The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml
June 07, 2023
Cloud Data FusionZendesk plugins version 1.2.0 is available in the Cloud Data Fusion Hub. The following changes are included in version 1.2.0:
- Zendesk Multi Objects Batch Source is generally available (GA).
- The Zendesk plugins support Connection Management.
The global external HTTP(S) load balancer now supports a configurable client HTTP Keepalive Timeout. The client HTTP keepalive timeout represents the maximum amount of time that a TCP connection can be idle between the (downstream) client and the target HTTP/S proxy.
For details, see
This capability is available in Preview.
You can now import and export differential database backups. This can help you import and export data more frequently, reducing migration downtime.
Fine-grained access control is now available for PostgreSQL-dialect databases. For more information, see About fine-grained access control.
(2023-R12) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane versions are now available:
- The following node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.8-gke.1000 with this release.
Stable channel
- Version 1.25.8-gke.1000 is now the default version in the Stable channel.
- Version 1.21.14-gke.18100 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.18800 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.18800 with this release.
Regular channel
- Version 1.24.13-gke.2500 is now available in the Regular channel.
- Version 1.24.12-gke.500 is no longer available in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.1000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.1000 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.22.17-gke.8000
- 1.23.17-gke.2000
- 1.23.17-gke.3600
- 1.24.13-gke.2500
- 1.25.8-gke.1000
- 1.26.4-gke.500
- 1.26.4-gke.1400
- 1.27.1-gke.400
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.11400 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.5600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.14-gke.1200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.9-gke.2300 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.9-gke.2300 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.2-gke.1200 with this release.
(2023-R12) Version updates
- The following control plane versions are now available:
- The following node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.8-gke.1000 with this release.
(2023-R12) Version updates
- Version 1.25.8-gke.1000 is now the default version in the Stable channel.
- Version 1.21.14-gke.18100 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.18800 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.18800 with this release.
(2023-R12) Version updates
- Version 1.24.13-gke.2500 is now available in the Regular channel.
- Version 1.24.12-gke.500 is no longer available in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.1000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.1000 with this release.
(2023-R12) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.22.17-gke.8000
- 1.23.17-gke.2000
- 1.23.17-gke.3600
- 1.24.13-gke.2500
- 1.25.8-gke.1000
- 1.26.4-gke.500
- 1.26.4-gke.1400
- 1.27.1-gke.400
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.11400 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.5600 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.14-gke.1200 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.9-gke.2300 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.9-gke.2300 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.2-gke.1200 with this release.
PaLM Text and Embeddings APIs, and Generative AI Studio
The Generative AI support on Vertex AI is now available in (GA).
With this feature launch, you can leverage the PaLM API to generate
AI models that you can test, tune, and deploy in your AI-powered applications.
With the GA of these features, you will incur usage costs if you use the
text-bison
and textembedding-gecko
PaLM APIs. To learn about pricing, see
the Vertex AI pricing page.
Features and models in this release include:
- PaLM 2 for Text:
text-bison
- Embedding for Text:
textembedding-gecko
- Generative AI Studio for Language
Vertex AI Model Garden
The Vertex AI Model Garden is now available in (GA). The Model Garden is a platform that helps you discover, test, customize, and deploy Vertex AI and select OSS models. These models range from tunable to task-specific - all available on the Model Garden page in the Google Cloud console.
To get started, see Explore AI models and APIs in Model Garden.
Vertex AI Codey APIs
The Vertex AI Codey APIs are now in (Preview).
With the Codey API, code generation, code completion, and code chat APIs can be used from any GCP project without allowlisting. The APIs can be accessed from the
us-central1
region. The Codey APIs can be used in the Generative AI studio or
programmatically in REST commands.
To get started, see the Code models overview.
June 06, 2023
Access TransparencyAccess Transparency supports Memorystore for Redis in the GA stage.
Security bulletin
A new vulnerability (CVE-2023-2878) has been discovered in the secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. For more information, see the GCP-2023-009 security bulletin.
Security bulletin
A new vulnerability (CVE-2023-2878) has been discovered in the secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. For more information, see the GCP-2023-009 security bulletin.
Security bulletin
A new vulnerability (CVE-2023-2878) has been discovered in the secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. The severity of this Security Bulletin is None. For more information, see the GCP-2023-009 security bulletin.
The following changes are available in the Unified Data Model.
New fields were added to Entity
, called risk_score
and metric
.
A new field was added to EntityMetadata
, called
event_metadata
.
The following new types were added to Entity
:
EntityRisk
Metric
RiskDelta
Metric.Measure
The following new types were added to Event
:
AttackDetails
ExifInfo
FileMetadataCodesign
FileMetadataPE
FileMetadataSignatureInfo
PDFInfo
SignatureInfo
X509
AttackDetails.Tactic
AttackDetails.Technique
SecurityResult.Association
SecurityResult.Association.AssociationAlias
SecurityResult.Source
SecurityResult.ProviderMLVerdict
SecurityResult.AnalystVerdict
SecurityResult.Verdict
The following new enumerated types were added to Entity
:
Metric.AggregateFunction
Metric.Dimension
Metric.MetricName
Relation.EntityLabel
The following new enumerated types were added to Event
:
Process
TokenElevationType
SecurityResult.VerdictResponse
SecurityResult.Association.AssociationType
New field added to Relation
, called entity_label
.
New value added to EntityMetadata.EntityType
, called
METRIC
.
New fields added to Event.Metadata
called log_type
, base_labels
, enrichment_labels
.
New fields added to Noun
, called security_result
and
network
.
New fields added to SecurityResult
, called risk_score
,
attack_details
, first_discovered_time
,
associations
, campaigns
, and verdicts
.
New fields added to File
, called pe_file
,
tags
, last_analysis_time
, embedded_urls
,
embedded_domains
, embedded_ips
,
exif_info
, signature_info
, pdf_info
.
New field added to Process
, called integrity_level_rid
and token_elevation_type
.
New fields added to SignerInfo
, called status
,
valid_usage
, cert_issuer
.
The Resource.id
field was deprecated. Use
resource.name
or resource.product_object_id
instead.
The following values were added to the EventTypes
enumerated type:
DEVICE_FIRMWARE_UPDATE
DEVICE_CONFIG_UPDATE
DEVICE_PROGRAM_UPLOAD
DEVICE_PROGRAM_DOWNLOAD
The following additional values were added to the
ApplicationProtocol
enumerated type:
CIP
COTP
DNP3
DICOM
GOOSE
IEC104
MMS
PTP
SNMP
SV
New values added to the Network.IpProtocol
enumerated type, called ICMP
and SCTP
.
For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.
Use folders and organizations in budgets: When you set up budgets for your Cloud Billing account, you can set the budget's scope to one or more folders or organizations that are linked to your account, in addition to the current options for specific projects and labels.
When you create a budget that applies to a folder or organization, the budget also covers future projects that you create in the folder or organization.
Learn about creating and modifying budgets for your Cloud Billing account.
For MIGs that have T2D machine series VMs, autoscaling based on CPU utilization doesn't work as expected. For more details, see Known issues.
A new vulnerability (CVE-2023-1872) has been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-008.
A new vulnerability (CVE-2023-2878) has been discovered in the secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. On GKE, the severity is None. For more information, see the GCP-2023-009 security bulletin.
Access Transparency is now Generally Available for Memorystore for Redis.
Generally available: The Estimated cut-over time field is now generally available. This field gives an estimate of the time it takes to complete a cut-over job for a VM once the cut-over is triggered. This field is populated only for an active VM that has completed a few replication cycles.
We discovered a security vulnerability in the Storage Transfer Service agent container. We've fixed this issue with a container update that is more secure.
If you're running agents that were installed on or before February 17, 2023, you should follow the instructions in the Action required email sent to your account email address to update the container image.
Agents installed after February 17, 2023 do not need to be updated.
June 05, 2023
AlloyDB for PostgreSQLAlloyDB for PostgreSQL is now available in the following regions:
us-east5 (Columbus)
us-south1 (Dallas)
For more information, see AlloyDB Locations.
This release includes the following Anthos attached clusters platform versions:
- 1.24.0-gke.4
- 1.25.0-gke.4
- 1.26.0-gke.2
This release fixes the following vulnerability:
You can now launch clusters with the following Kubernetes versions:
- 1.24.13-gke.500
- 1.25.8-gke.500
- 1.26.4-gke.2200
This release fixes the following vulnerability:
For information about the latest known issues, see Known issues for Anthos clusters on AWS.
Security bulletin
A new vulnerability (CVE-2023-1872) has been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-008.
You can now launch clusters with the following Kubernetes versions:
- 1.24.13-gke.500
- 1.25.8-gke.500
- 1.26.4-gke.2200
This release fixes the following vulnerability:
Known issues:
For information about the latest known issues, see Known issues for Anthos clusters on Azure.
Security bulletin
A new vulnerability (CVE-2023-1872) has been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-008.
Known issue
If you create a version 1.13.8 or version 1.14.4 admin cluster, or upgrade an admin cluster to version 1.13.8 or 1.14.4, the kind cluster pulls the following container images from docker.io
:
docker.io/kindest/kindnetd
docker.io/kindest/local-path-provisioner
docker.io/kindest/local-path-helper
If docker.io
isn't accessible from your admin workstation, the admin cluster creation or upgrade fails to bring up the kind cluster.
This issue affects the following versions of Anthos clusters on VMware:
- 1.14.4
- 1.13.8
For more information, including a workaround, see kind cluster pulls container images from docker.io
on the Known issues page.
Security bulletin
A new vulnerability (CVE-2023-1872) has been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-008.
ANNOUNCEMENT
hybrid v1.9.3
On June 5, 2023 we released an updated version of the Apigee hybrid software, v1.9.3.
- For information on upgrading, see Upgrading Apigee hybrid to version 1.9.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
284488296 | Removed an unneeded Workload Identify on the Cassandra Schema Validation cron job. |
Bug ID | Description |
---|---|
273800965 | Security fix for apigee-diagnostics-collector , apigee-mart-server , apigee-mint-task-scheduler , apigee-runtime , and apigee-synchronizer . This addresses the following vulnerability: |
273800345, 281572616 | Security fixes for apigee-diagnostics-collector , apigee-mart-server , apigee-mint-task-scheduler , apigee-runtime , apigee-synchronizer , and apigee-udca . This addresses the following vulnerabilities: |
273801301 | Security fixes for apigee-mart-server and apigee-runtime . This addresses the following vulnerability: |
283826216 | Security fixes for apigee-ingressgateway . This addresses the following vulnerabilities: |
283826785 | Security fixes for istiod . This addresses the following vulnerabilities: |
281561243 | Security fix for apigee-diagnostics-collector , apigee-mint-task-scheduler , apigee-runtime , and apigee-synchronizer . This addresses the following vulnerability: |
Batch is available in the following regions:
asia-east2
(Hong Kong)europe-central2
(Warsaw)us-south1
(Dallas)us-west2
(Los Angeles)us-west3
(Salt Lake City)us-west4
(Las Vegas)
For more information, see Locations.
On June 5, 2023 Blockchain Node Engine released a limited GA version of the software. Access to the user interface and APIs is limited to specific customers until the full GA release.
Features supported in this release include:
- Blockchain Node Engine is a fully-managed service for dedicated blockchain nodes.
- Ethereum support:
- Execution and consensus clients
- Full and Archive nodes
- JSON-RPC and WebSocket endpoints.
- With a single operation, Blockchain Node Engine provisions a new node with the specified configuration (network, region, client, node type), bootstrap it from a known-good snapshot, sync it with the blockchain, and ensure its availability.
- Google Cloud Armor always enabled.
See:
Chronicle now links to a customer-supplied Google Cloud Project to integrate more closely with Google Cloud services, such as Cloud IAM, Cloud Monitoring, and Cloud Audit Logs. Customers can now use Cloud IAM and workforce identity federation to authenticate using their existing identity provider.
Chronicle provides an onboarding and migration portal, available via Cloud Console, where new customers are able to provision and configure a new Chronicle SIEM instance, and existing customers can bind their current Chronicle SIEM instance to Google Cloud services.
For more information, see the following documentation:
The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigtable
4.6.1 (2023-05-30)
Bug Fixes
- Properly handle asynchronous read from stream (#1284) (55d86ba). This could result in silently dropped rows in a
createReadStream
. The bug is active when theReadRows
stream would be piped into a consumer that would defer the processing of the rows until the next event loop run (i.e. use aTransform
that would defer the callback invocation viasetTimeout()
).
Java
Changes for google-cloud-bigtable
2.23.2 (2023-05-30)
Documentation
- samples: Add bigtable filter snippet (#1762) (48a6ed0)
- samples: Remove client initialization as the snippets are not used standalone (#1768) (a6ac97c)
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.19.0 (#1769) (956c851)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.10.1 (#1767) (901b88f)
- Update dependency com.google.truth.extensions:truth-proto-extension to v1.1.4 (#1770) (a94a522)
- Update doclet version to v1.9.0 (#1761) (a5d4215)
Use Geo-location objects in firewall policy rules to filter external IPv4 and external IPv6 traffic based on specific geographic locations or regions. This feature is available in General Availability.
Use Threat Intelligence for firewall policy rules to secure your network by allowing or blocking traffic based on threat intelligence data. This feature is available in General Availability.
You can now configure CMEK and a default storage location for individual folders, in addition to organizations. For more information, see Configure default settings for organizations and folders and Configure CMEK for Cloud Logging.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/logging
10.5.0 (2023-05-30)
Features
Java
Changes for google-cloud-logging
3.15.2 (2023-05-30)
Dependencies
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.46.0 (2023-05-12)
Features
- spanner/admin/database: Add support for UpdateDatabase in Cloud Spanner (#7917) (83870f5)
- spanner: Make leader aware routing default enabled for supported RPC requests. (#7912) (d0d3755)
Bug Fixes
- spanner: Update grpc to v1.55.0 (1147ce0)
Java
Changes for google-cloud-spanner
6.41.0 (2023-04-28)
Features
- Add TransactionExecutionOptions support to executor. (#2396) (8327f21)
- Leader Aware Routing (#2214) (9695ace)
- Make leak detection configurable for connections (#2405) (85213c8)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-spanner-executor-v1 to v1.4.0 (#2395) (02dc53c)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.17.0 (#2406) (d46097f)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.8.0 (#2400) (b815cb8)
- Update dependency com.google.cloud:google-cloud-trace to v2.16.0 (#2407) (7993be2)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.9.3 (#2401) (8aa7a1d)
6.42.0 (2023-05-15)
Features
- Add support for UpdateDatabase in Cloud Spanner (#2265) (2ea06e7)
- Add support for UpdateDatabase in Cloud Spanner (#2429) (09f20bd)
Bug Fixes
- Add error details for INTERNAL error (#2413) (ed62aa6)
- Use javax.annotation.Nonnull in executor framework (#2414) (afcc598)
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring to v3.18.0 (#2426) (05a45f8)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.9.0 (#2427) (42dbfe3)
- Update dependency com.google.cloud:google-cloud-trace to v2.17.0 (#2428) (6f7fee8)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.22 (#2423) (679bb36)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.22 (#2424) (a72f4ff)
- Update dependency org.graalvm.sdk:graal-sdk to v22.3.2 (#2391) (c082a1f)
6.42.1 (2023-05-22)
Dependencies
6.42.2 (2023-05-30)
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring to v3.19.0 (#2466) (6de2cf6)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.10.1 (#2465) (0a89f49)
- Update dependency com.google.cloud:google-cloud-trace to v2.18.0 (#2467) (45609ed)
6.42.3 (2023-05-31)
Performance Improvements
Node.js
Changes for @google-cloud/spanner
6.9.0 (2023-04-26)
Features
6.10.0 (2023-05-17)
Features
- Add support for UpdateDatabase (#1802) (f4fbe71)
- Add support for UpdateDatabase in Cloud Spanner (#1848) (dd9d505)
Bug Fixes
6.10.1 (2023-05-30)
Bug Fixes
- Set database admin and instance as having handwritten layers (republish docs) (3e3e624)
Python
Changes for google-cloud-spanner
3.32.0 (2023-04-25)
Features
3.33.0 (2023-04-27)
Features
3.34.0 (2023-05-16)
Features
Bug Fixes
3.35.0 (2023-05-16)
Features
3.35.1 (2023-05-25)
Bug Fixes
Generally available: Accelerator-optimized (G2) machine types with attached NVIDIA® L4 GPUs are generally available in the following regions and zones:
- Singapore, APAC:
asia-southeast1-b
- Netherlands, Europe:
europe-west4-a,b,c
- Iowa, North America:
us-central1-a,b
- South Carolina, North America:
us-east1-b,d
- Virginia, North America:
us-east4-a
- Oregon, North America:
us-west1-a,b
cos-105-17412-101-17
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
cos-93-16623-402-22
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
cos-97-16919-294-28
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.176 | v20.10.14 | v1.6.20 | v470.182.03(default),v525.105.17 |
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
cos-101-17162-210-21
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.0 (2023-05-30)
Features
- dataflow: Update all direct dependencies (b340d03)
0.9.0 (2023-05-30)
Features
- dataflow: Update all direct dependencies (b340d03)
(2023-R11) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following control plane versions are no longer available:
- 1.22.17-gke.7500
- 1.22.17-gke.9400
- 1.23.17-gke.1700
- 1.24.10-gke.2300
- 1.25.7-gke.1000
- 1.25.9-gke.400
- 1.26.2-gke.1000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.8-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.
Stable channel
- Version 1.24.12-gke.500 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.22.17-gke.7500
- 1.23.17-gke.1700
- 1.24.10-gke.2300
- 1.25.8-gke.500
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.8-gke.1000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.22.17-gke.7500
- 1.23.17-gke.1700
- 1.24.11-gke.1000
- 1.26.2-gke.1000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.22.17-gke.9400
- 1.23.17-gke.1700
- 1.24.13-gke.500
- 1.25.9-gke.400
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.13-gke.2500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.13-gke.2500 with this release.
(2023-R11) Version updates
- The following control plane and node versions are now available:
- The following control plane versions are no longer available:
- 1.22.17-gke.7500
- 1.22.17-gke.9400
- 1.23.17-gke.1700
- 1.24.10-gke.2300
- 1.25.7-gke.1000
- 1.25.9-gke.400
- 1.26.2-gke.1000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.8-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.
(2023-R11) Version updates
- Version 1.24.12-gke.500 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.22.17-gke.7500
- 1.23.17-gke.1700
- 1.24.10-gke.2300
- 1.25.8-gke.500
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.8-gke.1000 with this release.
(2023-R11) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.22.17-gke.7500
- 1.23.17-gke.1700
- 1.24.11-gke.1000
- 1.26.2-gke.1000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.
(2023-R11) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.22.17-gke.9400
- 1.23.17-gke.1700
- 1.24.13-gke.500
- 1.25.9-gke.400
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.13-gke.2500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.13-gke.2500 with this release.
Google Cloud's Agent for SAP version 2.0
Version 2.0 of Google Cloud's Agent for SAP is generally available (GA). This version introduces the opt-in feature of collecting SAP HANA monitoring metrics, making Google Cloud's Agent for SAP version 2.0 the successor to Google Cloud's monitoring agent for SAP HANA.
For more information, see What's new with Google Cloud's Agent for SAP.
Google Cloud's monitoring agent for SAP HANA is deprecated, and is replaced by the SAP HANA monitoring metrics collection feature of version 2.0 of Google Cloud's Agent for SAP. For upgrade instructions, see Google Cloud's Agent for SAP operations guide.
Support for the monitoring agent for SAP HANA ends on May 31, 2024.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.11.0 (2023-05-30)
Features
- secretmanager: Update all direct dependencies (b340d03)
June 04, 2023
Virtual Private CloudSupport for IPv6 static routes with the following next hops is available in Preview:
next-hop-gateway
next-hop-instance
June 02, 2023
Access TransparencyAccess Transparency supports Anthos Identity Service in the GA stage.
The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.
- Aruba (
ARUBA_WIRELESS
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Cato Networks (
CATO_NETWORKS
) - Cisco ISE (
CISCO_ISE
) - Cisco Meraki (
CISCO_MERAKI
) - Cisco PIX Firewall (
CISCO_PIX_FIREWALL
) - Dope Security SWG (
DOPE_SWG
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - Falco IDS (
FALCO_IDS
) - Fidelis Network (
FIDELIS_NETWORK
) - ForgeRock OpenAM (
OPENAM
) - FortiGate (
FORTINET_FIREWALL
) - FortiMail Email Security (
FORTINET_FORTIMAIL
) - Fortinet Web Application Firewall (
FORTINET_FORTIWEB
) - GMAIL Logs (
GMAIL_LOGS
) - IBM Safenet (
IBM_SAFENET
) - IBM Security Access Manager (
IBM_SAM
) - IBM Security QRadar SIEM (
IBM_QRADAR
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Mongo Database (
MONGO_DB
) - Office 365 (
OFFICE_365
) - Okta (
OKTA
) - Oracle Cloud Infrastructure Audit Logs (
OCI_AUDIT
) - Proofpoint Threat Response (
PROOFPOINT_TRAP
) - Pulse Secure (
PULSE_SECURE_VPN
) - Security Command Center Threat (
N/A
) - Sentinelone Alerts (
SENTINELONE_ALERT
) - SentinelOne EDR (
SENTINEL_EDR
) - ServiceNow CMDB (
SERVICENOW_CMDB
) - SonicWall (
SONIC_FIREWALL
) - Strong Swan VPN (
STRONGSWAN_VPN
) - ThreatLocker Platform (
THREATLOCKER
) - VMware vRealize Suite (
VMWARE_VREALIZE
) - VPC Flow Logs (
GCP_VPC_FLOW
) - WatchGuard (
WATCHGUARD
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Workspace Activities (
WORKSPACE_ACTIVITY
)
For details about changes in each parser, see Supported default parsers.
The SAP Ariba Batch Source plugin is generally available (GA). You can connect your data pipeline to an SAP Ariba Source and a BigQuery Sink with this plugin in Cloud Data Fusion versions 6.5.1 and later.
The SAP SuccessFactors Batch Source plugin is GA. You can connect your data pipeline to an SAP SuccessFactors Source and a BigQuery Sink with this plugin in Cloud Data Fusion versions 6.5.1 and later.
The rollout of the following minor versions, extension versions, and plugin versions is currently underway:
Minor versions
- 10.22 is upgraded to 10.23.
- 11.17 is upgraded to 11.19.
- 12.12 is upgraded to 12.14.
- 13.8 is upgraded to 13.10.
- 14.5 is upgraded to 14.7.
Extension and plugin versions
- pg_cron is upgraded from 1.4.1 to 1.5.
- pg_partman is upgraded from 4.7.0 to 4.7.3.
- postgresql-hll is upgraded from 2.16 to 2.17.
- pg_repack is upgraded from 1.4.7 to 1.4.8.
- wal2json is upgraded from 2.4 to 2.5.
- pg_hint_plan is upgraded, as follows:
- from 1.3.7 to 1.3.8 (for PostgreSQL versions 11-13)
- from 1.4.0 to 1.4.1 (for PostgreSQL version 14)
- from 1.4.0 to 1.5.0 (for PostgreSQL version 15)
If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.
The new maintenance version is [PostgreSQL version].R20230530.01_00
. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.
A vulnerability was recently discovered in Cloud SQL for SQL Server that allowed customer administrator accounts to create triggers in the tempdb
database and use those to gain sysadmin
privileges in the instance. The sysadmin
privileges would give the attacker access to system databases and partial access to the machine running that SQL Server instance.
Google Cloud resolved the issue by patching the security vulnerability by March 1, 2023. Google Cloud didn't find any compromised customer instances.
For instructions and more details, see the Cloud SQL security bulletin.
New Dataproc Serverless for Spark runtime versions:
- 1.1.17
- 2.0.25
- 2.1.4
Upgrade Cloud Storage connector to 2.2.14 version in Dataproc Serverless for Spark runtimes.
The Google Cloud console has been updated to change how you open Security Command Center pages. Previously, you selected pages using tabs on the main page. Now you select pages from the slide-out menu on the left side of the console. To show the menu, hold your pointer over the icons on the left side of the console.
For an overview of the pages, see Using Security Command Center in the Google Cloud console.
June 01, 2023
AlloyDB for PostgreSQLContinuous backup and recovery is generally available (GA).
Anthos clusters on VMware 1.15.1-gke.40 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.15.1-gke.40 runs on Kubernetes 1.26.2-gke.1001.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.
Fixed a known issue where node ID verification failed to handle hostnames with dots.
Fixed continuous increase of logging agent memory.
Fixed an issue where
cluster-api-controllers
in a high-availability admin cluster had no Pod anti-affinity. This could allow the threeclusterapi-controllers
Pods not to be scheduled on different control-plane nodes.Fixed the wrong admin cluster resource link annotation key that can cause the cluster to be enrolled again by mistake.
Fixed a known issue where node pool creation failed because of duplicated VM-Host affinity rules.
The preflight check for StorageClass parameter validations now throws a warning instead of a failure on ignored parameters after CSI Migration. StorageClass parameter
diskformat=thin
is now allowed and does not generate a warning.Fixed an issue where
gkectl repair admin-master
might fail withFailed to repair: failed to delete the admin master node object and reboot the admin master VM
.Fixed a race condition where some cluster nodes couldn't access the high-availability control plane when the underlying network performed ARP suppression.
Fixed a false error message for
gkectl prepare
when using a high-availability admin cluster.Fixed an issue where during user cluster update,
DeprecatedKubeception
always shows up in the diff.Fixed an issue where there were leftover Pods with failed status due to
Predicate NodeAffinity failed
during node re-creation.
Fixed the following vulnerabilities:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Release 1.13.8
Anthos clusters on bare metal 1.13.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.8 runs on Kubernetes 1.24.
Fixes:
Fixed an issue that prevented Anthos clusters on bare metal from restoring a high-availability quorum for nodes that use
/var/lib/etcd
as a mountpoint.Fixed an upgrade race condition between a node and the CNI, which could trigger two worker nodes to upgrade simultaneously.
The following container image security vulnerabilities have been fixed:
Known issues:
For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.
For Node.js runtimes version 18 and version 20 (preview), you can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your runtime.
You can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your runtime.
You can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your application.
Updated content to reflect the new Alert view and Alert list. The following changes have been made to Alert view:
- New Overview and Alert History tabs. The Overview section provides a snapshot of important alert information. This is separate from the History tab to clearly differentiate between alert investigation and audit area.
- Detection widget now has a view other alerts from this rule button to get fast access to more alerts that came from this rule. Users can pivot to other alerts from this rule.
- Updated information on how to close an alert and change alert status.
- Updated information on how to adjust the time range.
- Updated information on how to apply single and multiple filters.
The following changes have been made to Alert list:
- Expanded columns to include Risk Score and Tags. This helps users to focus on and prioritize high-risk and critical security findings.
- Ingestion Time and Last Modified were also added to Alert List.
- Users can now customize columns in the Alert list, add or remove columns from the table.
- Expanded filters to include OR and AND operators to allow more complex filtering.
- Updated information on how to refresh Alert List.
These changes are documented in Investigate an alert and View Alerts and IOCs.
You can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your runtime.
New sub-minor versions of Dataproc images:
- 2.0.66-debian10, 2.0.66-rocky8, 2.0.66-ubuntu18
- 2.1.14-debian11, 2.1.14-rocky8, 2.1.14-ubuntu20
Upgrade Cloud Storage connector version to 2.2.14 for 2.0 and 2.1 images
Backport HIVE-22891, HIVE-21660, HIVE-21915 to 2.0 images.
Backport HIVE-22891, HIVE-21660, HIVE-25520, HIVE-25521 to 2.1 images.
The price of an active delivery pipeline is reduced. Also, single-target delivery pipelines no longer incur a charge. Underlying service charges continue to apply. See the Google Cloud Deploy pricing page for details.
Agones on GKE users will get recommendations and insights if they did not install the Agones controller on dedicated nodes.
Preview stage support for the following integration:
Vertex Prediction
You can now specify a multi-region BigQuery table as the input or output to a batch prediction request.
May 31, 2023
Anthos clusters on bare metalRelease 1.15.1
Anthos clusters on bare metal 1.15.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.1 runs on Kubernetes 1.26.
Functionality changes:
Updated the cluster snapshot capability so that information can be captured for the target cluster even when the cluster custom resource is missing or unavailable.
Improved
bmctl
error reporting for failures during the creation of a bootstrap cluster.Added support for using the
baremetal.cluster.gke.io/maintenance-mode-deadline-seconds
cluster annotation to specify the maximum node draining duration, in seconds. By default, a 20-minute (1200 seconds) timeout is enforced. When the timeout elapses, all pods are stopped and the node is put into maintenance mode. For example to change the timeout to 10 minutes, add the annotationbaremetal.cluster.gke.io/maintenance-mode-deadline-seconds: "600"
to your cluster.Added
node_pool_name
to theanthos_baremetal_node_os_count
metric.
Fixes:
Fixed an issue that caused the
bmctl restore
command to stop responding for clusters with manually configured load balancers.Fixed an issue that caused health checks to report failure when they find a Pod with a status of
TaintToleration
even when the replicaset for the Pod has sufficient Pods running.Fixed an issue that prevented Anthos clusters on bare metal from restoring a high-availability quorum for nodes that use
/var/lib/etcd
as a mountpoint.Fixed an issue that caused conflicts with third-party Ansible automation.
Fixed an issue where invalid kubelet image pull settings, such as negative values, resulted in update job failures. Unchecked job failures generate an excessive accumulation of kubelet configuration backup files.
Fixed a cluster upgrade issue that prevented some control plane nodes from rejoining a cluster configured for high availability.
The following container image security vulnerabilities have been fixed:
- CVE-2018-1099
- CVE-2019-19906
- CVE-2020-8032
- CVE-2021-3468
- CVE-2021-43784
- CVE-2022-2097
- CVE-2022-2196
- CVE-2022-3424
- CVE-2022-3707
- CVE-2022-4129
- CVE-2022-4304
- CVE-2022-4379
- CVE-2022-4382
- CVE-2022-4450
- CVE-2022-4904
- CVE-2022-24407
- CVE-2022-29162
- CVE-2022-41723
- CVE-2022-41725
- CVE-2023-0045
- CVE-2023-0215
- CVE-2023-0286
- CVE-2023-0458
- CVE-2023-0461
- CVE-2023-1073
- CVE-2023-1074
- CVE-2023-1076
- CVE-2023-1077
- CVE-2023-1078
- CVE-2023-1079
- CVE-2023-1118
- CVE-2023-1281
- CVE-2023-1513
- CVE-2023-1611
- CVE-2023-1670
- CVE-2023-1829
- CVE-2023-1855
- CVE-2023-1872
- CVE-2023-1989
- CVE-2023-1990
- CVE-2023-1998
- CVE-2023-2162
- CVE-2023-2194
- CVE-2023-21102
- CVE-2023-22998
- CVE-2023-23004
- CVE-2023-23559
- CVE-2023-25012
- CVE-2023-26545
- CVE-2023-27487
- CVE-2023-27488
- CVE-2023-27491
- CVE-2023-27492
- CVE-2023-27493
- CVE-2023-27496
- CVE-2023-28328
- CVE-2023-28466
- CVE-2023-28484
- CVE-2023-29469
- CVE-2023-30456
- CVE-2023-30772
- CVE-2023-32269
Known issues:
For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
Cross-Cloud Interconnect is now generally available. Cross-Cloud Interconnect is a new variant of Cloud Interconnect that helps you establish high-bandwidth dedicated connectivity between Google Cloud and another cloud service provider.
When you buy Cross-Cloud Interconnect, Google provisions a dedicated physical connection between the Google network and that of another cloud service provider. You can use this connection to peer your Google Virtual Private Cloud (VPC) network with your network that's hosted by a supported cloud service provider. Supported providers include the following:
- Amazon Web Services (AWS)
- Microsoft Azure
- Oracle Cloud Infrastructure (OCI)
- Alibaba Cloud
For more information about the benefits and limitations of Cross-Cloud Interconnect, see the Cross-Cloud Interconnect overview.
Cloud Logging no longer creates a dedicated service account for each log sink. Instead, Logging reuses an existing service account when one is available for the resource type. Logging creates a service account when none are available. For more information, see Set destination permissions.
Preview: In a managed instance group (MIG), you can set metadata and labels for all VMs in the group without the need to create a new instance template. For more information, see Override instance template properties with an all-instances configuration.
The image import tool now supports importing CentOS Stream 9 and CentOS Stream 8 images to Google Cloud.
Data sampling is now generally available (GA). Data sampling lets you observe the data at each step of a pipeline. For more information, see Use data sampling to observe pipeline data.
Dataproc Metastore gRPC endpoints are generally available (GA).
Metadata federation support for BigQuery and BigLake is generally available (GA).
Cross-Cloud Interconnect is now generally available. You can use a Cross-Cloud Interconnect connection to peer your Google Virtual Private Cloud (VPC) network with your network that's hosted by a supported cloud service provider. You can also use Cross-Cloud Interconnect VLAN attachments as part of a site-to-site data transfer strategy.
For example, after you configure a VLAN attachment for your Cross-Cloud Interconnect connection, you can create a Network Connectivity Center spoke to represent the attachment. If the spoke has site-to-site data transfer enabled, you can then transfer data between your remote cloud network and your other external sites. Other external sites can include your on-premises network or your network in other clouds.
For information about the cloud service providers that Cross-Cloud Interconnect supports, see the Cross-Cloud Interconnect overview. For information about site-to-site data transfer, see the Site-to-site data transfer overview.
Site-to-site data transfer is supported only in certain locations.
May 30, 2023
Cloud CDNThe advanced traffic management using flexible pattern matching capability with Global External HTTP(S) Load Balancer is now Generally Available.
Starting July 2023, the new composer.environments.executeAirflowCommand
permission will be required to run Airflow CLI commands through the gcloud environments run
command:
The
composer.user
andcomposer.environmentAndStorageObjectViewer
roles do not have this permission and will not be permitted to run Airflow CLI commands starting July 2023.This permission is already available in IAM and you can assign it in advance.
This permission is already added to the
composer.admin
composer.environmentAndStorageObjectAdmin
roles.This change applies only to Cloud Composer 2 environments. It will still be possible to run Airflow CLI commands on Cloud Composer 1 environments without this permission.
(Cloud Composer 2) The number of web server workers is now set dynamically based on available web server CPU and memory. This change improves Airflow web server performance and scalability by allowing it to handle more users.
These workers are internal to the gunicorn web server and are not related to workers that run tasks.
The new value is applied to the
[webserver]workers
Airflow configuration option when you change the environment's configuration. To use a different value, override this Airflow configuration option.The number of web server workers is clamped between 2 and 12 workers and is calculated as the minimum of
(web_server_CPU * 2) + 1
andweb_server_memory * 1.1
.
(Cloud Composer 2) The deprecated [core]non_pooled_task_slot_count
Airflow configuration option is replaced with the [core]default_pool_task_slot_count
configuration option in the default Airflow configuration. Make sure to update your custom Airflow configuration overrides to use the new option instead of the deprecated one.
An improved error message is now displayed when a subnetwork with unsupported IPv4 ranges is used to create an environment in a shared VPC configuration.
Cloud Composer 2.2.1 images are available:
- composer-2.2.1-airflow-2.5.1 (default)
- composer-2.2.1-airflow-2.4.3
Cloud Composer versions 2.0.14, 2.0.13, 1.18.10, and 1.18.9, have reached their end of full support period.
Pub/Sub notifications containing FHIR data is generally available (GA).
Using the notificationConfig
object on a FHIR store is deprecated. Use the notificationConfigs
object instead.
The global external HTTP(S) load balancer now supports advanced traffic management using flexible pattern matching. This allows you to use wildcards anywhere in your path matcher. You can use this to customize origin routing for different types of traffic, request and response behaviors, and caching policies. In addition, you can now use results from your pattern matching to rewrite the path that is sent to the origin.
For details, see URL maps overview: Wildcards and pattern matching operators in path templates for route rules.
This capability is available in General availability.
Cloud NAT support for Standard Tier egress is available in Preview.
Config Controller now uses the following versions of its included products:
- Config Connector v1.104.0, release notes
cos-97-16919-294-27
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.176 | v20.10.14 | v1.6.20 | v470.182.03(default),v525.105.17 |
Fixed CVE-2023-28842 in docker.
cos-93-16623-402-21
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Fixed CVE-2023-28842 in docker.
Password policies are generally available (GA).
May 29, 2023
Cloud BigtableA weekly digest of client library updates from across the Cloud SDK.
reCAPTCHA Enterprise Mobile SDK v18.2.1 is now available for Android.
This version fixed the issue that caused Failed to parse the message
or Protocol message contained an invalid tag (zero)
error. For more information about the issue, see unhandled exception in Android SDK 18.2.0.
May 26, 2023
Access ApprovalAccess Approval supports Firestore in the GA stage.
Starting June 7, 2023, Chronicle will no longer use reference lists to reduce the number of alerts generated by Curated Detection rule sets. The predefined reference lists for Curated Detections will be replaced by rule exclusions. You will see the following changes:
- Reference lists will not be available in the Cloud Threats and Windows Threats categories and will not be displayed in the settings page for these rule sets.
- Any category-specific reference lists that are currently empty will be deleted.
- Any category-specific reference lists that are not empty will be automatically migrated to an equivalent rule exclusion.
No action is required. Rule set behavior should not be affected because category-specific reference lists will be replaced with rule exclusions.
Going forward, we recommend using rule exclusions to tune the number of alerts returned by Curated Detections.
The end of support process is gradual, and you may see some Curated Detection rule sets in a partial migration state before the process is complete. The process should complete by June 21, 2023.
Observability for Google Kubernetes Engine: The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.
You can now add custom object metadata in the final request of a JSON API resumable upload by using the X-Goog-Meta-
header.
Jobs with commutable city-level locations are returned when allowImpreciseAddresses
is set in CommuteFilter
.
Jobs with matching nation-level locations are boosted for telecommute searches.
Adds MAX_THREE_PER_COMPANY DiversificationLevel option.
Config Connector version 1.105.0 is now available.
Resource AlloyDBBackup(v1alpha1):
Added
spec.encryptionConfig
field.Added
status.encryptionInfo
field.
Resource AlloyDBCluster(v1alpha1):
Added
spec.encryptionConfig
field.Added
spec.automatedBackupPolicy.encryptionConfig
field.Added
status.encryptionInfo
field.
Resource BigQueryJob(v1beta1):
- Added
spec.load.parquetOptions
field.
Resource CertificateManagerCertificate(v1alpha1):
- Added
spec.location
field.
Resource CloudBuildTrigger(v1beta1):
Added
spec.build.step.items.allowExitCodes
field.Added
spec.build.step.items.allowFailure
field.Added
spec.gitFileSource.repositoryRef
field.Added
spec.sourceToBuild.repositoryRef
field.
Resource ComputeBackendService(v1beta1):
- Added
spec.cdnPolicy.bypassCacheOnRequestHeaders
field.
Resource ComputeDisk(v1beta1):
- Added
spec.asyncPrimaryDisk.diskRef
field.
Resource ComputeForwardingRule(v1beta1):
Added
spec.allowPscGlobalAccess
field.Added
spec.sourceIpRanges
field.Added
status.baseForwardingRule
field.
Resource ComputeNetworkPeering(v1beta1):
- Added
spec.stackType
field.
Resource ComputeResourcePolicy(v1beta1):
- Added
spec.diskConsistencyGroupPolicy
field.
Resource ComputeRouterPeer(v1beta1):
Added
spec.enableIpv6
field.Added
spec.ipv6NexthopAddress
field.Added
spec.peerIpv6NexthopAddress
field.
Resource ContainerCluster(v1beta1):
- Added
spec.addonsConfig.gcsFuseCsiDriverConfig
field.
Resource VertexAIEndpoint(v1alpha1):
- Added
spec.region
field.
Resource WorkflowsWorkflow(v1alpha1):
- Added
spec.cryptoKeyName
field.
Resource WorkstationsWorkstationCluster(v1alpha1):
Added
status.resourceConditions
field.Restructured
status.conditions
field to be consistent withstatus.conditions
field of any Config Connector kind.
Fixed the issue that the SecretManagerSecretVersion resource stuck in DeleteFailed
state when it's deleted after the referenced SecretManagerSecret is deleted.
New Dataproc Serverless for Spark runtime versions:
- 1.1.16
- 2.0.24
- 2.1.3
New sub-minor versions of Dataproc images:
- 2.0.65-debian10, 2.0.65-rocky8, 2.0.65-ubuntu18
- 2.1.13-debian11, 2.1.13-rocky8, 2.1.13-ubuntu20
The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.
Image batch processing now available as a Preview feature
Vertex AI Vision now offers batch image processing as a Preview feature. This new processing mode lets you provide a Cloud Storage path with image files as input and Cloud Storage path to store output batch processing results.
For more information, see the image batch processing documentation.
Python SDK now available
A new Python SDK is now available for Vertex AI Vision. For more information, see the following documentation pages:
General Availibility: You can use the private.googleapis.com
and restricted.googleapis.com
virtual IP addresses (VIPs) to access Google APIs and services with IPv6 addresses. For more information, see the following pages:
Private Service Connect backends support using an external regional TCP proxy load balancer to access published services. This feature is available in Preview.
May 25, 2023
Anthos Config ManagementAdded a new field spec.helm.deployNamespace
in the RootSync API to support specifying which namespace to deploy the rendered chart. For more information, see RootSync and RepoSync fields.
The constraint template library includes a new template: K8sHorizontalPodAutoscaler
. For reference, see the Constraint template library.
The constraint template library's K8sStorageClass
template now supports an allowed list of storage classes using the new allowedStorageClasses
parameter. For reference, see Constraint template library.
Upgraded bundled Kustomize version from v5.0.1 to v5.0.3 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.
The constraint template library's K8sReplicaLimits
template now includes the object's actual kind instead of always deployment in violation messages. For reference, see Constraint template library.
The BigQuery partitioning and clustering recommender is now in preview. The recommender analyzes your BigQuery tables to identify partitioning or clustering opportunities for potential cost savings. You can view partition or cluster recommendations through the BigQuery UI or recommender API. You can also apply recommendations directly to your BigQuery tables.
On or after July 1, 2023, the existing udm_events table in Chronicle-managed BigQuery projects will be fully replaced with a new table named events. This new table is currently available for all customers. Chronicle will handle all changes in-product for this new table. Customers issuing queries against the udm_events table through the Cloud console or through the API should fully migrate queries to the new table by July 1 to avoid interruption.
Generally available: NVIDIA A100 80GB GPUs are now available in the following additional regions and zones:
- Netherlands, Europe:
europe-west4-a
- Singapore, APAC:
asia-southeast1-c
For more information about using GPUs on Compute Engine, see GPU platforms.
CCAI Platform now supports Agent Assist Session Summarization. This feature automatically provides a summary of the conversation transcript at the end of a chat or phone call. The summary includes brief overview of the conversation, key discussion points and resolutions or solutions agreed upon. For more information, see the Agent Assist voice or Agent Assist chat documentation.
VMware Engine nodes are now available in the following additional region:
- Turin, Italy (
europe-west12
)
CVE-2022-4450, CVE-2022-2097, CVE-2023-0286, CVE-2023-0215, and CVE-2022-4304 have been patched in all minor versions for all existing and new clusters using the Compute Engine persistent disk CSI driver.
For VPC peering-based private clusters running version 1.27 or later, traffic from kube-apiserver to nodes routes through the Konnectivity service. If your cluster was created before 2020-09-17, this traffic from does not route through Konnectivity unless you have rotated the control plane IP address after 2020-09-17.
May 24, 2023
Anthos Service MeshThe following images are now rolling out for managed Anthos Service Mesh:
- The image for 1.16.4-asm.14 is rolling out to the regular release channel
- The image for 1.15.7-asm.14 is rolling out to the stable release channel
See Select a managed Anthos Service Mesh release channel for more information.
Release 1.14.5
Anthos clusters on bare metal 1.14.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.5 runs on Kubernetes 1.25.
Fixes:
- Fixed an issue that caused a continuous increase in memory usage for
stackdriver-log-forwarder
Pods. - Fixed an issue that caused the
bmctl restore
command to stop responding for clusters with manually configured load balancers. - Fixed an issue that caused preflight checks to fail for clusters configured with
spec.proxy.noProxy
settings. - Fixed an upgrade issue where adding
upgradeStrategy.parallelUpgrade.concurrentNodes
to the NodePool spec (for a parallel upgrade) caused the upgrade operation to fail. - Fixed an issue that caused conflicts with third-party Ansible automation.
- Fixed an issue that prevented Anthos clusters on bare metal from restoring a high-availability quorum for nodes that use
/var/lib/etcd
as a mountpoint. - Fixed a cluster upgrade issue that prevented some control plane nodes from rejoining a cluster configured for high availability.
- Fixed an upgrade race condition between a node and the CNI, which could result in two worker nodes to upgrade simultaneously.
- The following container image security vulnerabilities have been fixed:
- CVE-2022-3821
- CVE-2022-4415
- CVE-2022-4450
- CVE-2022-29458
- CVE-2022-41723
- CVE-2022-41725
- CVE-2023-0045
- CVE-2023-0215
- CVE-2023-0286
- CVE-2023-0386
- CVE-2023-0461
- CVE-2023-1077
- CVE-2023-1078
- CVE-2023-1118
- CVE-2023-1281
- CVE-2023-1670
- CVE-2023-1829
- CVE-2023-1989
- CVE-2023-23559
- CVE-2023-27487
- CVE-2023-27488
- CVE-2023-27491
- CVE-2023-27492
- CVE-2023-27493
- CVE-2023-27496
- CVE-2023-28466
- CVE-2023-31436
- CVE-2023-32233
Known issues:
For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.
Chronicle has updated Rules Engine's YARA-L 2.0 language to support more functionality for handling arrays.
A new
arrays.length()
function has been added. This function returns the number of elements in a repeated field. For more information, see YARA-L 2.0 language syntax.You can now perform array indexing on repeated fields using bracket notation. This lets you access an element of a repeated field at a specific index. For more information, see YARA-L 2.0 language syntax.
Chronicle Curated Detections has been enhanced with the following additional detection content for Cloud threats. A new rule set was added, called Cloud SQL Ransom, that detects activity associated with exfiltration or ransom of data within Cloud SQL databases.
Cloud Debugger is scheduled for shutdown on May 31, 2023. To help with your debugging needs after this shutdown, we've built an open source CLI tool, Snapshot debugger.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud Load Balancing introduces the external regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic in a single region behind an external regional IP address. External regional TCP proxy load balancer will load-balance external TCP traffic from the internet to backends in the same region.
For details, see the External Regional TCP Proxy Load Balancing overview
To set up an external regional TCP proxy load balancer, see the following pages:
This capability is in General Availability.
PostgreSQL version 15 is now generally available. To start using PostgreSQL 15, see Create instances.
Cloud Spanner lets you use a generated column in the primary key.
Cloud Spanner database deletion protection is now available in Preview. You can enable database deletion protection to prevent the accidental deletion of databases. For more information, see Prevent accidental database deletion.
Cloud Workstations adds Google Cloud console support for the me-west1
region (Tel Aviv, Israel, Middle East). For more information, see Locations.
Config Controller now uses the following versions of its included products:
- Config Connector v1.103.0, release notes
- Anthos Config Management v1.15.0, release notes
Upgraded the Cloud Storage connector to 2.2.13 version in Dataproc on Compute Engine 2.0 and 2.1 image versions.
Unauthorized callers attempting to get, delete, or terminate non-existent Sessions will now receive a 403 response code instead of a 404 response code. This does not impact authorized callers.
Fixed Serverless history server endpoint URL when Persistent History Server (PHS) was setup without using a wildcard.
Dialogflow CX quota for design time read requests has been increased to 200 per minute.
Translation Hub is now enforcing the following behaviors:
- For new projects, you must enable the Translation Hub API starting today. For existing projects, Google performed a one-time automatic enablement of the Translation Hub API to prevent service interruptions.
- Translation Hub has expanded Identity and Access Management (IAM) permission enforcement. Previously, Translation Hub IAM permissions weren't required to add and remove users from Translation Hub. To modify user access to Translation Hub portals, you must have the
Translation Hub administrator
role. If you already have this role, no action is necessary.
May 23, 2023
Anthos Service Mesh1.16.4-asm.14 is now available for in-cluster Anthos Service Mesh.
You can now download 1.16.4-asm.14 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.16.4 subject to the list of supported features. Anthos Service Mesh 1.16.4-asm.14 uses Envoy v1.24.8.
New tasks for Google Cloud services
The following new integration tasks are available in preview:
- AI Platform - Prediction
- Cloud KMS - encrypt
- Cloud KMS - decrypt
- Dataflow - Create Job
- Drive - List
- Doc AI - Batch Process
- Doc AI - Process
- Doc AI - Operation
- Firestore - Batch Get
- Firestore - Batch Write
- Firestore - Document Get
- Language - Annotate Text
- Language - Classify Text
- Sheets - Append
- Sheets - Batch Get
- Sheets - Get
- Translate - Document
- Translate - Text
- Workflows - Execute
New tasks for Google Cloud services
The following new integration tasks are available in preview:
- AI Platform - Prediction
- Cloud KMS - encrypt
- Cloud KMS - decrypt
- Dataflow - Create Job
- Drive - List
- Doc AI - Batch Process
- Doc AI - Process
- Doc AI - Operation
- Firestore - Batch Get
- Firestore - Batch Write
- Firestore - Document Get
- Language - Annotate Text
- Language - Classify Text
- Sheets - Append
- Sheets - Batch Get
- Sheets - Get
- Translate - Document
- Translate - Text
- Workflows - Execute
DML statements no longer count toward the number of table or partitioned tables modifications per day. The limit of table and partitioned table modifications has not changed.
Single event rules meeting all of the following conditions have been reclassified as multiple event rules to increase detections:
- Includes a match section.
- Includes one or more conditions on outcome variables in the condition section.
- Includes a simple existence condition on exactly one event variable in the condition section.
Affected rules will be automatically reprocessed to find any missed detections over the next 5 to 6 business days.
You can now view information about which customer-managed encryption keys (CMEK) are used to protect your Cloud Bigtable resources and projects using Cloud Key Management Service (KMS). This feature is generally available (GA). For more information, see View key usage.
Support for the asia-south2 (Delhi) region.
Support for the asia-south2 (Delhi) region.
CVE-2023-26604 has been fixed in clusters running version 1.25 using the Filestore CSI driver. The fix is transparent, but to mitigate instability, it is available by manually upgrading the cluster to the newest 1.25 patch version. The CVE is not present in clusters running version 1.26 or later.
Reserving static regional external IPv6 addresses is available in General Availability.
Reserving static regional internal IPv6 addresses is available in General Availability.
Internal ranges are available in Preview. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.
Support for IPv6 extension headers is available in Preview.
May 22, 2023
Apigee Integrated PortalOn May 22, 2023 we released an updated version of Apigee integrated portal.
Bug ID | Description |
---|---|
274916981 | Fixed issue where an API specification set via URL could fail. |
277265034 | App names can start with numeric characters as described in Naming guidelines. |
Error catcher trigger
The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.
For more information, see Error catcher trigger.
Return task
The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.
For more information, see Return task.
Node.js 20 is now available in preview. Note that Node.js 20 enters long-term support (LTS) in October and is the Node.js "Current" version until that time. We encourage you to explore the new features and benefits included in this release to evaluate their potential impact on your applications. For more information, see the Node.js 20 announcement .
Support for Google-managed encryption keys
Application Integration now uses Google-managed encryption keys as the default method of data encryption for your provisioned regions. You can optionally modify your encryption method with customer-managed encryption keys (CMEK).
For more information, see Encryption methods.
Error catcher trigger
The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.
For more information, see Error catcher trigger.
Return task
The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.
For more information, see Return task.
Documentation has been added to explain how to use Terraform to run a Cloud Scheduler cron job that creates Batch jobs. For more information, see Create and run Batch jobs using Terraform and Cloud Scheduler.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.26.1 (2023-05-16)
Bug Fixes
2.26.0 (2023-05-15)
Features
- Add field in HivePartitioningOptions (#2678) (4165e55)
- Allow passing autodetect_schema on table update (#2661) (4c01698)
Bug Fixes
- Move ratio calculation for whether to use read API to avoid NPE with setUseReadAPI(false) (#2509) (e1326c8)
Dependencies
- Update arrow.version to v12 (major) (#2675) (7700cf5)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.19.0 (#2691) (1939803)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.23.0 (#2692) (f56e541)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.9.0 (#2685) (b74da29)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.22 (#2687) (cf5d758)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.22 (#2688) (32ea8ab)
- Update github/codeql-action action to v2.3.3 (#2658) (487f207)
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigtable
2.18.1 (2023-05-11)
Bug Fixes
The COUNTRY_DEMOGRAPHIC
infoType detector, which identifies when countries are used for place of birth, residency, or citizenship, is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The Key Usage dashboard in the Google Cloud console and the new KMS Inventory REST API are now generally available.
For more information about the Key Usage dashboard, see View key usage.
For more information about the KMS Inventory REST API, see KMS Inventory API.
For example curl commands using the KMS Inventory REST API, see View key usage and View keys by project.
You can now use SQL JOIN
and UNION
operators in queries on the Log Analytics page. For more information, see Combine data from multiple sources.
A weekly digest of client library updates from across the Cloud SDK.
Cloud SQL for MySQL now supports minor version 8.0.33. To upgrade your existing instance to the new version, see Upgrade the database minor version.
Cloud Spanner automatically increases the degree of parallelism on a query when the instance size allows. For more information on parallel execution of queries, see Life of a Spanner Query.
Generally available: General purpose C3 VMs are now generally available in the following regions:
- Council Bluffs, Iowa, North America :
us-central1
- Moncks Corner, South Carolina, North America:
us-east1
- Ashburn, Virginia, North America:
us-east4
- St. Ghislain, Belgium, Europe:
europe-west1
- Eemshaven, Netherlands, Europe :
europe-west4
- Jurong West, Singapore, APAC:
asia-southeast1
cos-dev-109-17637-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.29 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated the Linux kernel to v6.1.29.
Added noexec, nodev, nosuid to /etc/resolv.conf
bind mount. It fixes EPERM
errors when running a pod in UserNS in COS.
Added rt-tests package.
Upgraded sys-apps/grep to v3.11.
Upgraded sys-apps/ethtool to v6.3.
Upgraded net-misc/wget to v1.21.4
Upgraded sys-libs/libcap to v2.69.
Upgraded sys-apps/coreutils to v9.3-r1.
Updated app-emulation/cloud-init to 23.1.2.
Fixed CVE-2023-1255 in the dev-libs/openssl package.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
Runtime sysctl changes:
- Added: fs.overflowgid: 65534
- Added: fs.overflowuid: 65534
cos-105-17412-101-13
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
Fixed CVE-2023-32233.
cos-93-16623-402-17
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.
Fixed CVE-2022-36109 in app-emulation/docker.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
cos-97-16919-294-23
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.176 | v20.10.14 | v1.6.20 | v470.182.03(default), v525.105.17 |
Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.
Fixed CVE-2022-36109 in app-emulation/docker.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
cos-101-17162-210-18
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default), v525.105.17 |
Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.
Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
The C3 machine family is generally available for GKE Standard clusters running on version 1.22 and later. You can select this family by using the --machine-type
flag when creating a cluster or node pool.
The following features are not supported for this machine family:
- Node auto-provisioning.
- Confidential GKE nodes.
- Local SSD.
- Standard persistent disks (pd-standard).
For more information, refer to the C3 machine series documentation.
On May 22, 2023 we released Migrate to Containers 1.15.0.
The use of migration sources based on Migrate to Virtual Machines v4 is no longer supported.
To migrate application components from VMs running on VMWare clusters, you can use Migrate to Virtual Machines v5 integration. For more information, see Adding Migrate to Virtual Machines as a migration source.
To migrate application components from AWS or Azure use Migrate to Virtual Machines v5 to migrate VMs to Compute Engine, and then use Migrate to Containers to perform a migration from the created Compute Engine instance. For more information, see the Migrate to Virtual Machines version 5.0 documentation.
In-place processing on Anthos on AWS is no longer supported. You cannot install new versions of Migrate to Containers on Anthos on AWS clusters. To migrate application components of VMs on AWS, you can migrate VMs from AWS to Compute Engine using Migrate to Virtual Machines v5, and then use Migrate to Containers to perform a migration from the created Compute Engine instance. For more information, see the Migrate to Virtual Machines version 5.0 documentation.
In-place processing on Anthos on VMware is no longer supported. You cannot install new versions of Migrate to Containers on Anthos on VMWare clusters. Instead, you can migrate application components to GKE or Anthos clusters on bare metal using Migrate to Virtual Machines v5 or the local VMWare source respectively.
The legacy Linux runtime is now deprecated. The generated migration plan now uses the enhanced Linux runtime by default. You can choose to use the legacy Linux runtime, which is planned to be supported until August 2023, by setting the value of the v2kServiceManager
flag in the migration plan to false.
To see how to convert existing migrations to the new Linux runtime, see Upgrade container workloads for enhanced runtime.
If you have migrated applications using the legacy runtime, you can install the legacy runtime support using the following command:
migctl setup install --runtime
For more information, see Before you begin deploying a Linux workload to a target cluster.
Enhanced the Windows features filtering to only allow features supported by Windows Docker images to work.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.123.12 (2023-05-12)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.25.0 (#1566) (7e63280)
- Update dependency com.google.cloud:google-cloud-core to v2.17.0 (#1574) (9c80f14)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.9.0 (#1576) (03a027f)
- Update dependency org.easymock:easymock to v5.1.0 (#1448) (5ad86fe)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.22 (#1570) (bbe9a8b)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.22 (#1571) (e7b62d3)
- Update dependency org.xerial.snappy:snappy-java to v1.1.9.0 - abandoned (#1471) (1620e00)
- Update dependency org.xerial.snappy:snappy-java to v1.1.9.1 (#1572) (1ec2fec)
Secure Web Proxy is generally available (GA).
May 19, 2023
BigQueryEXTERNAL_QUERY
SQL pushdown optimizes data retrieval from external sources like Cloud SQL or Cloud Spanner databases. Transferring less data reduces execution time and cost. SQL pushdown encompasses both column pruning (SELECT
clauses) and filter pushdowns (WHERE
clauses). SQL pushdown applies to SELECT * FROM T
queries, a significant percentage of all federated queries. Not all data types are supported for filter pushdowns. This feature is generally available (GA).
The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.
- 1Password (
ONEPASSWORD
) - AMD Pensando DSS Firewall (
AMD_DSS_FIREWALL
) - Atlassian Confluence (
ATLASSIAN_CONFLUENCE
) - AWS Network Firewall (
AWS_NETWORK_FIREWALL
) - AWS Route 53 DNS (
AWS_ROUTE_53
) - AWS S3 Server Access (
AWS_S3_SERVER_ACCESS
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Bitdefender (
BITDEFENDER
) - Check Point (
CHECKPOINT_FIREWALL
) - Cisco ASA (
CISCO_ASA_FIREWALL
) - Cisco Firepower NGFW (
CISCO_FIREPOWER_FIREWALL
) - Cisco Firewall Services Module (
CISCO_FWSM
) - Cisco Router (
CISCO_ROUTER
) - Cisco Vision Dynamic Signage Director (
CISCO_STADIUMVISION
) - Cloud DNS (
N/A
) - CrowdStrike Falcon (
CS_EDR
) - Crowdstrike IOC (
CROWDSTRIKE_IOC
) - F5 Advanced Firewall Management (
F5_AFM
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - FireEye HX (
FIREEYE_HX
) - ForgeRock OpenAM (
OPENAM
) - Fortinet FortiAnalyzer (
FORTINET_FORTIANALYZER
) - Fortinet FortiEDR (
FORTINET_FORTIEDR
) - HAProxy (
HAPROXY
) - Juniper (
JUNIPER_FIREWALL
) - Microsoft IIS (
IIS
) - Microsoft SQL Server (
MICROSOFT_SQL
) - Office 365 Message Trace (
OFFICE_365_MESSAGETRACE
) - Okta User Context (
OKTA_USER_CONTEXT
) - OpenSSH (
OPENSSH
) - Oracle Cloud Infrastructure VCN Flow Logs (
OCI_FLOW
) - Proofpoint Observeit (
OBSERVEIT
) - Rapid7 Insight (
RAPID7_INSIGHT
) - SAP Netweaver (
SAP_NETWEAVER
) - Security Command Center Threat (
N/A
) - Splunk Platform (
SPLUNK
) - Teleport Access Plane (
TELEPORT_ACCESS_PLANE
) - Thinkst Canary (
THINKST_CANARY
) - Trend Micro AV (
TRENDMICRO_AV
) - Trustwave webmarshal (
WEBMARSHAL
) - VMware AirWatch (
AIRWATCH
) - WatchGuard (
WATCHGUARD
)
For details about changes in each parser, see Supported default parsers.
Cloud Composer API for Highly resilient environments is available. Cloud Console UI, gcloud CLI commands, and Terraform support for this feature will be gradually rolled out in the upcoming days.
Splitting Celery logs into stdout/stderr (#30485) is now possible with the [logging]celery_stdout_stderr_separation
Airflow configuration option. The default value for this option is False
.
(Cloud Composer 2) Increased the default values of [core]dagbag_import_timeout
to 120 seconds, and dag_file_processor_timeout
to 300 seconds. The updated parameters allow the DAG Processor to parse more DAGs and provide more time to add parsed DAGs into the DAG bag.
(Cloud Composer 2) Increased the default value of [scheduler]zombie_detection_interval
to 20 seconds. This change reduces the chance that Airflow skips retry attempts for a zombie task.
Cloud Composer 2.2.0 images are available:
- composer-2.2.0-airflow-2.5.1 (default)
- composer-2.2.0-airflow-2.4.3
Cloud Composer versions 2.0.12 and 1.18.8, have reached their end of full support period.
Log buckets with Log Analytics enabled now support the use of Customer Managed Encryption Keys (CMEK). For information about enabling Log Analytics on log buckets, see Create a bucket or Upgrade a bucket to use Log Analytics.
Cloud SQL for MySQL has launched two database flags that impact the Cloud SQL SLA: innodb_flush_log_at_trx_commit and sync_binlog. For more information about these flags, see supported flags.
The following extensions, views, utilities, and flags are generally available:
Extensions
- postgresql_anonymizer: mask or replace personally identifiable information (PII) or sensitive data from a PostgreSQL database.
- pgtt: create, manage and use Oracle-style global temporary tables.
- rdkit: compare, manipulate, and identify molecular structures.
Views and utilities
- pg_authid: access this catalog table that contains hashed passwords and other properties for all database roles.
- pg_dumpall: extract all PostgreSQL databases of a cluster into a single script file.
Flags
- log_line_prefix: generate a printf-style string at the beginning of each line of a PostgreSQL log file.
The rollout of the following minor versions, extension versions, and plugin versions is currently underway:
Minor versions
- 10.21 is upgraded to 10.22.
- 11.16 is upgraded to 11.17.
- 12.11 is upgraded to 12.12.
- 13.7 is upgraded to 13.8.
- 14.4 is upgraded to 14.5.
Extension and plugin versions
- plv8 is upgraded from 3.1.2 to 3.1.4.
- wal2json is upgraded from 2.3 to 2.4.
- pgTAP is upgraded from 1.1.0 to 1.2.0.
- PostGIS is upgraded from 3.1.4 to 3.1.7.
- pg_partman is upgraded from 4.5.1 to 4.7.0.
- pg_wait_sampling is upgraded from 1.1.3 to 1.1.4.
- pg_hint_plan is upgraded from 1.3.7 to 1.4.
- pglogical is upgraded from 2.4.1 to 2.4.2.
This rollout also introduces the following:
- PostGIS GDAL driver support
- LZ4 TOAST compression for PostgreSQL versions 14 and later
Romanization and transliteration are now in Preview.
Preview: You can now use the discard-local-ssd=false
flag to preserve the contents of a single attached Local SSD disk when suspending or stopping a VM. For more information, see the Local SSD Documentation.
New Dataproc Serverless for Spark runtime versions:
- 1.1.15
- 2.0.23
- 2.1.2
Upgraded the Cloud Storage connector to 2.2.13 version in Dataproc Serverless for Spark runtimes.
Fixed the NoClassDefFoundError
for log4j
class in Zeppelin BigQuery interpreter in 2.0 images.
Backported HIVE-22891
to 2.0 images.
This is a minor release of Google Distributed Cloud Edge (version 1.4.0).
The following features have been introduced in this release of Distributed Cloud Edge:
Survivability mode. Distributed Cloud Edge now allows you to create clusters with the Kubernetes control plane running locally on your Distributed Cloud Edge hardware. This improves the reliability of Distributed Cloud Edge when your connection to Google Cloud is intermittent. This is a Public Preview feature. For more information, see Distributed Cloud Edge survivability mode.
Symcloud Storage integration. You can now integrate Distributed Cloud Edge with Rakuten Symcloud Storage, a third-party storage abstraction solution that allows Pods to access local storage on different Distributed Cloud Edge nodes. This is a Public Preview feature. For more information, see Configure Distributed Cloud Edge for Symcloud Storage.
Enhanced rNDC security. Distributed Cloud Edge has replaced the
bond0
interface with thegdcenet0
interface that allows you to use the physical management network interface card for your application workloads while maintaining complete separation from Distributed Cloud Edge control and management traffic. You must manually reconfigure any existing network resources that reference thebond0
interface to use thegdcenet0
interface. For more information, see Upgrade CustomNetworkInterfaceConfig resources from Distributed Cloud Edge 1.3.0 to 1.4.0 and Upgrade NetworkAttachmentDefinition resources to Distributed Cloud Edge 1.4.0.Cloud Router reuse for VPN connections. When creating a VPN connection, Distributed Cloud Edge now automatically reuses any Cloud Router resource it has automatically created for a VPN connection. You can also specify a custom Cloud Router resource when creating a VPN connection. Existing VPN connections are not affected. For more information, see Manage VPN connections.
The following changes have been introduced in this release of Distributed Cloud Edge:
The cross-project VPN connection functionality is now generally available. For more information, see Manage cross-project VPN connections.
The default behavior of the
gcloud edge-cloud clusters get credentials
command has changed. The command now requires the `gke-gcloud-auth-plugin
plugin, which replaces the legacyin-tree-auth-plugin
plugin. For more information about thegke-gcloud-auth-plugin
plugin, see Important changes to Kubectl authentication are coming in GKE v1.26. You have the option to revert to the legacyin-tree-auth-plugin
plugin by setting theUSE_GKE_CLOUD_AUTH_PLUGIN
environment flag tofalse
.The Kubernetes control plane has been updated to version 1.25.5-gke.1001 for all clusters.
The Kubernetes container daemon (
containerd
) has been updated to version 1.6.6-gke.1 for remote control plane clusters and to 1.6.12-gke.0 for survivability mode clusters.The Kubernetes worker node agent (
kubelet
) has been updated to version 1.24.7.gke.1700 for remote control plane clusters and 1.25.5-gke.1001 for local control plane clusters.Distributed Cloud Edge now supports the ConfigSync feature of Anthos Config Management. Distributed Cloud Edge does not support any other Anthos features.
The following issues have been resolved in this release of Distributed Cloud Edge:
Distributed Cloud Edge now supports dynamic IPAM for multi-networking configurations.
Disabling the Anthos VM Runtime virtual machine subsystem no longer removes the
network-controller-manager
container. You can now disable the subsystem without affecting Distributed Cloud Edge networking features.
This release of Distributed Cloud Edge contains the following known issues:
BGP sessions do not recover when the associated network interface goes down and then comes back up.
In the
CustomNetworkInterfaceConfig
resource, setting theifname
field togdcenet0
while themasterInterface
field is also set togdcenet0
causes the resource to not apply to the cluster.When configuring a
CustomNetworkInterfaceConfig
resource, you must explicitly set the MTU size to be no greater than the MTU size of its parent network interface. Otherwise, unpredictable behavior might result.If you reboot a node running a local control plane workload for a local control plane cluster, the cluster loses its GKEConnect connection to GKEHub until the node fully starts up again. The workloads deployed on the cluster continue to run.
If you are creating a remote control plane plane cluster, creating a node pool using nodes that were previously part of a local control plane cluster might fail. If you encounter this issue, contact Google Support for assistance.
May 18, 2023
Anthos clusters on AWSSecurity bulletin
Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-005 security bulletin.
Security bulletin
Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-005 security bulletin.
Security bulletin
Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-005 security bulletin.
You can now sort your query results by using the sort menu next to a column name. This feature is in preview.
- Dataplex auto data quality (AutoDQ) and data profiling can be used on any BigQuery tables, including tables that aren't part of a Dataplex lake. You don't need to create a Dataplex lake to run Dataplex AutoDQ and data profiling.
- Dataplex AutoDQ and data profiling support BigQuery views, BigLake tables, and BigQuery external tables.
- Dataplex AutoDQ and data profiling support sampling your data to reduce time and cost.
New sub-minor versions of Dataproc images:
- 2.0.64-debian10, 2.0.64-rocky8, 2.0.64-ubuntu18
- 2.1.12-debian11, 2.1.12-rocky8, 2.1.12-ubuntu20
--properties=dataproc:componentgateway.ha.enabled=true
can now be used to enable component gateway and knox along with SHS UI in HA mode.
Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. GKE Standard clusters are affected. For more information, see the GCP-2023-005 security bulletin.
Starting with this week's release, Looker Studio release notes are available on Google Cloud. You can also find release notes, including localized versions, in the Looker Studio Help Center.
Pause report updates. You can pause updates to minimize the number of data requests made while building and editing your report. While the report is paused, changes made to the report's data settings are placed on hold until you resume updates. Pausing report updates can potentially save on query costs because Looker Studio only requests the data needed to meet the report configuration as of the time you resumed updates.
Network Analyzer is now integrated with the Transparency and Control Center. Google Cloud users can now use this feature to opt out of analysis. For more information, see Opting out of data processing.
Vertex Prediction
You can now co-host models on the same VM from the Google Cloud Console. Previously, this capability was available only from the REST API. For more information, see Share resources across deployments.
Private Service Connect service connectivity automation is available in Preview. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.
May 17, 2023
AlloyDB for PostgreSQLThe AlloyDB FORCE_APPLY update policy is available in Preview. Use this policy to modify database flags and apply updates faster (within 1-2 minutes) to an instance.
On May 17, 2023, we released an updated version of Apigee X (1-10-0-apigee-1).
Bug ID | Description |
---|---|
N/A | Upgraded infrastructure and libraries. |
280695936 | Fixed issue with incomplete removal of form parameters when using the <Remove> element in the Assign Message policy to delete headers and form parameters simultaneously. |
271217050 | Fixed issue resulting in missing execution records in debug sessions for the JavaCallout policy. |
271894110, 273568673, 273571029 | Fix enables support for TLS 1.3 for southbound targets. |
271539836 | Fixed intermittent Cloud Logging failures. |
277090269 | Fixed encryption of internal proxy chaining headers to avoid proxy invocation misuse. |
273561434 | Fixed issue with incomplete debug session information for proxies deployed in the same environment. |
158132963 | Improved capture of relevant target flow variables in trace and analytics in the event of target timeouts. |
271093461 | Fixed issue with heap exhaustion when using OASValidation policy. |
269514256 | Fixed issue causing GoogleTokenGeneration failure. |
261924658 | Optimization to reduce latency in Quota policy. |
252864240 | Fixed issue to support bot detection with Analytics obfuscation enabled. |
222024484 | CORS policy now returns Access-Contol-Allow-Credentials header in preflight response when is set to true. |
261205290 | Optimization to reduce resource usage on Cassandra connections. |
266814873 | Fixed issue with retrieval of environment-scoped KVM entries containing encryption keys with non-UTF-8 characters. |
260342163 | Fixed issue causing 100% CPU usage by runtime pod threads under specific circumstances. |
273800523, 273800717 | Security fixes for Apigee. The fixes address the following vulnerabilities: |
Preview: Integrate a job into a workflow using the Batch API connector for Workflows.
The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).
- BigqueryMigration
bigquerymigration.googleapis.com/MigrationWorkflow
Cloud Monitoring now provides GA support to prevent alerting policies from sending notifications and creating incidents during specific time periods. For general information, see Snooze notifications and alerts. For information about how to create, view, and modify a snooze, see Create and manage snoozes.
Allocating up to 32 GiB of memory and up to 8 CPU to your Cloud Run services is now at general availability (GA).
Managed Microsoft AD is available in the following regions:
- europe-west12 (Turin)
- me-central1 (Doha)
For more information, see Deploy domain controllers in additional regions.
Google Cloud's Agent for SAP version 1.6
Version 1.6 of Google Cloud's Agent for SAP is available. This version includes bug fixes for Process Monitoring metrics collection and agent instances running on Bare Metal Solution servers.
For more information, see What's new with Google Cloud's Agent for SAP.
With project-level activations of the Security Command Center Premium tier, you can now enable certain Premium-tier threat and vulnerability findings that require organization-level access by activating the Standard tier at the organization level in addition to your project-level activation. These finding categories were previously unsupported with project-level activations.
For more information, see Premium tier feature support with project-level activations.
Global access for Private Service Connect endpoints for published services is available in General Availability. When global access is configured, clients in any region can send traffic to Private Service Connect endpoints.
Support for a Batch API connector is available in Preview.
May 16, 2023
BigQueryThe VPC Service Controls perimeter that protects the BigQuery API now also protects the BigQuery Reservation API. Customers who have already configured VPC Service Controls for the BigQuery API or the BigQuery Reservation API should update their configurations to reflect this change. For more information, see BigQuery Reservation API.
You can now restrict new deployments by product generation (1st gen or 2nd gen). This feature is at the General Availability release level.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.
The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.
The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.
The image import tool now supports importing Rocky Linux 9 images to Google Cloud.
SIP URI Directory - Call Routing: With this release, you can now use the SIP Directory to configure SIP call routing and transfers in IVR queue settings. You can use this functionality to route incoming calls to appropriate destinations based on IVR menu selections or queue routing rules. You can set it up so that a customer calling a support line, for example, can select a department or agent from the IVR menu based on their inquiry. See the SIP URI documentation for details.
Security insights for container images are now available on the release details page.
VMware Aria Operations for Logs is now certified for Google Cloud VMware Engine. You can use VMware Aria Operations for Logs to collect and manage logs from VMware Engine and on-prem environments into a centralized solution.
VMware Aria Operations for Logs with VMware Engine enables more operational visibility and intelligent analytics for both troubleshooting and auditing purposes, making it easier for you to manage and operate your VMware Engine environment. See the VMware blog announcement for more information.
1.27 is now available in the Rapid channel
Kubernetes 1.27 is now available in the Rapid channel. For more information about the content of Kubernetes 1.27, read the Kubernetes 1.27 Release Notes.
Deprecated API versions
These APIs are still served in version 1.27 but are in a deprecation period:
The following Beta versions of graduated APIs will be removed in 1.29 in favor of newer versions:
flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration
- deprecated since 1.26
- use flowcontrol.apiserver.k8s.io/v1beta3 instead, available since 1.26
Removed API versions
The following Beta versions of graduated APIs will be removed in 1.27 in favor of newer versions:
storage.k8s.io/v1beta1 CSIStorageCapacity
- deprecated since 1.24
- use storage.k8s.io/v1 instead, available since 1.24
Vertex AI custom training now supports deep integration with Vertex AI Experiments. You can submit training jobs with autologging enabled to automatically log parameters and model performance metrics. For more information, see Run training job with experiment tracking
The scheduler API for Vertex AI Pipelines is now available in Preview. You can schedule recurring pipeline runs in Vertex AI by specifying a frequency, start time (optional), and end time (optional). For more information, see Schedule a pipeline run with scheduler API.
May 15, 2023
Anthos clusters on VMwareAnthos clusters on VMware 1.13.8-gke.42 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.8-gke.42 runs on Kubernetes 1.24.11-gke.1200.
The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.
Fixed a race condition where some cluster nodes couldn't access the HA control plane when the underlying network performed ARP suppression.
Fixed an issue where
vsphere-csi-secret
was not updated duringgkectl update credentials vsphere
for an admin cluster.Disabled motd news on the ubuntu_containerd image to avoid unexpected connections to Canonical.
Fixed an issue where the Connect Agent continued using the older image after registry credential update.
Fixed an issue where cluster autoscaler ClusterRoleBindings in the admin cluster were accidentally deleted upon user cluster deletion. This fix removes dependency on ClusterRole, ClusterRoleBinding and ServiceAccount objects in the admin cluster.
Fixed an issue where Connect Agent in admin clusters might fail to be upgraded during cluster upgrade.
Fixed an issue where a cluster might not be registered when the initial membership creation attempt failed.
Fixed the following vulnerabilities:
- High-severity container vulnerabilities:
The PHP 8.2 runtime for App Engine standard environment is now generally available.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for bigquery/storage/apiv1beta1
1.51.2 (2023-05-08)
Bug Fixes
- bigquery: Update grpc to v1.55.0 (1147ce0)
BigQuery Omni is now available in the AWS - Asia Pacific (Seoul) (aws-ap-northeast-2) region.
The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory) and Feed API.
- AI Platform
aiplatform.googleapis.com/NasJob
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.23.1 (2023-05-11)
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.18.0 (#1749) (1d7d391)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.9.0 (#1744) (60df07f)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.22 (#1746) (86ea9db)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.22 (#1747) (caa4462)
2.23.0 (2023-05-09)
Features
Documentation
Python
Changes for google-cloud-bigtable
2.18.0 (2023-05-10)
Features
- Publish RateLimitInfo and FeatureFlag protos (#768) (171fea6)
- Threaded MutationsBatcher (#722) (7521a61)
Bug Fixes
Documentation
Cloud Functions has added support for a new runtime, PHP 8.2, at the General Availability release level. PHP 8.2 adds significant new functionality over PHP 8.1 and uses Ubuntu 22.04 for its base O/S image.
Cloud Functions now supports 2nd gen Firestore triggers through Eventarc at the Preview release level.
You can now customize the time range of your queries in the Log Analytics page by using the time-range selector. There are several time range options, such as preset times, custom start and end times, and relative time ranges. For more information, see Filter by time.
A weekly digest of client library updates from across the Cloud SDK.
The new interface for creating charts with Metrics Explorer is GA. For more information, see Create charts with Metrics Explorer.
Version 2.31.0 of the Ops Agent introduces preview support for an OpenTelemetry Protocol (OTLP) receiver. You can use this receiver to collect custom metrics and traces from applications written by using OpenTelemetry SDKs. For more information, see Collect OTLP metrics and traces.
You can now use the point-in-time-recovery (PITR) feature and read replicas on the same primary instance. For more information, see Point-in-time Recovery.
Version 2.31.0 of the Ops Agent introduces preview support for an OpenTelemetry Protocol (OTLP) receiver. You can use this receiver to collect custom traces and metrics from applications written by using OpenTelemetry SDKs. For more information, see Collect OTLP traces.
Generally available: The local SSD quota per machine family (LOCAL_SSD_TOTAL_GB_PER_VM_FAMILY
) is generally available. Use the quota metric compute.googleapis.com/local_ssd_total_storage_per_vm_family
instead of compute.googleapis.com/local_ssd_total_storage
to view the quota usage and limits for local SSD in your project. For more information, see View and manage local SSD quota per machine family.
cos-dev-109-17622-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.27 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Upgraded sys-apps/pciutils to v3.10.0.
Upgraded app-admin/sudo to v1.9.13_p3-r1.
Upgraded app-arch/xz-utils to v5.4.3.
Upgraded sys-apps/less to v633.
Upgraded sys-apps/acl to v2.3.1-r2.
Upgraded app-misc/ca-certificates to v20230311.3.89.1.
Container Registry is deprecated and is superseded by Artifact Registry.
After May 15, 2024. Google Cloud projects without previous Container Registry usage
will only host images for the gcr.io
domain in Artifact Registry.
Use the following information to help you move to Artifact Registry:
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.8.1 (2023-05-08)
Bug Fixes
- dataflow: Update grpc to v1.55.0 (1147ce0)
BigQuery subscriptions now support the NUMERIC
and BIGNUMERIC
data types. For more information, see Schema compatibility.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.10.1 (2023-05-08)
Bug Fixes
- secretmanager: Update grpc to v1.55.0 (1147ce0)
The pricing for project-level activations of Security Command Center has been reduced by lowering the Security Command Center rate for the usage of the following Google Cloud services:
- Compute Engine
- GKE-Autopilot
- App Engine
- Cloud SQL
For more information, see Pricing for project-level activations.
May 12, 2023
AlloyDB for PostgreSQLThe AlloyDB admin API now includes user-management methods. These let you use the gcloud
command-line tool to manage the user roles of your AlloyDB clusters, in addition to the PostgreSQL functions already supported.
.NET 6 is now generally available. This version requires you to specify an operating system version in your app.yaml
file. Learn more.
(Cloud Composer 2) The default [celery]stalled_task_timeout
value is set to 1200
. Tasks that stay in the queued state for more than 20 minutes (1200 seconds) are now rescheduled.
(Airflow 2.4.3 and 2.5.1) Python packages upgraded:
- Added new packages:
dbt-bigquery
andgoogle-cloud-documentai
. - The
apache-airflow-providers-cncf-kubernetes
package was upgraded to version 6.0.0.
(Cloud Composer 2 with Airflow 2.5.1 and 2.4.3) Version 6.0.0 of the CNCF Kubernetes Provider package (apache-airflow-providers-cncf-kubernetes
) introduces a backwards incompatible change. The kubernetes_default
connection is now used by default in the KubernetesPodOperator
. For more information, see CNCF Kubernetes Provider Changelog.
(Cloud Composer 2) The default version of Airflow is changed to 2.5.1.
Cloud Composer 2.1.15 images are available:
- composer-2.1.15-airflow-2.5.1 (default)
- composer-2.1.15-airflow-2.4.3
Airflow 2.3.4 is no longer included in Cloud Composer images.
Cloud Composer versions 2.0.11 and 1.18.7, have reached their end of full support period.
The new flow for creating uptime checks, which includes usability improvements and offers a seamless way to create uptime checks on your private resources, is now GA. For more information, see Create public uptime checks and Create private uptime checks.
You can now deploy sidecar containers to your Cloud Run service. (In Preview.)
You can now configure in-memory volumes for your Cloud Run containers. (In Preview.)
Unified Session Types: The new session type variable, Session Type V2, is now available. This update introduces a range of new fields, variables, and columns that will provide you with access to valuable additional information such as the ability to distinguish between Inbound SMS, Outbound SMS, and Outbound SMS via API. For more information, see the session type terminology documentation.
To take advantage of the new fields and variables, you will need to update your scripts, code, automation triggers, and any third-party integrations. The legacy components will no longer be updated with new functionality and will be deprecated on October 6, 2023.
Holiday hours: With Holiday Hours, you now have the ability to create and manage your own set of holidays with complete control over the holiday name, time, and dates. Additionally, you can group your holidays together for easier management. See the holiday hours documentation for details.
Campaign Management: Outbound Number: Outbound Number is a new feature for the Outbound Dialer that allows you to specify which outbound number to use when dialing out for each contact. With this new feature, you can rotate outbound phone numbers to have more control over the outbound phone numbers you use to make your outbound calls. For more information, see the Outbound Number documentation.
To address SSO management issues with various customers in CCAIP, we moved the setting of the SSO values into the create-company rake task which makes sure we only set this when we first create a tenant project. This value is set to allow customers to change their own SSO settings.
Resolved an issue with Manager API endpoints returning "Internal Error".
Resolved an issue where if queue priority was enabled, then chat settings were not populated.
Resolved an issue with incoming calls not ringing for agents who have the Adapter tab in the background on Chrome. Now a chime sound is played when the agent switches to the Available status, which will allow the Adapter tab to play sounds while in the background. This ensures that incoming call notifications will be heard even if the agent has the tab in the background.
Resolved an issue where the Target Pick Up Time under Settings > Operations Management was not updating in the Agent Adapter when receiving a call.
Fixed an issue where agents changing their status from Meeting to Available would not receive campaign calls, requiring the campaign to be paused and restarted. Now campaign calls are received without interruption.
Fixed an issue where when using the outbound call API to start a call, the call adapter would display the mobile SmartActions menu instead of the Start SMS option.
Fixed an issue with chat escalations to a human agent, ensuring session variables are successfully posted to the CRM ticket, as configured in Settings > Operation Management > Virtual Agent.
Fixed unexpected newline characters in admin notification emails.
There were certain scenarios where frontend was showing support@ujet.cx
email. This was updated to accept any string to support email branding and display it. For example, the string should change from "Please try again or contact support@ujet.cx
for more help" to "Please try again or contact Company X for more help".
The g2-standard machine family with NVIDIA L4 is generally available for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type
flag in your create command.
ABAP SDK for Google Cloud, version 1.0 is generally available (GA)
Version 1.0 of the ABAP SDK for Google Cloud is generally available (GA). The ABAP SDK for Google Cloud enables native, bi-directional, and real-time integration between SAP applications and Google Cloud services such as Google Cloud Storage, Vertex AI, Maps, and Pub/Sub.
Using the ABAP SDK for Google Cloud, ABAP developers can build and deploy ML and AI-driven solutions based on Google Cloud services driven by real-time changes in their SAP enterprise applications.
For more information, see What's new with the ABAP SDK for Google Cloud.
Compliance and sovereign controls for SAP on Google Cloud
SAP workloads can leverage Assured Workloads to meet compliance and sovereign control requirements such as data residency, access control, support personnel, or other regulatory requirements.
For more information, see Compliance and sovereign controls for SAP on Google Cloud.
May 11, 2023
AlloyDB for PostgreSQLThe storage per cluster limit has increased to 32 TiB.
On May 11, 2023 we released an updated version of the Apigee UI.
This release includes new Permissions Pre-check functionality and UI messaging, which is available when provisioning Apigee with Pay-as-you-go pricing in the Google Cloud console. With the release of this feature, users are alerted when any permissions required to complete the provisioning operations are missing. The missing permissions and the steps to resolve are now identified in the UI messaging.
Ruby 3.2 is now generally available. This version requires you to specify an operating system version in your app.yaml
file. Learn more.
Object tables are now generally available (GA).
Object tables are read-only tables containing metadata for unstructured data stored in Cloud Storage. They enable you to analyze and perform inference on images, audio files, documents and other file types by using BigQuery ML and BigQuery remote functions. Object tables extend the data security and governance best practices currently applied to structured data to unstructured data as well.
The GA release includes the following new and updated functions:
ML.DECODE_IMAGE
: Decodes image data so that it can be interpreted by theML.PREDICT
function.ML.CONVERT_COLOR_SPACE
: Converts images with an RGB color space to a different color space.ML.CONVERT_IMAGE_TYPE
: Converts the data type of the pixel values in an image.ML.RESIZE_IMAGE
: Resizes images.ML.DISTANCE
: Computes the distance between two vectors.ML.LP_NORM
: Computes the Lᵖ norm for a vector, where ᵖ is the degree.
You can now create manual triggers, webhook triggers, or Pub/Sub triggers using Cloud Build repositories (2nd gen). This feature is available at the preview release stage. To learn more, see the Repositories overview page.
Dataplane v2 for Cloud Interconnect is fully available for customers using Dedicated Interconnect or Partner Interconnect in the following regions:
asia-northeast1
(Tokyo)asia-northeast2
(Osaka)europe-central2
(Poland)asia-south2
(Delhi)australia-southeast2
(Melbourne)europe-southwest1
(Madrid)
All new VLAN attachments that you create in these regions are automatically provisioned on Dataplane v2. Existing VLAN attachments for these regions can be migrated to Dataplane v2. You can migrate existing attachments yourself by re-creating the attachments, or you can request and schedule an assisted migration. Contact Google Cloud Support for assistance.
For the list of all regions that are Dataplane v2-enabled, see the Locations table (Dedicated Interconnect) or Supported service providers (Partner Interconnect).
Custom audit logging for Cloud Storage is now available in Preview.
- JSON API requests now support user-defined headers that are prefixed with
x-goog-custom-audit-
. - Cloud Audit Logs can subsequently include these headers as part of your request's audit log entry.
New Dataproc Serverless for Spark runtime versions:
- 1.1.14
- 2.0.22
- 2.1.1
Datastream now supports backfill for PostgreSQL tables of any size. For more information, click here.
reCAPTCHA Enterprise Fraud Prevention is generally available.
You can use reCAPTCHA Enterprise Fraud Prevention to protect payment transactions against attacks such as carding, stolen instrument fraud, and account takeover payment fraud. For more information, see Protect payment transactions with Fraud Prevention.
May 10, 2023
AlloyDB for PostgreSQLThe columnar engine now supports columns with json
and jsonb
data types.
CentOS Linux 8 Support Deprecated
CentOS Linux 8 reached its end of life (EOL) on December 31st, 2021. We strongly recommend that you migrate to one of the other supported operating systems from Anthos clusters on bare metal. All support for CentOS is removed from Anthos clusters for bare metal release 1.17 (December 2023) and subsequent releases.
BigQuery is now available in the Dallas (us-south1) region.
The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.
- Aruba EdgeConnect SD-WAN (
ARUBA_EDGECONNECT_SDWAN
) - AWS RDS (
AWS_RDS
) - Cloud Audit Logs (
N/A
) - Cloud DNS (
N/A
) - Cloud Run (
N/A
) - Cloud SQL (
N/A
) - Cofense (
COFENSE_TRIAGE
) - CoSoSys Protector (
ENDPOINT_PROTECTOR_DLP
) - Elastic Windows Event Log Beats (
ELASTIC_WINLOGBEAT
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - pfSense (
PFSENSE
) - Qualys VM (
QUALYS_VM
) - SentinelOne EDR (
SENTINEL_EDR
) - VMware AirWatch (
AIRWATCH
) - VMware vRealize Suite (
VMWARE_VREALIZE
) - Windows Event (
WINEVTLOG
)
For details about changes in each parser, see Supported default parsers.
If you're using hybrid NEGs with distributed Envoy health checks, you can't configure the same NON_GCP_PRIVATE_IP_PORT
network endpoint in multiple hybrid NEGs. This configuration does not work with Envoy-based load balancers such as the regional external HTTP(S) load balancer, the internal HTTP(S) load balancer, and the internal TCP proxy load balancer.
The Cloud Router custom learned routes feature is in Preview. This feature lets you configure a Border Gateway Protocol (BGP) session to include learned routes that you manually specify. Cloud Router then behaves as if it learned the routes from the BGP peer.
Custom learned routes can be helpful if you want to avoid the limitations of static routes. For example:
Static routes can't detect a loss of reachability in the next hop of a route. In contrast, custom learned routes can detect a loss of reachability, and they react accordingly to avoid dropping traffic without notification.
Static routes do not support using HA VPN tunnels or Cloud Interconnect VLAN attachments as next hops. Custom learned routes do.
For more information, see Custom learned routes.
Cloud Run integrations (Preview) are now available in asia-east1
, europe-west4
, us-east1
, and us-west1
.
Cloud Workstations is generally available (GA) and is backed by a Service Level Agreement (SLA).
This release includes support for the following features:
- API and
gcloud
CLI support for theme-west1
region (Tel Aviv, Israel, Middle East). - API support for GPUs is available in preview.
- Terraform support is available in preview.
- Posit Workbench (including RStudio Pro) integration is available in preview.
- BeyondCorp Enterprise integration for the Cloud Workstations API is available in preview.
Eventarc is available in the europe-west12
(Turin, Italy) and me-central1
(Doha, Qatar) regions.
Looker 23.8 includes the following changes, features, and fixes.
Expected Looker (original) rollout start: Monday, May 15, 2023
Expected Looker (original) final deployment and download available: Wednesday, May 24, 2023
Expected Looker (Google Cloud core) deployment start: Monday, May 29, 2023
Expected Looker (Google Cloud core) deployment end: Wednesday, June 7, 2023
Previously, a LookML validation error occurred when a project_name
parameter was added to a project manifest file that also defined a Looker extension. This LookML error was triggered when the Local Project Import Labs feature was disabled for the Looker instance. Looker extensions do not require local project import, so with this bug fix this scenario will no longer trigger a LookML validation error.
The API3 keys setting on the Admin API page is now named API keys, in preparation for the deprecation of API3 in June 2023.
Users will now be warned when text on a dashboard tile is close to reaching the maximum length of 256 characters.
The Hide dashboard filters feature is now generally available.
The New Explore Visualizations Labs feature is now generally available. The Explore page, Looks, embedded Looks or Explores, and dashboard tile edit windows will display the same style of funnel chart, timeline, single value, and table visualizations as those that appear on dashboard tiles. Additionally, the drill overlay that appears when you drill into an Explore will match the style of the drill overlay that appears in dashboards, instead of the style that appears in Looks.
Starting in Looker 23.6, customer-hosted Looker instances require Git 2.39.1 or later on the host image. (See the Installing the Looker application documentation page for the full list of requirements for customer-hosted Looker instances.) Git 2.39.1 supports Git worktrees instead of complete Git history clones. Looker uses Git worktrees to provide faster entry into Developer Mode, among other benefits.
Customers who do not have the oem_jar
license feature enabled can now access the set_smtp_settings
API endpoint.
The Looker IDE will now display an error when incompatible types are being compared in Liquid statements.
The Source column in the Admin > Queries panel now correctly displays the API version for queries that are initiated from the Looker API.
Cookieless embed API endpoints are now marked as stable.
When the filter definition for matches_filter
is empty, 1=1
will be added to the WHERE clause so that there are no SQL errors and the query can run. This functionality mirrors the is equal to [empty]
standard filter option.
When the Advanced Vis Config Labs feature is enabled, any user who has either the Looker Admin role or the can_override_vis_config
permission can access the Advanced Visualization editor. This editor lets users modify HighCharts visualizations by exposing certain JSON parameters of the visualization to enable deep customization. These customizations will not dynamically interact with data.
Conditional formatting logic that is applied in visualization settings now honors hidden No values when the Hide Nos from Visualization setting is applied.
Contents that are displayed in table visualization cells now shift to avoid being cut off when a column is too narrow to display the full range of values.
A new input for specifying a minimum column width override value enables PDFs with a large number of columns to render properly.
Previously, the Content Validator wasn't updating column_order
references during rename/replace operations. This issue has been addressed, and the fix adds visualization configuration field references to the Content Validator that were previously missing.
Y-axis scales are no longer miscalculated in bar charts or column charts with trellised grid layouts.
Sorting for custom bin fields on New LookML Runtime now sorts by tier number as expected.
An issue was fixed where, previously, a row's value could be mapped to different tiers for a custom bin field and the internal sort field generated for it.
The Remove option is no longer available for removing table calculations from merged Explore queries. Use the Delete option instead.
An issue was fixed that caused users to be unable to select a domain from an allowlist with more than one item when including a custom link for scheduling.
An issue was fixed for the BigQuery Standard SQL dialect with the Optimistic Pivot feature where pivoted results weren't included for downloads.
Generative AI Support for Vertex AI
Generative AI Support for Vertex AI is now available in (Preview). With this feature launch, you can leverage the Vertex AI PaLM API to generate AI models that you can test, tune, and deploy in your AI-powered applications.
Features and models in this release include:
- PaLM 2 for Text: text-bison@001
- PaLM 2 for Chat: chat-bison@001
- Embedding for Text: textembedding-gecko@001
- Generative AI Studio for Language
- Tuning for PaLM 2
- Vertex AI SDK v1.25, which includes new features such as TextGenerationModel(text-bison@001), ChatModel(chat-bison@001), TextEmbeddingModel(textembedding-gecko@001)
You can interact with the generative AI features on Vertex AI by using Generative AI Studio in the Google Cloud console, the Vertex AI API, and the Vertex AI SDK for Python.
- Learn more about Generative AI Support for Vertex AI
- See an Introduction to Generative AI Studio
- Get started with a Generative AI Studio quickstart
Vertex AI Model Garden
The Vertex AI Model Garden is now available in (Preview). The Model Garden is a platform that helps you discover, test, customize, and deploy Vertex AI and select OSS models. These models range from tunable to task-specific - all available on the Model Garden page in the Google Cloud console.
- To get started, see Explore AI models and APIs in Model Garden.
You can apply call logging to a workflow definition as well as to the execution of a workflow, and specify the level of logging required. The execution log level takes precedence over any workflow log level, unless the execution log level is not specified.
May 09, 2023
AlloyDB for PostgreSQLAlloyDB for PostgreSQL is now available in the following regions:
asia-south2 (Delhi)
europe-southwest1 (Madrid)
europe-west4 (Netherlands)
europe-west8 (Milan)
me-west1 (Tel Aviv)
northamerica-northeast1 (Montreal)
northamerica-northeast2 (Toronto)
southamerica-east1 (Brazil)
southamerica-west1 (Santiago)
For more information, see AlloyDB Locations.
Cloud logs support for Connectors tasks
You can now view the execution logs of a failed Connectors task in Apigee Integration.
For more information, see Execution Logs.
The issue relating to the validation of incorrect variable assignments in an integration has been resolved.
Cloud logs support for Connectors tasks
You can now view the execution logs of a failed Connectors task in Application Integration.
For more information, see Execution Logs.
The issue relating to the validation of incorrect variable assignments in an integration has been resolved.
Documentation has been added to explain how to run Nextflow pipelines on Batch. For more information, see Orchestrate jobs by running Nextflow pipelines on Batch.
You can now view BI Engine Top Tables Cached Bytes, BI Engine Query Fallback Count, and Query Execution Count as dashboard metrics for BigQuery. This feature is now generally available (GA).
EXTERNAL_QUERY SQL pushdown optimizes data retrieval from external sources like Cloud SQL or Cloud Spanner databases. Transferring less data reduces execution time and cost. SQL pushdown encompasses both column pruning (SELECT
clauses) and filter pushdowns (WHERE
clauses). SQL pushdown applies to SELECT * FROM T
queries, a significant percentage of all federated queries. Pushdowns have limitations, for example not all data types are supported for filter pushdowns. This feature is generally available (GA).
You can now restrict the creation of Cloud Build builds, triggers, and repositories to a particular location using an Organization Policy Service constraint. This feature is generally available. To learn more, see Restricting Resource Locations.
Cloud Run services can now connect to Firebase Hosting for custom domains and CDN capabilities, using Integrations (Preview).
Cloud Run now logs container health check failures, including default TCP startup probe failures.
Support for logging the processing duration of your Cloud Spanner read and write requests is now available in Cloud Audit Logs. For more information, see Processing duration.
Config Connector version 1.104.0 is now available.
Resource ComputeFirewallPolicyRule(v1beta1):
- Added
spec.match.destAddressGroups
field. - Added
spec.match.destFqdns
field. - Added
spec.match.destRegionCodes
field. - Added
spec.match.destThreatIntelligences
field. - Added
spec.match.srcAddressGroups
field. - Added
spec.match.srcFqdns
field. - Added
spec.match.srcRegionCodes
field. - Added
spec.match.srcThreatIntelligences
field.
Resource IAMWorkforcePoolProvider(v1beta1):
- Added
spec.oidc.webSsoConfig
field.
Config Connector CLI tool will now export cluster information for BigTableInstance
.
Resources with a reconcile period of 0 will no longer attempt to reconcile when pods are recreated (#795).
cos-105-17412-101-4
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.109 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Updated app-admin/google-osconfig-agent to v20230403.00.
Updated docker to v23.0.0.
Updated sys-fs/e2fsprogs package to v1.46.6.
Updated docker to v23.0.3.
Updated google-guest-agent to v20230330.00.
Fixes CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, and CVE-2022-45061 in dev-lang/python.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
Updated ncurses to 6.4p20220423. This resolves CVE-2023-29491.
Runtime sysctl changes:
- Added: kernel.ops_limit: 10000
- Added: kernel.warn_limit: 0
- Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
- Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
- Changed: vm.mmap_rnd_bits: 32 -> 31
- Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210
cos-dev-109-17611-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.27 | v23.0.3 | v1.7.0 | v470.182.03(default),v525.105.17 |
Add MAX_SKB_FRAGS
configuration in the Linux kernel
Added kernel support for nftables.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
cos-101-17162-210-12
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.107 | v20.10.24 | v1.6.18 | v470.182.03(default),v525.105.17 |
Updated app-emulation/docker-cli to v20.10.24.
Updated app-emulation/docker to 20.10.24. This fixes CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2022-27652, CVE-2022-36109.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
cos-93-16623-402-10
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.177 | v20.10.14 | v1.5.18 | v450.236.01(default),v470.182.03(R470),v525.105.17 |
Updated app-emulation/docker to v20.10.14. This resolves CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2022-36109, CVE-2022-27652.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
cos-97-16919-294-15
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.176 | v20.10.14 | v1.6.20 | v470.182.03(default),v525.105.17 |
Updated app-emulation/docker to v20.10.14. This resolves CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2022-36109, CVE-2022-27652.
Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.
M108 update
This update of the M108 release includes the following:
- The following Deep Learning Containers images are now available:
- Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (
us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cpu.2-12.py310:latest
) - Tensorflow 2.12 GPU with CUDA 11.8 and Python 3.10 (
us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-gpu.2-12.py310:latest
)
- Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (
M108 update
This update of the M108 release includes the following:
- The following Deep Learning VM images are now available:
- Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (
tf-2-12-cpu-debian-11-py310
) - Tensorflow 2.12 GPU with CUDA 11.8 and Python 3.10 (
tf-2-12-gpu-debian-11-py310
)
- Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (
(2023-R10) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.25.8-gke.500 is now the default version.
- The following control plane versions are now available:
- The following versions are no longer available:
- 1.21.14-gke.8500
- 1.21.14-gke.15800
- 1.22.17-gke.5400
- 1.22.17-gke.6100
- 1.23.16-gke.1400
- 1.23.16-gke.2500
- 1.23.17-gke.300
- 1.24.9-gke.3200
- 1.24.10-gke.1200
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.18100 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.17-gke.7500 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.11-gke.1000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.11-gke.1000 with this release.
Stable channel
- Version 1.24.11-gke.1000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.21.14-gke.15800
- 1.22.17-gke.5400
- 1.23.16-gke.1400
- 1.24.9-gke.3200
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.18100 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.7500 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.1700 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.11-gke.1000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.11-gke.1000 with this release.