switch (DELL_SWITCH)
  • Duo Administrator Logs (DUO_ADMIN)
  • Duo Auth (DUO_AUTH)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • F5 ASM (F5_ASM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • FireEye (FIREEYE_ALERT)
  • FireEye ETP (FIREEYE_ETP)
  • FireEye HX (FIREEYE_HX)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Mail Relay (FORCEPOINT_MAIL_RELAY)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • GCP_APP_ENGINE (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Guardium (GUARDIUM)
  • IBM OpenPages (IBM_OPENPAGES)
  • Infoblox DNS (INFOBLOX_DNS)
  • Jenkins (JENKINS)
  • Layer7 SiteMinder (SITEMINDER_SSO)
  • Linux Auditing System (AuditD) (AUDITD)
  • Malwarebytes (MALWAREBYTES_EDR)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mimecast (MIMECAST_MAIL)
  • Nagios Infrastructure Monitoring (NAGIOS)
  • Network Policy Server (MICROSOFT_NPS)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Oracle (ORACLE_DB)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • PostgreSQL (POSTGRESQL)
  • Precisely Ironstream IBM z/OS (IRONSTREAM_ZOS)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sap Business Technology Platform (SAP_BTP)
  • Security Command Center Threat (N/A)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • Shibboleth IDP (SHIBBOLETH_IDP)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snowflake (SNOWFLAKE)
  • Sophos AV (SOPHOS_AV)
  • Sophos Intercept EDR (SOPHOS_EDR)
  • Sourcefire (SOURCEFIRE_IDS)
  • Splunk Attack Analyzer (SPLUNK_ATTACK_ANALYZER)
  • SpyCloud (SPYCLOUD)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Endpoint Protection (SEP)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Tenable Audit (TENABLE_AUDIT)
  • Thales Vormetric (VORMETRIC)
  • Trend Micro Apex one (TRENDMICRO_APEX_ONE)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • Twingate (TWINGATE)
  • Ubika Waf (UBIKA_WAF)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Wazuh (WAZUH)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • XAMS by Xiting (XITING_XAMS)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Active Identity HID (ACTIVE_IDENTITY_HID)
  • Akamai Event Viewer (AKAMAI_EVT_VWR)
  • Autodesk Vault (AUTODESK_VAULT)
  • Avaza (AVAZA)
  • Avigilon Access Logs (AVIGILON_ACCESS_LOGS)
  • Axis Camera (AXIS_CAMERA)
  • Axis License Plate Reader (AXIS_LPR)
  • Azure Nix System (AZURE_NIX_SYSTEM)
  • CallTower Audio Conferencing (CALLTOWER_AUDIO)
  • Canon Printers (CANON_PRINTERS)
  • Cisco Secure Endpoint (CISCO_SECURE_ENDPOINT)
  • Control UP (CONTROL_UP)
  • Cradlepoint Router Logs (CRADLEPOINT)
  • Crowdstrike Spotlight (CROWDSTRIKE_SPOTLIGHT)
  • CrushFTP (CRUSHFTP)
  • CrowdStrike Filevantage (CS_FILEVANTAGE)
  • Cybersixgill (CYBERSIXGILL)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Dell Core Switch (DELL_EMC_NETWORKING)
  • DLink Switch (DLINK_SWITCH)
  • Elastic Security (ELASTIC_EDR)
  • Fireblocks (FIREBLOCKS)
  • Forescout eyeInspect (FORESCOUT_EYEINSPECT)
  • Fortinet FortiGate IPS (FORTINET_IPS)
  • H3C Router (H3C_ROUTER)
  • Hackerone (HACKERONE)
  • Halo Sensor (HALO_SENSOR)
  • Hashcast (HASHCAST)
  • Perforce Helix Core (HELIX_CORE)
  • Heroku (HEROKU)
  • Hillstone NDR (HILLSTONE_NDR)
  • HL7 (HL7)
  • HoopDev (HOOPDEV)
  • Huawei Switches (HUAWEI_SWITCH)
  • Identity Security Cloud (IDENTITY_SECURITY_CLOUD)
  • Imperva Data Risk Analytics (IMPERVA_DATA_ANALYTICS)
  • Imperva DRA (IMPERVA_DRA)
  • IM Express (IM_EXPRESS)
  • Intezer (INTEZER)
  • Jumpcloud IAM (JUMPCLOUD_IAM)
  • Maltiverse IOC (MALTIVERSE_IOC)
  • ManageEngine Log360 (MANAGE_ENGINE_LOG360)
  • McAfee Network Security Platform (MCAFEE_NSP)
  • Miro Cloud (MIRO_CLOUD)
  • Nokia Home Device Manager (NOKIA_HDM)
  • Nortel Secure Router (NORTEL_SR)
  • Notion (NOTION)
  • One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
  • IDnomic Public Key Infrastructure (OPENTRUST)
  • Outline Activity Logs (OUTLINE_ACTIVITY_LOGS)
  • Prismatic IO (PRISMATIC_IO)
  • ProFTPD (PROFTPD)
  • Provision Asset Context (PROVISION_ASSET_CONTEXT)
  • Ransomcare (RANSOMCARE)
  • Rapid7 Insights Threat Command (RAPID7_INSIGHTS_THREAT_COMMAND)
  • Saporo (SAPORO)
  • SAS Metadata Server log (SAS_METADATA_SERVER_LOG)
  • Scylla (SCYLLA)
  • Senseon Alerts (SENSEON_ALERTS)
  • Sonic Switch (SONIC_SWITCH)
  • Symantec Data Center Security (SYMANTEC_DCS)
  • Syncplify SFTP 2 Events (SYNCPLIFY_SFTP)
  • Team Cymru Scout Threat Intelligence (TEAM_CYMRU_SCOUT_THREATINTEL)
  • Tenable CSPM (TENABLE_CSPM)
  • Teqtivity Assets (TEQTIVITY_ASSETS)
  • Tines (TINES)
  • TP Link Network Switches (TPLINK_SWITCH)
  • TT D365 (TT_D365)
  • TT MSAN DSLAM (TT_MSAN_DSLAM)
  • TT Trio Chordiant (TT_TRIO_CHORDIANT)
  • Tufin (TUFIN)
  • Tufin Secure Track (TUFIN_SECURE_TRACK)
  • UberAgent (UBERAGENT)
  • Upstream Vehicle SOC Alerts (UPSTREAM_VSOC_ALERTS)
  • URLScan IO (URLSCAN_IO)
  • Vertiv UPS (VERTIV_UPS)
  • Very Good Security (VERY_GOOD_SECURITY)
  • Virtual Browser (VIRTUAL_BROWSER)
  • VMWare VSphere (VMWARE_VSPHERE)
  • Webroot Identity Protection (WEBROOT_IDENTITY_PROTECTION)
  • WideField (WIDEFIELD_SECURITY)
  • Zscaler Sandbox (ZSCALER_SANDBOX)
  • Zywall (ZYWALL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Apache (APACHE)
  • Apigee (GCP_APIGEE_X)
  • Archer Integrated Risk Management (ARCHER_IRM)
  • Arcsight CEF (ARCSIGHT_CEF)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPN (AWS_VPN)
  • Azure AD (AZURE_AD)
  • Azure AD Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Privileged Identity (BEYONDTRUST_PI)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco WSA (CISCO_WSA)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cohesity (COHESITY)
  • Corelight (CORELIGHT)
  • CrowdStrike Falcon (CS_EDR)
  • Cyber 2.0 IDS (CYBER_2_IDS)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • CyberArk PTA Privileged Threat Analytics (CYBERARK_PTA)
  • Darktrace (DARKTRACE)
  • Dell Switch (DELL_SWITCH)
  • Duo Administrator Logs (DUO_ADMIN)
  • Duo Auth (DUO_AUTH)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • F5 ASM (F5_ASM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • FireEye (FIREEYE_ALERT)
  • FireEye ETP (FIREEYE_ETP)
  • FireEye HX (FIREEYE_HX)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Mail Relay (FORCEPOINT_MAIL_RELAY)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • GCP_APP_ENGINE (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Guardium (GUARDIUM)
  • IBM OpenPages (IBM_OPENPAGES)
  • Infoblox DNS (INFOBLOX_DNS)
  • Jenkins (JENKINS)
  • Layer7 SiteMinder (SITEMINDER_SSO)
  • Linux Auditing System (AuditD) (AUDITD)
  • Malwarebytes (MALWAREBYTES_EDR)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mimecast (MIMECAST_MAIL)
  • Nagios Infrastructure Monitoring (NAGIOS)
  • Network Policy Server (MICROSOFT_NPS)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Oracle (ORACLE_DB)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • PostgreSQL (POSTGRESQL)
  • Precisely Ironstream IBM z/OS (IRONSTREAM_ZOS)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sap Business Technology Platform (SAP_BTP)
  • Security Command Center Threat (N/A)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • Shibboleth IDP (SHIBBOLETH_IDP)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snowflake (SNOWFLAKE)
  • Sophos AV (SOPHOS_AV)
  • Sophos Intercept EDR (SOPHOS_EDR)
  • Sourcefire (SOURCEFIRE_IDS)
  • Splunk Attack Analyzer (SPLUNK_ATTACK_ANALYZER)
  • SpyCloud (SPYCLOUD)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Endpoint Protection (SEP)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Tenable Audit (TENABLE_AUDIT)
  • Thales Vormetric (VORMETRIC)
  • Trend Micro Apex one (TRENDMICRO_APEX_ONE)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • Twingate (TWINGATE)
  • Ubika Waf (UBIKA_WAF)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Wazuh (WAZUH)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • XAMS by Xiting (XITING_XAMS)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Active Identity HID (ACTIVE_IDENTITY_HID)
  • Akamai Event Viewer (AKAMAI_EVT_VWR)
  • Autodesk Vault (AUTODESK_VAULT)
  • Avaza (AVAZA)
  • Avigilon Access Logs (AVIGILON_ACCESS_LOGS)
  • Axis Camera (AXIS_CAMERA)
  • Axis License Plate Reader (AXIS_LPR)
  • Azure Nix System (AZURE_NIX_SYSTEM)
  • CallTower Audio Conferencing (CALLTOWER_AUDIO)
  • Canon Printers (CANON_PRINTERS)
  • Cisco Secure Endpoint (CISCO_SECURE_ENDPOINT)
  • Control UP (CONTROL_UP)
  • Cradlepoint Router Logs (CRADLEPOINT)
  • Crowdstrike Spotlight (CROWDSTRIKE_SPOTLIGHT)
  • CrushFTP (CRUSHFTP)
  • CrowdStrike Filevantage (CS_FILEVANTAGE)
  • Cybersixgill (CYBERSIXGILL)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Dell Core Switch (DELL_EMC_NETWORKING)
  • DLink Switch (DLINK_SWITCH)
  • Elastic Security (ELASTIC_EDR)
  • Fireblocks (FIREBLOCKS)
  • Forescout eyeInspect (FORESCOUT_EYEINSPECT)
  • Fortinet FortiGate IPS (FORTINET_IPS)
  • H3C Router (H3C_ROUTER)
  • Hackerone (HACKERONE)
  • Halo Sensor (HALO_SENSOR)
  • Hashcast (HASHCAST)
  • Perforce Helix Core (HELIX_CORE)
  • Heroku (HEROKU)
  • Hillstone NDR (HILLSTONE_NDR)
  • HL7 (HL7)
  • HoopDev (HOOPDEV)
  • Huawei Switches (HUAWEI_SWITCH)
  • Identity Security Cloud (IDENTITY_SECURITY_CLOUD)
  • Imperva Data Risk Analytics (IMPERVA_DATA_ANALYTICS)
  • Imperva DRA (IMPERVA_DRA)
  • IM Express (IM_EXPRESS)
  • Intezer (INTEZER)
  • Jumpcloud IAM (JUMPCLOUD_IAM)
  • Maltiverse IOC (MALTIVERSE_IOC)
  • ManageEngine Log360 (MANAGE_ENGINE_LOG360)
  • McAfee Network Security Platform (MCAFEE_NSP)
  • Miro Cloud (MIRO_CLOUD)
  • Nokia Home Device Manager (NOKIA_HDM)
  • Nortel Secure Router (NORTEL_SR)
  • Notion (NOTION)
  • One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
  • IDnomic Public Key Infrastructure (OPENTRUST)
  • Outline Activity Logs (OUTLINE_ACTIVITY_LOGS)
  • Prismatic IO (PRISMATIC_IO)
  • ProFTPD (PROFTPD)
  • Provision Asset Context (PROVISION_ASSET_CONTEXT)
  • Ransomcare (RANSOMCARE)
  • Rapid7 Insights Threat Command (RAPID7_INSIGHTS_THREAT_COMMAND)
  • Saporo (SAPORO)
  • SAS Metadata Server log (SAS_METADATA_SERVER_LOG)
  • Scylla (SCYLLA)
  • Senseon Alerts (SENSEON_ALERTS)
  • Sonic Switch (SONIC_SWITCH)
  • Symantec Data Center Security (SYMANTEC_DCS)
  • Syncplify SFTP 2 Events (SYNCPLIFY_SFTP)
  • Team Cymru Scout Threat Intelligence (TEAM_CYMRU_SCOUT_THREATINTEL)
  • Tenable CSPM (TENABLE_CSPM)
  • Teqtivity Assets (TEQTIVITY_ASSETS)
  • Tines (TINES)
  • TP Link Network Switches (TPLINK_SWITCH)
  • TT D365 (TT_D365)
  • TT MSAN DSLAM (TT_MSAN_DSLAM)
  • TT Trio Chordiant (TT_TRIO_CHORDIANT)
  • Tufin (TUFIN)
  • Tufin Secure Track (TUFIN_SECURE_TRACK)
  • UberAgent (UBERAGENT)
  • Upstream Vehicle SOC Alerts (UPSTREAM_VSOC_ALERTS)
  • URLScan IO (URLSCAN_IO)
  • Vertiv UPS (VERTIV_UPS)
  • Very Good Security (VERY_GOOD_SECURITY)
  • Virtual Browser (VIRTUAL_BROWSER)
  • VMWare VSphere (VMWARE_VSPHERE)
  • Webroot Identity Protection (WEBROOT_IDENTITY_PROTECTION)
  • WideField (WIDEFIELD_SECURITY)
  • Zscaler Sandbox (ZSCALER_SANDBOX)
  • Zywall (ZYWALL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Identity and Access Management

Privileged Access Manager (PAM) is now released to General Availability. The following features have been added:

Media CDN

HTTP method filtering for specific route rules is now Generally Available. You can now also implement such filtering by using the GUI.

Migrate to Virtual Machines

As Container Registry is deprecated, Migrate to Virtual Machines is transitioning from Container Registry to Artifact Registry to store images running on Migrate Connector. This transition will be completed by October 15, 2025. For the most part, this change should not affect your usage of Migrate Connector or Migrate to Virtual Machines. However, for some configurations, you might have to add VPC-SC rules to allow Migrate Connector to access Artifact Registry. If you need help using Artifact Registry with Migrate to Virtual Machines, contact the Migrate to Virtual Machines support team.

Oracle Database@Google Cloud

Oracle Database@Google Cloud is now Generally Available (GA).

Google Cloud's partnership with Oracle allows you to combine Oracle Cloud Infrastructure (OCI) and Google Cloud technologies. With native integration, you can deploy your Oracle database services in a Google Cloud data center running on OCI Exadata hardware with minimal latency. Oracle Database@Google Cloud supports the following OCI products on Google Cloud:

  • Exadata Database Service
  • Autonomous Database Service

For more information about Oracle Database@Google Cloud, see the Product overview.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.7.2 (2024-09-13)

Bug Fixes

Go

Changes for pubsub/apiv1

1.43.0 (2024-09-09)

Features
  • pubsub: Add support for Go 1.23 iterators (84461c0)
  • pubsub: Allow trace extraction from protobuf message (#10827) (caa826c)
Bug Fixes

Java

Changes for google-cloud-pubsub

1.132.2 (2024-09-11)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.1 (#2152) (1457489)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.2 (#2157) (d671347)
  • Update dependency com.google.cloud:google-cloud-core to v2.43.0 (#2161) (05a37b7)
  • Update dependency com.google.cloud:google-cloud-storage to v2.42.0 (#2145) (77c3e78)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#2162) (27eaffd)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.4 (#2153) (32c78b3)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.0 (#2155) (5f61fe1)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.1 (#2167) (bb8ea71)
  • Update dependency org.xerial.snappy:snappy-java to v1.1.10.7 (#2165) (e7fb60e)

Python

Changes for google-cloud-pubsub

2.23.1 (2024-09-09)

Bug Fixes
  • Replace asserts with None checks for graceful shutdown (#1244) (ced4f52)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.1 (2024-09-12)

Bug Fixes
  • secretmanager: Bump dependencies (2ddeb15)
Service Extensions

Authorization extensions help you configure Cloud Load Balancing authorization policies to use custom authorization engines. This feature is in Preview.

You can now also host an extension on a backend service that uses serverless NEGs pointing to Cloud Run services. For more information, see Supported backends for extension services.

Vertex AI

Schedule Vertex AI custom training jobs based on resource availability. For details, see the Vertex AI documentation.

September 15, 2024

Google SecOps SOAR

Release 6.3.17 is now in General Availability.

Release 6.3.18 is currently in Preview.

September 13, 2024

Access Approval

Access Approval supports Cloud Interconnect in the GA stage.

Apigee hybrid

hybrid v1.12.2

On September 13, 2024 we released an updated version of the Apigee hybrid software, 1.12.2.

Bug ID Description
362305438 You can now add additional env variables to the runtime component.
347798999 You can now configure forward proxy for opentelemetry pods in Apigee hybrid.
Bug ID Description
N/A Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra.
This addresses the following vulnerability:
Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Secure Web Proxy
    • networksecurity.googleapis.com/FirewallEndpoint
    • networksecurity.googleapis.com/FirewallEndpointAssociation
    • networksecurity.googleapis.com/SecurityProfile
    • networksecurity.googleapis.com/SecurityProfileGroup
    • networkservices.googleapis.com/ServiceLbPolicy
    • networksecurity.googleapis.com/TlsInspectionPolicy
Cloud SQL for SQL Server

For Cloud SQL Enterprise Plus edition, you can set the number of days of retained transaction logs from 1 to 35. For more information, see Use point-in-time recovery (PITR).

Dataproc

Dataproc Serverless for Spark: Fixed a bug that caused some batches and sessions to fail to start when using the premium compute tier.

Memorystore for Redis Cluster

Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.

Memorystore for Valkey

Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.

NetApp Volumes

New Identity and Access Management (IAM) permissions have been added. For more information, see Identity and Access Management roles and permissions.

Added new cloud monitoring metrics, specifically for auto-tiering and backups. For more information, see Monitor NetApp Volumes.

SAP on Google Cloud

Support for version 1 of Google Cloud's Agent for SAP has ended

Version 1 of Google Cloud's Agent for SAP has reached the end of support.

If you're using version 1 of the agent, then we strongly recommend that you update to using a supported version as soon as possible. For information about supported versions, see Supported versions for SAP on Google Cloud. For information about how to update to a supported version of the agent, see Update Google Cloud's Agent for SAP.

Virtual Private Cloud

You can use Private Service Connect endpoints to access the regional service endpoints of supported Google APIs. This feature is available in General Availability.

Workflows

The maximum number of concurrent workflow executions has increased from 7,500 to 10,000.

September 12, 2024

Access Approval

Access Approval supports Database Center in the Preview stage.

Access Transparency

Access Transparency supports Database Center in the Preview stage.

Apigee X

On September 12, 2024, we released an updated version of Apigee.

With this release, Apigee supports Workforce Identity Federation.

Workforce Identity Federation lets you use an external identity provider (IdP) to authenticate and authorize a workforce — a group of users, such as employees, partners, and contractors — using Identity and Access Management (IAM) to access Apigee services.

See Access Apigee using Workforce Identity Federation for more information.

Bug ID Description
338285095 Fixed a problem where apps associated with an AppGroup did not appear in the Apps list in the Apigee UI in Cloud Console. As a result, users could not access the app's App Detail page in the console. Using search in the console with a partial app name or API key search for the app was not available.

With this fix, users can now view apps associated with an AppGroup in the Apps list, and view details for each app or delete the app. Users will still not be able to create or edit AppGroup apps.

Apigee hybrid organizations were not impacted by this problem, as they use the Classic UI to view the app details.

PEM parsing error in JWT/JWS policies due to non-standard format

For Apigee and Apigee hybrid versions 1.13 and higher, any deviations in the required PEM format of keys used in Apigee JWS or JWT policies may result in a parsing error.

For more information, see Apigee known issues.

Application Integration

The XSLT Transform data transformer function is now available. This function transforms the specified XML string using the specified XSL string.

BigQuery

You can now use the partial ordering mode in BigQuery DataFrames to generate more efficient queries. This feature is in Preview.

Cloud SQL for MySQL

Cloud SQL now supports near-zero downtime planned maintenance on standalone Cloud SQL Enterprise Plus edition primary instances. In addition, you can also simulate near-zero downtime for planned maintenance events on standalone Cloud SQL Enterprise Plus edition primary instances.

For more information, see About maintenance on Cloud SQL instances.

You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. To upgrade your instance, see Upgrade an instance to Cloud SQL Enterprise Plus edition using in-place upgrade.

You can now upgrade the minor version of a Cloud SQL for MySQL Enterprise Plus edition instance with near-zero downtime. To upgrade the minor version of your Cloud SQL for MySQL 8.0 instance, see Upgrade the minor version.

You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser), instead of using the Cloud SQL Admin IAM role.

For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Cloud SQL for PostgreSQL

Cloud SQL now supports near-zero downtime planned maintenance on standalone Cloud SQL Enterprise Plus edition primary instances. In addition, you can also simulate near-zero downtime for planned maintenance events on standalone Cloud SQL Enterprise Plus edition primary instances.

For more information, see About maintenance on Cloud SQL instances.

You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. To upgrade your instance, see Upgrade an instance to Cloud SQL Enterprise Plus edition using in-place upgrade.

You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser), instead of using the Cloud SQL Admin IAM role.

For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Cloud SQL for SQL Server

You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser), instead of using the Cloud SQL Admin IAM role.

For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Google Distributed Cloud (software only) for bare metal

Release 1.29.500-gke.163

Google Distributed Cloud for bare metal 1.29.500-gke.163 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.500-gke.163 runs on Kubernetes v1.29.7-gke.1200.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following container image security vulnerabilities have been fixed in 1.29.500-gke.163:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Identity and Access Management

You can manage IAM deny policies using the Google Cloud console. For more information, see Deny access to resources.

Looker Studio

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Text wrapping for pivot table column headers

You can choose to wrap column header text in pivot table charts by enabling the Wrap text option in the Style tab.

Public Preview of Gemini in Looker Conversational Analytics

You can query data in natural language. The Conversational Analytics feature is a Gemini-powered data querying experience that makes it easier to find answers, explore data, and share insights using natural language. This feature is now available in Public Preview.

Learn more about Gemini in Looker and how to enable it in Looker Studio.

September 11, 2024

Apigee Advanced API Security

Delay in score generation for Risk Assessment v2 with VPC-SC-enabled organizations only

This issue impacts Risk Assessment v2 only, which is in preview.

With VPC-SC-enabled organizations only, when generating scores for new organizations or scoring changes to included proxies, shared flows, and target server configurations, score generation could take as much as three hours.

See the Risk Assessment v2 customer documentation for information on the functionality.

BigQuery

You can now use Terraform to manage IAM tags on datasets and tables. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Pub/Sub
    • pubsub.googleapis.com/Schema
  • Secure Web Proxy
    • networksecurity.googleapis.com/GatewaySecurityPolicy
    • networksecurity.googleapis.com/GatewaySecurityPolicyRule
    • networksecurity.googleapis.com/UrlList
Cloud Storage

You can now specify United States regions when using regional endpoints.

Config Connector

Config Connector version 1.122.0 is now available.

The state-into-spec field now defaults to Absent in all Config Controller clusters.

RedisCluster (Alpha) now uses direct reconciliation.

SQLInstance now uses direct reconciliation.

Added RedisCluster (Alpha) resource for service Redis.

ContainerCluster

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

ContainerNodePool

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

SQLInstance

Add the spec.cloneSource field to clone a SQLInstance.

RunJob

Add the spec.template.template.volumes[].cloudSqlInstance field to configure Cloud SQL instance.

Google Kubernetes Engine

For GPU node pools created in GKE Standard clusters running version 1.30.1-gke.115600 or later, GKE automatically installs the default NVIDIA GPU driver version corresponding to the GKE version if you don't specify the gpu-driver-version flag.

(2024-R35) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.0-gke.1506000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1234000
    • 1.27.16-gke.1234001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1024000
    • 1.28.13-gke.1042000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.4-gke.1129000
    • 1.30.4-gke.1213000
    • 1.31.0-gke.1058000
    • 1.31.0-gke.1324000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1506000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

Stable channel

  • Version 1.30.2-gke.1587003 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • Version 1.27.16-gke.1008000 is no longer available in the Stable channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1051001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1051001 with this release.

Extended channel

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

No channel

(2024-R35) Version updates

  • Version 1.31.0-gke.1506000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1234000
    • 1.27.16-gke.1234001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1024000
    • 1.28.13-gke.1042000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.4-gke.1129000
    • 1.30.4-gke.1213000
    • 1.31.0-gke.1058000
    • 1.31.0-gke.1324000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1506000 with this release.

(2024-R35) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

(2024-R35) Version updates

  • Version 1.30.2-gke.1587003 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • Version 1.27.16-gke.1008000 is no longer available in the Stable channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1051001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1051001 with this release.

(2024-R35) Version updates

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

(2024-R35) Version updates

Looker

Looker 24.16 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, September 16, 2024

  • Expected Looker (original) final deployment and download available: Thursday, September 26, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, September 16, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, September 30, 2024

Beginning in Looker 24.18, the October 2024 Looker release, Google Maps will be the only visualization engine for all map visualizations. The Legacy Maps chart type will be removed. Please go to the Legacy features page in the Admin panel and disable "Allow legacy maps"; if you encounter any issues, contact Looker Support.

The LookML Validator now checks for incompatible types in Liquid comparison expressions and, if it finds them, returns an error.

You can change the width of the panels in the Looker IDE, both the feature panel (which contains File Browser, Object Browser, and Git Actions) and the side panel (which contains Project Health, Quick Help, and Metadata). The size of the side panels is persisted across logins and refreshes.

The Chart Config Editor now supports sunburst visualizations.

The Redshift driver is now configured with AWS's recommended TCP keep-alive settings.

The content_summary API endpoint is now generally available. You can use this endpoint to search for recently viewed content or content that you have marked as a favorite.

Comprehensive API support for Looker Connected Sheets is now accessible through both AppsScript and the Google Sheets APIs. API support enables automated data refresh, custom workflows, and integration with external tools and services.

Looker instances with the Redshift license feature enabled will now use the driver version 2.1.0.30.

The Looker IDE now persists a user's IDE state, including the open LookML file in the file browser; the expanded or collapsed status of items in the file browser; the selected item in the IDE navigation bar (such as the file browser, Git actions, object browser, or project settings); the sidebar item (such as the Quick Help panel, the Metadata panel, and the Project Health panel), and the size of the IDE side panels. You can remove the persistence by clicking the Reset IDE Layout button in the new IDE Settings page of the Looker IDE. Note: Item added to release notes on September 16, 2024.

The Looker IDE now supports text line wrapping in the IDE editor. Line wrapping is now the default behavior. You can turn off line wrap mode in the new IDE Settings page in the Looker IDE. Note: Item added to release notes on September 16, 2024.

The Looker IDE supports Vim and Emacs editors in addition to the default Looker IDE editor. You now can set your editor preference in the new IDE Settings page in the Looker IDE. Note: Item added to release notes on September 16, 2024.

To improve performance for LookML validation, the LookML parser object pool has been increased from a fixed-size pool of three LookML parser objects per Looker node to a dynamic pool size that is equal to the number of provisioned CPUs in the Looker node.

An issue has been fixed where measures would remove COALESCE SQL expressions from dimensions during query generation. This feature now performs as expected.

CJK characters are now displayed properly in mobile browsers when they are included within inline table email attachments.

An issue has been fixed that was causing the Collapse All Folders button in the Looker IDE to not work correctly. This feature now performs as expected.

An issue has been fixed where some schedules would fail to send if a PDT was rebuilding. This feature now performs as expected.

An issue where downloaded queries would not show error messages has been fixed. This feature now performs as expected.

An issue has been fixed where the progress bar on single value visualizations could overlap with the visualization note. This feature now performs as expected.

The LookML validator no longer forces the full_suggestions parameter to be enabled in certain situations involving Liquid variables and derived tables.

The Chart Config Editor now displays a more informative error message if you try to use an unsupported visualization type.

An issue has been fixed where the LookML Validator would return incorrect errors on cancel_grouping_fields in Explores with joins. This feature now performs as expected.

An issue has been fixed where the Looker SQL Interface could not connect to Tableau using OAuth. This feature now performs as expected.

Internal database calls during LookML validation have been reduced.

An issue where the LookML Validator could crash if a LookML file incorrectly referenced a dimension_group in a filters parameter has been fixed. This feature now performs as expected.

An issue has been fixed where Looker was incorrectly sanitizing some of the allowed CSS properties. This feature now performs as expected.

The child_count property can now be omitted from dashboard and Look API responses when a feature flag is enabled.

An issue has been fixed with the TRUNC function on some Denodo 8 dialects. This feature now performs as expected.

An issue has been fixed where query metrics were not appearing in the Explore list. This feature now performs as expected.

An issue has been fixed where the LookML validator would not return an error when value_format and named_value_format were both defined for a field. This feature now performs as expected.

The render event has been added to the audit log list.

Looker (Google Cloud Core) provides comprehensive audit logging through Cloud Audit Logs, including full Data Access and System Event audit log coverage. Previously, Cloud Audit Logs for Looker (Google Cloud core) captured only admin activities like instance creation and deletion. Note: Item added to release notes on September 16, 2024.

An issue with SAML authentication has been fixed.

The audit log buffer is now persisted to minimize log data loss.

A new Labs feature, Delegate Model Set Management, lets admins grant a new permission, manage_modelsets_restricted. This permission grants users permissions that are similar to manage_models, but only for model sets to which the users have access.

Secure Source Manager

Secure Source Manager branch protection is Generally Available. To learn more about branch protection, see the Branch protection overview and Configure branch protection.

Secure Source Manager integration with Cloud Build lets you define your Cloud Build configuration and build triggers in your Secure Source Manager repository. To learn how to trigger builds automatically, see Connect to Cloud Build.

Security Command Center

Validate updates to integrations in the Security Command Center Enterprise use case

Updates to the threat response playbook blocks and use case flows are available in the SCC Enterprise - Cloud Orchestration & Remediation use case for Security Command Center Enterprise. To get these changes, upgrade the integrations to the latest versions.

For more information, see Validate integration versions in the use case.

Sensitive Data Protection

The discovery service of Sensitive Data Protection now supports Amazon S3. You can run discovery to generate data profiles of your S3 buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.

This feature is available only to Security Command Center Enterprise customers. To use this feature, you need an AWS connector in Security Command Center that has Sensitive Data Protection enabled.

To get started on profiling Amazon S3 data, see the following:

For more information about sensitive data discovery, see Data profiles.

VPC Service Controls

Preview stage support for the following integration:

Vertex AI Agent Builder

Vertex AI Search: Natural language query filters (Public preview)

For queries on structured data stores, the natural language queries can be reformulated as filters and a residual query. For example, "Find a coffee shop serving banana bread" becomes "query": "banana bread", "filter": "type": ANY(\"cafe\").

The natural-language query understanding feature only applies to generic apps. It is recommended for structured data stores but can also be applied to unstructured data stores with metadata and to website data stores with structured data.

This feature is in Public preview. For more information, see Filter with natural language understanding.

Vertex AI APIs: Updated model for ranking and reranking documents for RAG

The ranking API model is upgraded. This underlying model significantly improves the relevance of top-ranked documents and provides more nuanced scores. For more information about ranking documents, see Rank and rerank documents with RAG.

September 10, 2024

Apigee Advanced API Security

On September 10, 2024 we released an updated version of Advanced API Security.

Proxy-specific security actions

You can now create security actions that apply only to one or more specified proxies.

This new functionality is not available with Apigee hybrid at this time.

See Security actions to learn more about proxy-specific security actions.

Google Kubernetes Engine

We previously identified a potential issue that could cause downtime for traffic directed to your GKE-managed internal passthrough Network Load Balancers after certain cluster operations, like node upgrades. This issue specifically affected clusters with GKE subsetting and Services configured with externalTrafficPolicy=Cluster. See the Aug 14, 2024 release note for details.

A fix for this issue is now available. We recommend upgrading your GKE cluster's control plane to the following patch versions or later:

  • 1.27.16-gke.1258000
  • 1.28.13-gke.1024000
  • 1.29.8-gke.1057000
  • 1.30.4-gke.1129000
  • 1.31.0-gke.1506000
Memorystore for Redis

Added support for CMEK organization policies.

SAP on Google Cloud

New SAP certification for operating system

For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system Red Hat Enterprise Linux (RHEL) for SAP 8.10.

For more information about SAP-certified operating systems, see:

Sensitive Data Protection

The DOD_ID_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Text-to-Speech

Journey Voices is now in Preview and supports text streaming.

Vertex AI Workbench

The ability to back up and restore data on a Vertex AI Workbench instance is now available in Preview. For more information, see Back up and restore an instance.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.1 is now available for Android.

This version contains the compatibility fix for Android 6 and earlier.

September 09, 2024

Access Approval

Access Approval supports Cloud Data Fusion in the GA stage.

BigQuery

The BigQuery Data Transfer Service can now transfer campaign reporting and configuration data from Display & Video 360 into BigQuery, including Creative, Partner, and Advertiser tables. This feature is generally available (GA).

Cloud Monitoring

Table and TopList widgets can now display the results of multiple queries. You can also configure the column headers, data alignment, and color-code cells based on how a numeric value compares to a threshold. For more information, see the following documents:

Cloud Storage

You can now use the Google Cloud console to do the following:

Container Optimized OS

cos-109-17800-309-46

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Upgraded app-containers/containerd to v1.7.20, Upgraded app-containers/containerd-test to v1.7.20.

Fixes CVE-2023-7256 in net-libs/libpcap.

Fixes CVE-2024-44987 in the Linux kernel.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-41057 in the linux kernel.

Fixes CVE-2024-43837 in the Linux kernel.

Fixes CVE-2024-43855 in the Linux kernel.

Fixes CVE-2024-41076 in the Linux kernel.

Fixes CVE-2024-42316 in the Linux kernel

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812248 -> 812274

cos-dev-121-18657-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.49 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Updated dev-go/oauth2 to v0.23.0. Removed dev-go/appengine.

Updated dev-lang/python to 3.8.19_p1. This fixes CVE-2007-4559.

Updated the Linux kernel to v6.6.49.

Removed chromeos-base/ec-utils and chromeos-base/ec-utils.

Removed dev-libs/confuse and dev-embedded/libftdi.

Removed dev-python/setuptools.

Removed dev-python/webcolors.

Replaced cos-extensions with new Go binary.

Updated google-osconfig-agent to v20240822.00.

Fixes CVE-2023-7256 in net-libs/libpcap.

Upgraded app-editors/vim, app-editors/vim-core to 9.1.0698. This fixed CVE-2024-43790, CVE-2024-43802.

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Runtime sysctl changes:

  • Changed: fs.file-max: 811752 -> 811768

cos-113-18244-151-50

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-41057 in the linux kernel.

Fixes CVE-2024-43837 in the Linux kernel.

Fixes CVE-2024-43855 in the Linux kernel.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-42316 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-43854 in the Linux kernel.

Fixes CVE-2024-41058 in the Linux kernel.

Fixes CVE-2024-41098 in Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812039 -> 812022

cos-105-17412-448-29

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-43854 in the Linux kernel.

Fixes CVE-2024-41098 in Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812696 -> 812685
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-101-17162-528-34

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixes CVE-2023-7256 in net-libs/libpcap.

Fixes CVE-2024-40959 in the Linux kernel.

Fixes CVE-2024-40995 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-41055 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-40958 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Fixes CVE-2024-41049 in the Linux kernel.

cos-beta-117-18613-0-25

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.21 See List

Fixes CVE-2024-43889 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811778 -> 811784

Dataform

You can now set a default Dataform customer-managed encryption keys (CMEK) key for your project to encrypt multiple Dataform repositories with the same CMEK key. For more information, see Use Dataform default CMEK keys.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-ndb

2.3.2 (2024-07-15)

Bug Fixes
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.900-gke.113 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.900-gke.113 runs on Kubernetes v1.28.12-gke.1100.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.28.900-gke.113:

  • Fixed the known issue where updating DataplaneV2 ForwardMode doesn't automatically trigger anetd DaemonSet restart.
  • Fixed the known issue where the credential.yaml file was regenerated incorrectly during an admin workstation upgrade.
  • Fixed the known issue where the etcdctl command was not found during cluster upgrade at the admin cluster backup stage.

Fixed the following vulnerabilities in 1.28.900-gke.113:

High-severity container vulnerabilities:

Ubuntu vulnerabilities:

Google SecOps SIEM

The following new YARA-L 2.0 functions are available in Rules and Search:

  • arrays.concat
  • arrays.join_string
  • arrays.max
  • arrays.min
  • arrays.size
  • arrays.index_to_int
  • cast.as_bool
  • cast.as_float
  • math.ceil
  • math.floor
  • math.geo_distance
  • math.is_increasing
  • math.pow
  • math.random
  • strings.contains
  • strings.count_substrings
  • strings.extract_domain
  • strings.extract_hostname
  • strings.from_hex
  • strings.ltrim
  • strings.reverse
  • strings.rtrim
  • strings.trim
  • strings.url_decode
  • timestamp.as_unix_seconds
  • timestamp.now

The following new YARA-L 2.0 functions are available in Rules:

  • hash.sha256
  • window.avg
  • window.first
  • window.last
  • window.median
  • window.mode
  • window.stddev
  • window.variance

Details on function signatures and behavior can be found in YARA-L2.0 Function Syntax Reference Documentation

Google SecOps SOAR

Due to technical issues, the SOAR version has been rolled back to Release 6.3.16.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.7.1 (2024-08-26)

Bug Fixes
  • deps: Update dependency @opentelemetry/semantic-conventions to ~1.26.0 (#1945) (f082869)
  • deps: Update dependency protobufjs to ~7.4.0 (#1959) (25946e0)
  • Propagate set options to LeaseManager (from https://github.com/googleapis/nodejs-pubsub/pull/1880) (#1954) (cdb0916)
SAP on Google Cloud

ABAP SDK for Google Cloud version v1.8 (On-premises or any cloud edition)

Version 1.8 of the on-premises or any cloud edition of ABAP SDK for Google Cloud is generally available (GA). This version introduces the Vertex AI SDK for ABAP, a dedicated toolset for seamless interaction with Google Cloud's Vertex AI platform from SAP environment. The SDK lets you build AI-powered enterprise features and applications with reduced complexity and development efforts from within your SAP systems.

For more information, see:

Security Command Center

New configuration options for Vulnerability Assessment for AWS

When configuring Vulnerability Assessment for AWS, you can customize the scan settings by defining the scan interval, specific regions, specific tags, and specific instance IDs. You can also include SC1 or ST1 instances in the scan. For more information, see Enable and use Vulnerability Assessment for AWS.

Vertex AI

Ray cluster's autoscaling feature is now supported. See Scale Ray clusters on Vertex AI

September 08, 2024

Google SecOps SOAR

Release 6.3.17 is now in General Availability.

September 07, 2024

Google SecOps SOAR

Release 6.3.18 is currently in Preview.

Playbooks are getting stuck in the queue. (ID #53247410)

September 06, 2024

Cloud Data Fusion

The CloudSQL MySQL plugin version 1.10.7 is available in Cloud Data Fusion versions 6.9.0 and 6.10.0. This plugin version lets you use a macro to specify the name of the CloudSQL instance in the plugin's Connection name field.

Cloud Monitoring

The Metrics management page in Cloud Monitoring now shows you the sources of metric reads and lets you exclude unneeded metrics entirely, eliminating the cost of ingesting them. For more information, see View and manage metric usage.

The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu metrics.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.117-debian10, 2.0.117-rocky8, 2.0.117-ubuntu18
  • 2.1.65-debian11, 2.1.65-rocky8, 2.1.65-ubuntu20, 2.1.65-ubuntu20-arm
  • 2.2.31-debian12, 2.2.31-rocky9, 2.2.31-ubuntu22

Dataproc on Compute Engine: The latest 2.2 image versions now support Hudi 0.15.0.

Dataproc on Compute Engine: The latest 2.2 image versions support Hudi Trino integration natively. If both components are selected when you create a Dataproc cluster, Trino will be configured to support Hudi automatically.

Google Kubernetes Engine

(2024-R34) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

There are no new releases in the Rapid channel.

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

There are no new releases in the Extended channel.

No channel

There are no updates for clusters not enrolled in a release channel.

(2024-R33) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.0-gke.1058000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1148000
    • 1.28.13-gke.1006000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969000 with this release.

Regular channel

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

Stable channel

  • Version 1.29.7-gke.1104000 is now the default version for cluster creation in the Stable channel.
  • Version 1.27.16-gke.1051001 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.

Extended channel

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

No channel

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation.
  • The following control plane and node versions are now available:
  • The following versions are no longer available:
    • 1.27.15-gke.1252000
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1254000
    • 1.29.7-gke.1008000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R34) Version updates

There are no new releases in the Rapid channel.

(2024-R33) Version updates

  • Version 1.31.0-gke.1058000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1148000
    • 1.28.13-gke.1006000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969000 with this release.

(2024-R34) Version updates

There are no new releases in the Regular channel.

(2024-R33) Version updates

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R34) Version updates

There are no new releases in the Stable channel.

(2024-R33) Version updates

  • Version 1.29.7-gke.1104000 is now the default version for cluster creation in the Stable channel.
  • Version 1.27.16-gke.1051001 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.

(2024-R34) Version updates

There are no new releases in the Extended channel.

(2024-R33) Version updates

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R34) Version updates

There are no updates for clusters not enrolled in a release channel.

(2024-R33) Version updates

Google SecOps

Burst limits will be rolling out over the next 90 days. This should not affect customers if sources are properly configured. Review documentation for full details.

Google SecOps SIEM

Burst limits will be rolling out over the next 90 days. This should not affect customers if sources are properly configured. Review documentation for full details.

Sensitive Data Protection

The SEXUAL_ORIENTATION infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

September 05, 2024

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Apigee UI

On September 5, 2024, we released an updated version of the Apigee UI.

An informational message was added to the action creation flow for Apigee Security actions, informing users that actions can't be edited or deleted.

Bug ID Description
349284447 Correct sorting for revisions in Duplicate Proxy

The Duplicate Proxy experience now correctly sorts the list of existing revisions.

359475166 Fixed issue with Analytics Error Analysis

Resolved issue with the Error Composition page that interchanged the proxy error and target error legend.

Apigee hybrid

hybrid 1.13.0-hotfix.1

On September 5, 2024 we released an updated version of the Apigee hybrid software, 1.13.0-hotfix.1.

Apply this hotfix following the steps in Upgrading Apigee hybrid to version 1.13:

  1. Prepare for the Helm charts upgrade
  2. Install the Apigee hybrid Helm charts
Bug ID Description
362690729 Fix for aggressive scaling of runtime pods & cpu spike.
362979563 Fix for Ingress Health Check failure /healthz/ingress - route_not_found.
Capacity Planner

Preview: You can view the on-demand reservations and future reservation requests available for consumption in your project, folder, or organization. This helps you plan for future capacity assurance, as well as view the reserved resources that cover your projected growth or peak usage. For more information, see View usage and forecast data in Capacity Planner.

Preview: You can use the Capacity Planner API to export usage and forecast data of the VMs, Persistent Disk volumes, or GPUs in your project, folder, or organization. This lets you export usage and forecast data in a Cloud Storage bucket or BigQuery table. For more information, see Export usage and forecast data using the Capacity Planner API.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

Generally available: Multi-writer support for Hyperdisk Balanced disks. Up to 8 VMs can simultaneously read from and write to the same disk. For more information, see Share disks between VMs.

Dataproc Metastore

Dataproc Metastore supports custom region configurations. A custom region configuration lets your service run workloads from two separate regions.

Firestore

You can now use Firestore to perform K-nearest neighbor (KNN) vector searches. Additionally, use Firestore vector searches with inequality filters, retrieve the calculated vector distance, and specify a distance threshold. This feature is generally available (GA).

For more information, see Search with vector embeddings.

Google Cloud Architecture Center

(New guide) Enterprise application with Oracle Database on Compute Engine: Provides a reference architecture to host an application that uses an Oracle database, deployed on Compute Engine VMs.

Looker Studio

Gemini in Looker now available for Looker Studio content

Looker Studio Pro users can now create calculated fields and generate Google Slides from Looker Studio content using Gemini assistance. Gemini in Looker no longer requires content to be associated with a Looker Studio Pro subscription.

For more information about Gemini in Looker, see the Gemini in Looker overview.

September 04, 2024

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL is now available in africa-south1 (Johannesburg) and in
me-central2 (Damman). For more information, see AlloyDB locations.

Backup and DR

Backup and DR Service added support to automatically protect your Google Cloud VMware Engine VMs using vSphere tags. The dynamic protection tags feature is supported for backup/recovery appliances running on version 11.0.12.320 or later. You can check the appliance version from Manage > Appliances page.

BigQuery

You can now use vector search and vector index features in BigQuery.

You can use the VECTOR_SEARCH function to search embeddings in order to identify semantically similar entities.

You can use vector indexes to make VECTOR_SEARCH more efficient, with the trade-off of returning more approximate results.

You can try the vector search and vector index capabilities by using the Search embeddings with vector search tutorial.

The BigQuery vector search and vector index features are generally available (GA).

Dataproc

Dataproc on Compute Engine: Dataproc image version 2.2 will become the default Dataproc on Compute Engine image version on September 6, 2024.

Google Kubernetes Engine

For GKE versions 1.29 and later, the gke-metrics-agent Pod runs with the prometheus-metrics-collector container in addition to the existing gke-metrics-agent and core-metrics-exporter containers. This change might result in an increase in the Service time series ingestion requests per minute quota; however, there is no additional cost.

Migrate to Virtual Machines

Experimental: As CentOS Linux 7 has reached end-of-life (EOL) on June 30, 2024, Migrate to Virtual Machines lets you convert CentOS Linux 7 to Rocky Linux 8 as part of your migration.

To use this feature, send a request to the email address: centos-to-rocky-linux@google.com.

Note: This product or feature is subject to the Pre-GA Offerings Terms in the General Service Terms section of the Service Specific Terms. Pre-GA products and features are available as is and might have limited support.

Security Command Center

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date, September 4, 2024, introduces updated widgets, new playbooks, optimized data synchronization jobs, updated ingestion logic, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, September 2024.

September 03, 2024

AlloyDB for PostgreSQL

The extension pgvector is updated to version 0.7.2.

Cloud Run

Deterministic URLs, which let you predict a Cloud Run service URL before the service is created, is now in general availability (GA).

Cloud SQL for MySQL

When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.

Cloud SQL for PostgreSQL

You can now use point-in-time recovery to restore your zonal instance to a preferred primary zone and your regional instance to both a preferred primary zone and a preferred secondary zone. For more information, see Use point-in-time recovery (PITR).

When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.

Cloud SQL for SQL Server

When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.

Contact Center AI Platform

Version 3.24 is released

All release notes published on this date are part of version 3.24.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Raw data export

With raw data export, you can export detailed CCAI Platform session data to an external storage bucket. With this data you can get insights into calls, chats, emails, queues, agent performance, virtual agents, and more.

Virtual agents can create and assign tickets for custom CRM apps

Virtual agents can now create and assign incoming tickets for custom CRM apps prior to a human agent taking the ticket. This capability was previously available only for some commercial CRM apps. For more information, see Configure the assignment of chat or call records created by virtual agents.

Barge is available for chat

Barge, which lets supervisors join or take over calls with end-users, is now available for chat. For more information, see Barge for calls and chat.

Reserved data attributes

With reserved data attributes, you can tag sessions with one of the following labels: Verified Customer, Bad Actor, or Repeat Customer. You can send this information to Google at the start of a session using an SDK, a SIP header, or the Apps API. With the API you can also send this information after the session starts. After we receive this information we display it in the agent adapter so the agent or a supervisor can act accordingly. For more information, see Reserved data attributes.

Fixed an issue where listening to a voicemail would occasionally lead to the creation of a duplicate entry at the top of the list.

Fixed an issue that prevented emails from being sent to external storage.

Fixed an issue where integrating the Salesforce CRM with CCAI Platform was failing.

Container Optimized OS

cos-101-17162-528-27

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-40954 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-41098 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2024-40994 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-41000 in the Linux kernel.

Fixed CVE-2024-42102 in the Linux kernel.

Fixed CVE-2024-40960 in the Linux kernel.

Fixed CVE-2024-40961 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

cos-109-17800-309-33

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2023-46246, CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-41058 in the Linux kernel.

Fixed CVE-2024-41058 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-41098 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812248

cos-beta-117-18613-0-24

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-44934 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811697 -> 811778
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-113-18244-151-33

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812039

cos-105-17412-448-22

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812696

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.116-debian10, 2.0.116-rocky8, 2.0.116-ubuntu18
  • 2.1.64-debian11, 2.1.64-rocky8, 2.1.64-ubuntu20, 2.1.64-ubuntu20-arm
  • 2.2.30-debian12, 2.2.30-rocky9, 2.2.30-ubuntu22,

Dataproc on Compute Engine: Apache Spark upgraded to version 3.5.1 in image version 2.2 starting with image version 2.2.30.

Generative AI on Vertex AI

Gemini 1.5 Flash (gemini-1.5-flash) supports controlled generation.

Google Cloud VMware Engine

VMware Engine now offers GA support for VPC Service Controls. VPC Service Controls provides an additional layer of security to prevent data exfiltration and unauthorized access. For more information, see VPC Service Controls.

Memorystore for Redis Cluster

Added support for Maintenance Windows (Preview). For more details, see About maintenance.

Workflows

Support for execution backlogging is available in Preview. Backlogged executions automatically run as soon as execution concurrency quota becomes available.

September 02, 2024

Backup and DR

Backup and DR Service added support to view mounted image logs in Cloud Logging.

Backup and DR Service added support to view mounted image reports in BigQuery.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.42.2 (2024-08-29)

Bug Fixes
  • ExecuteSelect now use provided credentials instead of GOOGLE_APP… (#3465) (cd82235)
Dependencies
  • Update actions/upload-artifact action to v4.3.5 (#3456) (f00977c)
  • Update actions/upload-artifact action to v4.3.5 (#3462) (e1c6e92)
  • Update actions/upload-artifact action to v4.3.6 (#3463) (ba91227)
  • Update github/codeql-action action to v2.26.6 (#3464) (2aeb44d)

2.42.1 (2024-08-27)

Bug Fixes
  • NPE for executeSelect nonFast path with empty result (#3445) (d0d758a)
Dependencies
  • Update actions/upload-artifact action to v4.3.5 (#3420) (d5ec87d)
  • Update actions/upload-artifact action to v4.3.5 (#3422) (c7d07b3)
  • Update actions/upload-artifact action to v4.3.5 (#3424) (a9d6869)
  • Update actions/upload-artifact action to v4.3.5 (#3427) (022eb57)
  • Update actions/upload-artifact action to v4.3.5 (#3430) (c7aacba)
  • Update actions/upload-artifact action to v4.3.5 (#3432) (b7e8244)
  • Update actions/upload-artifact action to v4.3.5 (#3436) (ccefd6e)
  • Update actions/upload-artifact action to v4.3.5 (#3440) (916fe9a)
  • Update actions/upload-artifact action to v4.3.5 (#3443) (187f099)
  • Update actions/upload-artifact action to v4.3.5 (#3444) (04aea5e)
  • Update actions/upload-artifact action to v4.3.5 (#3449) (c6e93cd)
  • Update actions/upload-artifact action to v4.3.5 (#3455) (fbfc106)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.49.0 (#3417) (66336a8)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.50.0 (#3448) (2c12839)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240714-2.0.0 (#3412) (8a48fd1)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3421) (91d780b)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3423) (16f350c)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3428) (9ae6eca)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240803-2.0.0 (#3435) (b4e20db)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240815-2.0.0 (#3454) (8796aee)
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.9.0 (c4afbef)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.53.0 (#3418) (6cff7f0)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.54.0 (#3450) (cc9da95)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#3433) (801f441)
  • Update github/codeql-action action to v2.26.2 (#3426) (0a6574f)
  • Update github/codeql-action action to v2.26.3 (#3438) (390e182)
  • Update github/codeql-action action to v2.26.5 (#3446) (58aacc5)
Documentation
  • Update iam policy sample user to be consistent with other languages (#3429) (2fc15b3)
Cloud Composer

Added a new metric: composer.googleapis.com/workflow/task_instance/queued_duration. This metric is based on the dag.<dag_id>.<task_id>.queued_duration Airflow metric.

Fixed an issue where an upgrade of a PSC-based private IP environment failed leaving the environment in an inconsistent state.

(Cloud Composer 3) Fixed the cause of false-positive failures of Airflow Celery workers reported by the liveness health check.

The apache-airflow-providers-google package was upgraded to version 10.22.0 in Cloud Composer 2 images and Cloud Composer 3 builds with Airflow 2.9.1. For more information about changes, see the apache-airflow-providers-google changelog from version 10.21.0 to version 10.22.0.

The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.4.1 in Cloud Composer 2 images and Cloud Composer 3 builds with Airflow 2.9.1. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 8.3.4 to version 8.4.1.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.6 (default)
  • composer-3-airflow-2.7.3-build.15

Cloud Composer 2.9.3 images are available:

  • composer-2.9.3-airflow-2.9.1 (default)
  • composer-2.9.3-airflow-2.7.3
Cloud Monitoring

You can now import Grafana dashboards into Cloud Monitoring by using the console. For more information, see Import Grafana dashboards into Cloud Monitoring.

Compute Engine

Generally available: You can use the performance monitoring unit (PMU) to monitor low-level CPU events and metrics in VMs that use a C4 machine type. Using the PMU is helpful to analyze and optimize the performance of the software running on your VM when running performance-sensitive workloads, such as high-performance computing (HPC) or machine learning (ML) workloads.

For more information, see the following pages:

Google SecOps SOAR

Release Notes 6.3.16 is now in General Availability.

Remote Agents 2.1.0 is now in General Availability.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.7.0 (2024-08-24)

Features
  • Add support for OTel context propagation and harmonized spans (#1833) (4b5c90d)

September 01, 2024

Cloud Data Fusion

Cloud Data Fusion version 6.8 is no longer supported. You should upgrade your instances to run in a supported version. For instructions, see Manage version upgrades for instances and pipelines.

Google SecOps SOAR

Release Notes 6.3.17 is currently in Preview.

Last Close comment and Last Close Root Cause not showing up in BigQuery. (ID #00298031)

Alert names that are too long cover the time remaining on the alert SLA. (ID #52831259)

Unable to edit, delete or export custom integration (ID #52403533)

Multi Select option not working in Custom Actions. (ID #52874346)

Playbook shows failed step even though it's not being used by the playbook. (ID #00282731)

Playbook export contains archived blocks. (ID #00251935)

August 31, 2024

Access Approval

Access Approval supports Filestore in the GA stage.

August 30, 2024

Apigee X

On August 30, 2024, we released an updated version of Apigee (1-13-0-apigee-4).

Bug ID Description
N/A Updates to security infrastructure and libraries.
Artifact Registry

Updates to the Artifact Registry API are as follows:

Artifact Registry records metrics and logs for your projects. To explore the available Artifact Registry metrics and logs, view your project in the Metrics Explorer or the Logs Explorer.

For more information about metrics and logs, read Observability in Google Cloud.

Assured Workloads

Two new control packages are available in the GA stage:

  • Healthcare and Life Sciences Controls
  • Healthcare and Life Sciences Controls with US Support

These control packages replace the HIPAA and HITRUST Previews with a more robust set of controls for customers in the Healthcare and Life Sciences industries. For more information about these new controls, see Restrictions and Limitations for Healthcare and Life Sciences Controls.

Cloud Data Fusion

Excel plugin version 2.12.3 is available in Cloud Data Fusion 6.10.0 and later. This version fixes an issue in the Excel batch source causing pipelines with large XLSX files to consume high memory and fail (PLUGIN-1771 and PLUGIN-1795).

Excel plugin version 2.11.5 is available in Cloud Data Fusion 6.9 versions. This version fixes an issue in the Excel batch source causing pipelines with large XLSX files to consume high memory and fail (PLUGIN-1771 and PLUGIN-1795).

Excel plugin version 2.10.3 is available in Cloud Data Fusion 6.8 versions. This version fixes an issue in the Excel batch source causing pipelines with large XLSX files to consume high memory and fail (PLUGIN-1771 and PLUGIN-1795).

Cloud Database Migration Service

Database Migration Service for homogeneous migrations to Cloud SQL for SQL Server now supports differential backup files. For more information, see Supported types of backup files.

Compute Engine

Generally available: When applying a spread placement policy to VMs, you can specify the availability domain in which to place the VMs. Specifying an availability domain lets you decide how to physically locate VMs among each other, which can increase the reliability of your workload by placing VMs in different domains, or try to limit network latency among VMs by placing them in the same domain. Viewing the availability domains of your VMs is also useful for planning, deploying, or upgrading your application, as well as developing your availability SLAs.

For more information, see Create and apply spread placement policies to VMs.

The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu metrics.

Contact Center AI Platform

VPC Service Controls and private egress

You can now use VPC Service Controls with CCAI Platform to help mitigate the risk of data exfiltration from your contact center. When you include a CCAI Platform instance in a VPC Service Controls perimeter, the instance is restricted from exchanging data with Google Cloud services (such as Cloud Storage or Dialogflow) that are outside of the perimeter. You can further secure your instance by including Contact Center AI Platform API in your list of restricted services. You can then create an access level to allow access to only your own administrators. For more information, see VPC Service Controls.

In addition to private ingress, you can now use Private Service Connect to set up private egress from your CCAI Platform instances. For more information, see Set up private egress.

Generative AI on Vertex AI

Gen AI Evaluation Service is Generally Available. To learn more, see the Gen AI Evaluation Service overview.

Google Cloud Architecture Center

(New guide) Select a managed container runtime environment: Learn about managed runtime environments and assess your requirements to choose between Cloud Run and GKE Autopilot.

Google SecOps SIEM

The prioritization logic of Applied Threat Intelligence (ATI) rule set has been improved to remove alerts from events that have a specified security result action of BLOCKED or QUARANTINED. This change only impacts the IP address indicator types for both High and Active Breach priority. For more information, see View details about rule sets.

Looker Studio

Community migration is complete

The Looker Studio Help community migration to Google Cloud is complete. To ask questions and participate in conversations with fellow Looker Studio users and experts, visit the new community.

Memorystore for Valkey

Preview release of Memorystore for Valkey.

Network Connectivity Center

Preset topologies and include export filters are generally available.

Preset topologies let you specify the connectivity configuration across all VPC spokes. You can choose between mesh or star preset topologies. Include export filters lets you limit connectivity by specifying a list of permitted CIDR ranges, thereby blocking all but the permitted IP address ranges.

Service Catalog

Service Catalog now lets users provide a service account when they add or update a Terraform solution, deploy a new or existing Terraform solution, or deprovision a Terraform deployment, so that users can use their own managed service account to complete tasks with Service Catalog. For details, see Managing solutions and Changes to Cloud Build service accounts.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.65.0 (2024-07-29)

Features
  • spanner: Add RESOURCE_EXHAUSTED to retryable transaction codes (#10412) (29b52dc)
Bug Fixes
  • spanner/test: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • spanner/test: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • spanner/test: Update dependencies (257c40b)
  • spanner: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • spanner: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • spanner: Fix negative values for max_in_use_sessions metrics #10449 (#10508) (4e180f4)
  • spanner: HealthCheck should not decrement num_in_use sessions (#10480) (9b2b47f)
  • spanner: Update dependencies (257c40b)

1.66.0 (2024-08-07)

Features
  • spanner: Add support of multiplexed session support in writeAtleastOnce mutations (#10646) (54009ea)
  • spanner: Add support of using multiplexed session with ReadOnlyTransactions (#10269) (7797022)

1.67.0 (2024-08-15)

Features
  • spanner/admin/database: Add resource reference annotation to backup schedules (#10677) (6593c0d)
  • spanner/admin/instance: Add edition field to the instance proto (6593c0d)
  • spanner: Support commit options in mutation operations. (#10668) (62a56f9)
Bug Fixes
  • spanner/test/opentelemetry/test: Update google.golang.org/api to v0.191.0 (5b32644)
  • spanner: Update google.golang.org/api to v0.191.0 (5b32644)
Documentation
  • spanner/admin/database: Add an example to filter backups based on schedule name (6593c0d)

Java

Changes for google-cloud-spanner

6.72.0 (2024-08-07)

Features
  • Add RESOURCE_EXHAUSTED to the list of retryable error codes (e859b29)
  • Add field order_by in spanner.proto (e859b29)
  • Add QueryCancellationAction message in executor protos (e859b29)
  • Add SessionPoolOptions, SpannerOptions protos in executor protos (e859b29)
  • Add support for multi region encryption config (e859b29)
  • Enable hermetic library generation (#3129) (94b2a86)
  • spanner: Add samples for instance partitions (#3221) (bc48bf2)
  • spanner: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (e859b29)
  • spanner: Set manual affinity incase of gRPC-GCP extenstion (#3215) (86b306a)
  • Support Read RPC OrderBy (#3180) (735bca5)
Bug Fixes
  • Make sure commitAsync always finishes (#3216) (440c88b)
  • SessionPoolOptions.Builder#toBuilder() skipped useMultiplexedSessions (#3197) (027f92c)
Dependencies
  • Bump sdk-platform-java-config to 3.33.0 (#3243) (35907c6)
  • Update dependencies to latest (#3250) (d1d566b)
  • Update dependency com.google.auto.value:auto-value-annotations to v1.11.0 (#3191) (065cd48)
  • Update dependency com.google.cloud:google-cloud-trace to v2.47.0 (#3067) (e336ab8)

6.73.0 (2024-08-22)

Features
  • Add option for cancelling queries when closing client (#3276) (95da1ed)
Bug Fixes
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#3277) (c449a91)
  • Update dependency commons-cli:commons-cli to v1.9.0 (#3275) (84790f7)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.41.0 (#3269) (a7458e9)
  • Update dependency org.hamcrest:hamcrest to v3 (#3271) (fc2e343)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.11.0 (#3272) (1bc0c46)
  • Update opentelemetry.version to v1.41.0 (#3270) (88f6b56)
Documentation
  • Create a few code snippets as examples for using Spanner Graph using Java (#3234) (61f0ab7)

Node.js

Changes for @google-cloud/spanner

7.11.0 (2024-07-29)

Features

7.12.0 (2024-08-02)

Features

7.13.0 (2024-08-09)

Bug Fixes

7.14.0 (2024-08-14)

Features
  • spanner: Add resource reference annotation to backup schedules (#2093) (df539e6)
Bug Fixes
  • deps: Update dependency google-gax to v4.3.9 (#2094) (487efc0)

Python

Changes for google-cloud-spanner

3.48.0 (2024-07-30)

Features
  • Add field lock_hint in spanner.proto (9609ad9)
  • Add field order_by in spanner.proto (9609ad9)
  • spanner: Add support for txn changstream exclusion (#1152) (00ccb7a)
Bug Fixes

August 29, 2024

AlloyDB for PostgreSQL

Query federation between BigQuery and AlloyDB is now generally available (GA). This feature lets you use BigQuery to query data stored in AlloyDB databases.

Database server compatibility with PostgreSQL version 16 is now available in Preview. You can create AlloyDB clusters with PostgreSQL 16 compatibility.

Anthos Config Management

The spec.git and spec.enableLegacyFields fields of the ConfigManagement object have been removed. The spec.enableMultiRepo field is now set to true by default, automatically enabling the RootSync API. RootSync provides the same core functionality, along with additional features.

If you currently configure Git settings within a ConfigManagement object, to avoid disruptions, before upgrading you must migrate this configuration to a RootSync object.

Terraform version 5.41.0 introduced a new field to the google_gke_hub_feature_membership: config_sync.enabled. Because the default value of this field is false, it causes Config Sync installations to fail when Terraform is upgraded to version 5.41.0. For more information, including workarounds, see the known issue entry. This issue affects all supported Config Sync versions. This note was added on September 11, 2024.

Hierarchy Controller will not be available after December, 2024. After December, 2024, you can't install Hierarchy Controller and Config Sync will be blocked from upgrades if Hierarchy Controller is configured as a configmanagement fleet feature or through the ConfigManagement API. To continue using similar functionality, migrate from Hierarchy Controller to Hierarchical Namespace Controller. This note was added on September 6, 2024 and edited on September 9, 2024 for clarification.

Optimized Config Sync resource usage by implementing watch filtering with ApplySet ("applyset.kubernetes.io/" labels and annotations). This reduces reconciler Deployment memory consumption by limiting events and cached objects to those relevant to the managed package. For more information on the resource usage optimization, see Config Sync Watch Filtering v1.18 vs v1.19.

Config Sync now enables loading files from directories beyond the Kustomize root during rendering. For more information, refer to Configure Kubernetes with Kustomize.

Improved support for private registries. If you've configured a private registry for your cluster, Config Sync now automatically detects and updates the image references within its reconciler Deployments to point to the corresponding images in your private registry.

Upgraded bundled Helm version from v3.14.4 to v3.15.3 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

Upgraded the Open Telemetry image from 0.102.0 to 0.103.0 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.

Fixed some inaccuracies in status updates and metrics reports.

BigQuery

The BigQuery Data Transfer Service now supports incremental transfers when you migrate your data from your Teradata data warehouses to BigQuery. This feature is generally available (GA).

Delta Lake BigLake tables are now generally available (GA). Delta Lake is an open source, tabular data storage format that supports petabyte scale data tables.

Dialogflow

Dialogflow CX & ES: Text-to-Speech Journey Voices will get an update in the week of Sept 3. If you select a journey voice in your agent Text-to-Speech settings (CX, ES), only LINEAR16 output audio_encoding (CX, ES) will be supported starting from Sept 3. This model update will also include slight variations in pauses, tone, and so on of the synthesized journey voices.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.0-gke.1930 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.0-gke.1930 runs on Kubernetes v1.30.3-gke.200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

  • For admin and user clusters created at 1.30 and later versions, loadBalancer.Kind needs to be set to either MetalLB or ManualLB.
  • For user clusters created at 1.30 and later versions, enableControlplaneV2 needs to be set to true.
  • The featureGates.GMPForSystemMetrics field in the stackdriver CR is now always on and can't be disabled. It has been default on since 1.16. If you have manually turned it off, this upgrade means a breaking change in some system metrics format. For information on changing this field, see Enabling and disabling Managed Service for Prometheus.

Version changes in 1.30.0-gke.1930:

  • Existing Seesaw load balancers now require TLS 1.2.
  • COS was upgraded to m109
  • Updated Dataplane V2 to use Cilium 1.13

Other changes in1.30.0-gke.1930:

  • Enhanced the upgrade process to include an automatic pre-upgrade check. Before you upgrade your admin or user cluster, the system runs this check to detect known issues. The check also provides guidance to ensure a smooth upgrade experience.
  • Ingress node ports are optional for ControlplaneV2 clusters.
  • Admin clusters created in 1.30 will use Dataplane V2, Google's Container Network Interface (CNI) implementation, which is based on Cilium.
  • Admin clusters upgraded to 1.30 from 1.29 will use Dataplane V2.
  • Removed mTLS on system metrics scrape endpoints, which makes it easier to integrate with 3rd party monitoring systems.
  • Stopped bundling cert-manager and removed the monitoring-operator because system components no longer depend on them. Cert-manager from existing 1.29 clusters will continue running, but stop being managed by Google after upgrading to 1.30. If you don't use cert-manager, you can delete cert-manager after upgrade. New clusters in 1.30 and higher won't come with cert-manager. If you rely on the bundled cert-manager for their own use case, you should install their own in new clusters.
  • The implementation of the preview feature usage metering has changed. Clusters using this feature will continue to function, but we recommend that you use the predefined dashboard, Anthos Cluster Utilization Metering, to understand resource usage at different levels.

​​The following issues were fixed in 1.30.0-gke.1930:

  • Fixed the known issue where cluster creation failed due to the control plane VIP in a different subnet.
  • Fixed the known issue where a user cluster with Binary Authorization failed to come up.
  • Fixed the known issue that caused the Connect Agent to lose connection to Google Cloud after a non-HA to HA admin cluster migration.
  • Fixed the known issue where the admin cluster upgrade failed for clusters created on versions 1.10 or earlier.
  • Fixed the known issue where the Docker bridge IP used 172.17.0.1/16 for COS cluster control plane nodes.
  • Fixed the known issue where the HA admin cluster installation preflight check reported the wrong number of required static IPs.
  • Fixed the known issue that caused multiple network interfaces with the standard CNI didn't work.
  • Fixed a gkeadm preflight check that wasn't validating the VM folder.

The following vulnerabilities were fixed in 1.30.0-gke.1930:

Critical container vulnerabilities:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.0-gke.1930

Google Distributed Cloud for bare metal 1.30.0-gke.1930 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.0-gke.1930 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Version 1.16 end of life: In accordance with the Version Support Policy, version 1.16 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life and is no longer supported.

New and updated features:

  • Preview: Added support for keyless mode for clusters. This feature uses short-lived tokens and Workload Identity Federation for your cluster and workload credentials, instead of the default long-lived service account keys and Kubernetes Secrets. This feature provides improved security and reduces credential maintenance.

  • Preview: Added support for Custom Scheduler Configuration for pods to automatically spread workloads across cluster nodes for increased reliability.

  • GA: Added support for admin and hybrid clusters to manage multiple versions of user clusters concurrently.

  • GA: Added support for node-level private registry configuration for workload images.

  • GA: Updated the bmctl update command to display the difference between the specs in the YAML cluster configuration file and the deployed Cluster resource. The diff covers the specs for both the Cluster resource and the NodePool resource.

  • GA: Added support for rolling back select node pool upgrades.

  • GA: Added support for specifying a session duration for Identity Service-issued tokens. You can set a session duration between 15 and 1440 minutes (24 hours). Shorter sessions provide better security (at the cost of more frequent reauthentication). Longer sessions reduce the frequency for reauthentication (at the cost of reduced security).

  • Preview: Updated the gcloud beta container fleet memberships get-credentials command to use a connect gateway preview feature that lets you run the kubectl attach, cp, and exec commands. For more information, see Limitations.

Functionality changes:

  • Updated the node pool upgrade behavior. Version 1.30 and higher clusters, support all node pool versions from the preceding two minor versions. The preview.baremetal.cluster.gke.io/two-minor-version-node-pool: enable annotation isn't required when upgrading clusters from version 1.29 to version 1.30.

  • Updated the bmctl version command to return the metadata image digest in the response. To print only the metadata image digest only, specify the new --option value metadata-digest.

  • Deprecated the spec.gkeVersion field in the Machine custom resource. Starting with version 1.30.0, the spec.gkeVersion field is set to empty. For accurate version information, use anthosBareMetalVersion (GDC for bare metal version) in the Cluster resource spec or gkeVersion (Kubernetes version) in the Cluster resource status.

  • Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, such as Cluster, NodePool, BareMetalMachine, and BareMetalCluster.

  • Updated registry mirror support to allow you to specify a port for host addresses.

  • Updated the networking preflight check to verify that either the ip_tables or the nf_tables kernel module is available for loading, instead of being explicitly loaded.

  • Updated the stackdriver custom resource to remove the feature gate for using Managed Service for Prometheus for system metrics featureGates.GMPForSystemMetrics. This feature gate has defaulted to on (true) since version 1.16. If you have manually disabled using Managed Service for Prometheus for system metrics, upgrading to version 1.30 might be a breaking change for some system metrics formats.

  • Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.

  • Updated GKE Identity Service custom resource definition to change the description for IdentityServiceOptions and improve formatting.

  • Added preflight checks for available disk space in specific directories:

    • During cluster creation, the following directories are checked:

      • / (the root directory) has at least 4 GiB of free space

      • /var/log/fluent-bit-buffers has at least 12 GiB of free space

      • /var/opt/buffered-metrics has at least 10016 MiB of free space

    • During a cluster upgrade, the following directory is checked:

      • / (the root directory) has at least 2 GiB of free space
  • GA: Adopted the GKE audit policy, instead of the previous unpopulated policy.

Fixes:

  • Fixed an issue where old, inoperable WebHook resources caused problems with cluster upgrades.

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

  • Fixed an issue where service accounts created by using the --create-service-accounts flag with the bmctl create config command don't have enough permissions.

  • Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.

The following container image security vulnerabilities have been fixed in 1.30.0-gke.1930:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.28.900-gke.112

Google Distributed Cloud for bare metal 1.28.900-gke.112 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.900-gke.112 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Security Command Center

Dynamic mute rules are generally available

Security Command Center now supports dynamic mute rules, which allow you to mute future and existing findings temporarily until a specified date or indefinitely until a finding no longer matches the configuration. We are adding these rules as an alternative to the original static mute rules that only mute future findings indefinitely.

We recommend using dynamic mute rules exclusively in your mute rule configurations. For instructions on how to migrate your existing mute rules to dynamic mute rules, see Migrate from static to dynamic mute rules.

For a comparison of static and dynamic mute rules, see Types of mute rules.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0 is now available for iOS.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.

August 28, 2024

BigQuery

You can now use the GROUP BY clause and the SELECT DISTINCT clause with the ARRAY and STRUCT data types. This feature is in Preview.

The following Gemini in BigQuery features are now generally available (GA):

To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.

Phrase support for the SEARCH function is now generally available (GA).

Bigtable

The Preview of Data Boost for Bigtable has been expanded to let you use Data Boost compute resources when you read Bigtable data using a Spark application. For more information, see Use the Bigtable Spark connector.

Cloud Load Balancing

The Global external Application Load Balancer and the Classic Application Load Balancer will no longer support TLS sessionID resumption. They continue to support modern forms of TLS resumption.

The TLS protocol supports an optimization which allows a client reconnecting to a server with which it has communicated before to perform a cheaper abbreviated handshake. This optimization is available in several modes, which include the modern PSK and ticket mechanisms, as well as the long-obsolete sessionID mechanism.

The Global external Application Load Balancer and the Classic Application Load Balancer are the only Google Cloud products that currently support the obsolete sessionID mechanism.

This sessionID mechanism is going to be disabled over the next 4-5 weeks. Clients that currently make use of sessionID will transparently fall back to full TLS handshakes. To recover the performance optimization gains, we recommend that you upgrade clients to modern TLS libraries which support the PSK or ticket mechanisms.

Cloud NGFW

You can use custom constraints to provide more granular and customizable control over specific fields for firewall policy resources. For more information, see Manage firewall policy resources by using custom constraints. This feature is available in General Availability.

Dataplex

Data insights is generally available (GA). Data insights offers an automated way to explore and understand your data. It uses Gemini to generate queries based on the metadata of a table, and helps you uncover patterns, assess data quality, and perform statistical analysis.

You generate data insights in BigQuery. You can view data insights in Dataplex and in BigQuery.

Google Kubernetes Engine

(2024-R32) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.30.3-gke.1639000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1090000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1174000
    • 1.30.3-gke.1225000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1639000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

Regular channel

Stable channel

Extended channel

No channel

(2024-R32) Version updates

  • Version 1.30.3-gke.1639000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1090000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1174000
    • 1.30.3-gke.1225000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1639000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R32) Version updates

(2024-R32) Version updates

(2024-R32) Version updates

(2024-R32) Version updates

Vertex AI Agent Builder

Vertex AI Search: Turn off schema auto-detect for structured data

By default, schema auto-detect dynamically adds new properties to the schema when the property fields are detected on data import.

However, you can turn off the dynamic feature so that only data that corresponds to fields already in the schema get imported. This is good approach for not-so-clean data because you can choose not to import extraneous data that isn't part of your defined schema and that you don't want in your structured data store.

For more information, see About providing your own schema as a JSON object.

Vertex AI Search: Datetime and geolocation detection for structured data

By default, when structured data is imported, fields that are detected in datetime and geolocation format are assigned those types in the schema.

However, you can turn off datetime and geolocation detection so that in the schema the datetime fields are set to type string and the geolocation fields are set to type object.

For more information, see About providing your own schema as a JSON object.

August 27, 2024

Apigee X

Clarification: On July 26 we announced monetization support with data residency. Please note that monetization support with data residency is for non-hybrid organizations only at this time.

For more information, see Introduction to data residency.

Cloud Composer

(Cloud Composer 2) Starting on September 26, 2024, all Cloud Composer environments within a VPC SC perimeter will have no access to public PyPI repositories by default. For details about installing PyPI packages in the VPC SC mode, see Installing PyPI packages.

Cloud Run

The following Cloud Run volume types are now generally available (GA):

  • Mounting an NFS file share as a volume for Cloud Run services and jobs .
  • Mounting a Cloud Storage bucket as a storage volume for Cloud Run services and jobs.
Google Kubernetes Engine

Starting from version 1.30.3-gke.1451000, new and upgraded GKE clusters support the GKE Metrics Server updates where the addon-resizer runs in the cluster's control plane instead of worker nodes.

Security Command Center

Documentation is available for the Security Posture REST API.

Sensitive Data Protection

Regional endpoints are available for Sensitive Data Protection. Regional endpoints help you meet data residency requirements by keeping data at rest, in use, and in transit within your specified region. For more information, see Global and regional endpoints for Sensitive Data Protection.

Regional endpoints for Sensitive Data Protection are available in the following regions:

  • australia-southeast1
  • asia-east1
  • asia-east2
  • asia-northeast1
  • asia-northeast3
  • asia-south1
  • asia-south2
  • asia-southeast1
  • asia-southeast2
  • europe-central2
  • europe-north1
  • europe-southwest1
  • europe-west1
  • europe-west2
  • europe-west3
  • europe-west4
  • europe-west6
  • europe-west8
  • europe-west9
  • me-central1
  • me-central2
  • me-west1
  • southamerica-east1
  • southamerica-west1
  • northamerica-northeast1
  • northamerica-northeast2
  • us-central1
  • us-east1
  • us-east4