Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

February 01, 2025

Cloud SQL for MySQL

All Cloud SQL for MySQL 5.6 and 5.7 instances are running community end-of-life (EOL) major versions and are now enrolled in Cloud SQL extended support.

IMPORTANT: Extended support is a paid service and is an addition to the current cost of your instance. Charges for extended support are waived from February 1, 2025 through April 30, 2025. Starting on May 1, 2025, all instances enrolled in extended support will be charged. To learn more about the benefits of extended support and pricing, see Extended support for Cloud SQL.

Cloud SQL for PostgreSQL

All Cloud SQL for PostgreSQL 9.6, 10, 11, and 12 instances are running community end-of-life (EOL) major versions and are now enrolled in Cloud SQL extended support.

IMPORTANT: Extended support is a paid service and is an addition to the current cost of your instance. Charges for extended support are waived from February 1, 2025 through April 30, 2025. Starting on May 1, 2025, all instances enrolled in extended support will be charged. To learn more about the benefits of extended support and pricing, see Extended support for Cloud SQL.

January 31, 2025

Cloud Monitoring

You can now monitor usage, throughput, and latency, and troubleshoot 429 errors on Vertex AI foundation models like Google Gemini and Anthropic Claude by using a new predefined dashboard. After querying a model from the Vertex AI Model Garden, you can find the models associated with your project from the Vertex AI Dashboard page under the "Model observability" heading.

To customize the dashboard and explore relevant metrics in Cloud Monitoring, click Show All Metrics. For information about using dashboards in Cloud Monitoring, see View and customize Google Cloud dashboards.

Cloud Storage

You can now enable client-side traces with OpenTelemetry when you use Cloud Storage client libraries. To learn more about how client-side traces work and how to configure tracing for your application, see Use client-side traces.

Generative AI on Vertex AI

You can now monitor usage, throughput, and latency and troubleshoot 429 errors on Vertex AI foundation models, like Google Gemini and Anthropic Claude, by using a predefined dashboard. After querying a model from the Vertex AI Model Garden, you can find the name of the model you queried in the Vertex AI Dashboard page under the "Model observability" heading.

To customize the dashboard and explore relevant metrics in Cloud Monitoring, click Show All Metrics. For information about using dashboards in Cloud Monitoring, see View and customize Google Cloud dashboards.

Google Cloud Architecture Center

Best practices and reference architectures for VPC design: Updates to the document to reflect feature releases over the past months.

Cross-Cloud Network for distributed applications: Updates to the document set to reflect feature releases over the past months.

Retail API

Vertex AI Search for commerce: Merchandising console

Vertex AI Search for commerce has released a new user-friendly Merchandising console for site merchants and business users. Cloud console admins can grant users access as a Creator or Approver to set or define rules, and create and manage controls. The Google Cloud Search for commerce console Controls section has a Merchandising console tab where admins can grant users access and manage user permissions for the Merchandising console.

For more information, see Console options for creating controls.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-spanner

6.85.0 (2025-01-10)

Features
  • Add gcp client attributes in OpenTelemetry traces (#3595) (7893f24)
  • Add LockHint feature (#3588) (326442b)
  • spanner: MTLS setup for spanner external host clients (#3574) (f8dd152)
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.56.0 (#3563) (e4d0b0f)
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.57.0 (#3592) (a7542da)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#3589) (2cd4238)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#3455) (70649dc)
  • Update dependency com.google.re2j:re2j to v1.8 (#3594) (0f2013d)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#3591) (3daa1a0)

Node.js

Changes for @google-cloud/spanner

7.17.0 (2024-12-27)

Known Issues

This release inadvertently introduced an issue where OpenTelemetry Trace context Global Propagators are default set to W3CTraceContextPropagator. For more details, refer to issue #2208

A fix for this issue has been included in version 7.17.1

Features
  • Add the last statement option to ExecuteSqlRequest and ExecuteBatchDmlRequest (#2196) (223f167)
  • Enable e2e tracing (#2202) (3cc257e)
Bug Fixes

7.17.1 (2025-01-03)

Bug Fixes

January 30, 2025

Anthos Config Management

Fixed an issue that was causing Container Registry and Artifact Registry authentication tokens to expire before being refreshed. For more information, see known issue Unable to generate access token for OCI source.

Fixed an issue that incorrectly reported managed resources as "Not Found" when an API Service backend became unhealthy. For more information, see known issue API discovery errors can cause managed objects to incorrectly be marked as "Not Found".

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Asset Inventory
    • cloudasset.googleapis.com/Feed
  • Firebase
    • firebaserules.googleapis.com/Release
    • firebaserules.googleapis.com/Ruleset
  • Identity-Aware Proxy
    • iap.googleapis.com/TunnelDestGroup
Cloud Composer

At the beginning of February 2025, we will delete inactive environments that are non-recoverable in Cloud Composer 1, Cloud Composer 2, and Cloud Composer 3. After this change, non-recoverable environments that have listed problems will be deleted automatically.

Cloud Composer 1 and Cloud Composer 2 environments that have both of the following problems present at the same time will be deleted:

  • The environment's underlying GKE cluster is deleted.
  • The environment is in the ERROR state for at least 60 days because of a disabled billing account or because the Cloud Composer API service was deactivated in its project.

Cloud Composer 3 environments that have the following problem will be deleted:

  • The environment is in the ERROR state for at least 60 days because of a disabled billing account or because the Cloud Composer API service was deactivated in its project.

This change doesn't affect buckets of these environments. You can still recover your DAGs and other data from the environment's bucket and then delete the bucket manually. See Delete environments for information about data that is not deleted automatically together with the environment.

Cloud DNS

DNS64 is now available in Preview.

Dataproc

Dataproc on Compute Engine: Private Google Access is now automatically enabled in the configured subnetwork when creating clusters with internal IP addresses.

Dataproc Serverless for Spark: Private Google Access is now automatically enabled in the configured subnetwork when running batch workloads and interactive sessions.

Generative AI on Vertex AI

Mistral Large (24.07) and Codestral (24.05) that are offered as a Model as a Service (MaaS) models in Model Garden are deprecated. For details, see Generative AI on Vertex AI deprecations.

Google Cloud Architecture Center

(New guide) Cross-Cloud Network inter-VPC connectivity using Network Connectivity Center: Describes how to design the network segmentation structure and connectivity of Cross-Cloud Network with Network Connectivity Center.

Google Kubernetes Engine

Starting on January 28, 2025, the following Preview features are deprecated:

  • GKE threat detection
  • Supply chain concerns - Binary Authorization
  • GKE Compliance dashboard

For deprecation and removal dates, and for information about alternatives, see Posture management deprecations.

Network Connectivity Center

Route exchange with VPC spokes is generally available.

This feature lets you connect VPC spokes and hybrid spokes, such as Cloud Interconnect VLAN attachments, HA VPN tunnels, and Router appliance VMs on the same hub.

Note that you are billed for Advanced Data Networking (ADN) for traffic originating from Google Cloud Platform egressing through hybrid spokes.

See the following known issues for dynamic route exchange:

  • Routing VPC networks that are also VPC spokes: A routing VPC network should typically contain hybrid spokes. However, if you do configure a routing VPC network as a VPC spoke, the following limitations apply:
    • A routing VPC network can also be a VPC spoke only if there are no other routing VPC networks on the hub. A hub supports two or more routing VPC networks only when none of the routing VPC networks are VPC spokes.
    • The site-to-site data transfer setting is not honored for hybrid spokes in a routing VPC network that is also a VPC spoke.
  • Dynamic route interaction rules: Within a routing VPC network, for each unique dynamic route destination with a next hop in a hybrid spoke, you must ensure that all other dynamic routes, regardless of priority, whose destinations exactly match or fit within the unique dynamic route destination, have next hop Cloud VPN tunnels or VLAN attachments also in a hybrid spoke. Further, you must ensure that those hybrid spokes use the same site-to-site data transfer setting (either enabled or disabled).
    • If only some next hops for dynamic routes with a common destination are in hybrid spokes, Network Connectivity Center can't reliably exchange dynamic routes that use that destination with VPC spokes on the hub. Consequently, VPC spokes might not receive those dynamic routes.
    • Network Connectivity Center doesn't perform ECMP among all next hops of hybrid spoke dynamic routes if some hybrid spokes have site-to-site data transfer enabled but other hybrid spokes have site-to-site data transfer disabled. If dynamic routes with a common destination are in hybrid spokes without matching site-to-site data transfer settings, next hops for site-to-site data transfer or for connectivity between VPC spokes and on-premises networks might not be what you expect.
  • Dynamic route and static route interaction rules: Within a routing VPC network, for each unique dynamic route destination that has a next hop in a hybrid spoke, you must ensure that no local static routes exist, regardless of priority, whose destinations exactly match or fit within the dynamic route destination.
    • If a local static route in the routing VPC network has the same destination as a hybrid spoke dynamic route, VPC spokes might lose connectivity to the dynamic route destination.
    • If a local static route in a routing VPC network has a destination that fits within the destination of a hybrid spoke dynamic route, VPC spokes lose connectivity to the static route destination.
Spanner

The Spanner index advisor is Generally Available in both GoogleSQL and PostgreSQL-dialect databases. The index advisor analyzes your queries to recommend new indexes or changes to existing indexes to improve the performance of your queries. For more information, see Use the Spanner index advisor.

Spanner supports new SERIAL and AUTO_INCREMENT DDL syntax. SERIAL is available in PostgreSQL-dialect databases and AUTO_INCREMENT is available in GoogleSQL. They streamline the ability to generate IDENTITY columns as primary keys. For more information, see SERIAL and AUTO_INCREMENT.

January 29, 2025

Cloud Billing

Tags data for BigTable instances is available in both the Standard usage cost export and the Detailed usage cost export.

To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see more about tags and query examples with tags.

Compute Engine

Preview: You can now modify which machine types are recommended, so that the generated recommendations only include your preferred machine series. You can also change the metrics used to generate memory recommendations to improve the accuracy of the recommendations. For more information, see Configure machine type recommendations.

Generative AI on Vertex AI

New Imagen 3 image generation model available to users

A newer improved Imagen 3 image generation model is now available to all users:

  • imagen-3.0-generate-002

This image generation model supports the following additional features:

  • Prompt enhancement - The LLM-based prompt rewriter tool adds additional details and descriptive language to the prompt you provide, generally resulting in higher quality generated images. This feature is configurable and is enabled by default.

For more information, see Imagen on Vertex AI model versions and lifecycle and Generate images using text prompts.

Google Kubernetes Engine

(2025-R04) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.5-gke.1023000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1143000
    • 1.30.8-gke.1261000
    • 1.30.8-gke.1282000
    • 1.31.4-gke.1256000
    • 1.32.1-gke.1002000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1372000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

Regular channel

  • Version 1.31.4-gke.1256000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1128000
    • 1.31.4-gke.1183000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1162000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

Stable channel

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1342000
    • 1.29.10-gke.1280000
    • 1.30.5-gke.1713000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1051000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

Extended channel

  • Version 1.31.4-gke.1256000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2122000
    • 1.27.16-gke.2270000
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1128000
    • 1.31.4-gke.1183000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2142000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

No channel

(2025-R04) Version updates

  • Version 1.31.5-gke.1023000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1143000
    • 1.30.8-gke.1261000
    • 1.30.8-gke.1282000
    • 1.31.4-gke.1256000
    • 1.32.1-gke.1002000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1372000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

(2025-R04) Version updates

  • Version 1.31.4-gke.1256000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1128000
    • 1.31.4-gke.1183000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1162000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

(2025-R04) Version updates

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1342000
    • 1.29.10-gke.1280000
    • 1.30.5-gke.1713000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1051000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

(2025-R04) Version updates

  • Version 1.31.4-gke.1256000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2122000
    • 1.27.16-gke.2270000
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1128000
    • 1.31.4-gke.1183000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2142000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

(2025-R04) Version updates

reCAPTCHA

reCAPTCHA Mobile SDK v18.7.0 is now available for Android.

This version contains a dependency on com.google.android.gms:play-services-recaptchabase for enhanced detection.

January 28, 2025

BigQuery

You can now view stored column usage information for a query job that performs vector search using stored columns. This feature is generally available (GA).

Cortex Framework

Updated the Cortex libraries for Meta to use v21.0 of the Meta Marketing API.

Dataplex

Aspect-only metadata import for Dataplex Catalog metadata is generally available (GA). Use an aspect-only metadata job to incrementally modify aspects, without modifying other metadata that belongs to entries in the job's scope. For more information, see Import metadata using a custom pipeline.

NetApp Volumes

Google Cloud NetApp Volumes now supports Managed Service for Microsoft Active Directory. For more information, see Connect to Managed Service for Microsoft Active Directory.

Google Cloud NetApp Volumes now supports user and group quotas. For more information, see Volume user and group quotas.

Spanner

You can now downgrade your Spanner instance to a lower-tier edition. For more information, see Downgrade the edition.

Workflows

Workflows doesn't support HTTP requests to the IP-based endpoints of Google Kubernetes Engine cluster control planes. To ensure that your workflow functions as expected, you must access the DNS-based endpoints. For more information about the scope and impact, see the service announcement.

January 27, 2025

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.66.0 (2025-01-20)

Features
  • bigquery/storage/managedwriter: Graceful connection drains (#11463) (b29912f)
Bug Fixes
  • bigquery: Update golang.org/x/net to v0.33.0 (e9b0b69)

Python

Changes for google-cloud-bigquery

3.29.0 (2025-01-21)

Features
  • Add ExternalCatalogTableOptions class and tests (#2116) (cdc1a6e)
Bug Fixes
  • Add default value in SchemaField.from_api_repr() (#2115) (7de6822)

The following BigQuery ML generative AI features are now available:

Try these features with the Generate text by using the ML.GENERATE_TEXT function how-to topic and the
Generate text by using a Gemma open model and the ML.GENERATE_TEXT function tutorial.

These features are generally available (GA).

We previously communicated that after January 27, 2025, a purchase would be required to use Gemini in BigQuery features. We are temporarily delaying enforcement of these procurement methods, and no purchase is required at this time. For more information, see Gemini for Google Cloud pricing.

You can now set conditional IAM access on BigQuery datasets with access control lists (ACLs). This feature is generally available (GA).

Cloud Composer

Update, January 31st 2025: This issue is now resolved. See the latest announcement.

(Cloud Composer 3 only) We are currently experiencing an issue with upgrading Airflow builds for Cloud Composer 3 in asia-south1, asia-northeast2, europe-west1, europe-west3, europe-north1 regions.

The upgrades are temporarily disabled as we continue our work to restore the listed functionalities. We will release an additional announcement after the issue is resolved.

Cloud SQL for SQL Server

Transaction logs associated with point-in-time-recovery (PITR) operations for all Cloud SQL for SQL Server instances are now stored in Cloud Storage. On May 31, 2024, Google Cloud launched support for PITR transaction log storage in Cloud Storage. Since then, Google Cloud has run a transparent migration of these transaction logs to Cloud Storage for all instances created prior to the launch date. This migration is now complete.

Note: If your Cloud SQL for SQL Server instance is on the old network architecture, the transaction logs for PITR may still remain on disk until migrated to the new network architecture. To verify the storage of your instance's transaction logs for PITR, see Check the storage location of transaction logs used for PITR.

Container Optimized OS

cos-105-17412-535-34

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.

Upgraded sys-apps/file to v5.46-r2.

Update NVIDIA GPU drivers to v535.230.02 for R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Fixed CVE-2024-49996 in the Linux kernel.

Fixed CVE-2024-50055 in the Linux kernel.

Fixed CVE-2024-57841 in the Linux kernel.

Fixed CVE-2024-57890 in the Linux kernel.

Fixed CVE-2024-55916 in the Linux kernel.

Fixed CVE-2024-56779 in the Linux kernel.

Fixed CVE-2024-56615 in the Linux kernel.

Fixed KCTF-5eb7de8 in the Linux kernel.

Fixed KCTF-f8d4bc4 in the Linux kernel.

Fixed CVE-2024-53206 in the Linux kernel.

Fixed CVE-2024-50121 in the Linux kernel.

Fixed CVE-2024-56601 in the Linux kernel.

Fixed CVE-2024-56600 in the Linux kernel.

Fixed CVE-2024-53173 in the Linux kernel.

Fixed CVE-2024-53140 in the Linux kernel.

Fixed CVE-2024-53136 in the Linux kernel.

Fixed CVE-2024-53113 in the Linux kernel.

Fixed CVE-2024-53119 in the Linux kernel.

Fixed CVE-2024-53121 in the Linux kernel.

Fixed CVE-2024-53142 in the Linux kernel.

Fixed CVE-2024-50275 in the Linux kernel.

Fixed CVE-2024-56763 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812682 -> 812681

cos-117-18613-164-4

Kernel Docker Containerd GPU Drivers
COS-6.6.72 v24.0.9 v1.7.24 See List

This is an LTS Refresh release.

Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.

Upgraded app-containers/docker-credential-gcr to v2.1.25.

Upgraded app-admin/google-osconfig-agent to v20240927.00.

Upgraded app-emulation/cloud-init to v23.4.4.

Upgraded sys-apps/file to v5.46-r2.

Upgraded dev-python/configobj to v5.0.9.

Upgraded dev-libs/nss to v3.105.

Upgraded dev-db/sqlite to v3.46.1.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded sys-apps/gentoo-functions to v1.7.2.

Upgraded net-libs/libtirpc to v1.3.5.

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Fixed CVE-2024-53166 in the Linux kernel.

Fixed CVE-2024-54683 in the Linux kernel.

Fixed CVE-2024-57841 in the Linux kernel.

Fixed CVE-2024-57890 in the Linux kernel.

Fixed CVE-2024-56369 in the Linux kernel.

Fixed CVE-2024-56617 in the Linux kernel.

Fixed CVE-2024-55916 in the Linux kernel.

Fixed CVE-2024-56615 in the Linux kernel.

Fixed CVE-2024-56779 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811796 -> 811776

cos-dev-121-18849-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.72 v25.0.7 v2.0.2 See List

Updated google-osconfig-agent to v20250121.00.

Updated app-containers/containerd to v2.0.2.

Updated app-admin/oslogin to v20241216.00.

Updated app-containers/runc to v1.2.4.

Upgraded dev-lang/go to v1.23.5.

Upgraded net-misc/openssh to v9.9.

Added support for nftables flow offload and the flowtable infrastructure.

Upgraded app-admin/google-guest-agent to v20250117.00.

Upgraded app-admin/google-guest-configs to v20250116.00.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r656.

Upgraded chromeos-base/debugd-client to v0.0.1-r2725.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2816.

Upgraded chromeos-base/shill-client to v0.0.1-r4812.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2960.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2469.

Upgraded net-dns/c-ares to v1.34.4.

Upgraded sys-apps/file to v5.46-r2.

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded net-misc/curl to version 8.11.1-r2. This fixes CVE-2024-11053.

Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Runtime sysctl changes:

  • Changed: fs.file-max: 811767 -> 811821

cos-113-18244-291-20

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.

Upgraded sys-apps/file to v5.46-r2.

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Upgraded net-misc/curl to version 8.11.1-r2. Fixes CVE-2024-11053.

Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Fixed KCTF-8ea6073 and CVE-2024-50164 in the Linux kernel.

Fixed CVE-2024-49926 in the Linux kernel.

Fixed CVE-2024-57841 in the Linux kernel.

Fixed CVE-2024-57890 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812035 -> 812045

cos-109-17800-436-14

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.

Upgraded sys-apps/file to v5.46-r2.

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Fixed KCTF-8ea6073 and CVE-2024-50164 in the Linux kernel.

Fixed CVE-2024-49926 in the Linux kernel.

Fixed CVE-2024-53128 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812258 -> 812276

NetApp Volumes

Flex service level now supports Backups feature in Preview. For more information, see About NetApp Volumes.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.10.0 (2025-01-13)

Features
  • Add Kafka-based sources to IngestionDataSourceSettings proto and IngestionFailureEvent proto (#2007) (08d00a1)
Bug Fixes
  • deps: Update dependency @opentelemetry/semantic-conventions to ~1.28.0 (#2001) (c8e5811)

Python

Changes for google-cloud-pubsub

2.27.3 (2025-01-24)

Bug Fixes
  • Stop using api_core default timeouts in publish since they are broken (#1326) (ba2c2ee)
SAP on Google Cloud

ABAP SDK for Google Cloud version 1.9 (On-premises or any cloud edition)

Version 1.9 of the on-premises or any cloud edition of the ABAP SDK for Google Cloud is generally available (GA). In addition to supporting more Google Cloud APIs and few other enhancements, this version introduces the BigQuery Toolkit for SAP – a dedicated tool to replicate data to BigQuery from within your SAP environment using ABAP.

For more information, see What's new with the on-premises or any cloud edition of the ABAP SDK for Google Cloud.

Spanner

Spanner supports the SELECT…FOR UPDATE query syntax in GoogleSQL and PostgreSQL-dialect databases. When you use the SELECT query to scan a table, add a FOR UPDATE clause to enable exclusive locks on the scanned data in order to reduce aborts for workloads that operate on the same data concurrently. This is similar to the LOCK_SCANNED_RANGES hint (GoogleSQL and PostgreSQL). For more information, see Use SELECT… FOR UPDATE.

Speech-to-Text

Speech-to-Text is generally available (GA) in the Chirp 2 model in asia-southeast1, us-central1, and europe-west4.

For more information about the Chirp 2 model, see Chirp 2: Enhanced multilingual accuracy. For code samples, see Get started with Chirp 2 using Speech-to-Text V2 SDK in GitHub.

Virtual Private Cloud

VPC Flow Logs metadata annotations include InstanceGroupDetails. This feature is available in General Availability.

There is a known issue with global access endpoints that access services that are published by using internal passthrough Network Load Balancers or internal protocol forwarding (target instances). Private Service Connect doesn't validate that the global access setting on the endpoint matches the setting on the producer's load balancer. We recommend the following:

  • If you're a service consumer, only enable global access on an endpoint if you know that the producer's load balancer is configured for global access. For more information, see endpoint Known issues.

  • If you're a service producer whose services are hosted on internal passthrough Network Load Balancers or internal protocol forwarding (target instances), and those services are accessed through global access endpoints, ensure that global access is enabled on your services' load balancers. For more information, see published services Known issues.

January 26, 2025

Google SecOps

Security Enhancement
As of February 10, 2025, concurrent logins to Google SecOps with multiple user accounts using the same browser profile will no longer be supported. Use separate browser profiles or an incognito/private window for each account.

Google SecOps SIEM

Security Enhancement
As of February 10, 2025, concurrent logins to Google SecOps with multiple user accounts using the same browser profile will no longer be supported. Use separate browser profiles or an incognito/private window for each account.

Google SecOps SOAR

Release 6.3.31 is now in General Availability.

January 25, 2025

Google SecOps SOAR

Release 6.3.32 is currently in Preview. This release contains internal and customer bug fixes.

January 24, 2025

Apigee X

On January 24, 2025, we released an updated version of Apigee (1-14-0-apigee-4).

Bug ID Description
372248577 Fixed issue causing system.pod.name flow variable to return null.
N/A Updates to security infrastructure and libraries.
App Hub

App Hub support is available in the europe-southwest1 (Madrid, Spain) region.

Backup and DR

Management console is now available in the Columbus (us-east5) region.

For updates to the backup appliance, a default window now exists to schedule non disruptive patch updates. (Disruptive updates do not get the default window.) You will now receive notifications 2 weeks , 1 week and 24 hours before the scheduled update after which the appliance will be automatically updated. An option to reschedule non disruptive patch updates is also available.

Fixes for SAP HANA Persistent Disk Snapshots

  • Enhancing imports of log images: Log images can now be imported correctly with the right recovery range. Enabled importing log images without having to take the ownership of the images. Fixed the workflow for importing on the source management server instance and another new management server instance.

  • UI fixes for point-in-time recovery from imported images: Imported images appear in the remote snapshot lane in access view, populating correct recovery range for imported images, populating recovery time in restore operation request, adding archive log mount point location in restore page, disabling Replace Original Application Identity for remote images, mount page waiting indefinitely for imported image, adding import PD snapshot option in application page, enabling host selection drop-downs for replication cluster etc.

  • BA fixes: Issues with uploading metadata for replication clusters and with point-in-time recovery from imported images were fixed.

Fixes for Oracle databases backed up to OnVault and backup vault

  • Hosts from both source and remote backup appliances are now listed in the restore page. For cases when no host is reachable or the primary backup appliance is down, the UI was improved by showing a spinning wheel to avoid waiting for longer than necessary while attempting to restore from an imported image.

  • A Replace Original Application Identity option has been added for Oracle traditional restore functionality.

The following CVEs have been addressed in this release: CVE-2024-38286, CVE-2019-9636, CVE-2023-5178, CVE-2020-14343, CVE-2021-29921, CVE-2019-7164, CVE-2020-27619, CVE-2018-20060, CVE-2019-20477, CVE-2019-9948, CVE-2020-1747, CVE-2021-3177, CVE-2022-42919, CVE-2024-0565, CVE-2015-20107, CVE-2023-51042, CVE-2020-10878, CVE-2023-6546, CVE-2022-0391, CVE-2022-45884, CVE-2021-33631, CVE-2020-10543, CVE-2019-20907, CVE-2023-3812, CVE-2019-11324, CVE-2022-45919, CVE-2023-6931, CVE-2024-1086, CVE-2021-43818, CVE-2021-33503, CVE-2020-26116, CVE-2019-20916, CVE-2023-2163, CVE-2021-42771, CVE-2022-45886, CVE-2021-3737, CVE-2023-52425, CVE-2018-18074, CVE-2021-27291, CVE-2021-20270, CVE-2023-24329, CVE-2019-18874, CVE-2019-16056, CVE-2019-7548, CVE-2021-3572, CVE-2019-9740, CVE-2021-23336, CVE-2020-14422, CVE-2021-3426, CVE-2023-1192, CVE-2022-38096, CVE-2023-6135, CVE-2020-8492, CVE-2020-27783, CVE-2020-28493, CVE-2023-46218, CVE-2021-4189, CVE-2020-26137, CVE-2021-3733, CVE-2019-16935, CVE-2021-28957, CVE-2018-20852, CVE-2019-11236, CVE-2019-9947, CVE-2020-28241, CVE-2023-5388, CVE-2023-28322 CVE-2022-48624, CVE-2023-38546, CVE-2021-20095

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, Search (SearchAllResources, SearchAllIamPolicies), and analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Cloud Storage
    • storageinsights.googleapis.com/ReportConfig
    • storageinsights.googleapis.com/ReportDetail
Cloud Composer

The following recently released Cloud Composer 3 Airflow builds and Cloud Composer 2 versions are rolled back and aren't available for creating and upgrading existing environments. We will roll out new builds in the next release.

  • composer-2.11.0-airflow-2.10.2
  • composer-2.11.0-airflow-2.9.3
  • composer-3-airflow-2.10.2-build.6
  • composer-3-airflow-2.9.3-build.13
Cloud Load Balancing

Changes to RSA certificate requirements coming April 28, 2025

We're changing how Application Load Balancers establish TLS connections to backends. This change fixes a problem where the keyUsage extension of RSA certificates is not being validated consistently and might allow a certificate that should have been rejected based on the keyUsage configuration.

What you need to do

Starting April 28, 2025, RSA certificates that don't meet the keyUsage configuration requirements will no longer be considered valid for establishing TLS connections. We recommend that you check whether your backends' RSA certificates are invalid, and replace them with valid certificates if needed.

A valid RSA certificate is one that has the X509v3 Key Usage extension and includes both the Digital Signature and Key Encipherment parameters.

To identify an invalid RSA certificate, perform the following steps:

  1. First confirm that the certificate type is RSA by running the following command.

    openssl x509 -text -in cert.crt | grep "Public Key Algorithm".

    For RSA certificates, this should output rsaEncryption. If it is a non-RSA certificate (for example, EC), you don't need to take any more action at this time.

  2. If it is an RSA certificate, examine the Key Usage configuration by running the following command:

    openssl x509 -text -in cert.crt | grep -A1 "X509v3 Key Usage"

    For a valid RSA certificate, the correct value is Digital Signature, Key Encipherment. If either of these values is not present, the RSA certificate is invalid.

For more information about the X.509 certificate format, see RFC 5280 Key Usage.

Cloud Run

You can now use dual-stack subnets with internal IPv6 to let your Cloud Run services and jobs send IPv4 and internal IPv6 traffic to a VPC network with Direct VPC egress. (Preview)

Cloud Trace

The Trace Explorer page in the Google Cloud console has been refreshed. The new page aggregates and displays information about spans using visualizations like heatmaps. You can use menus to apply filters and to group traces by span and service name. You can also explore individual traces and share traces. For more information, see the following documents:

Introducing trace scopes. Trace scopes are persistent, project-level resources that the Trace Explorer page uses to determine which projects to search for trace data. You can create, edit, and delete trace scopes. You can also set one trace scope as the default trace scope, which determines the projects that the Trace Explorer searches when the page is opened.

For more information, see the following documents:

Compute Engine

Preview: To prevent data loss or corruption when a compute instance is stopped, you can enable graceful shutdown in the instance. This setting gives the guest OS up to one hour to finish running tasks. Gracefully shutting down an instance is helpful when, for example, your database needs time to complete active transactions, your multiplayer session needs time to end properly, or you want to cleanly shutdown a high performance computing (HPC) job.

For more information, see the following pages:

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.129-debian10, 2.0.129-rocky8, 2.0.129-ubuntu18
  • 2.1.77-debian11, 2.1.77-rocky8, 2.1.77-ubuntu20, 2.1.77-ubuntu20-arm
  • 2.2.43-debian12, 2.2.43-rocky9, 2.2.43-ubuntu22

Dataproc cluster caching now supports ARM images.

Zeppelin component added to 2.1-Ubuntu20-arm images.

Google Distributed Cloud (software only) for bare metal

Release 1.28.1400-gke.79

Google Distributed Cloud for bare metal 1.28.1400-gke.79 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1400-gke.79 runs on Kubernetes 1.28. This is the final patch for the 1.28 minor release.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

This release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Security Command Center

Risk Engine, which generates attack exposure scores and attack paths for your high-value resources, now supports the spanner.googleapis.com/Instance resource type.

For more information, see Resource types supported in high-value resource sets.

Service Health

Incident reports are available in Personalized Service Health.

January 23, 2025

App Hub Application Integration

Deprecation of Rhino engine for JavaScript Task

Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. All existing published JavaScript tasks will continue to use Rhino and can be migrated to V8 manually. Newly created JavaScript tasks will exclusively use V8.

For more information, see JavaScript execution engine.

You will not be able to use the Send email task in your integrations if you have enabled VPC service perimeter for the Application Integration service.

Dataproc Dialogflow

The Conversational Agents console has launched for preview to create agents that can use a combination of generative and deterministic features. See how we intend on migrating to this new console.

Document AI

Effective January 27, 2025, new and existing processors require explicit storage.objects.get permissions to access Google Cloud Storage buckets for training dataset imports and offline/batch processing.

You will need to review your use of training dataset imports and offline/batch processing to verify that the users of these APIs have appropriate permissions to access Google Cloud Storage buckets.

Ensure that users of these APIs have been granted one of the predefined or legacy Cloud Storage roles that includes the storage.objects.get permission (such as Storage Object Viewer). You can assign these roles in the Permissions tab of the relevant Cloud Storage bucket.

We understand that this update requires planning, but we're here to support you during this process. If you have questions or need assistance, contact Google Cloud support.

Google Cloud VMware Engine

Google Cloud VMware Engine Committed use discounts (CUD) are now managed exclusively in the VMware Engine section of the Google Cloud console. For more details, see VMware Engine CUDs documentation.

Google Kubernetes Engine

(2025-R03) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1162000
    • 1.30.8-gke.1224000
    • 1.31.4-gke.1183000
    • 1.32.0-gke.1709000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1256000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

Regular channel

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1162000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1128000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

Stable channel

Extended channel

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2081000
    • 1.27.16-gke.2246000
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1162000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2122000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

No channel

Starting with GKE version 1.32.1-gke.1002000, the default OS image for Ubuntu is updated from Ubuntu 22.04 to Ubuntu 24.04.

User-managed firewall rules for GKE LoadBalancer Services is now generally available on GKE clusters running version 1.31.3-gke.1056000 or later. By allowing user-managed firewall rules for GKE LoadBalancer Services, advanced firewall policies can now be configured to control ingress traffic to your GKE Services exposed with passthrough network load balancers. To learn more, see User-managed firewall rules for GKE LoadBalancer Services.

You can now customize a node system configuration with the following new kubelet and sysctl configuration options:

  • Kubelet

    • containerLogMaxSize
    • containerLogMaxFiles
    • imageGcLowThresholdPercent
    • imageGcHighThresholdPercent
    • imageMinimumGcAge
    • imageMaximumGcAge (1.30.7-gke.1076000 and later, 1.31.3-gke.1023000 and later)
    • allowedUnsafeSysctls (1.32.0-gke.1448000 and later)

  • Sysctl

    • kernel.shmmni
    • kernel.shmmax
    • kernel.shmall
    • net.netfilter.nf_conntrack_acct (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_max (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_buckets (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_tcp_timeout_close_wait (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_tcp_timeout_established (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_tcp_timeout_time_wait (1.32.0-gke.1448000 and later)

To learn more, see Kubelet configuration options and Sysctl configuration options.

(2025-R03) Version updates

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1162000
    • 1.30.8-gke.1224000
    • 1.31.4-gke.1183000
    • 1.32.0-gke.1709000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1256000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

(2025-R03) Version updates

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1162000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1128000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

(2025-R03) Version updates

(2025-R03) Version updates

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2081000
    • 1.27.16-gke.2246000
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1162000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2122000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

(2025-R03) Version updates

Google SecOps

The Google SecOps team identified that a cloud threat detection rule pack (azure-defender-for-cloud-vm-extensions) was inadvertently made available to all customers. The licensing requirements restrict the availability of this rule pack to only Enterprise and Enterprise+ customers and this has been corrected.

This change should not remove any prior detections for customers who have enabled this rule pack and do not meet the licensing requirements but the rules themselves will now be unavailable and no new detections will generate.

The following new YARA-L 2.0 functions are available in Rules and Search:

  • arrays.concat
  • arrays.join_string
  • arrays.max
  • arrays.min
  • arrays.size
  • arrays.index_to_int
  • cast.as_bool
  • cast.as_float
  • math.ceil
  • math.floor
  • math.geo_distance
  • math.is_increasing
  • math.pow
  • math.random
  • strings.contains
  • strings.count_substrings
  • strings.extract_domain
  • strings.extract_hostname
  • strings.from_hex
  • strings.ltrim
  • strings.reverse
  • strings.rtrim
  • strings.trim
  • strings.url_decode
  • timestamp.as_unix_seconds
  • timestamp.now

The following new YARA-L 2.0 functions are available in Rules:

  • hash.sha256
  • window.avg
  • window.first
  • window.last
  • window.median
  • window.mode
  • window.stddev
  • window.variance

Details on function signatures and behavior can be found in YARA-L2.0 Function Syntax Reference Documentation

The prioritization logic of Applied Threat Intelligence (ATI) rule set has been improved to remove alerts from events that have a specified security result action of BLOCKED or QUARANTINED. This change only impacts the IP address indicator types for both High and Active Breach priority. For more information, see View details about rule sets.

After July 2025, the Enterprise Insights page and the CBN alerts will no longer be available. Use the Alerts and IOCs page to view the alerts. We recommend that you migrate the existing CBN alerts to the YARA-L detection engine.

Looker Studio

Correction

The Modern charts in preview feature description was removed from release notes on January 29, 2025.

Pivot sort by any

Users can sort a pivot table by any metric or calculated field in a data source.

Is Any filter condition option for Looker data sources

Previously, when the value of some filter parameters was left blank in a Looker data source's underlying LookML, Looker Studio would interpret the blank value incorrectly. With the addition of the Is Any filter condition option, Looker Studio treats blank LookML filter values as expected by assigning those filters a default condition that allows any value.

Learn more about how Looker Studio interprets LookML filters.

NetApp Volumes

Google Cloud NetApp Volumes now supports Customer Managed Encryption Keys (CMEK) for large capacity volumes. For more information, see About CMEK.

January 22, 2025

BigQuery

BigQuery metastore lets you access and manage metadata from a variety of processing engines, including BigQuery and Apache Spark. BigQuery metastore supports BigQuery tables and open formats such as Apache Iceberg. This feature is in preview.

Cloud Interconnect

Dedicated Interconnect and Cross-Cloud Interconnect VLAN attachments support maximum bandwidths up to 100 Gbps. For more information, see Limits.

Cloud Run

The Cloud Run Builder (roles/run.builder) IAM role is now available in preview. When deploying a service or function from source, grant this role to the Compute Engine default service account that builds your Cloud Run resource.

Generative AI on Vertex AI

LangChain on Vertex AI

Billing for LangChain on Vertex AI will start on March 4, 2025.

The pricing structure is based on vCPU hours and GiB hours used. This means that you will be charged for both the compute (vCPU) and memory resources consumed by your LangChain on Vertex AI workloads.

You can review the pricing details in the table below.

Product SKU ID Price
ReasoningEngine vCPU 8A55-0B95-B7DC $0.0994/vCPU-Hr
ReasoningEngine Memory 0B45-6103-6EC1 $0.0105/GiB-Hr
Google Cloud Architecture Center

(New guide) Optimize AI and ML workloads with Parallelstore: Learn how to optimize performance for artificial intelligence (AI) or machine learning (ML) workloads with parallel file system storage by using Parallelstore.

Memorystore for Redis Cluster

Added support for on-demand and automated backups.

January 21, 2025

BigQuery

In BigQuery ML, you can now evaluate Anthropic Claude models by using the ML.EVALUATE function. The quotas for use of Anthropic Claude models in BigQuery ML have also been brought into parity with Vertex AI quotas.

This feature is in preview.

You can use natural language to prepare data with Gemini in BigQuery.

Data preparation in BigQuery lets you test data preparations you're developing before you deploy and schedule runs in production. For more information, see Develop a data preparation.

Cloud Build

You can now map specific build log fields to log entry fields when the build log is sent to Cloud Logging. For more information, see Map build log fields to log entry fields.

Cloud Data Fusion

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Data Fusion resources. For more information, see Create custom organization policy constraints.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Logging

On April 22, 2025, Cloud Logging will replace the single, global quota for the number of calls to write log entries with a set of volume-based regional quotas. For more information, see Logging API quotas and limits.

Dataflow

Managed I/O now supports automatic upgrades for supported I/O connectors. Using this feature, Dataflow pipelines automatically use the latest reliable version of the connector. This feature is generally available (GA). For more information, see Dataflow managed I/O.

Generative AI on Vertex AI

Anthropic's Claude 3 Sonnet that is offered as a Model as a Service (MaaS) model in Model Garden is deprecated. For details, see Generative AI on Vertex AI deprecations.

Google Kubernetes Engine

You can now use A3 Ultra VM powered by NVIDIA H200 Tensor Core GPUs with our new Titanium ML network adapter, which delivers non-blocking 3.2 Tbps of GPU-to-GPU traffic with RDMA over Converged Ethernet (RoCE).

A3 Ultra VMs are generally available in the a3-ultragpu-8g machine type and can be used through both the modes of operation in Google Kubernetes Engine (GKE):

Google SecOps

The following rules have been moved from "Precise" to "Broad" in their associated rule packs due to high alert volume across the Google SecOps customer base.

  • GCP Workspace Data Exfil Drive:
    • Suspicious Workspace Actions Observed after a Successful Suspicious Login
  • GCP Suspicious Infrastructure Change:
    • Replacement of Existing Compute Machine Image
    • Replacement of Existing Compute Disk
  • GCP Cloud SQL Ransom:
    • Base64 Encoded Cloud SQL Command
  • CIDR SCC Persistence:
    • SCC: Persistence: New API Method
    • SCC: Persistence: IAM Anomalous Grant
    • SCC: Persistence: GCE Admin Added SSH Key
  • CIDR SCC Malware:
    • SCC: Added Library Loaded
    • SCC: Added Binary Executed
  • CIDR SCC Cloud IDS Low:
    • SCC: Cloud IDS: Low Threat Finding
  • CIDR SCC Cloud Armor Medium:
    • SCC: Cloud Armor: Medium - Increasing Deny Ratio
    • SCC: Cloud Armor: Medium - Allowed Traffic Spike
  • Azure Identity:
    • Azure External User Invitation
  • Azure Defender for Cloud Windows and Linux VM:
    • Azure Defender for Cloud: Anonymous IP access
  • AWS GuardDuty Discovery:
    • AWS GuardDuty: Recon:EC2/PortProbeUnprotectedPort
Google SecOps SIEM

The following rules have been moved from "Precise" to "Broad" in their associated rule packs due to high alert volume across the Google SecOps customer base.

  • GCP Workspace Data Exfil Drive:
    • Suspicious Workspace Actions Observed after a Successful Suspicious Login
  • GCP Suspicious Infrastructure Change:
    • Replacement of Existing Compute Machine Image
    • Replacement of Existing Compute Disk
  • GCP Cloud SQL Ransom:
    • Base64 Encoded Cloud SQL Command
  • CIDR SCC Persistence:
    • SCC: Persistence: New API Method
    • SCC: Persistence: IAM Anomalous Grant
    • SCC: Persistence: GCE Admin Added SSH Key
  • CIDR SCC Malware:
    • SCC: Added Library Loaded
    • SCC: Added Binary Executed
  • CIDR SCC Cloud IDS Low:
    • SCC: Cloud IDS: Low Threat Finding
  • CIDR SCC Cloud Armor Medium:
    • SCC: Cloud Armor: Medium - Increasing Deny Ratio
    • SCC: Cloud Armor: Medium - Allowed Traffic Spike
  • Azure Identity:
    • Azure External User Invitation
  • Azure Defender for Cloud Windows and Linux VM:
    • Azure Defender for Cloud: Anonymous IP access
  • AWS GuardDuty Discovery:
    • AWS GuardDuty: Recon:EC2/PortProbeUnprotectedPort
Organization Policy

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Data Fusion resources. For more information, see Create custom organization policy constraints.

Resource Manager

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Data Fusion resources. For more information, see Create custom organization policy constraints.

Workload Manager

Generally available: You can define organizational best practices for your workloads using custom rules written in the Rego policy language. Workload Manager evaluates your workloads against these rules and creates reports for any violation and helps you prioritize remediation. This helps you continuously improve the quality, reliability, and performance of your workloads. For more information, see Implementing best practices using custom rules.

January 20, 2025

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.46.0 (2025-01-11)

Features
  • bigquery: Support IAM conditions in datasets in Java client. (#3602) (6696a9c)
Bug Fixes
Dependencies
  • Update actions/upload-artifact action to v4.5.0 (#3620) (cc25099)
  • Update actions/upload-artifact action to v4.6.0 (#3633) (ca20aa4)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.57.0 (#3617) (51370a9)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.58.0 (#3631) (b0ea0d5)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241222-2.0.0 (#3623) (4061922)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.61.0 (#3618) (6cba626)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.62.0 (#3632) (e9ff265)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#3628) (442d217)
  • Update dependency com.google.oauth-client:google-oauth-client-java6 to v1.37.0 (#3614) (f5faa69)
  • Update dependency com.google.oauth-client:google-oauth-client-jetty to v1.37.0 (#3615) (a6c7944)
  • Update github/codeql-action action to v2.27.9 (#3608) (567ce01)
  • Update github/codeql-action action to v2.28.0 (#3621) (e0e09ec)

Python

Changes for google-cloud-bigquery

3.28.0 (2025-01-15) - YANKED

Reason this release was yanked:

This turned out to be incompatible with pandas-gbq. For more details, see issue.

Features
  • Add property for allowNonIncrementalDefinition for materialized view (#2084) (3359ef3)
  • Add property for maxStaleness in table definitions (#2087) (729322c)
  • Add type hints to Client (#2044) (40529de)
  • Adds ExternalCatalogDatasetOptions and tests (#2111) (b929a90)
  • Adds ForeignTypeInfo class and tests (#2110) (55ca63c)
  • Adds new input validation function similar to isinstance. (#2107) (a2bebb9)
  • Adds StorageDescriptor and tests (#2109) (6be0272)
  • Adds the SerDeInfo class and tests (#2108) (62960f2)
  • Migrate to pyproject.toml (#2041) (1061611)
  • Preserve unknown fields from the REST API representation in SchemaField (#2097) (aaf1eb8)
  • Resource tags in dataset (#2090) (3e13016)
  • Support setting max_stream_count when fetching query result (#2051) (d461297)
Bug Fixes
Documentation
  • Render fields correctly for update calls (#2055) (a4d9534)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigtable

2.28.1 (2025-01-17)

Bug Fixes
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.21.1 (2025-01-13)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.1 (705dba2)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#1745) (6a7280d)
  • Update dependency org.easymock:easymock to v5.5.0 (#1639) (f559d89)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#1742) (3c7a2c7)
Compute Engine

Generally available: Managed instance groups (MIGs) let you create pools of suspended and stopped virtual machine (VM) instances. You can manually suspend and stop VMs in a MIG to save on costs, or use suspended and stopped pools to speed up scale out operations of your MIG. For more information, see About suspending and stopping VMs in a MIG.

Dataplex

Data lineage path visualization is available in preview. Lineage path visualizations help you to understand the lineage links between two selected resources. For more information, see Lineage path visualization.

Google SecOps

Python 3.7 is being deprecated and will be fully removed on June 1, 2025.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

Google SecOps SOAR

Python 3.7 is being deprecated and will be fully removed on June 1, 2025.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

January 19, 2025

Google SecOps

The individual parser documents have been put into one page with an easy-to-use search bar. This reorganization helps you find all the information you need in one place.

Google SecOps SIEM

The individual parser documents have been put into one page with an easy-to-use search bar. This reorganization helps you find all the information you need in one place.

Google SecOps SOAR

Release 6.3.31 is currently in Preview. This release contains internal and customer bug fixes.

January 18, 2025

Google SecOps SOAR

Release 6.3.30 is still in Preview.

January 17, 2025

BigQuery

The BigQuery Data Transfer Service can now transfer data from the following data sources:

Transfers from these data sources are supported in Preview.

In the navigation menu, you can now go to the Settings page to set default settings that are applied when you start a session in BigQuery Studio. This feature is in preview.

Cloud Build

You can now use Cloud Build to push Go modules to Artifact Registry. For more information, see Build and test Go applications.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL version 17 adds support for the following extensions and plugins:

Extensions and plugins

  • ip4r
  • oracle_fdw
  • orafce
  • pg_background
  • pg_bigm
  • pgfincore
  • pg_hint_plan
  • pg_partman
  • pg_proctab
  • pgrouting
  • pg_similarity
  • pgtap
  • pgtt
  • pg_wait_sampling
  • PL/Proxy
  • plv8
  • postgresql_anonymizer
  • postgresql_hll
  • prefix
  • temporal_tables

Cloud SQL for PostgreSQL version 17 doesn't support:

  • rdkit
  • pg_squeeze

To use these extensions and plugins in your PostgreSQL 17 instance, update your instance to the POSTGRES_17_2.R20241011.00_11 maintenance version.

To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

To start using PostgreSQL 17, see Create instances.

Cloud SQL for SQL Server

Control the file size of the tempdb database. For more information, see Manage a tempdb database.

Compute Engine

Compute Engine is enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see About disk encryption. To learn more about Cloud KMS Autokey, see Autokey overview.

Container Optimized OS

cos-117-18613-75-114

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Fixed CVE-2024-53173 in the Linux kernel.

Fixed CVE-2024-56600 in the Linux kernel.

Fixed CVE-2024-56601 in the Linux kernel.

Fixed CVE-2024-53202 in the Linux kernel.

Fixed CVE-2024-53206 in the Linux kernel.

Fixed CVE-2024-56786 in the Linux kernel.

Fixed CVE-2024-56780 in the Linux kernel.

Fixed CVE-2024-56720 in the Linux kernel.

Fixed CVE-2024-56783 in the Linux kernel.

Fixed CVE-2024-56672 in the Linux kernel.

Fixed CVE-2024-56675 in the Linux kernel.

Fixed CVE-2024-53185 in the Linux kernel.

Fixed CVE-2024-56664 in the Linux kernel.

Fixed CVE-2024-56755 in the Linux kernel.

Fixed CVE-2024-56756 in the Linux kernel.

Fixed CVE-2024-56658 in the Linux kernel.

Fixed CVE-2024-53128 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811744 -> 811796

cos-109-17800-436-4

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

This is an LTS Refresh release.

Added NVIDIA GPU drivers R560 branch. Updates both the the LATEST and R560 GPU driver label to v560.35.03.

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Fixed KCTF-35f56c5 in the Linux kernel.

Fixed CVE-2024-56720 in the Linux kernel.

Fixed CVE-2024-56783 in the Linux kernel.

Fixed CVE-2024-50146 in the Linux kernel.

Fixed CVE-2024-56756 in the Linux kernel.

Fixed CVE-2024-56675 in the Linux kernel.

Fixed CVE-2024-56755 in the Linux kernel.

Fixed CVE-2024-56672 in the Linux kernel.

Fixed CVE-2024-56658 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812258

cos-105-17412-535-16

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Fixed KCTF-35f56c5 in the Linux kernel.

Fixed CVE-2024-56745 in the Linux kernel.

Fixed CVE-2024-56720 in the Linux kernel.

Fixed CVE-2024-56780 in the Linux kernel.

Fixed CVE-2024-56694 in the Linux kernel.

Fixed CVE-2024-56739 in the Linux kernel.

Fixed CVE-2024-53151 in the Linux kernel.

Fixed CVE-2024-53146 in the Linux kernel.

Fixed CVE-2024-56606 in the Linux kernel.

Fixed CVE-2024-56614 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812690 -> 812682

cos-dev-121-18828-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.71 v25.0.7 v2.0.0 See List

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Runtime sysctl changes:

  • Changed: fs.file-max: 811795 -> 811767

cos-113-18244-291-9

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Runtime sysctl changes:

  • Changed: fs.file-max: 812027 -> 812035

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.128-debian10, 2.0.128-rocky8, 2.0.128-ubuntu18
  • 2.1.76-debian11, 2.1.76-rocky8, 2.1.76-ubuntu20, 2.1.76-ubuntu20-arm
  • 2.2.42-debian12, 2.2.42-rocky9, 2.2.42-ubuntu22

Dataproc Serverless for Spark:

  • Added support for XGBoost 2.1 in 2.2 runtime.
  • Change spark.sql.maxMetadataStringLength default value to 5000 for 1.2 and 2.2 runtimes
Generative AI on Vertex AI Google Cloud Architecture Center

Cross-Cloud Network for distributed applications: Updates to the document set to reflect feature releases over the past months.

Memorystore for Redis Cluster

You can now create a Memorystore for Redis Cluster instance that uses customer-managed encryption keys (CMEK). You can also manage instances that use CMEK.

For more information about CMEK for Memorystore for Redis Cluster, see About customer-managed encryption keys (CMEK).

Security Command Center

Security Command Center now displays the number of resources scanned for a specific security compliance standard. This information appears as a column in the table on the Compliance detail page of the Google Cloud console for a given compliance standard.

To view the number of resources scanned against a security compliance standard, see Assess compliance against a specific standard.

January 16, 2025

BigQuery

The BigQuery migration assessment for Oracle now includes a total cost of ownership (TCO) calculator that provides an estimation of compute and storage costs for migrating your Oracle data warehouse to BigQuery. This feature is in preview.

We have rearranged the navigation menu into new categories. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Identity Platform
    • identitytoolkit.googleapis.com/Config
  • KRM API Hosting
    • krmapihosting.googleapis.com/KrmApiHost
Cloud Service Mesh

1.24.2-asm.1 is now available for in-cluster Cloud Service Mesh.

You can now download 1.24.2-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.24.2 subject to the list of supported features.

  • Istio's dual-stack is not supported
  • Istio's experimental feature to enable lazy subset creation of envoy statistics is not supported.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh version 1.24.2-asm.1 uses Envoy v1.32.3.

Compute Engine

Generally available: Google Axion Processor-based C4A VMs with Titanium SSD are now generally available. Part of our general-purpose machine family, these instances come with up to 6 TiB of Titanium SSD disks. Titanium SSD is our latest generation of Local SSD. It uses Titanium I/O offload processing and offers enhanced SSD security, performance, and management.

Container Optimized OS

cos-dev-121-18827-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.71 v25.0.7 v2.0.0 See List

Upgraded nvidia-container-toolkit to v1.17.3.

Updated the Linux kernel to v6.6.71.

Added NVIDIA GPU drivers R565 branch - Updated R565 latest driver to v565.57.01.

Upgraded app-containers/docker to v25.0.7, Upgraded app-containers/docker-test to v25.0.7, Upgraded app-containers/docker-cli to v25.0.7.

Upgraded app-containers/cni-plugins to v1.6.2.

Upgraded app-admin/fluent-bit to v3.2.4.

Upgraded app-admin/google-guest-configs to v20250107.00.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2467.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2958.

Upgraded chromeos-base/shill-client to v0.0.1-r4804.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2814.

Upgraded chromeos-base/debugd-client to v0.0.1-r2723.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r654.

Upgraded dev-db/sqlite to v3.47.2.

Upgraded sys-apps/pv to v1.9.25.

Upgraded sys-apps/file to v5.46-r1.

Upgraded net-misc/socat to v1.8.0.2.

Runtime sysctl changes:

  • Changed: fs.file-max: 811786 -> 811795

cos-109-17800-372-99

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Upgraded nvidia-container-toolkit to v1.17.3.

Upgraded sys-apps/file to v5.46-r1.

Fixed CVE-2024-56780 in the Linux kernel.

Fixed CVE-2024-56763 in the Linux kernel.

Fixed CVE-2024-53146 in the Linux kernel.

Fixed CVE-2024-56694 in the Linux kernel.

Fixed CVE-2024-53151 in the Linux kernel.

Fixed CVE-2024-56688 in the Linux kernel.

Fixed CVE-2024-56745 in the Linux kernel.

Fixed CVE-2024-56739 in the Linux kernel.

Fixed CVE-2024-56606 in the Linux kernel.

Fixed CVE-2024-56614 in the Linux kernel.

Fixed CVE-2024-53096 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-53093 in the Linux kernel.

Deep Learning Containers

M127 release

  • The following framework versions have reached their end of patch and support dates:

    • Tensorflow versions 2.15 and earlier
    • PyTorch versions 2.1 and earlier
    • Base versions with CUDA 12.1 and earlier

    To view the end of patch and support dates, see Supported framework versions. Framework versions remain available for use until their end of availability date, but recent versions are strongly recommended.

Deep Learning VM Images

M127 release

  • Fixed an issue related to ownership of the home directory when using authorized ssh keys.

  • The following framework versions have reached their end of patch and support dates:

    • Tensorflow versions 2.15 and earlier
    • PyTorch versions 2.1 and earlier
    • Base versions with CUDA 12.2 and earlier

    To view the end of patch and support dates, see Supported framework versions. To create a VM instance using an image family that has reached its end of patch and support date, you must specify an image from the image family when you create the VM instance. To list images from an image family name after its end of patch and support date, include the --show-deprecated flag in your gcloud compute images list command, or select Show deprecated images when creating an instance in the Google Cloud console.

Google Cloud Architecture Center

(New guide) Implement two-tower retrieval for large-scale candidate generation: Describes how to implement an end-to-end two-tower candidate generation workflow with Vertex AI.

Google Kubernetes Engine

With minor version 1.33, GKE nodes use containerd 2.0, which removes support for Docker Schema 1 images and the CRI v1alpha2 API. GKE pauses automatic upgrades to 1.33 when it detects that a cluster uses the deprecated features. To prepare for this change, see Migrate nodes to containerd 2.

Looker

You can now provision, configure, and manage non-production instances of the Standard, Enterprise, and Embed Looker Google Cloud Core editions for staging and testing. The functionalities that are available for each non-production edition are the same as the functionalities that are available for the production editions. Non-production Looker instances also can have the same network connection types as production instances.

Vertex AI Workbench

M127 release

The M127 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Fixed an issue related to ownership of the home directory when using authorized ssh keys.

The M127 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed an issue related to ownership of the home directory when using authorized ssh keys.

M127 release

The M127 release of Vertex AI Workbench instances includes the following:

  • Fixed an issue related to ownership of the home directory when using authorized ssh keys.
Virtual Private Cloud

Private Service Connect endpoints for regional Google APIs can be configured with IPv6 addresses to support access from IPv6 clients. This feature is available in General Availability.

January 15, 2025

Apigee API hub

Resource filtering with user-Defined attributes

You can now filter API hub resources based on user-defined attributes using a REST API call. For more information, see Filter resources based on user attributes.

Validation for user-defined attributes

API hub now supports JSON schema validation for user-defined attributes. This enhancement ensures data integrity and consistency for JSON data type inputs, improving the quality and reliability of API specifications.

Cloud Composer

Starting April 13, 2025, we are removing the default environment's service account setting. This change enhances security and provides greater control over your Cloud Composer environments.

  • Previously, the default Compute Engine service account was used by default when a user didn't specify a service account during Cloud Composer creation.
  • After the change, you'll need to explicitly specify a service account when you create a new Cloud Composer environment.
  • Existing Cloud Composer environments will not be affected by this change.

To address this change:

  • We recommend to create one or more user-managed service accounts for Cloud Composer environments in your project and grant them the minimum of required permissions. For more information and instructions, see Grant roles to an environment's service account.
  • If you use Terraform, scripts or other automation and configuration management tools, then make sure to update them, so that an environment's service account is specified when you create an environment.

In April 2025, Cloud Composer 2 environments will always use the environment's service account for performing PyPI packages installations:

  • The environment's service account will be used instead.
  • Existing Cloud Composer 2 environments that previously used the default Cloud Build service account will change to using the environment's service account instead.
  • Cloud Composer 2 environments created in versions 2.10.2 and later already have this change.
  • Cloud Composer 3 environments already use the environment's service account, and are not impacted by this change.
Cloud Service Mesh

1.21.5-asm.21 is now available for in-cluster Cloud Service Mesh.

This patch release contains a fix for a bug where mixed case hosts in Gateway and TLS redirect results in stale RDS.

This patch release also contains the fix for a security vulnerability where an attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing.

For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.5-asm.21 uses Envoy v1.29.12.

1.22.7-asm.4 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for a security vulnerability where an attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.Cloud Service Mesh version 1.22.7-asm.4 uses envoy v1.30.9.

1.23.4-asm.7 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for a bug in envoy config where opencensus.proto.trace.v1.TraceConfig has been disabled by default and an issue causing VirtualService header name validation to reject valid header names.

This patch release also contains the fix for a security vulnerability where an attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing.

For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.23.4-asm.7 uses Envoy v1.31.5.

Compute Engine

The metadata server might display old physicalHost metadata if a VM experiences a host error. For more information, see known issues.

Organization Policy

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some reCAPTCHA resources. For more information, see Use custom organization policies for reCAPTCHA keys and firewall policies.

Resource Manager

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some reCAPTCHA resources. For more information, see Use custom organization policies for reCAPTCHA keys and firewall policies.

SAP on Google Cloud

Terraform support for deploying sole-tenant nodes for SAP HANA

You can use Terraform to deploy the following systems with sole-tenant nodes:

  • SAP HANA scale-up
  • SAP HANA scale-up high availability
  • SAP HANA multi-host scale-out without node anti-affinity
  • SAP HANA scale-out high availability without node anti-affinity

For more information, see Sole tenancy.

Spanner

Spanner now supports query statistics for previously executed partitioned data manipulation language (partitioned DML) statements. For more information, see Query statistics.

Virtual Private Cloud

The network profile resource and an RDMA network profile are available in General Availability. You can create a VPC network with the RDMA network profile, which lets you run AI workloads on VM instances that have RDMA network interfaces (NICs). For more information, see the following:

If you're a service producer that makes a service available through VPC Network Peering, you can migrate your service to Private Service Connect without changing the IP address that consumers use to access the service. This feature is available in Preview.

You can create an internal range with the usage type FOR_MIGRATION to migrate a CIDR range from one subnet to another. For more information, see Migrating subnet ranges. This feature is available in General Availability.

If you create a Private Service Connect backend to connect to a published service, and the producer has let you know which port the service is available on, you can include the producer port in the backend configuration.

For more information about the producer's configuration, see Producer port configuration.

Specifying the producer port in a Private Service Connect backend is available in General Availability.

reCAPTCHA

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some reCAPTCHA resources. For more information, see Use custom organization policies for reCAPTCHA keys and firewall policies.

January 14, 2025

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Resource Manager
    • cloudresourcemanager.googleapis.com/Lien

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Cloud Next Generation Firewall Enterprise
    • networksecurity.googleapis.com/AddressGroup
Cloud Run

You can now deploy multiple containers (sidecars) to a Cloud Run job. (In Preview)

Cloud SQL for MySQL

You can now migrate data from Microsoft Azure to Cloud SQL. For more information, see Configure Cloud SQL and the external server for replication.

Cloud SQL for PostgreSQL

You can now migrate data from Microsoft Azure to Cloud SQL. For more information, see Configure Cloud SQL and the external server for replication.

Confidential Space

A new Confidential Space image (250100) is now available.

Updated default TPM Dictionary Lockout parameters. This change should significantly reduce the chance for users to get into the TPM lockout state.

Changed the default OOM score for the workload container.

Added retry logic when pulling the workload image and calling the Confidential Computing API.

Improved the logging and monitoring experience. Added CPU metric monitoring to the image.

Google Kubernetes Engine

(2025-R02) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1488000
    • 1.29.12-gke.1126000
    • 1.30.8-gke.1128000
    • 1.30.8-gke.1133000
    • 1.31.4-gke.1249000
    • 1.32.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1162000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.

Regular channel

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.29.10-gke.1280000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.31.1-gke.2105000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1051000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.3-gke.1162000 with this release.

Stable channel

  • Version 1.30.5-gke.1713000 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1020000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1713000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1713000 with this release.

Extended channel

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2142000
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.29.10-gke.1280000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.31.1-gke.2105000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.3-gke.1162000 with this release.

No channel

(2025-R02) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1488000
    • 1.29.12-gke.1126000
    • 1.30.8-gke.1128000
    • 1.30.8-gke.1133000
    • 1.31.4-gke.1249000
    • 1.32.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1162000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.

(2025-R02) Version updates

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.29.10-gke.1280000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.31.1-gke.2105000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1051000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.3-gke.1162000 with this release.

(2025-R02) Version updates

  • Version 1.30.5-gke.1713000 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1020000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1713000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1713000 with this release.

(2025-R02) Version updates

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2142000
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.29.10-gke.1280000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.31.1-gke.2105000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.3-gke.1162000 with this release.

(2025-R02) Version updates

Google SecOps

The following rules have been removed from their associated rule packs in Curated Detections due to high alert volume across the Google SecOps customer base:

  • Cloud Threats - CDIR SCC Enhanced Defense Evasion Alerts:
    • SCC: Modify VPC Service Control with GCE Activity from the Restricted Resource
    • SCC: Modify VPC Service Control with Activity from the Restricted Service
  • Linux Threats - OS Privilege Escalation Tools:
    • Sensitive File Discovery
    • Last Login Users
    • Whoami Commands
  • Windows Threats - Initial Access:
    • NetLogon AD System Event
  • Risk Analytics for UEBA - Login to an Application Never Before Seen for a User Group:
    • First Time User Login Activity to Application for Manager Peer Group
  • Risk Analytics for UEBA - Login from Country Never Before Seen for a User Group:
    • First Time User Login Activity from Country for Manager Peer Group

The rule "SCC: Unexpected Child Shell" has been moved from the rule pack "Cloud Threats - CDIR SCC Enhanced Malware Alerts" to "Cloud Threats - CDIR SCC Enhanced Execution Alerts"

Google SecOps SIEM

The following rules have been removed from their associated rule packs in Curated Detections due to high alert volume across the Google SecOps customer base:

  • Cloud Threats - CDIR SCC Enhanced Defense Evasion Alerts:
    • SCC: Modify VPC Service Control with GCE Activity from the Restricted Resource
    • SCC: Modify VPC Service Control with Activity from the Restricted Service
  • Linux Threats - OS Privilege Escalation Tools:
    • Sensitive File Discovery
    • Last Login Users
    • Whoami Commands
  • Windows Threats - Initial Access:
    • NetLogon AD System Event
  • Risk Analytics for UEBA - Login to an Application Never Before Seen for a User Group:
    • First Time User Login Activity to Application for Manager Peer Group
  • Risk Analytics for UEBA - Login from Country Never Before Seen for a User Group:
    • First Time User Login Activity from Country for Manager Peer Group

The rule "SCC: Unexpected Child Shell" has been moved from the rule pack "Cloud Threats - CDIR SCC Enhanced Malware Alerts" to "Cloud Threats - CDIR SCC Enhanced Execution Alerts"

Looker

We're excited to announce a new series of quickstarts in the official Looker (Google Cloud core) documentation. This set of quickstarts walks users through all the procedures they need to get up and running with Looker. The quickstarts use the sample LookML project that is automatically configured on Looker (Google Cloud core) instances so that users can use Looker immediately.
Here are the links to the new quickstarts (and overview):

These quickstarts were inspired by the Looker Basics for New Customers webinar, which is free and available to all.

Vertex AI Agent Builder

Vertex AI Search: gemini-1.5-flash-001/answer_gen/v2 for healthcare

The gemini-1.5-flash-001/answer_gen/v2 model is available for answer generation in healthcare search apps.

For more information, see Available models.

Virtual Private Cloud

VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. This feature is available in General Availability. To enable VPC Flow Logs for VLAN attachments and Cloud VPN tunnels, see Configure VPC Flow Logs.

January 13, 2025

Apigee Advanced API Security

On January 13, 2025 we released an updated version of Apigee's Shadow API Discovery.

Shadow API Discovery latency improvements

This release improves Shadow API Discovery and removes the latency impact on load balancers previously documented as part of Shadow API Discovery enablement.

For more information on Shadow API Discovery, see the Shadow API Discovery customer documentation.

Application Integration

Config variables pane (Preview)

You can now view and edit all the config variables defined within your integration using the new Config Variables pane. For more information, See View and edit config variables.

BigQuery

In BigQuery ML, you can now forecast multiple time series at once by using the new TIME_SERIES_ID_COL option that is available in ARIMA_PLUS_XREG multivariate time series models. Try this feature with the Forecast multiple time series with a multivariate model tutorial.

This feature is in preview.

You can now use BigQuery Omni Virtual Private Cloud (VPC) allowlists to restrict access to AWS S3 buckets and Azure Blob Storage from specific BigQuery Omni VPCs. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.51.1 (2025-01-10)

Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.50.0 (#2464) (d63dd43)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#2461) (ed24b4c)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#2460) (35c979f)

Python

Changes for google-cloud-bigtable

2.28.0 (2025-01-08)

Features
Cloud Data Fusion

The SAP SuccessFactors plugin version 1.2.4 is available in Cloud Data Fusion version 6.8.0 and later. This release lets you use OAuth 2.0 for ODATA API authentication (PLUGIN-1741).

Cloud Database Migration Service

Database Migration Service now supports Microsoft Azure sources for MySQL and PostgreSQL homogeneous migrations to Cloud SQL.

For more information, see Supported source and destination databases.

Cloud Logging

You can now create analytics views, which let you transform your log data into a custom format. You can then use SQL to query your analytics views. This feature is in Public Preview. For more information, see the following documents:

Cloud Run

The principal (user or service account) creating or updating a Cloud Run resource now needs explicit permission to access the container image(s). When using Artifact Registry, ensure the principal has the Artifact Registry Reader (roles/artifactregistry.reader) IAM role on the project or repository containing the container image(s) to deploy.

Cloud SQL for MySQL

As of January 13, 2025, the legacy configuration for high availability (HA) is deprecated for all Cloud SQL for MySQL instances. You can no longer create instances with the legacy HA configuration, and you can no longer enable the legacy HA configuration on existing instances. In addition, after January 13, 2025, legacy HA instances are no longer covered by the Cloud SQL SLA.

We recommend that you update your remaining legacy HA instances as soon as possible to the current HA configuration. You can do so by following the instructions in Update an instance from legacy to current high availability.

Starting on May 1, 2025, Cloud SQL will begin updating any instances that use the legacy high availability configuration to use the current regional persistent disk-based high availability configuration automatically.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.15.0 (2024-12-20)

Features
  • Add ability to configure and utilize soft-delete and restore buckets (#2566) (25cdbb9)

Go

Changes for storage/internal/apiv2

1.50.0 (2025-01-09)

Features
  • storage/internal: Add new appendable Object to BidiWrite API (2e4feb9)
  • storage/internal: Add new preview BidiReadObject API (2e4feb9)
  • storage: Add support for gRPC bi-directional multi-range reads. This API is in private preview and not generally and is not yet available for general use. (#11377) (b4d86a5)
  • storage: Add support for ReadHandle, a gRPC feature that allows for accelerated resumption of streams when one is interrupted. ReadHandle requires the bi-directional read API, which is in private preview and is not yet available for general use. (#11377) (b4d86a5)
  • storage: Support appendable semantics for writes in gRPC. This API is in preview. (#11377) (b4d86a5)
  • storage: Refactor gRPC writer flow (#11377) (b4d86a5)
Bug Fixes
  • storage: Add mutex around uses of mrd variables (#11405) (54bfc32)
  • storage: Return the appropriate error for method not supported (#11416) (56d704e)
Documentation
  • storage/internal: Add IAM information to RPC comments for reference documentation (2e4feb9)
  • storage: Add preview comment to NewMultiRangeDownloader (#11420) (4ec1d66)

Java

Changes for google-cloud-storage

2.47.0 (2025-01-08)

Features
  • Add MoveObject RPC (34b8ac4)
  • Introductory beta level support for OpenTelemetry tracing on c.g.c.storage.Storage methods (#2837) (dd889ea)
Bug Fixes
  • De-beta storage-v2 artifacts (#2852) (77a2e8a)
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (34b8ac4)
  • Fix interrupt spiral in grpc ReadObject drainQueue (#2850) (c1dac83)
  • Update request handling of gRPC based CopyWriter (#2858) (093cb87)
Dependencies
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.51.0 (#2860) (980ac4e)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#2864) (b731c06)
  • Update sdk-platform-java dependencies (#2866) (562df7f)
Container Optimized OS

cos-117-18613-75-102

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Upgraded nvidia-container-toolkit to v1.17.3.

Upgraded sys-apps/file to v5.46-r1.

Upgraded net-misc/socat to v1.8.0.2.

Fixed CVE-2024-56688 in the Linux kernel.

Fixed CVE-2024-56745 in the Linux kernel.

Fixed CVE-2024-53146 in the Linux kernel.

Fixed CVE-2024-56760 in the Linux kernel.

Fixed CVE-2024-53151 in the Linux kernel.

Fixed CVE-2024-56729 in the Linux kernel.

Fixed CVE-2024-56763 in the Linux kernel.

Fixed CVE-2024-56614 in the Linux kernel.

Fixed CVE-2024-56694 in the Linux kernel.

Fixed CVE-2024-56739 in the Linux kernel.

Fixed CVE-2024-56606 in the Linux kernel.

Fixed CVE-2024-53096 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811756 -> 811744

cos-113-18244-291-3

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

This is an LTS refresh release.

Upgraded nvidia-container-toolkit to v1.17.3.

Upgraded app-admin/google-osconfig-agent to v20240927.00.

Upgraded sys-apps/file to v5.46-r1.

Upgraded net-misc/socat to v1.8.0.2.

Upgraded dev-python/configobj to v5.0.9.

Upgraded dev-libs/nss to v3.105.

Fixed CVE-2024-53096 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812045 -> 812027

cos-105-17412-535-6

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

This is an LTS Refresh release.

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Upgraded sys-apps/file to v5.46-r1.

Fixed a kernel crash that occurred when running some BPF programs.

Runtime sysctl changes:

  • Changed: fs.file-max: 812681 -> 812690

Dataproc

Dataproc Serverless for Spark: On March 10, 2025, the Dataproc Resource Manager API will be enabled as part of General Availability (GA) for Dataproc Serverless 3.0+ versions.

User action will not be required in response to this API enablement change.

The Dataproc Resource Manager will be implemented as a stand-alone Google Cloud API, dataprocrm.googleapis.com. It will allow Dataproc distributions of open source software, ,particularly Apache Spark, to directly communicate resource requirements.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.25.2 (2025-01-09)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.1 (90d8b30)
  • Fix emulator command arg data-dir (#1695) (9d53195)
Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.49.0 (#1693) (8160c28)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#1703) (bf9537f)
  • Update dependency com.google.guava:guava-testlib to v33.4.0-jre (#1694) (b91a2af)
Google Cloud Deploy

You can now connect to your GKE cluster's DNS-based endpoint, simplifying networking configuration when talking to private clusters from Cloud Deploy. Learn more.

Google Cloud VMware Engine

VMware Engine ve1 nodes are now available in the following additional region:

  • Paris, France (europe-west9-b)
Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.136.0 (2025-01-10)

Features
  • Add Kafka-based sources to IngestionDataSourceSettings proto and IngestionFailureEvent proto (2947169)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.1 (9c166f7)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.45.0 (#2292) (79a8982)
  • Update dependency com.google.cloud:google-cloud-storage to v2.46.0 (#2291) (7b60884)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#2301) (53c1a8a)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.29.2 (#2294) (48d4ac1)
  • Update dependency org.assertj:assertj-core to v3.27.2 (#2296) (e5b68a5)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#2298) (16e0144)

Python

Changes for google-cloud-pubsub

2.27.2 (2025-01-06)

Bug Fixes
  • Handle TransportError Exceptions thrown from gapic_publish (#1318) (0e058c7)
Security Command Center

A new error code, AWS_ACTIVE_COLLECTOR_ACCOUNTS_NOT_FOUND, is available in the AWS connector in Security Command Center. Additional guidance is available to help troubleshoot the 'AWS_FAILED_TO_ASSUME_DELEGATED_ROLE' error.

Sensitive Data Protection

The FRANCE_DRIVERS_LICENSE_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The TAIWAN_ID_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

January 12, 2025

Cloud Composer

Starting after April 13, 2025, Cloud Composer 3 will unify its billing with BigQuery. The Cloud Composer 3 standard milli DCU-hours SKU will be replaced with the new BigQuery Engine for Apache Airflow SKU, which will be calculated based on the number of BigQuery slot hours that your Cloud Composer 3 environments consume. Other SKUs will be renamed and moved under the BigQuery hierarchy. The change will be rolled out gradually to all regions supported by Cloud Composer 3. For more information about the change, see Transition to BigQuery slot-hour-based pricing.

Google SecOps SOAR

Release 6.3.29 is now in General Availability.

January 11, 2025

Google SecOps

Playbook names must now be unique across all SOAR environments, as part of updates to support future features. For customers with existing playbooks in different environments that have the same name, there is no need to manually change names. However, the next time you edit one of these playbooks, you will be asked to change the name before you save.

The user must log in to the Google SecOps platform with the exact same IdP group name as entered in the Settings screen.

Google SecOps SOAR

Release 6.3.30 is currently in Preview.

Playbook names must now be unique across all SOAR environments, as part of updates to support future features. For customers with existing playbooks in different environments that have the same name, there is no need to manually change names. However, the next time you edit one of these playbooks, you will be asked to change the name before you save.

January 10, 2025

Cloud Composer

(Cloud Composer 3) New metrics are available for Cloud Composer 3 environments:

  • CPU quota limit for Cloud Composer workloads
  • CPU quota usage for Cloud Composer workloads

(Cloud Composer 3) You can now use custom certificates when installing packages from your private repository. This change is gradually rolled out to all Cloud Composer 3 environments. To obtain this change earlier, upgrade the Airflow build of your environment.

The issue with automatic environment upgrades and upgrading Airflow builds in Cloud Composer 3 is resolved and these operations are working. If you think that your environment is still impacted by this issue, please reach out to the Cloud Support team.

(New Cloud Composer 2 environments only) Cloud Composer 2 environments in versions 2.10.2 and later always use the environment's service account for performing PyPI packages installations. This change applies only to newly created environments, existing environments that are upgraded to 2.10.2 and later versions will not get this change.

(Cloud Composer 3 only) The /data folder is now synchronized with Airflow triggerers.

(Available without upgrading) Improved the error message generated when the Cloud Composer Service Agent service account is missing permissions on the project or on the environment's service account.

(Cloud Composer 2) Cloud Composer 2 environments that use PSC interfaces will no longer try to allocate IP ranges for VPC peerings in the tenant project. Environments that use PSC instead of VPC peerings do not use these ranges. This fixes a problem where these ranges overlapped with ranges used for the PSC subnetwork.

The Redis persistent disk is now automatically deleted together with the environment. This persistent disk is used by the Redis queue and stores only technical data.

Fixed an issue where the user-defined Cloud DNS configuration for Google API domains would break Cloud Composer 3 environment creation and attachment of VPC networks.

The worker_autoscale Airflow configuration option is blocked in Cloud Composer 2. Previously, it was blocked only in Cloud Composer 3.

Fixed a problem with the interpolation of pip.conf file. Now the pip.conf file is not interpolated and can contain unescaped % characters.

Removed the warning log message about in-memory storage because it doesn't apply to Cloud Composer.

The importlib-resources package was removed from preinstalled packages.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.5 (default)
  • composer-3-airflow-2.9.3-build.12

New images are available in Cloud Composer 2:

  • composer-2.10.2-airflow-2.10.2 (default)
  • composer-2.10.2-airflow-2.9.3

Cloud Composer 2.10.1 is a version with an extended upgrade timeline.

Cloud Composer version 2.5.4 has reached its end of support period.

Cloud Service Mesh

The CVE fix for GCP-2024-065 has rolled out to all channels.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.127-debian10, 2.0.127-rocky8, 2.0.127-ubuntu18
  • 2.1.75-debian11, 2.1.75-rocky8, 2.1.75-ubuntu20, 2.1.75-ubuntu20-arm
  • 2.2.41-debian12, 2.2.41-rocky9, 2.2.41-ubuntu22
Retail API

Vertex AI Search for commerce: Renamed in the console and documentation

Vertex AI Search for retail is renamed as Vertex AI Search for commerce. The Google Cloud console and the documentation at cloud.google.com have been updated to reflect the rename. In the console, look for Search for Commerce.

Spanner

Monitor and troubleshoot queries that are running in your Spanner instance. Active queries are long-running queries that might affect the performance of your instance. Monitoring these queries can help you identify causes of instance latency and high CPU usage. For more information, see Monitor active queries.

VPC Service Controls

Preview stage support for the following integration:

January 09, 2025

Apigee X

On January 9, 2025, we released an updated version of Apigee (1-14-0-apigee-3).

Bug ID Description
365406457 Implemented fix to optimize CPU usage and close sockets when needed.
382967738, 383113773 Fixed security vulnerability in PythonScript policy.
382883585 Fixed security vulnerability in JavaCallout policy.
N/A Updates to security infrastructure and libraries.
Apigee hybrid

hybrid 1.14.0-hotfix.1

On January 9, 2025 we released an updated version of the Apigee hybrid software, 1.14.0-hotfix.1.

Instructions:

To install 1.14.0-hotfix.1:

  1. In your overrides.yaml file update the value of metrics.sdSidecar.image.tag to 0.10.0. Add the following stanza:

    metrics:
  sdSidecar:
    image:
      url: "gcr.io/apigee-release/hybrid/apigee-stackdriver-prometheus-sidecar"
      tag: "0.10.0"

  2. Apply the changes to the apigee-telemetry chart:

    1. Dry run:

      helm upgrade telemetry apigee-telemetry/ \
  --install \
  --namespace APIGEE_NAMESPACE \
  --atomic \
  -f overrides.yaml \
  --dry-run=server

    2. Install the chart:

      helm upgrade telemetry apigee-telemetry/ \
  --install \
  --namespace APIGEE_NAMESPACE \
  --atomic \
  -f overrides.yaml

    3. Verify the change by checking its state:

      kubectl -n APIGEE_NAMESPACE get apigeetelemetry apigee-telemetry
Bug ID Description
367681534 Tagging apigee-stackdriver-prometheus-sidecar to prevent removal from customer repos after 2 years due to infrequent updates.
Cloud Composer

January 10, 2025 update: The issue is resolved.

(Cloud Composer 3 only) We are currently experiencing an issue with automatic environment upgrades and upgrading Airflow builds for Cloud Composer 3 in asia-south1, europe-west1, and asia-northeast2 regions.

The upgrades are temporarily disabled as we continue our work to restore the listed functionalities. We will release an additional announcement after the issue is resolved.

In January 2025, we will delete inactive Cloud Composer 1 environments that are non-recoverable. Environments that have both of the following problems present at the same time will be deleted:

  • The environment's underlying GKE cluster is deleted.
  • The environment is in the ERROR state for at least 60 days because of a disabled billing account or because the Cloud Composer API service was deactivated in its project.

This change doesn't affect buckets of these environments. You can still recover your DAGs and other data from the environment's bucket and then delete the bucket manually. See Delete environments for information about data that is not deleted automatically together with the environment.

Cloud Database Migration Service

Database Migration Service now supports public IP allowlist network connectivity for all homogeneous and heterogeneous migrations to AlloyDB for PostgreSQL. For more information, see:

Cloud Workstations

Cloud Workstations support for cloning of persistent directories is generally available (GA). For more information, see Clone a workstation. For reference information, see REST workstations and RPC google.cloud.workstations.v1.

Dialogflow

Dialogflow CX (Conversational Agents): Dialogflow CX has launched a new feature that allows you to auto-generate and auto-translate Intent training phrases, Entity synonyms, and Fulfillment phrases in the language of your choice. See the documentation for details.

Dialogflow CX (Conversational Agents): You can now require a full match for banned phrases in addition to a partial match. If enabled, a full match requires the input to be matched exactly in order to trigger a ban. For more information about setting banned phrases, see the documentation.

Dialogflow CX (Conversational Agents): Service directory support is now enabled for flexible webhooks. See the webhooks documentation for details.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.900-gke.181 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.900-gke.181 runs on Kubernetes v1.29.11-gke.300.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

  • Fixed an issue where customer workloads with high resource requests triggered irrelevant resource validation warnings.

  • Fixed an issue where a race condition during migration caused admin add-on nodes to get stuck at a NotReady status.

  • Fixed an issue where the VM template used for the HA admin control plane node repair isn't refreshed in vCenter after an upgrade.

The following high-severity container vulnerabilities are fixed in 1.29.900-gke.181:

Google Kubernetes Engine

A security issue impacted resources in VPCs with GKE Multi-Cluster Gateway (MCG) configured. MCG is an optional feature that is used by a small subset of GKE customers. We are individually notifying customers who had the feature enabled during that time period.

For more details, see the GCP-2025-001 security bulletin.

Looker Studio

Increased field count limits for Looker

You can now include up to 100 dimensions and up to 100 metrics in table charts that are connected to a Looker data source.

Warnings for external links

When users click an external link, Looker Studio displays a redirect notice.

Vertex AI Agent Builder

Vertex AI Search: View widget metrics on the Analytics page (GA with allowlist)

You can view metrics from the widget on the Analytics page.

This feature is available to select Google Cloud customers (GA with allowlist). For more information, see View search analytics.

January 08, 2025

Google Cloud Contact Center as a Service

Version 3.29 Patch 1

This Patch 1 of version 3.29.

Fixed an issue with the Zendesk CRM where the queue name field was not populated for chats.

Fixed the Twilio webhook order for multi-region instances.

Fixed an issue with Alvaria Workforce integration where the Alvaria Agent Productivity file was showing incorrect dates.

Looker

Looker 25.0 is expected to include the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, January 20, 2025

  • Expected Looker (original) final deployment and download available: Thursday, January 30, 2025

  • Expected Looker (Google Cloud core) deployment start: Tuesday, January 21, 2025

  • Expected Looker (Google Cloud core) final deployment: Tuesday, February 4, 2025

Note: All dates were updated on January 16, 2025. The introductory sentence was updated on January 29, 2025.

The LookML Validator no longer supports the Liquid variables base_view, explore, model, and view without an underscore in the prefix. The variables _base_view, _explore, _model, and _view are supported.

An issue has been fixed where Looker failed to include some required fields in queries. Queries that use fields with Liquid references to other fields may now include additional fields.

Extensions can no longer be accessed outside of the sandboxed iframe.

Custom visualizations can no longer be accessed outside of the sandboxed iframe.

The Liquid divided_by filter now performs floating point number division instead of integer division when the inputs are integers. For example, 1 | divided_by: 2 will now return 0.5 instead of 0.

The Redshift driver now configures TCP keep-alives to make long-running queries more reliable.

The Open SQL Interface feature now supports Explores that use the conditionally_filters parameter. Previously disabled Explores are now enabled.

The Chart Config Editor now supports conditional data formatters, which let you compare data values to other measure values.

The manage_spaces permission can now be granted to embed users. Note: This item was updated on January 15, 2025.

The Chart Config Editor now supports comparing data values to the mean value for a series.

The Looker–Power BI Connector now provides the option to show or display hidden fields when connecting to a Looker Explore.

Local Project Import is now removed from Looker Labs and is now a generally available feature on both Looker (Google Cloud core) and Looker (original). Note: This item was updated on January 27, 2025.

An issue has been fixed where date filters could switch to is in the past when selected.

An issue has been fixed where the file explorer search bar could be cut off when a tile was saved to a dashboard.

An issue has been fixed where the LookML Validator could fail to catch circular references in Liquid.

An issue has been fixed where the search bar in the embed navigation sidebar could be cut off.

An issue has been fixed where a user could sudo as another user and use their OAuth token to connect to a database.

An issue has been fixed where the Chart Config Editor could incorrectly match strings with spaces.

An issue has been fixed where using the Update Project API endpoint could return a 500 error.

An issue has been fixed where rendered jobs could become indefinitely queued if they were created while a cluster node was starting up.

An issue has been fixed where incorrect dashboard LookML could cause the IDE to fail to display the project.

An issue has been fixed where deleting a board opened a possibility for HTML injection.

An issue has been fixed where unnecessary data was included in the dashboard:tile:explore event for embedded dashboards.

The ability to kill BigQuery queries from Looker has been reintroduced.

An issue has been fixed where incremental PDT builds with multiple SQL statements could partially succeed. Now, if one statement fails, the build fails.

An issue has been fixed where URL parameters could be lost on page load for dashboards with merge query tiles.

An issue has been fixed where the Reset All Column Widths button didn't work as expected in drill windows.

An issue has been fixed where the LookML Validator would return a 500 error if a dimension referenced a measure in the required_fields parameter.

An issue has been fixed where a dashboard filter could get truncated if its location was set to right in a LookML dashboard.

An issue has been fixed where an exact date filter could prevent Looker from optimizing an aggregate table.

An issue has been fixed where the Get LookML endpoint could fail to return the list of Explores if certain localization settings were enabled.

An issue has been fixed where setting the dashboard auto-refresh interval to 0 seconds could cause the dashboard to disappear from folders.

When you're setting up a project in Looker using GitLab, the links to GitLab's SSH key settings will be updated.

LookML dashboards that use a static layout now render a PDF with the correct height.

An issue has been fixed where dashboard element IDs for dashboard elements on LookML dashboards were not consistently displayed in System Activity queries.

An issue has been fixed where non-ASCII characters in filenames could cause Git errors.

An issue has been fixed where item charts were unable to recognize custom measures as measures.

The list of Persistent Derived Tables shown under Databases is now filtered to include only PDTs for connections where the viewer has the see_pdts permissions on an associated model.

An issue has been fixed where queries would fail after a dashboard was edited and rerun with different filter values without the page being refreshed.

An issue has been fixed where certain errors in the Chart Config Editor would not be displayed until query runtime.

Overwriting an existing user-defined dashboard using the import_dashboard_from_lookml endpoint no longer removes the existing dashboard from boards or favorites.

An issue has been fixed where malformed legends or titles could cause an entire PDF download to fail.

An issue has been fixed where the Git Actions and Advanced Deploy tabs could be displayed on projects where they were not enabled.

An issue has been fixed where disabling an action might not have disabled all schedules that used the action.

The unstyled, transparent, and gray table themes now correctly apply in PDF downloads when the Expand tables to show all rows option is selected.

An issue has been fixed where toggling between settings on the Edit Actions page would not save user input.

The links to the API Explorer installation guides on the Admin API page have been fixed.

An issue has been fixed where the collapse icon in dashboard tile notes could be displayed in rendered PDFs.

An issue has been fixed where the Chart Config Editor could render stale query data after changes were made to an Explore.

An issue has been fixed where a locale value of fr would resolve to fr-CA instead of fr-FR, leading to incorrectly translated text.

Invalid hex codes now resolve to a default black color when data from a dashboard tile is downloaded as an Excel spreadsheet with visualization options applied.

When the Labs feature New Explore & Look Saving is enabled, an embed user who does not have permissions to see the Shared folder will no longer be able to see the Shared folder. (Note: This information was updated on January 10, 2025.)

Embed theme colors now correctly apply to drop-down menus in Explores.

An issue has been fixed where date filters and map visualizations did not reflect the locale setting.

An issue has been fixed where some scheduled jobs could fail without sending a failure email to the schedule owner.

An issue has been fixed where merge queries could not be added when totals were enabled.

The Looker–Power BI Connector is now deployed in the Microsoft PowerBI Service. This means that the Power BI Service can now connect to data from a Looker Explore without setting up an on-premises gateway and without having to configure folder permissions. (For Power BI Desktop, you still need to perform a custom installation, as described in the Looker–Power BI Connector documentation.) Note: This item was added on January 16, 2025.

Google Cloud Core instances now support the Looker Mobile app. To get started, enable the mobile app on your Looker instance.

An issue has been fixed where Google Cloud MySQL and PostgreSQL dialects incorrectly reported that they did not support Application Default Credentials.

An issue has been fixed where users could not log in to Google Cloud Core instances using private embed when Google Auth was enabled.

A new Labs feature, Content Validator Scoping, allows developers to scope a Content Validator job to a specific content folder and specific LookML projects. Note: This Labs feature will be available on Looker instances on February 4, 2025. This item was updated on January 27, 2025.

reCAPTCHA

reCAPTCHA express is now available in GA. For more information, see Set up reCAPTCHA express.

January 07, 2025

Apigee Advanced API Security

On January 7, 2024 we released a new version of Advanced API Security Abuse Detection.

API key drill down details are now available in the preview release of Advanced API Security Abuse Detection incidents.

This new functionality allows viewing details of detected abuse by the API key used to access the API.

For usage information, see the Abuse Detection customer documentation for incident details.

Batch

You can use the Google Cloud console to create jobs that use GPUs.

Google Cloud Contact Center as a Service

Version 3.30 is released

All release notes published on this date are part of version 3.30.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Cascade conditions

You can add cascade conditions such as SLA, agent availability, and queue length to your cascade group logic. This capability is not available in version 3.30. We expect to include it in an upcoming release.

Support for call waiting in wrap-up

We now support call waiting in the agent adapter during wrap-up.

Configure transfer limit for chats

You can set a limit on the number of times a chat session can be transferred. In addition, you can determine an agent's options when the limit had been reached. You can disable the transfer button or specify a queue for one final transfer. For more information, see Configure transfer limits for chats.

Web forms for chat

You can create data-collection forms that agents can present to end-users using the agent adapter. For more information, see Data collection forms.

Support for additional languages

We've added support for seven additional languages, as follows:

  • Agent facing and end-user facing languages: Croatian, Hindi, Romanian, Russian, Ukrainian, and Tagalog .
  • End-user facing language: English (India).

For more information, see Supported languages.

Greater control over custom data

You have greater control over the types of SDK custom data that is sent to session metadata files and CRM records and that is displayed in the agent adapter. You can control these at the global and at the queue level. For more information, see Send SDK custom data.

Agents can select the queue for outbound calls

You can configure your instance so that agents can select the queue that they want to use when making an outbound call.

Direct SMS numbers

You can assign direct SMS numbers to agents, allowing end-users to send SMS text messages directly to agents without passing through a queue.

Short call recovery timer is shortened

After a short call, the countdown timer to available status is reduced from 180 seconds to 15 seconds. For more information, see Scheduled calls.

Configure wrap-up separately for inbound and outbound calls

You can now configure wrap-up separately for inbound and outbound calls, both globally and at the queue level. For more information, see Wrap-up settings.

Fixed errors in smart compose and in spelling and grammar.

Fix an issue where an agent extension continued to appear in the Complete List of Users CSV file even after it was removed from an instance.

Fixed an issue where YouTube data was missing from the billing report.

Fixed copy and paste in the agent adapter.

Fixed an issue where an email JSON file was re-uploaded to a Google Cloud Storage bucket when it already existed there.

Fixed NICE WFM data export so it has consistent naming conventions.

Fixed the NICE WFM Daily Activity Data Summary report to be generated at 12:00 AM in the configured timezone

Added AgentValue to the NICE WFM reports.

Fixed an issue where wait times were incorrectly represented as handle times in reports.

Fixed an issue where chats were not connecting when an Android app sent signed custom data with an empty payload.

Fixed an issue where the queued chat dashboard showed the source queue instead of the destination queue.

Fixed an issue where the Extension Number field disappeared from the User & Team Settings page.

Fixed a problem with the user interface for ServiceNow Next Experience.

Fixed an issue where phone number DAPs weren't handled properly for inbound Telnyx SIP calls.

Fixed an issue where the queue name field was empty for chats and emails in Zendesk.

Adjusted the agent inclusion criteria in billing for Co-browse.

Fixed an issue with Alvaria WFM where the productivity file contained the incorrect dates.

Improved queue settings page performance.

Google Distributed Cloud (software only) for VMware

The original 1.31.0-gke.889 release notes stated incorrectly that the GKE Identity Service allows TLS 1.1 and higher connections, by default. Here is the correct change description:

  • GKE Identity Service now requires that all HTTPS connections use transport layer security (TLS) 1.2 or 1.3. For versions 1.31.0 and higher, TLS 1.1 is disabled by default, however it can be re-enabled if needed.

    If you require support for TLS 1.1, reach out to Cloud Customer Care for assistance.

The 1.31.0-gke.889 release notes have been updated to reflect the correct default behavior.

Google Distributed Cloud (software only) for bare metal

Release 1.29.900-gke.180

Google Distributed Cloud for bare metal 1.29.900-gke.180 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.900-gke.180 runs on Kubernetes 1.29.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.

The following container image security vulnerabilities have been fixed in 1.29.900-gke.180:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

The original 1.31.0-gke.889 release notes stated incorrectly that the GKE Identity Service allows TLS 1.1 and higher connections, by default. Here is the correct change description:

  • GKE Identity Service now requires that all HTTPS connections use transport layer security (TLS) 1.2 or 1.3. For versions 1.31.0 and higher, TLS 1.1 is disabled by default, however it can be re-enabled if needed.

    If you require support for TLS 1.1, reach out to Cloud Customer Care for assistance.

The 1.31.0-gke.889 release notes have been updated to reflect the correct default behavior.

Google Kubernetes Engine

(2025-R01) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.28.15-gke.1388000
    • 1.28.15-gke.1435000
    • 1.29.10-gke.1280000
    • 1.29.11-gke.1012000
    • 1.29.11-gke.1045000
    • 1.29.12-gke.1055000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.30.7-gke.1136000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1006000
    • 1.31.3-gke.1056000
    • 1.31.3-gke.1121001
    • 1.31.3-gke.1162000
    • 1.31.4-gke.1072000
    • 1.31.4-gke.1177000
    • 1.32.0-gke.1358000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1183000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.0-gke.1448000 with this release.

Regular channel

  • Version 1.30.6-gke.1596000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1159000
    • 1.29.10-gke.1227000
    • 1.30.6-gke.1125000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.6-gke.1596000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.

Stable channel

Extended channel

  • Version 1.30.6-gke.1596000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1836000
    • 1.27.16-gke.2027000
    • 1.27.16-gke.2051000
    • 1.28.15-gke.1159000
    • 1.29.10-gke.1227000
    • 1.30.6-gke.1125000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2081000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.

No channel

(2025-R01) Version updates

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.28.15-gke.1388000
    • 1.28.15-gke.1435000
    • 1.29.10-gke.1280000
    • 1.29.11-gke.1012000
    • 1.29.11-gke.1045000
    • 1.29.12-gke.1055000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.30.7-gke.1136000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1006000
    • 1.31.3-gke.1056000
    • 1.31.3-gke.1121001
    • 1.31.3-gke.1162000
    • 1.31.4-gke.1072000
    • 1.31.4-gke.1177000
    • 1.32.0-gke.1358000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1183000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.0-gke.1448000 with this release.

(2025-R01) Version updates

  • Version 1.30.6-gke.1596000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1159000
    • 1.29.10-gke.1227000
    • 1.30.6-gke.1125000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.6-gke.1596000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.

(2025-R01) Version updates

(2025-R01) Version updates

  • Version 1.30.6-gke.1596000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1836000
    • 1.27.16-gke.2027000
    • 1.27.16-gke.2051000
    • 1.28.15-gke.1159000
    • 1.29.10-gke.1227000
    • 1.30.6-gke.1125000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2081000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.

(2025-R01) Version updates

Google SecOps Google SecOps SIEM Service Health

Added stable UUIDs for Google Cloud products to use in API calls and alerting policies.

January 06, 2025

Apigee Advanced API Security

On January 6, 2025 we released an updated version of Advanced API Security.

UI support for environment-level client IP address resolution

This release introduces the ability to view the client IP address resolution setting for an environment in the Apigee Console.

For more information and usage instructions, see the Client IP resolution customer documentation.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for logging/apiv2

1.13.0 (2025-01-02)

Features
  • logging: Change go gapic transport to grpc+rest in logging (#11289) (a5f250b)
Bug Fixes
  • logging: Update golang.org/x/net to v0.33.0 (e9b0b69)
  • logging: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • logging: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Cloud Tasks

To help ensure CMEK usage across an organization, Cloud Tasks is integrated with two organization policy constraints.

Container Optimized OS

cos-dev-121-18808-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.68 v25.0.2 v2.0.0 See List

Upgraded app-containers/cni-plugins to v1.6.1.

Upgraded app-admin/fluent-bit to v3.2.2.

Updated app-admin/google-guest-configs to v20241205.00.

Upgraded chromeos-base/shill-client to v0.0.1-r4790.

Upgraded net-libs/libtirpc to v1.3.6.

Upgraded sys-apps/file to v5.46.

Upgraded app-admin/sudo to v1.9.16_p2-r1.

Upgraded sys-apps/hwdata to v0.390.

Upgraded dev-db/sqlite to v3.47.1.

Updated the Linux kernel to v6.6.68.

Updated app-containers/docker-test to 25.0.2.

Updated app-containers/docker to 25.0.2

Updated app-containers/docker-cli to 25.0.2.

Updated app-containers/cri-tools to 1.31.1.

Set device policy manager to log the metadata values that it takes as input.

Upgraded nvidia-container-toolkit to v1.17.0. This fixes CVE-2024-0134.

Updated dev-go/net in policy manager to v0.33.0. This fixes CVE-2024-45338.

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Runtime sysctl changes:

  • Changed: fs.file-max: 811802 -> 811786

cos-117-18613-75-91

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Fixed KCTF-5eb7de8 in the Linux kernel.

Fixed KCTF-f8d4bc4 in the Linux kernel.

Fixed CVE-2023-52920 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811782 -> 811756

cos-113-18244-236-90

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Fixed KCTF-5eb7de8 in the Linux kernel.

Fixed KCTF-f8d4bc4 in the Linux kernel.

Fixed CVE-2024-53099 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812045

cos-109-17800-372-87

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Fixed KCTF-5eb7de8 in the Linux kernel.

Fixed KCTF-f8d4bc4 in the Linux kernel.

Fixed CVE-2024-53099 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812261 -> 812257

cos-105-17412-495-77

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Fixed CVE-2024-53099 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812681

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.10.3 (2025-01-02)

Bug Fixes
  • dataflow: Update golang.org/x/net to v0.33.0 (e9b0b69)
Media CDN

Media CDN supports dynamic compression for compressible content by using Brotli and gzip algorithms. Enabling dynamic compression can help you achieve faster page load times, speed up playback speed for video content, and optimize egress costs. For more information, see Enable dynamic compression.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.3 (2025-01-02)

Bug Fixes
  • secretmanager: Update golang.org/x/net to v0.33.0 (e9b0b69)

January 04, 2025

Google SecOps SOAR

A partial update was released this week. The following Releases are in General Availability depending on your platform version as shown in the Settings > License page:
6.3.26
6.3.28

January 02, 2025

BigQuery

An updated version of JDBC driver for BigQuery is now available.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Managed Service for Apache Kafka
    • managedkafka.googleapis.com/Cluster
Container Optimized OS

cos-117-18613-75-89

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Updated google.golang.org/grpc to v1.56.3 and upgrade golang.org/x/net to v0.23.0 in docker and cri-tools. This fixes CVE-2023-44487 and CVE-2023-45288.

Upgraded nvidia-container-toolkit to v1.17.0. This fixes CVE-2024-0134.

Update dev-go/net in policy manager to v0.33.0. This fixes CVE-2024-45338.

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Fixed CVE-2024-53097 in the Linux kernel.

Fixed CVE-2024-53100 in the Linux kernel.

Fixed CVE-2024-53091 in the Linux kernel.

Fixed CVE-2024-53099 in the Linux kernel.

Fixed CVE-2024-53093 in the Linux kernel.

Fixed CVE-2024-49926 in the Linux kernel.

Fixed CVE-2024-50256 in the Linux kernel.

Fixed CVE-2024-53113 in the Linux kernel.

Fixed CVE-2024-53140 in the Linux kernel.

Fixed CVE-2024-53119 in the Linux kernel.

Fixed CVE-2024-53135 in the Linux kernel.

Fixed CVE-2024-53136 in the Linux kernel.

Fixed CVE-2024-50191 in the Linux kernel.

Fixed CVE-2024-53121 in the Linux kernel.

Fixed CVE-2024-49934 in the Linux kernel.

Fixed CVE-2024-53141 in the Linux kernel.

Fixed CVE-2024-53142 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811809 -> 811782

cos-109-17800-372-84

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Upgraded sys-apps/file to v5.46.

Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This should improve performance for some workloads.

Upgraded nvidia-container-toolkit to v1.17.0. This fixes CVE-2024-0134.

Fixed CVE-2024-49996 in the Linux kernel.

Fixed CVE-2024-50055 in the Linux kernel.

Fixed CVE-2024-47745 in the Linux kernel.

Fixed CVE-2024-49861 in the Linux kernel.

Fixed CVE-2024-50256 in the Linux kernel.

Fixed CVE-2024-50194 in the linux kernel.

Fixed CVE-2024-53121 in the Linux kernel.

Fixed CVE-2024-53140 in the Linux kernel.

Fixed CVE-2024-53135 in the Linux kernel.

Fixed CVE-2024-53119 in the Linux kernel.

Fixed CVE-2024-53136 in the Linux kernel.

Fixed CVE-2024-50191 in the Linux kernel.

Fixed CVE-2024-53113 in the Linux kernel.

Fixed CVE-2024-50186 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812271 -> 812261

cos-113-18244-236-88

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Updated google.golang.org/grpc to v1.56.3 and upgrade golang.org/x/net to v0.23.0 in docker and cri-tools. This fixes CVE-2023-44487 and CVE-2023-45288.

Upgraded nvidia-container-toolkit to v1.17.0. This fixes CVE-2024-0134.

Fixed CVE-2024-53100 in the Linux kernel.

Fixed CVE-2024-53093 in the Linux kernel.

Fixed CVE-2024-50055 in the Linux kernel.

Fixed CVE-2024-49996 in the Linux kernel.

Fixed CVE-2024-49861 in the Linux kernel.

Fixed CVE-2024-47745 in the Linux kernel.

Fixed CVE-2024-50256 in the Linux kernel.

Fixed CVE-2024-50256 in the Linux kernel.

Fixed CVE-2024-50194 in the linux kernel.

Fixed CVE-2024-53140 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812036 -> 812030

cos-105-17412-495-75

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Fixed CVE-2024-50194 in the linux kernel.

December 31, 2024

AI Hypercomputer

Generally available: The A3 Ultra accelerator-optimized machine type is now generally available. A3 Ultra VMs are powered by NVIDIA H200 Tensor Core GPUs and support the new Titanium ML network adapter, which delivers non-blocking 3.2 Tbps of GPU-to-GPU traffic with RDMA over Converged Ethernet (RoCE). A3 Ultra VMs are ideal for foundation ML model training and serving. The A3 Ultra machine type is available in the following region and zone:

  • St. Ghislain, Belgium, Europe - europe-west1-b

When provisioning A3 Ultra machine types, you must use Hypercompute Cluster to request capacity and create VMs or clusters. To get started see Overview of creating VMs and clusters in the AI Hypercomputer documentation.

Preview: Hypercompute Cluster is now available in preview. With Hypercompute Cluster, you can streamline the provisioning of up to tens of thousands of A3 Ultra accelerator-optimized machines.

With features such as dense co-location of resources, ultra-low latency networking, targeted workload placement, and advanced maintenance controls to minimize workload disruptions, Hypercompute Cluster is built to deliver exceptional performance and resilience, so you can run your most demanding AI, ML, and HPC workloads with confidence.

To get started, review the overview for VM and cluster creation.

Compute Engine

Generally available: The A3 Ultra accelerator-optimized machine type is now generally available. A3 Ultra VMs are powered by NVIDIA H200 Tensor Core GPUs and support the new Titanium ML network adapter, which delivers non-blocking 3.2 Tbps of GPU-to-GPU traffic with RDMA over Converged Ethernet (RoCE). A3 Ultra VMs are ideal for foundation ML model training and serving. The A3 Ultra machine type is available in the following region and zone:

  • St. Ghislain, Belgium, Europe - europe-west1-b

When provisioning A3 Ultra machine types, you must use Hypercompute Cluster to request capacity and create VMs or clusters. To get started see Overview of creating VMs and clusters in the AI Hypercomputer documentation.

December 30, 2024

Google Cloud Architecture Center

Google Cloud Architecture Framework: Reliability pillar: Major update to align the recommendations with core principles of reliability.

SAP on Google Cloud

ABAP SDK for Google Cloud version 1.1 (SAP BTP edition)

Version 1.1 of the SAP BTP edition of the ABAP SDK for Google Cloud is generally available (GA). In addition to supporting more Google Cloud APIs and few other enhancements, this version introduces the Vertex AI SDK for ABAP – a dedicated toolset for seamless interaction with Google Cloud's Vertex AI platform from your SAP BTP, ABAP environment.

For more information, see What's new with the SAP BTP edition of the ABAP SDK for Google Cloud.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-spanner

6.82.0 (2024-12-04)

Features
  • Add option for retrying DML as PDML (#3480) (b545557)
  • Add the last statement option to ExecuteSqlRequest and ExecuteBatchDmlRequest (76ab801)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (76ab801)
  • Shutdown built in metrics meter provider (#3518) (c935e2e)
  • spanner: GetEdition() is returning null for Instance (#3496) (77cb585)
Dependencies
  • Update dependency commons-io:commons-io to v2.18.0 (#3492) (5c8b3ad)
Documentation

6.83.0 (2024-12-13)

Features
  • Add Metrics host for built in metrics (#3519) (4ed455a)
  • Add opt-in for using multiplexed sessions for blind writes (#3540) (216f53e)
  • Add UUID in Spanner TypeCode enum (41f83dc)
  • Introduce java.time variables and methods (#3495) (8a7d533)
  • spanner: Support multiplexed session for Partitioned operations (#3231) (4501a3e)
  • Support 'set local' for retry_aborts_internally (#3532) (331942f)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (41f83dc)
Dependencies

Python

Changes for google-cloud-spanner

3.51.0 (2024-12-05)

Features
  • Add connection variable for ignoring transaction warnings (#1249) (eeb7836)
  • spanner: Implement custom tracer_provider injection for opentelemetry traces (#1229) (6869ed6)
  • Support float32 parameters in dbapi (#1245) (829b799)
Bug Fixes
  • Allow setting connection.read_only to same value (#1247) (5e8ca94)
  • Allow setting staleness to same value in tx (#1253) (a214885)
  • Dbapi raised AttributeError with [] as arguments (#1257) (758bf48)
Performance Improvements
Documentation
  • samples: Add samples for Cloud Spanner Default Backup Schedules (#1238) (054a186)

December 27, 2024

Google SecOps

Google SecOps has added a new rule set to Applied Threat Intelligence (ATI), called Inbound IP Address Authentication, that identifies IP addresses that are authenticating to local infrastructure in an inbound network direction. For more information, see Applied Threat Intelligence priority overview.

Google SecOps SIEM

Google SecOps has added a new rule set to Applied Threat Intelligence (ATI), called Inbound IP Address Authentication, that identifies IP addresses that are authenticating to local infrastructure in an inbound network direction. For more information, see Applied Threat Intelligence priority overview.

December 26, 2024

Google Kubernetes Engine

(2024-R50) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

No channel

(2024-R50) Version updates

(2024-R50) Version updates

(2024-R50) Version updates

There are no new releases in the Regular channel.

(2024-R50) Version updates

(2024-R50) Version updates

There are no new releases in the Stable channel.

December 24, 2024

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • New recall per typology metric added to backtesting.
  • Input schema extended to include typology labels for risk case events.
  • New features introduced in v004.007 are separated into a new feature family to improve investigator usability.
Cloud Database Migration Service

Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL for PostgreSQL now supports PostgreSQL version 17. For more information, see Supported source and destination databases in Cloud SQL for PostgreSQL migrations.

December 23, 2024

BigQuery

BigQuery is available in the Mexico (northamerica-south1) region.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.51.0 (2024-12-17)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (a5444a5)
  • Move resource detection to the first export to avoid slow start (#2450) (cec010a)
Dependencies
Cloud SQL for PostgreSQL

The rollout of the following minor versions, extension versions, and plugin versions is complete:

Minor versions

  • 12.20 is upgraded to 12.21. This version restores functionality of the ALTER {ROLE|DATABASE} SET role command that's present in PostgreSQL version 12.22. For more information, see the PostgreSQL 12.22 release notes.
  • 13.16 is upgraded to 13.18.
  • 14.13 is upgraded to 14.15.
  • 15.8 is upgraded to 15.10.
  • 16.4 is upgraded to 16.6.
  • 17.0 is upgraded to 17.2.

Extension and plugin versions

  • orafce is upgraded from 4.7 to 4.73 (for PostgreSQL instances, versions 11-16).
  • pgAudit is upgraded from 17beta to 17.1 (for PostgreSQL instances, version 17).

To use these versions of the extensions, update your instance to one of the following:

  • POSTGRES_17_0.R20241011.00_11 (for PostgreSQL instances, version 17)
  • [PostgreSQL version].R20240910.01_31 (for PostgreSQL instances, versions 12 to 16)

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

For more information on checking your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.49.0 (2024-12-21)

Features
  • storage/internal: Add finalize_time field in Object metadata (46fc993)
  • storage/internal: Add MoveObject RPC (46fc993)
  • storage: Add ObjectHandle.Move method (#11302) (a3cb8c4)
  • storage: Return file metadata on read (#11212) (d49263b)
Bug Fixes
  • storage/dataflux: Address deadlock when reading from ranges (#11303) (32cbf56)
  • storage: Disable allow non-default credentials flag (#11337) (145ddf4)
  • storage: Monitored resource detection (#11197) (911bcd8)
  • storage: Update golang.org/x/net to v0.33.0 (e9b0b69)
Config Connector

Config Connector version 1.127.0 is now available.

New Fields

  • BigQueryDataTransferConfig

    • Added spec.scheduleOptionsV2 to customize the different types of data transfer schedule.
    • Added status.observedState.error with detailed information about reason of the latest config failure.

  • GkeHubFeatureMembership

    • Added spec.configmanagement.management to enable Config Sync Auto Upgrade. This is an opt-in feature and you need to turn on the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the object.

SecretManagerSecret Reconciliation Improvements

  • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the object to opt-in the direct controller, which gives the following improvements:

    • Enhanced spec.rotation.nextRotationTime to use a fixed datetime value to avoid relative now() friction.
    • Fixed the spec.replication.auto immutable issue
    • Added the in-use version aliases in status.observedState.versionAliases
    • Resolved update stalling issues.
    • Clarify the TTL use. See the problems and share your use in GitHub issue #3395

SecretManagerSecretVersion Reconciliation Improvements

  • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the object to opt-in the direct controller, which gives the following improvements:

    • Resolved update stalling caused by DependencyNotReady errors.
    • Fixed the friction in spec.enabled that enabling or disabling a secret version does not always take effect in GCP.
    • API Behavior Change The service generated ID is changed from spec.resourceID to status.version with status.externalRef (new field) to guardrail the identity.
  • Dataflowflextemplatejob subnetwork validation error.
    • Error message should match regions/REGION/subnetworks/SUBNETWORK
Contact Center AI Insights

Conversational Insights offers LLM-powered topic inference as a GA feature. Topic inference allows you to use your topic model to analyze new conversations and identify topics in real time.

This feature is only available for English.

Google SecOps Google SecOps SIEM

December 22, 2024

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Absolute Mobile Device Management (Mobile Device Management)
  • Atlassian Cloud Admin Audit (Audit)
  • AWS VPC Flow (AWS Specific)
  • Azure AD (LDAP)
  • Azure Application Gateway (GATEWAY)
  • Azure SQL (Database)
  • Azure Storage Audit (Storage)
  • Blue Coat Proxy (Web Proxy)
  • Check Point Harmony (Remote Access Tools)
  • Cisco ASA (firewall)
  • Cisco Firepower NGFW (Firewall)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Umbrella SWG DLP (DLP)
  • Cisco VPN (VPN)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloud DNS (Google Cloud Specific)
  • Code42 Incydr (Data loss prevention (DLP))
  • Colinet Trotta GAUS SEGUROS (Alert)
  • CrowdStrike Falcon (EDR)
  • Delinea Distributed Engine (Application server logs)
  • Druva Backup (Security)
  • Duo Administrator Logs (Authentication)
  • Elastic Audit Beats (ALERTING)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • Forcepoint NGFW (Network)
  • FortiGate (Firewall)
  • GitHub (SaaS Application)
  • Google Cloud Identity Context (Identity and Access Management)
  • Guardicore Centra (Deception Software)
  • HPE Aruba Networking Central (Data Security)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Kubernetes Audit Azure (Log Aggregator)
  • Linux Auditing System (AuditD) (OS)
  • Maria Database (Database)
  • Microsoft Defender for Endpoint (EDR)
  • Opnsense (Firewall and Routing Platform)
  • Oracle NetSuite (CASB)
  • Palo Alto Panorama (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Ping One (NA)
  • Proofpoint Observeit (Email Server)
  • Proofpoint Threat Response (Email Server)
  • QNAP Systems NAS (Storage solutions)
  • Reserved LogType2 (LDAP)
  • Salesforce (SaaS Application)
  • SAP Sybase Adaptive Server Enterprise Database (Database)
  • Sentinelone Alerts (Endpoint Security)
  • Snort (IDS/IPS)
  • Solaris system (OS)
  • Sourcefire (IDS/IPS)
  • Suricata IDS (IDS/IPS)
  • Symantec DLP (DLP)
  • Symantec Event export (SEP)
  • Trend Micro Vision One (AV and endpoint logs)
  • TrendMicro Apex Central (Endpoint)
  • Twingate (VPN)
  • Wazuh (Log Aggregator)
  • Windows DHCP (DHCP)
  • Windows Event (Endpoint)
  • Windows Network Policy Server (Authentication)
  • Windows Sysmon (DNS)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Addigy MDM (ADDIGY_MDM)
  • Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
  • Anzenna (ANZENNA)
  • AWS ECS Metrics (AWS_ECS_METRICS)
  • Azure Log Analytics Workspace (AZURE_LOG_ANALYTICS_WORKSPACE)
  • Blockdaemon API (BLOCKDAEMON_API)
  • Chronicle Feed (CHRONICLE_FEED)
  • Claroty xDome Secure Access (CLAROTY_XDOME_SECURE_ACCESS)
  • Cloudflare Spectrum (CLOUDFLARE_SPECTRUM)
  • Cloudsek Alerts (CLOUDSEK_ALERTS)
  • CloudWaves Sensato Nightingale Honeypot (SENSATO_HONEYPOT)
  • Docker Hub Activity (DOCKER_HUB_ACTIVITY)
  • Fortinet FortiDDoS (FORTINET_FORTIDDOS)
  • Honeywell Cyber Insights (HONEYWELL_CYBERINSIGHTS)
  • IPFire (IPFIRE)
  • Jamf Connect (JAMF_CONNECT)
  • KnowBe4 Audit Log (KNOWBE4)
  • LogicGate (LOGICGATE)
  • ManageEngine NCM (MANAGEENGINE_NCM)
  • Microsoft Dotnet Log Files (MICROSOFT_DOTNET)
  • Nessus Network Monitor (NESSUS_NETWORK_MONITOR)
  • Netography Fusion (NETOGRAPHY_FUSION)
  • Netwrix StealthAudit (NETWRIX_STEALTHAUDIT)
  • Oomnitza (OOMNITZA)
  • Open CTI Platform (OPENCTI)
  • Oracle EBS (ORACLE_EBS)
  • Oracle Zero Data Loss Recovery Appliance (ORACLE_ZDLRA)
  • PhishAlarm (PHISHALARM)
  • Savvy Security (SAVVY_SECURITY)
  • Symantec Security Analytics (SYMANTEC_SA)
  • Venafi ZTPKI (VENAFI_ZTPKI)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Absolute Mobile Device Management (Mobile Device Management)
  • Atlassian Cloud Admin Audit (Audit)
  • AWS VPC Flow (AWS Specific)
  • Azure AD (LDAP)
  • Azure Application Gateway (GATEWAY)
  • Azure SQL (Database)
  • Azure Storage Audit (Storage)
  • Blue Coat Proxy (Web Proxy)
  • Check Point Harmony (Remote Access Tools)
  • Cisco ASA (firewall)
  • Cisco Firepower NGFW (Firewall)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Umbrella SWG DLP (DLP)
  • Cisco VPN (VPN)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloud DNS (Google Cloud Specific)
  • Code42 Incydr (Data loss prevention (DLP))
  • Colinet Trotta GAUS SEGUROS (Alert)
  • CrowdStrike Falcon (EDR)
  • Delinea Distributed Engine (Application server logs)
  • Druva Backup (Security)
  • Duo Administrator Logs (Authentication)
  • Elastic Audit Beats (ALERTING)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • Forcepoint NGFW (Network)
  • FortiGate (Firewall)
  • GitHub (SaaS Application)
  • Google Cloud Identity Context (Identity and Access Management)
  • Guardicore Centra (Deception Software)
  • HPE Aruba Networking Central (Data Security)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Kubernetes Audit Azure (Log Aggregator)
  • Linux Auditing System (AuditD) (OS)
  • Maria Database (Database)
  • Microsoft Defender for Endpoint (EDR)
  • Opnsense (Firewall and Routing Platform)
  • Oracle NetSuite (CASB)
  • Palo Alto Panorama (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Ping One (NA)
  • Proofpoint Observeit (Email Server)
  • Proofpoint Threat Response (Email Server)
  • QNAP Systems NAS (Storage solutions)
  • Reserved LogType2 (LDAP)
  • Salesforce (SaaS Application)
  • SAP Sybase Adaptive Server Enterprise Database (Database)
  • Sentinelone Alerts (Endpoint Security)
  • Snort (IDS/IPS)
  • Solaris system (OS)
  • Sourcefire (IDS/IPS)
  • Suricata IDS (IDS/IPS)
  • Symantec DLP (DLP)
  • Symantec Event export (SEP)
  • Trend Micro Vision One (AV and endpoint logs)
  • TrendMicro Apex Central (Endpoint)
  • Twingate (VPN)
  • Wazuh (Log Aggregator)
  • Windows DHCP (DHCP)
  • Windows Event (Endpoint)
  • Windows Network Policy Server (Authentication)
  • Windows Sysmon (DNS)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Addigy MDM (ADDIGY_MDM)
  • Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
  • Anzenna (ANZENNA)
  • AWS ECS Metrics (AWS_ECS_METRICS)
  • Azure Log Analytics Workspace (AZURE_LOG_ANALYTICS_WORKSPACE)
  • Blockdaemon API (BLOCKDAEMON_API)
  • Chronicle Feed (CHRONICLE_FEED)
  • Claroty xDome Secure Access (CLAROTY_XDOME_SECURE_ACCESS)
  • Cloudflare Spectrum (CLOUDFLARE_SPECTRUM)
  • Cloudsek Alerts (CLOUDSEK_ALERTS)
  • CloudWaves Sensato Nightingale Honeypot (SENSATO_HONEYPOT)
  • Docker Hub Activity (DOCKER_HUB_ACTIVITY)
  • Fortinet FortiDDoS (FORTINET_FORTIDDOS)
  • Honeywell Cyber Insights (HONEYWELL_CYBERINSIGHTS)
  • IPFire (IPFIRE)
  • Jamf Connect (JAMF_CONNECT)
  • KnowBe4 Audit Log (KNOWBE4)
  • LogicGate (LOGICGATE)
  • ManageEngine NCM (MANAGEENGINE_NCM)
  • Microsoft Dotnet Log Files (MICROSOFT_DOTNET)
  • Nessus Network Monitor (NESSUS_NETWORK_MONITOR)
  • Netography Fusion (NETOGRAPHY_FUSION)
  • Netwrix StealthAudit (NETWRIX_STEALTHAUDIT)
  • Oomnitza (OOMNITZA)
  • Open CTI Platform (OPENCTI)
  • Oracle EBS (ORACLE_EBS)
  • Oracle Zero Data Loss Recovery Appliance (ORACLE_ZDLRA)
  • PhishAlarm (PHISHALARM)
  • Savvy Security (SAVVY_SECURITY)
  • Symantec Security Analytics (SYMANTEC_SA)
  • Venafi ZTPKI (VENAFI_ZTPKI)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

December 20, 2024

AlloyDB for PostgreSQL

AlloyDB lets you monitor the following additional monitoring metrics through the Cloud Monitoring dashboard. These metrics are available in Preview.

  • The instance/postgres/ultrafastcache_hitrate and node/postgres/ultrafastcache_hitrate metrics help in identifying any performance issue due to caching on instances or individual nodes.
  • The node/postgres/backends_by_state, node/postgres/backends, node/postgres/wait_count, and node/postgres/wait_time metrics help in tracking node health.
Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Apigee Advanced API Security

On December 20, 2024 we released an updated version of Apigee.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

Support for environment-level client IP address resolution

This release introduces the ability to specify, per environment, how to capture the client IP address on API requests from the X-Forwarded-For header. When configured for the environment, the specified client IP address is used to apply security actions, populate the ax_resolved_client_ip Analytics variable and the new client.resolved.ip flow variable. The new configuration option can be used to specify the request IP address used in Advanced API Security.

This functionality is not available in Apigee hybrid at this time.

For more information and usage instructions, see the Client IP resolution customer documentation, Analytics dimensions, and client flow variable.

Apigee X

On December 20, 2024 we released an updated version of Apigee.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

Support for environment-level client IP address resolution

This release introduces the ability to specify, per environment, how to capture the client IP address on API requests from the X-Forwarded-For header. When configured for the environment, the specified client IP address is used to apply security actions, populate the ax_resolved_client_ip Analytics variable and the new client.resolved.ip flow variable. The new configuration option can be used to specify the request IP address used in Advanced API Security.

This functionality is not available in Apigee hybrid at this time.

For more information and usage instructions, see the Client IP resolution customer documentation, Analytics dimensions, and client flow variable.

Application Integration

Dynamic Backend Authentication support for Connectors

Application Integration now supports dynamic backend authentication for connectors. Enable Authentication Override in Integration Connectors to allow your connections to seamlessly switch between authentication methods during runtime.

For more information, see Configure authentication override.

Cloud Composer

Cloud Composer 3 is now available in Mexico (northamerica-south1).

Cloud SQL for MySQL

You can now enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus, you can access additional features in query insights such as 30 days of metrics retention, granular query plan details, and a higher query length limit.

For more information, see Use query insights to improve query performance. Query insights for Cloud SQL Cloud SQL Enterprise Plus edition is in Preview.

Cloud SQL for PostgreSQL

You can now enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus, you can access additional features in query insights such as 30 days of metrics retention, granular query plan details, and a higher query length limit.

For more information, see Use query insights to improve query performance. Query insights for Cloud SQL Cloud SQL Enterprise Plus edition is in Preview.

Cloud SQL for SQL Server

You can use the following observability dashboards in Cloud SQL for SQL Server to monitor, analyze, and diagnose issues with your instances, databases, and queries:

  • System insights
  • Query insights

Both of these dashboards are available to you in the Google Cloud Console. The System insights dashboard displays the metrics for the resources that your instance is using and can help you analyze the performance of your instance. For more information, see Use system insights to improve system performance. System insights is generally available (GA).

The Query insights dashboard helps you detect problems with queries in your Cloud SQL databases. The dashboard also provides you with the ability to monitor active queries and view index advisor recommendations. For more information, see Use query insights to improve query performance. Query insights for Cloud SQL for SQL Server is in Preview.

You can enable query insights for Cloud SQL Enterprise Plus edition. When you enable query insights for Enterprise Plus, you can access additional features in query insights such as 30 days of metrics retention, granular query plan details, and a higher query length limit. The query insights for Cloud SQL Enterprise Plus edition, index advisor, and active queries features are also in Preview.

Cloud Service Mesh

Advanced load balancing for managed Cloud Service Mesh (TD) is now available in preview.

Config Controller

Config Controller now uses the following versions of its included products:

Contact Center AI Insights

Quality AI is available for 38 Gemini languages in preview. Quality AI supports the following languages in addition to English:

  • German
  • Italian
  • Japanese
  • Korean
  • Portuguese
  • Spanish
  • French

Topic inference is available for 38 Gemini languages in preview.

Generative AI on Vertex AI

RAG Engine is generally available (GA).

The supported models include the following:

The supported features include the following:

  • Data connectors: Google Cloud Storage, Google Drive, Slack, Jira, and SharePoint
  • Document types: Google Workspace documents, HTML, JSON, Markdown, PDF, and text files
  • Transformations: fixed-size chunking and chunk overlap
  • Vector databases: Vertex AI Vector Search and Pinecone
Google Cloud Architecture Center

(New guide) Confidential computing for data analytics and AI: Provides an overview of confidential computing, explores use cases for data analytics and federated learning across various industries, and includes architecture examples for some use cases.

Pub/Sub

Documentation is now available to help you troubleshoot Pub/Sub issues by using audit logs. You can use audit logs to troubleshoot issues related to identifying who created, deleted, or modified Pub/Sub resources, tracking configuration changes to topics or subscriptions, and verifying the existence and status of topics and subscriptions. For more information, see Troubleshoot Pub/Sub issues with audit logs and General troubleshooting.

Vertex AI

Vector Search hybrid search and sparse embeddings are generally available (GA)

Vector Search hybrid search and sparse embeddings are generally available (GA). Hybrid search uses both dense and sparse embeddings, which lets you search based on a combination of keyword search and semantic search. For more information about hybrid search, see About hybrid search.

December 19, 2024

Apigee X

On December 19, 2024, we released an updated version of Apigee (1-14-0-apigee-3) for trial organizations only.

Bug ID Description
N/A Updates to security infrastructure and libraries.
Application Integration

You can now build and publish custom connectors for Google Cloud Marketplace. This feature is in preview.

The following connectors built by partners are available in the Google Cloud Marketplace. You can use these connectors to create connections and use them in Application Integration.

  • Exact HR
  • Openlegacy IBMi/AS/400 API
  • Salesforce Commerce Cloud B2B
BigQuery

The Sovereign Controls for EU control package now supports BigQuery Data Transfer Service. For more information, see Supported products by control package. This feature is generally available (GA).

You can now manage data canvases, data preparations, notebooks, saved queries, and workflows in Dataplex. Metadata of data canvases, data preparations, notebooks, saved queries, and workflows is automatically available in Dataplex, without additional configuration. This feature is generally available (GA).

You can now search for and view the metadata of data canvases, data preparations, notebooks, saved queries, and workflows in the Dataplex console. This feature is in preview.

Capacity Planner

Preview: You can create future reservation requests for VMs of a single machine type using the Google Cloud console. Reserving capacity based on your predicted VM or GPU usage helps ensure that your projects have the capacity needed to support increases in usage. For more information, see Reserve capacity in Capacity Planner.

Cloud Data Fusion

The Cloud Data Fusion version 6.10.1.2 patch revision is generally available (GA). 6.10.1.2 includes the following changes:

  • You can generate audit logs that record data plane activities within your Cloud Data Fusion instance. Data plane audit logging is available in Preview for RBAC-enabled instances.

  • To improve the API response time, by default, all program activity records older than 30 days are cleaned up. Any activity older than 30 days isn't visible in the Cloud Data Fusion studio (CDAP-14950).

  • When using role-based access control, performing the List Pipelines operation requires datafusion.pipelines.list permission, in addition to datafusion.namespaces.get permission. For more information, see RBAC roles and permissions (CDAP-20931).

  • Fixed an issue causing the flow control metric, flowcontrol.launching.count, to overcount in cases where servers were restarted when a pipeline run was in progress (CDAP-21046).

  • Fixed an issue causing the flow control metric, flowcontrol.launching.count, to be stale after a restart when no pipelines were running (CDAP-21048).

  • Fixed an issue causing the default max concurrent runs limit for triggers not to appear in the web interface, making it difficult to tell if triggers were working as intended (CDAP-21072).

  • Fixed an issue causing the top panel of the Studio tab to disappear when you edited a pipeline draft that's based on a pipeline from an earlier Cloud Data Fusion version (CDAP-21073).

  • Improved performance by removing a call to the list apps API during pipeline deployment when checking if a pipeline already exists (CDAP-21074).

Cloud Endpoints

Version 1.0.15 of the endpoints-management-java Java library is available.

This release fixes an issue where new fields in the Google Service Configuration causes the Endpoints Frameworks Java library to fail when parsing the service configuration. Errors similar the following will appear when using new service configurations created after December 5th, 2024:

Failed to parse the HTTP response as service configuration
com.google.api.config.ServiceConfigException: Failed to parse the HTTP response as service configuration

We recommend that you upgrade to the 1.0.15 version to avoid these errors. This includes updating any references to the following dependencies:

  1. com.google.endpoints:endpoints-management-control-appengine-all
  2. com.google.endpoints:endpoints-management-control-appengine
  3. com.google.endpoints:endpoints-framework-auth
  4. com.google.endpoints:endpoints-management-config
  5. com.google.endpoints:endpoints-management-api-client
  6. com.google.endpoints:endpoints-management-control
  7. com.google.endpoints:endpoints-management-control-all

When possible, we recommend that you use the endpoints-management-control-appengine-all version of the library to ensure that all dependencies are properly included. However, if you have a specific dependency on endpoints-management-control-appengine and cannot use the endpoints-management-control-appengine-all version, or you are upgrading from version 1.0.11 or older, you must add the following additional dependencies to your project:

  • com.google.apis:google-api-services-servicemanagement version v1-rev14-1.22.0
  • com.google.protobuf:protobuf-java-util version 3.9.1
Cloud Talent Solution Job Search

Add a RelevanceThreshold field to the SearchJobsRequest to filter results by precision.

Improve address resolution for LocationFilter with region code.

Cloud Vision

Safe Search model update

We will be updating the SAFE_SEARCH_DETECTION feature model to improve quality.

We'll support both the current model and the new model for the next 90 days. After 90 days, the new model will become the default. The current model can still be accessed by specifying "builtin/legacy" for an additional 90 days before it's deprecated.

To use the new model, specify "builtin/latest" in the model field of a Feature object.

Cortex Framework

Release 6.1

  • SAP Annotations: All SAP Reporting views and fields are now fully annotated with functional descriptions and business context. Deploy Data Mesh to take advantage of this feature.
  • Google Ads Campaign Daily Aggregates view has been redesigned:
    • The CampaignDailyAggByUserCountry view is now removed.
    • Relevant information is now integrated into the CampaignDailyAgg view.
  • SAP Financial Model Initial Load: The Financial Model's initial load has been separated into a dedicated DAG for better organization.
  • SAP Inventory Module: Removed "Preview" tag.
  • SAP Hierarchy Reader: As announced in the previous release notes, the hier_reader code has been fully deprecated. Relevant SAMPLE scripts have been updated to use the new hierarchy reader DAG output tables.
  • SAP Fiscal and Currency functions: As announced in the previous release notes, these functions have been removed. Please use the relevant tables (currency_conversion, currency_decimal, and fiscal_date_dim) instead.
  • SAP Currency Decimal Fix: Fixed a decimal precision issue for SAP currency data.
  • Minor JOIN Condition Issue: Fixed a JOIN condition in SAP Billings view comments.
  • 1-Click Deployer:
    • Fixed an issue with incorrect default Google Analytics 4 CDC dataset setting.
    • Updated to use different output bucket names for SFMC and CM360.
  • K9 Deployer: Fixed the issue where temporary files were copied to the tmp* directory in the target bucket and not removed.
  • Minor Fixes: Addressed other minor issues related to dependency, configuration handling, Python library requirements, and DAG steps.
  • Google Trends DAG: The Google Trends API calls issued by this DAG may intermittently fail. If this happens, try rerunning the DAG.
  • 1-click deployer: The 1-click deployer for Oracle EBS currently requires manual naming. Autoname mode is not yet supported.
Dataform

You can now manage Dataform repositories in Dataplex. Metadata of Dataform repositories is automatically available in Dataplex, without additional configuration. For more information, see Manage Dataform assets with Dataplex. This feature is generally available (GA).

You can now search for and view the metadata of Dataform repositories in the Dataplex console. This feature is in preview.

Dialogflow

Dialogflow CX (Conversational Agents): You can now set either a partial match or a full match to banned phrases. This setting applies to playbooks, datastores, and generators. You can enable and test this feature in Agent Settings > Generative AI > Banned phrases > Match requirements.

Document AI

Property description is now Generally Available (GA) as part of the custom extractor in both the Document AI section of the Google Cloud console and the API, with additional support for parent entities in hierarchies.

Property description allows you to provide additional context, insights, and prior knowledge for each entity to improve extraction accuracy.

Google Cloud Managed Service for Apache Kafka

Documentation is now available to help you choose between Pub/Sub and Google Cloud Managed Service for Apache Kafka. The comparison is based on factors such as operational ease, portability, existing Kafka setup, and integration with other Google Cloud products. A detailed feature comparison table is also included. For more information, see Choose Cloud Managed Service for Apache Kafka or Pub/Sub.

Looker Studio

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

NetApp Volumes

Google Cloud NetApp Volumes now lets you test if an Active Directory policy is properly connected to the Active Directory service using the Google Cloud console. Performing the test helps you troubleshoot errors in your Active Directory policy configuration. For more information, see Test the Active Directory policy connection.

Google Cloud NetApp Volumes now supports Kerberos for large capacity volumes.

Network Connectivity Center

IPv6 route exchange is available in public preview.

You can use export filters to configure a VPC spoke to exchange IPv6 subnet ranges or both IPv4 and IPv6 subnet ranges. For more information, see VPC connectivity with export filters

Organization Policy

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.

The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.

You can use the iam.managed.allowedPolicyMembers managed organization policy constraint to implement domain restricted sharing. For more information, see Domain restricted sharing.

Policy Intelligence

The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.

Pub/Sub

Documentation is now available to help you choose between Pub/Sub and Google Cloud Managed Service for Apache Kafka. The comparison is based on factors such as operational ease, portability, existing Kafka setup, and integration with other Google Cloud products. A detailed feature comparison table is also included. For more information, see Choose Pub/Sub or Cloud Managed Service for Apache Kafka.

Resource Manager

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.

The Organization Policy recommender generates insights and organization policy recommendations to restrict the creation and upload of service account keys. This feature is available in Preview.

You can use the iam.managed.allowedPolicyMembers managed organization policy constraint to implement domain restricted sharing. For more information, see Domain restricted sharing.

Secure Source Manager

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Secure Source Manager resources. For more information, see Manage resources with custom constraints.

Storage Transfer Service

When providing a URL list to transfer files, you can now host the list itself in an access-controlled Cloud Storage bucket. See Transfer from public URLs for full details.

December 18, 2024

Agent Assist

Pub/Sub intermediate transcription is available in preview. With this feature you can accomplish the following:

  • Show intermediate transcripts in your Agent Assist UI module.
  • Populate additional information to support audio integration.
AlloyDB for PostgreSQL

You can use an API to export data from AlloyDB clusters. This feature is generally available (GA). You can also cancel the export of data. For more information, see Export a CSV file and Export a SQL file.

Bigtable

You can now enable 2x node scaling when you create a new Bigtable cluster. This cluster configuration lets Bigtable treat two standard nodes as a larger, single compute node, and the cluster is always scaled in increments of two nodes. This feature is generally available (GA).

The Preview of Bigtable automated backup has been expanded to let you configure the backup retention period in automated backup policies, and the default is now seven days. For more information, see Update an automated backup policy.

Cloud Billing

Simulate scenarios in FinOps hub to maximize your savings from resource-based CUDs

In the FinOps hub, we added support for resource-based CUD recommendations as a starting point to simulate various usage scenarios, and customize the recommendation to purchase a CUD that maximizes your savings.

Learn about simulating scenarios for resource-based CUDs.

Cloud Logging

Cloud Logging adds support for the northamerica-south1 region. For a complete list of supported regions, see Supported regions.

You can now create custom roles that let you create and manage Log Scopes. Log Scopes are in Public Preview. For more information, see Create and manage log scopes: Before you begin.

Cloud Service Mesh

1.23.4-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.23.4-asm.1 uses Envoy v1.31.5.

1.22.7-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.22.7-asm.1 uses Envoy v1.30.9.

1.21.5-asm.17 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-065. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.5-asm.17 uses Envoy v1.29.12.

Upgrading the gRPC client may cause excessive streams to Traffic Director. Be cautious and do a gradual upgrade when upgrading to the following versions:

  • gRPC Java 1.67.1
  • gPRC Go 1.66
  • gRPC C++ 1.63
Developer Connect

You can now manage Developer Connect resources by using custom organization policies. This feature is generally available. To learn more, see Create custom organization policies.

VPC Service Controls support for Developer Connect is now in Preview.

Generative AI on Vertex AI

Hex-LLM: High-Efficiency Large Language Model Serving is available in General Availability (GA).

This launch adds support for the following models:

  • Llama 3.1
  • Llama 3.2
  • Phi-3
  • Qwen2 and Qwen2.5

Additional supported features:

  • Multi-host serving.
  • Disaggregated serving (experimental).
  • Prefix caching.
  • AWQ quantization.
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.31.0-gke.889 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.31.0-gke.889 runs on Kubernetes v1.31.3-gke.100.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Announcing an early look at two preview features:

  • A new architecture called advanced clusters. When advanced cluster is enabled, the underlying Google Distributed Cloud software deploys controllers that allow for a more extensible architecture. Enabling advanced clusters gives you access to new features and capabilities, such as topology domains.

  • A topology domain is a pool of cluster nodes that are considered to be part of the same logical or physical grouping. Topology domains correspond to some underlying hardware or software that has the possibility of correlated failure, like networking equipment in a rack. As part of setting up a topology domain, you create a topology label that is set on all the nodes in the topology domain during cluster creation. This label lets you set up Pod Topology Spread Constraints.

Note the following limitations of the preview:

Upgrade changes:

  • Dataplane V2 is required for all user clusters. Before upgrading a user cluster to 1.31, follow the steps in Enable Dataplane V2.

  • To upgrade clusters to 1.31, you must upgrade your admin cluster first and then user clusters. For more information, see Version rules.

Version changes:

Other changes:

  • (Edited: January 7, 2025) GKE Identity Service now requires that all HTTPS connections use transport layer security (TLS) 1.2 or 1.3. For versions 1.31.0 and higher, TLS 1.1 is disabled by default, however it can be re-enabled if needed.

    If you require support for TLS 1.1, reach out to Cloud Customer Care for assistance.

  • Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.

The following issues are fixed in 1.31.0-gke.889:

  • Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster.
  • Fixed the known issue that caused migrating a user cluster to Controlplane V2 to fail if secrets encryption has ever been enabled on the user cluster, even if it's already disabled.
  • Fixed the known issue where the gkectl upgrade command returned an incorrect error about the netapp storageclass.
  • Fixed the known issue where updating DataplaneV2 ForwardMode doesn't automatically trigger anetd DaemonSet restart.

The following Ubuntu vulnerabilities: are fixed in 1.31.0-gke.889:

Additional Ubuntu vulnerabilities fixed in 1.31.0-gke.889:

Google Distributed Cloud (software only) for bare metal

Release 1.31.0-gke.889

Google Distributed Cloud for bare metal 1.31.0-gke.889 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.0-gke.889 runs on Kubernetes 1.31.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Version 1.28 end of life: In accordance with the Version Support Policy, version 1.28 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life and is no longer supported.

Functionality changes:

  • (Edited: January 7, 2025) GKE Identity Service now requires that all HTTPS connections use transport layer security (TLS) 1.2 or 1.3. For versions 1.31.0 and higher, TLS 1.1 is disabled by default, however it can be re-enabled if needed.

    If you require support for TLS 1.1, reach out to Cloud Customer Care for assistance.

  • Updated the bmctl push images command to check for the existence of an image digest to determine whether or not to push an image.

  • Increased priority for cert-manager pods to system-cluster-critical to prevent premature eviction under control plane node resource pressure.

  • Updated the logic for parsing the cluster configuration file for newer clusters to validate that the anthosBareMetalVersion value follows the full x.y.z-gke.n semantic versioning scheme, including the GKE patch version.

  • Updated the snapshot capability to collect the following information:

    • Details for all custom resources
    • Additional debugging information for clusters

  • Add a health check to check that the ifnode-problem-detector systemd service is running on the node.

  • Updated the bmctl update command to identify differences (if any) between the preview feature annotations in the cluster configuration file and the annotations in the deployed Cluster resource.

  • Added a --num-of-parallel-threads flag to the snapshot command (bmctl check cluster --snapshot) so that you can specify the number of threads to use to create a snapshot. The default number of threads for snapshot creation is 10.

Fixes:

  • Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.

  • Fixed the issue where non-root users can't run bmctl restore to restore quorum.

  • Fixed the issue that caused the cplb-update healthcheck job to run every 7 days, instead when needed only.

  • Fixed an issue where CronJob specs for periodic health checks weren't updated to reflect cluster annotation changes.

  • Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.

  • Fixed the issue where, due to a misconfigured client, bmctl update misjudges clusters about whether they're self-managed.

  • Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.

The following container image security vulnerabilities have been fixed in 1.31.0-gke.889:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

(2024-R49) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

No channel

(2024-R49) Version updates

(2024-R49) Version updates

There are no new releases in the Regular channel.

(2024-R49) Version updates

There are no new releases in the Stable channel.

(2024-R49) Version updates

(2024-R49) Version updates

Security Command Center

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date December 18, 2024, introduces updates to security posture findings playbooks and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, December 2024.

Security Health Analytics now supports new resource types for creating custom modules. For a full list of supported resource types, see Supported resource types.

Vulnerability Assessment for AWS now supports scanning container images in Elastic Container Registry (ECR). It can detect operating system misconfigurations and issues with installed packages.

December 17, 2024

Apigee X

On December 17, 2024, we released a new version of Apigee.

With this release, the maximum number of apps per AppGroup is increased from 500 to 30,000.

For more information, see the Apigee Limits page.

Bigtable

You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).

Cloud Data Fusion

Cloud Data Fusion supports the CMEK organization policy.

Cloud Router

Standard best path selection mode is now generally available. For more information, see Best path selection modes.

Cloud Run

New finer-grained predefined IAM roles are available for Cloud Run: Cloud Run Service Invoker, Cloud Run Jobs Executor, Cloud Run Jobs Executor With Overrides. These roles make it easier to grant least privilege access to production accounts accessing Cloud Run resources.

Cloud Service Mesh

Single Cluster Gateway for Mesh is now generally available. For more information, see Prepare to setup the Gateway API for Cloud Service Mesh.

Routing traffic between Cloud Service Mesh workloads and Cloud Run Services is now available in preview. For more information, see the following pages:

Compute Engine

Preview: You can create instances that use only IPv6 IP addresses. For more information, see IP addresses.

Generative AI on Vertex AI

You can copy tuned Gemini 1.5 Pro 002 and Gemini 1.5 Flash 002 adapter models across projects. For details, see Copy a model in Vertex AI Model Registry.

Google Distributed Cloud (software only) for VMware

The following critical container vulnerabilities are fixed in 1.31.0-gke.889:

Google Kubernetes Engine

1.32 is now available in the Rapid channel

Kubernetes 1.32 is now available in the Rapid channel. For more information about the content of Kubernetes 1.32, read the Kubernetes 1.32 Release Notes.

New features

Deprecated in Kubernetes 1.32

  • The following Beta versions of graduated APIs were deprecated in 1.29 and removed in 1.32 in favor of newer versions:

    • flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.29, will no longer be served in 1.32,
      • instead, use flowcontrol.apiserver.k8s.io/v1, available since 1.29.

  • The status.nodeInfo.kubeProxyVersion field in the Node API is deprecated and will not be populated starting in v1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.

1.32 is now available in the Rapid channel

Kubernetes 1.32 is now available in the Rapid channel. For more information about the content of Kubernetes 1.32, read the Kubernetes 1.32 Release Notes.

Google SecOps

Looker dashboard updates

The following changes have been made to the Looker dashboards in Google SecOps:

  • All dashboards have been moved to the ingestion_metrics_connector explore.

  • The ingestion_stats, ingestion_metric_with_ingestion_stats and ingestion_metrics explores are no longer supported.

  • The total_entry_number and total_size_bytes fields are defined in the new explore and used to query the log count and log volume for the Google SecOps Ingestion API. For more information, see the Ingestion metrics field reference for dashboards.

  • The default dashboards for Context aware detections risk and Cloud detection and response overview have been updated to use a different field for the risk score. It was rule_detections.outcomes['risk_score'] and is now rule_detections.risk_score. This change aligns the risk score in the Google SecOps dashboards to the risk score used in the Google SecOps user interface.

  • The severity field in the Rules and detections default Dashboard has been updated so that it would show the severity for both Curated Detections and custom rules.

Google SecOps SIEM

Looker dashboard updates

The following changes have been made to the Looker dashboards in Google SecOps:

  • All dashboards have been moved to the ingestion_metrics_connector explore.

  • The ingestion_stats, ingestion_metric_with_ingestion_stats and ingestion_metrics explores are no longer supported.

  • The total_entry_number and total_size_bytes fields are defined in the new explore and used to query the log count and log volume for the Google SecOps Ingestion API. For more information, see the Ingestion metrics field reference for dashboards.

  • The default dashboards for Context aware detections risk and Cloud detection and response overview have been updated to use a different field for the risk score. It was rule_detections.outcomes['risk_score'] and is now rule_detections.risk_score. This change aligns the risk score in the Google SecOps dashboards to the risk score used in the Google SecOps user interface.

  • The severity field in the Rules and detections default Dashboard has been updated so that it would show the severity for both Curated Detections and custom rules.

Looker Studio

Preview your data

The data source editor displays a preview of the data in your fields. This feature is available for the following data sources:

Gemini in Looker enhancements

When creating a calculated field with Gemini assistance, Looker Studio now suggests sample prompts to help you get started.

Warnings for external links

When users click an external link, Looker Studio displays a redirect notice.

Proportional heights for inverted triangle funnels

You can now use the Use proportional heights setting to display the value of categories in a funnel chart by varying the height of each bar when you select the inverted triangle funnel style option. Larger values have taller bars while smaller values have shorter bars.

Improved hide/remove data source fields

We've improved the functionality of hiding and removing fields from a data source:

  • You can remove any field from a data source. (Previously, you could only remove calculated fields.)
  • Hiding or removing a field from a data source prevents report viewers from accessing metadata about that field. Field metadata includes information such as the field name and type of connector that is used to access that field.

These improvements help you control access to your organization's sensitive information while still promoting data democratization.

Learn more about data governance in Looker Studio.

Dimensions in scorecard charts

You can now choose whether to display a dimension or a metric as the primary field in a scorecard chart. When a dimension is selected as the primary field, you can also select a different field for sorting the dimension values.

Organization Policy

You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).

Resource Manager

You can use Organization Policy Service custom constraints to manage specific operations on Bigtable resources. For more information, see Use custom organization policies. This feature is generally available (GA).

Security Command Center

For Security Command Center Enterprise customers, the Sensitive Data Protection discovery service is now automatically enabled during the Enterprise activation process. For more information, see Enable sensitive data discovery in the Enterprise tier.

Vertex AI

You can copy tuned Gemini 1.5 Pro 002 and Gemini 1.5 Flash 002 adapter models across projects. For details, see Copy a model in Vertex AI Model Registry.

Virtual Private Cloud

IPv6-only subnets and instances are available in Preview. For more information, see the following:

For information about which services support IPv6-only configurations, see IPv6 support in Google Cloud.

December 16, 2024

Agent Assist

Agent Assist offers a native UI Connector with Genesys Cloud to integrate with voice conversations.

Apigee hybrid

hybrid v1.14.0

On December 16, 2024 we released an updated version of the Apigee hybrid software, v1.14.0.

Enhanced Per-environment Proxy Limits in Apigee Hybrid

Starting in version v1.14, new Apigee hybrid organizations can be provisioned with the ability to deploy more than 50 proxies per environment enabled. This feature is already available for Apigee X.

Starting with Apigee hybrid version 1.14, the limits for Apigee hybrid organizations have increased:

  • The maximum number of deployed API proxies and shared flows per organization is 6000.
  • The maximum number of proxy deployment units per Apigee instance is 6000.
  • The maximum number of API base paths per Apigee organization is 3000.

When more than 50 proxies are deployed in an environment, Apigee will automatically partition the environment into several distinct replica sets, each containing a subset of proxies deployed in the environment. These replica subsets are equivalent in behavior and infrastructure resource usage to a single environment in the way it loads and runs a set of proxies and other environment resources. This will be transparent to the user, and you can continue to use the environment as you would a single environment.

See:

Cassandra credential rotation

Starting in version v1.14, you can rotate Cassandra credentials in Kubernetes secrets. In addition, you can now roll back credential rotation before the cleanup job is initiated in both Vault and Kubernetes secrets. See:

Enable and disable metrics-based scaling with customAutoscaling.enabled

Starting in version v1.14, you can enable and disable metrics-based auto-scaling with the customAutoscaling.enabled configuration property. See:

New analytics and debug data pipeline for hybrid orgs

Starting with version 1.14, all newly created Apigee hybrid orgs created can use a new data pipeline to collect analytics and debug data and allow various runtime components to write data directly to our control plane. See:

Forward Proxy allowlist access

Starting in version v1.14, forward proxies pass through access to allowlisted URLs. Therefore you only need to configure allowlists to googleapis.com URLs on the server on which the forward proxy is configured. See:

Guardrails checks to ensure backups before upgrade

Starting in version 1.14 new guardrails checks have been added to ensure a backup is enabled and has been made before proceeding with an upgrade. See:

Bug ID Description
382323427 Added a guardrails check that requires backup to be enabled for Apigee Hybrid upgrades. Backups are required prior to upgrading to support restoring to the previous version, if necessary.
380346557 Added a guardrails check that requires the backup within the last 24 hours to be present if the CSI backup is enabled. This will minimize potential data loss if a restore to the previous version is needed.
377573589 Fix a bug where manually created rollbacks would interfere with existing rotations instead of cancelling them.
362305438 Users can now add additional env variables to the runtime component. See runtime.envVars
319152386 Fix AccessTokenGenerationFailure in runtime when using a forward proxy.
335357961 Fixed an issue where Apigee hybrid could claim uploads of backups with the Cloud provider when no bucket had been configured
290183372 The need to whitelist oauth2 and iamcredentials.googleapis.com directly from MP in fwd proxy setup is removed.
237656263 Resolved issue with ServiceCallout policy not working in async mode as expected.
373722434 Fixed support for backups to Google Cloud Storage buckets with retention policies. (Fixed in v1.13.2)
368646378 Fixed an issue affecting control Plane connectivity testing in Guardrails. (Fixed in v1.12.3)
364282883 Remove check for dc-expansion flag and add timeout to multi-region seed host connection test. (Fixed in v1.13.1)
362979563 Fix for Ingress Health Check failure /healthz/ingress - route_not_found. (Fixed in 1.13.0-hotfix.1)
362690729 Fix for aggressive scaling of runtime pods & cpu spike. (Fixed in 1.13.0-hotfix.1)
362305438 You can now add additional env variables to the runtime component. (Fixed in v1.13.1)
361044374 Fixes assign message not correctly highlighting the set payload action in the debug trace. (Fixed in v1.13.2)
355122464 This release contains a few error-handling fixes for CSI backup and restore. (Fixed in v1.13.2)
353527851 WebSocket connection drops when using VerifyJwt or OAuthV2 VerifyJWTAccessToken operations. (Fixed in v1.13.1)
351440306 An issue was fixed where trace could not be viewed in the UI for orgs with DRZ enabled. (Fixed in v1.13.1)
347798999 You can now configure forward proxy for opentelemetry pods in Apigee hybrid. (Fixed in v1.12.2)
338638343 An ID is now added at the end of apigee-env and virtualhost guardrails pods to make the pod names unique. (Fixed in v1.13.1)
237656263 Fix added to make use of asynchronous ServiceCallout execution when the ServiceCallout policy <Response> element is not present (Fixed in v1.13.2)
181569113 Fixed an issue in new debug session creation. (Fixed in v1.12.3)
Bug ID Description
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
N/A Security fixes for livenessprobe.
This addresses the following vulnerability:
376104926 Security fixes for apigee-kube-rbac-proxy. (Fixed in v1.12.3)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-redis. (Fixed in v1.13.2)
This addresses the following vulnerabilities:
N/A Security fixes for apigee-open-telemetry-collector. (Fixed in v1.13.1)
This addresses the following vulnerability:
N/A Security fixes for apigee-open-telemetry-collector. (Fixed in v1.12.3)
This addresses the following vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra. (Fixed in v1.12.2)
This addresses the following vulnerability:
App Hub

App Hub supports resources from Cloud Run services in Preview.

Audit Manager

Audit Manager provides an option to customize compliance frameworks and use them for audits. For more information, see Create a custom compliance framework. This feature is available in Preview.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.45.0 (2024-12-13)

Features
  • Enable Lossless Timestamps in BQ java client lib (#3589) (c0b874a)
  • Introduce java.time methods and variables (#3586) (31fb15f)
Bug Fixes
  • test: Update schema for broken ConnImplBenchmark test (#3574) (8cf4387)
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.56.0 (#3582) (616ee2a)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241111-2.0.0 (#3591) (3eef3a9)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241115-2.0.0 (#3601) (41f9adb)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.60.0 (#3583) (34dd8bc)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.0 (#3607) (11499d1)
  • Update github/codeql-action action to v2.27.5 (#3588) (3f94075)
  • Update github/codeql-action action to v2.27.6 (#3597) (bc1f3b9)
  • Update github/codeql-action action to v2.27.7 (#3603) (528426b)
Documentation
  • bigquery: Add javadoc description of timestamp() parameter. (#3604) (6ee0c10)

You can now use the Google Cloud Code extension for VS Code to work with BigQuery datasets and notebooks in your VS Code environment. This feature is in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.50.0 (2024-12-06)

Features
  • Add support for Row Affinity app profiles (#2341) (cb4d60e)
Cloud Composer

Cloud Composer 3 is now generally available (GA):

  • All Airflow builds starting from airflow-2.9.3-build.11 and airflow-2.10.2-build.4 are supported at the GA level.
  • If your environment uses an earlier Airflow build, then upgrade it to airflow-2.9.3-build.11, airflow-2.10.2-build.4, or a later build to use Cloud Composer 3 on the GA level.
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.21.0 (2024-12-13)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (04d8868)
Dependencies
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.45.0 (#1638) (7e007d4)
  • Update sdk platform java dependencies (#1736) (88b4cdf)
Cloud Run

Service-level minimum instances are now set using the --min command line flag, --service-min-instances remains available as an alias to --min.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.46.0 (2024-12-13)

Features
  • Introduce java.time methods and variables (#2826) (baf30ee)
Bug Fixes
  • Update retry lifecycle when attempting to decompress a gzip object (#2840) (7dba13c)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20241113-2.0.0 (#2823) (503e518)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20241206-2.0.0 (#2839) (8f3cdd3)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.50.0 (#2825) (9aa68a6)
  • Update sdk-platform-java dependencies (#2841) (2a70481)
Documentation

Python

Changes for google-cloud-storage

3.0.0rc1 (2024-12-12)

⚠ BREAKING CHANGES
  • The default checksum strategy for uploads has changed from None to "auto" (#1383) (5375fa0)
  • The default checksum strategy for downloads has changed from "md5" to "auto" (#1383) (5375fa0)
  • Deprecated positional argument "num_retries" has been removed (#1377) (58b5040)
  • Deprecated argument "text_mode" has been removed (#1379) (4d20a8e)
  • Media operation retries now work identically to other retries, which may impact default retry settings (#1385) (f3517bf)
  • Blob.download_to_filename() deletes the empty destination file on a 404
Features
  • Add "auto" checksum option and make default (#1383) (5375fa0)
  • Blob.download_to_filename() deletes the empty destination file on a 404 (066be2d)
  • Deprecated argument "text_mode" has been removed (#1379) (4d20a8e) (4e9a382)
  • Deprecated positional argument "num_retries" has been removed (#1377) (58b5040) (4e9a382)
  • Enable custom predicates for media operations (#1385) (f3517bf)
  • Integrate google-resumable-media (#1283) (bd917b4)
  • Media operation retries now work identically to other retries, which may impact default retry settings (#1385) (f3517bf) (4e9a382)
  • The default checksum strategy for downloads has changed from "md5" to "auto" (#1383) (5375fa0) (4e9a382)
  • The default checksum strategy for uploads has changed from None to "auto" (#1383) (5375fa0) (4e9a382)
Bug Fixes
  • Cancel upload when BlobWriter exits with exception (#1243) (df107d2)
  • Changed name of methods Blob.from_string() and Bucket.from_string() to from_uri() (#1335) (58c1d03)
  • Correctly calculate starting offset for retries of ranged reads (#1376) (7b6c9a0)
  • Remove deprecated num_retries argument (#1377) (58b5040)
  • Remove deprecated text_mode argument (#1379) (4d20a8e)
Documentation
  • Fix issue with exceptions.py documentation (#1328) (22b8c30)
Cloud TPU

This Release Note announces General Availability of Trillium AKA v6e. Trillium is the 6th generation and latest Cloud TPU. It is fully integrated with our AI Hypercomputer architecture to deliver compelling value to our Google Cloud Platform AI customers.

We used Trillium TPUs to train the new Gemini 2.0, Google's most capable AI model yet, and now enterprises and startups alike can take advantage of the same powerful, efficient, and sustainable infrastructure. Today, Trillium is generally available for Google Cloud customers and this week we will be delivering our first large tranches of Trillium capacity to some of our biggest Google Cloud Platform customers.

Here are some of the key improvements that Trillium delivers over the prior generations, v5e and v5p:

  • Over 4x improvement in training performance.

  • Up to 3x increase in inference throughput.

  • A 67% increase in energy efficiency.

  • An impressive 4.7x increase in peak compute performance per chip.

  • Double the High Bandwidth Memory (HBM) capacity.

  • Double the Interchip Interconnect (ICI) bandwidth.

  • 100,000 Trillium chips per Jupiter network fabric with 13 Petabits/sec of bisection bandwidth, capable of scaling a single distributed training job to hundreds of thousands of accelerators.

  • Trillium provides up to 2.1x increase in performance per dollar over Cloud TPU v5e and up to 2.5x increase in performance per dollar over Cloud TPU v5p in training dense LLMs like Llama2-70b and Llama3.1-405b.

  • GKE integration enables seamless AI workload orchestration using Google Compute Engine MIGs including XPK for faster iterative development.

  • Multislice training with Trillium scales from one to hundreds of thousands of chips across pods using DCN.

  • Training and serving fungibility enables use of same Cloud TPU quota for both training and inference.

  • Support for collection scheduling with collection SLOs being defended.

  • Full-host VM support to enable inference support for larger models (70B+ parameters).

  • Official Libtpu releases that guarantees stability across all three frameworks (Jax/Pytorch-XLA/Tensorflow).

These enhancements enable Trillium to excel across a wide range of AI workloads, including:

  • Scaling AI training workloads like LLMs including dense and Mixture of Experts (MoE) models

  • Inference performance and collection scheduling

  • Embedding-intensive models acceleration

  • Delivering training and inference price-performance

Compute Engine

The A3 Edge accelerator-optimized machine type is no longer available in Turin, Italy: europe-west12-b. For a list of available regions and zones, see GPU regions and zones.

Container Optimized OS

cos-113-18244-236-77

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to v20241205.00.

Upgraded sys-apps/hwdata to v0.390.

Upgraded sys-apps/file to v5.46.

Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This should improve performance for some workloads.

Fixed CVE-2024-53136 in the Linux kernel.

Fixed CVE-2024-50191 in the Linux kernel.

Fixed CVE-2024-53135 in the Linux kernel.

Fixed CVE-2024-53121 in the Linux kernel.

Fixed CVE-2024-53113 in the Linux kernel.

Fixed CVE-2024-53119 in the Linux kernel.

Fixed CVE-2024-50186 in the Linux kernel.

cos-117-18613-75-72

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to v20241205.00.

Upgraded sys-apps/file to v5.46.

Upgraded sys-apps/hwdata to v0.390.

Disabled CONFIG_DEBUG_PREEMPT in the Linux kernel. This should improve performance for some workloads.

Fixed CVE-2024-50186 in the Linux kernel.

cos-105-17412-495-73

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Fixed CVE-2024-50191 in the Linux kernel.

Fixed CVE-2024-50186 in the Linux kernel.

cos-109-17800-372-71

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to v20241205.00.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-datastore

2.20.2 (2024-12-12)

Bug Fixes

Java

Changes for google-cloud-datastore

2.25.1 (2024-12-13)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (106ee4d)
Dependencies

2.25.0 (2024-12-11)

Features
  • Introduce java.time methods and variables (#1671) (5a78a80)
Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.48.0 (#1605) (5c6a678)
Documentation
  • Update gapic upgrade installation instructions (#1677) (b3fbfcc)
Google Kubernetes Engine

Cloud DNS additive VPC scope is now generally available on GKE clusters running version 1.28.3-gke.1430000 or later. You can now configure your GKE clusters to add GKE headless service entries to your Cloud DNS private zone visible from your VPC networks, on top of using Cloud DNS (cluster scope) as your GKE DNS provider.

To learn more, read Cloud DNS scopes for GKE.

Trillium, our sixth-generation TPU, is now generally available. Support is available for GKE Standard clusters in version 1.31.1-gke.1846000 or later, and Autopilot clusters in version 1.31.2-gke.1384000 or later. You can use TPU Trillium in the us-east5-b, europe-west4-a, us-east1-d, asia-northeast1-b, and us-south1-a zones.

To learn more, see Benefits of using TPU Trillium.

Cloud DNS additive VPC scope is now generally available on GKE clusters running version 1.28.3-gke.1430000 or later. You can now configure your GKE clusters to add GKE headless service entries to your Cloud DNS private zone visible from your VPC networks, on top of using Cloud DNS (cluster scope) as your GKE DNS provider.

To learn more, read Cloud DNS scopes for GKE.

Trillium, our sixth-generation TPU, is now generally available. Support is available for GKE Standard clusters in version 1.31.1-gke.1846000 or later, and Autopilot clusters in version 1.31.2-gke.1384000 or later. You can use TPU Trillium in the us-east5-b, europe-west4-a, us-east1-d, asia-northeast1-b, and us-south1-a zones.

To learn more, see Benefits of using TPU Trillium.

Identity and Access Management

Principal access boundary policies are generally available. You can use principal access boundary policies to limit the resources that a principal is eligible to access.

Organization Policy

Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.

This feature is available in General Availability.

Policy Intelligence

You can use Policy Simulator for principal access boundary policies to simulate changes to principal access boundary policies before you apply them. This feature is available in Preview.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.135.0 (2024-12-12)

Features
  • Introduce java.time variables and methods (#2271) (7edfd9c)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (0b0d52c)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.44.0 (#2270) (a5f70a9)
  • Update dependency com.google.cloud:google-cloud-core to v2.48.0 (#2263) (d7e5588)
  • Update dependency com.google.cloud:google-cloud-core to v2.49.0 (#2285) (cd94a19)
  • Update dependency com.google.cloud:google-cloud-storage to v2.45.0 (#2268) (80a09e6)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.0 (#2286) (0c0a1b9)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.29.0 (#2276) (54ef88d)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.29.1 (#2279) (de3c9e1)
  • Update googleapis/sdk-platform-java action to v2.51.0 (#2284) (0be820e)
Documentation
Resource Manager

Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.

This feature is available in General Availability.

Security Command Center

Security Command Center can now produce Cloud Infrastructure Entitlement Management (CIEM) misconfiguration findings for federated identities that are connected to your AWS environment through the AWS IAM Identity Center.

Detector for Container Threat Detection released to General Availability

Container Threat Detection, a built-in service available in Security Command Center Premium and Enterprise, has launched three new detectors to General Availability:

  • Execution: Container Escape: Detects when a process inside a container tries to break out of its isolation and interact with the host system or other containers.
  • Execution: Kubernetes Attack Tool Execution: Detects when a Kubernetes attack tool is run inside a container, indicating a potential attempt to exploit vulnerabilities in the Kubernetes environment.
  • Execution: Local Reconnaissance Tool Execution: Detects when a local reconnaissance tool is executed within a container, suggesting that an attacker is gathering information about the container environment, such as network configurations, active processes, or mounted file systems.

For more information, see Container Threat Detection detectors.

VPC Service Controls

General availability support for the following integration:

reCAPTCHA

Configuring allowlists for IP addresses is now available in GA. This feature lets you add the trusted IP addresses to an allowlist to exclude them from reCAPTCHA enforcement. For more information, see Configure an IP address allowlist.

December 15, 2024

Cloud Composer

When creating new environments in Google Cloud console, it's now required to explicitly select a service account for the environment. We recommend to create a user-managed service account and use it for Cloud Composer environments.

Google SecOps SOAR

Release 6.3.28 is currently in Preview.

December 14, 2024

Google SecOps SOAR

Release 6.3.27 is still in Preview.

December 13, 2024

Agent Assist

Agent Assist infobot offers support for new languages in GA.

Application Integration

Integration templates (Preview)

Save time and effort building integrations with integration templates. These pre-defined blueprints provide a starting point for common integration flows, allowing you to quickly create and customize integrations without starting from scratch.

For more information, see Templates.

Generate and view OpenAPI Specification (Preview)

You can now generate and view the OpenAPI Specification for any published integration that uses API triggers. This allows for greater understanding and analysis of your integration's API interactions.

For more information, see View OpenAPI Specification for your integration.

API trigger input and output variables

You can now set request and response payloads for an API trigger using trigger specific input and output variables. For more information, see API trigger.

Assured Workloads

The following products are now supported by the following control packages. See supported products for more information:

  • Apigee, Cloud Vision API, GKE Identity Service, Traffic Director, Vertex AI Search:
    • Australia Regions
    • Australia Regions with Assured Support
    • Brazil Regions
    • Canada Regions
    • Canada Regions and Support
    • Chile Regions
    • EU Regions
    • EU Regions and Support
    • Hong Kong Regions
    • India Regions
    • Indonesia Regions
    • Israel Regions
    • Israel Regions and Support
    • Japan Regions
    • Qatar Regions
    • Singapore Regions
    • South Africa Regions
    • South Korea Regions
    • Switzerland Regions
    • Taiwan Regions
    • UK Regions
    • US Regions
    • US Regions and Support
  • Spanner:
    • Australia Regions with Assured Support
    • Canada Regions and Support
    • EU Regions and Support
    • Israel Regions and Support
    • Japan Regions
    • US Regions and Support

The CJIS control package now supports the following products. See Supported products by control package for more information:

  • AlloyDB for PostgreSQL
  • Cloud Data Fusion
  • Cloud Vision API
  • Speech-to-Text
  • Vertex AI Search
  • Vertex AI Workbench Notebooks
Cloud Logging

Reporting of the "pending" status of the Ops Agent on the Cloud Monitoring VM Instances dashboard has been refined to include additional states. For more information, see Use VM Instances dashboard.

Cloud Monitoring

Reporting of the "pending" status of the Ops Agent on the Cloud Monitoring VM Instances dashboard has been refined to include additional states. For more information, see Use VM Instances dashboard.

Cloud NGFW

You can use network scopes to meet your security goals by using fewer firewall policy rules more efficiently. This feature is available in Preview. For more information, see Network scopes.

Cloud Run

The CPU allocation setting has been renamed to Billing in the Google Cloud console for Cloud Run services.

The two billing settings are:

  • Request-based billing (default), previously called CPU is only allocated during request processing, only charges your Cloud Run instances during request processing, container startup, and container shutdown.
  • Instance-based billing, previously called CPU always allocated, charges your Cloud Run instances for the entire lifecycle of instances, even when there are no incoming requests.

For more details, see the Billing settings guide.

Dialogflow

Dialogflow CX data stores: The following languages are now GA. See the language support page for details.

  • Arabic
  • Bengali
  • Bulgarian
  • Chinese Simplified
  • Chinese Traditional
  • Croatian
  • Czech
  • Estonian
  • Finnish
  • Hebrew
  • Hungarian
  • Japanese
  • Korean
  • Latvian
  • Lithuanian
  • Norwegian
  • Polish
  • Romanian
  • Russian
  • Serbian
  • Slovak
  • Slovenian
  • Swahili
  • Thai
  • Turkish
  • Ukrainian
  • Vietnamese
Google Cloud Managed Service for Apache Kafka

Google Cloud Managed Service for Apache Kafka now supports moving open source Kafka data to Google Cloud using various Dataflow templates. You can move Kafka data to Cloud Managed Service for Apache Kafka, BigQuery, and Cloud Storage. For more information about these data movement use cases, see Move Kafka data in Google Cloud.

Google Kubernetes Engine

GKE now provides insights and recommendations that help you identify and amend clusters running a minor version that reached end of standard support, clusters with nodes in violation of version skew policy, and clusters without a maintenance window to achieve reliable operations, up-to-date security posture and supportability.

The C4A machine family is generally available in the following versions:

  • Standard clusters in version 1.28.13-gke.1024000, 1.29.8-gke.1057000, 1.30.4-gke.1213000 or later. To use this family in GKE Standard, you can use the --machine-type flag when creating a cluster or node pool.

  • Autopilot clusters in 1.28.15-gke.1344000, 1.29.11-gke.1012000, 1.30.7-gke.1136000, 1.31.3-gke.1056000 or later. To use this family in GKE Autopilot, schedule your workloads along with the kubernetes.io/machine-family: c4a node selector. In versions 1.31 or above, the kubernetes.io/arch: arm64 node selector would default to C4A machine family.

Cluster autoscaler and node auto-provisioning are supported in 1.28.15-gke.1344000, 1.29.11-gke.1012000, 1.30.7-gke.1136000, 1.31.3-gke.1056000 or later.

Local SSD support is available for Public Preview from 1.31.1-gke.2008000. Contact your Account Team to participate in the preview.

GKE now provides insights and recommendations that help you identify and amend clusters running a minor version that reached end of standard support, clusters with nodes in violation of version skew policy, and clusters without a maintenance window to achieve reliable operations, up-to-date security posture and supportability.

The C4A machine family is generally available in the following versions:

  • Standard clusters in version 1.28.13-gke.1024000, 1.29.8-gke.1057000, 1.30.4-gke.1213000 or later. To use this family in GKE Standard, you can use the --machine-type flag when creating a cluster or node pool.

  • Autopilot clusters in 1.28.15-gke.1344000, 1.29.11-gke.1012000, 1.30.7-gke.1136000, 1.31.3-gke.1056000 or later. To use this family in GKE Autopilot, schedule your workloads along with the kubernetes.io/machine-family: c4a node selector. In versions 1.31 or above, the kubernetes.io/arch: arm64 node selector would default to C4A machine family.

Cluster autoscaler and node auto-provisioning are supported in 1.28.15-gke.1344000, 1.29.11-gke.1012000, 1.30.7-gke.1136000, 1.31.3-gke.1056000 or later.

Local SSD support is available for Public Preview from 1.31.1-gke.2008000. Contact your Account Team to participate in the preview.

Memorystore for Redis Cluster

AOF and RDB persistence are Generally Available. For more details, see Persistence overview.

Virtual Private Cloud

Private Service Connect service connectivity automation lets you automate connectivity to supported Google service instances that are located in a different project, folder, or organization than the service consumer (custom scope). This feature is available in General Availability.

December 12, 2024

AlloyDB for PostgreSQL

AlloyDB System insights offers a unified, customizable database monitoring dashboard that includes predefined metrics and other Google Cloud metrics. This feature is generally available (GA). For more information, see Create a custom dashboard.

BigQuery

Regional endpoints, which help you run your workloads in compliance with data residency and data sovereignty requirements, are now generally available (GA). With regional endpoints, your request traffic is routed directly to the region specified in the endpoint. For more information, see BigQuery regional endpoints.

You can now discover, procure, and commercialize your Analytics Hub listings on Google Cloud Marketplace to share data offerings at scale. This feature is in preview.

Bigtable

Bigtable is now supported by Database Center, which is in Preview. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. With this release, Database Center displays health issues for Bigtable availability and data protection. For more information, see Database health issues.

Cloud Asset Inventory

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Backup and DR
    • backupdr.googleapis.com/ManagementServer
  • Database Migration API
    • datamigration.googleapis.com/ConversionWorkspace
  • Google Kubernetes Engine
    • k8s.io/Endpoints
  • Security Command Center
    • securityposture.googleapis.com/Posture
    • securityposture.googleapis.com/PostureDeployment
  • Vertex AI
    • aiplatform.googleapis.com/NotebookRuntime
    • aiplatform.googleapis.com/NotebookRuntimeTemplate
Cloud Database Migration Service

Database Migration Service now supports MySQL minor version 8.0.40 for homogeneous MySQL migrations. For more information, see Supported source and destination databases in Cloud SQL for MySQL migrations.

Cloud Monitoring

You can now override the validation that checks for metric existence when you create a PromQL-based alerting policy. For more information, see Disable check for metric existence.

Text widgets can now link to sections of a dashboard and they can render variables. For more information, see the following documents:

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.126-debian10, 2.0.126-rocky8, 2.0.126-ubuntu18
  • 2.1.74-debian11, 2.1.74-rocky8, 2.1.74-ubuntu20, 2.1.74-ubuntu20-arm
  • 2.2.40-debian12, 2.2.40-rocky9, 2.2.40-ubuntu22

Dataproc on Compute Engine: Updated Dataproc Metastore (DPMS) gRPC proxy image version to v. 0.0.70

Dialogflow

Dialogflow CX: You can now configure an access token name in Dialogflow Messenger to store the end user's authentication when they sign in, and then use it as the bearer token for tool authentication. See the Dialogflow Messenger documentation for more information about enabling this feature.

Document AI

You can copy processor versions of pretrained-foundation-model-v1.2-2024-05-10 and pretrained-foundation-model-v1.3-2024-08-31 between projects by following the steps in Import a processor version.

Firestore

Firestore is supported by Database Center. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. Database Center displays the following health issue for Firestore:

  • No automated backup policy

For more information, see Database Center overview and database health issues.

Google Kubernetes Engine

(2024-R48) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

  • Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1080000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.6-gke.1125000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.

Stable channel

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1340000
    • 1.29.9-gke.1496000
    • 1.30.5-gke.1443001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.

Extended channel

  • Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1784000
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1080000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1836000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.

No channel

Starting with GKE version 1.33, clusters running cgroupv1 will automatically be upgraded to cgroupv2 unless you opt out first. For more information, see Migrate nodes to cgroupv2.

(2024-R48) Version updates

(2024-R48) Version updates

  • Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1080000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.6-gke.1125000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.

(2024-R48) Version updates

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1340000
    • 1.29.9-gke.1496000
    • 1.30.5-gke.1443001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.

(2024-R48) Version updates

  • Version 1.30.6-gke.1125000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1784000
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1080000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1836000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1159000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1227000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.6-gke.1125000 with this release.

(2024-R48) Version updates

Looker Studio

Updated Admin Console setting

The Let editors set owner's credentials for data source access setting has been renamed to Allow users in this org to be the credential owner for any data source. This setting now exhibits the following changes in behavior, which may be breaking for some users:

  • If a Looker Studio administrator turns off this setting, any existing data sources that have a data source owner within the organization and that were configured to use Owner's Credentials must use Viewer's Credentials. Users who don't have access to a data source's underlying data may lose access to any Looker Studio content that is based on that data source. Re-enabling this setting restores the original Owner's Credentials to those data sources.

Learn more about this setting.

New condition option for filters on date or time data type dimensions

Report editors can now specify a value and a unit of time for the following filter conditions with date or time data type dimensions:

  • Is in the Last
  • Is Before
  • Is On or After
  • Is Previous
  • Is This
  • Is Next
  • Is in the Month
  • Is in the Year

Learn more about filter conditions.

Looker connector filter enhancements

Looker data sources now support a Matches (advanced) filter option with date or time data type dimensions.

Learn more about the Looker connector.

Changes to New Search Ads 360 connector field names

These New Search Ads 360 connector fields were renamed to resolve a naming conflict:

  • The field previously named Conv. value is now named Client account conv. value.
  • The field previously named Conv. value / click is now named Client account conv. value / click.

The original Conv. value field remains unchanged and continues to be the correct field name.

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Memorystore for Redis

Memorystore for Redis is supported by Database Center. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. For more information, see Database Center overview and database health issues.

Memorystore for Redis Cluster

Cross-region replication is now Generally Available on Memorystore for Redis Cluster. This release includes Terraform support for cross-region replication on Memorystore for Redis Cluster.

Memorystore for Redis Cluster is supported by Database Center. Database Center is an AI-assisted dashboard that gives you one centralized view across your entire database fleet. For more information, see Database Center overview and database health issues.

Service Health

Personalized Service Health supports Backup and DR Service, Batch, Cloud Billing, Colab Enterprise, Document AI, Google Cloud VMware Engine, Hub, Migrate to Virtual Machines, Vertex AI Search, and Web Risk. See the updated list.

Spanner

Spanner now supports IDENTITY columns. IDENTITY columns lets you automatically generate unique integer values for key and non-key columns, and aligns with the ANSI standard. For more information, see IDENTITY columns.

December 11, 2024

BigQuery

You can now replicate a dataset from the source region to one or more other regions with cross-region dataset replication. This feature is now generally available (GA).

BigQuery Managed Disaster Recovery provides managed failover and redundant compute capacity for business-critical workloads. It is intended for use in the case of a total region outage and is supported with the BigQuery Enterprise Plus edition only. This feature is now generally available (GA).

You can now create remote models in BigQuery ML based on the gemini-2.0-flash-exp model in Vertex AI. To create remote models, you can use either SQL or BigQuery DataFrames.

You can use the ML.GENERATE_TEXT function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. You can also use the ML.GENERATE_TEXT function with these remote models to perform generative AI tasks, for example audio transcription or document classification, using image, video, audio, PDF, or text content stored in BigQuery object tables.

Try this feature by using either the Generate text by using the ML.GENERATE_TEXT function how-to topic, or the BigFrames Gemini 2.0 Text Generation Simple Example notebook.

This feature is in preview.

Bigtable

You can now enable row-affinity routing to let Bigtable automatically ensure that single-row requests for a given row are routed to the same cluster. This feature is generally available (GA).

You can now use the Google Cloud console to create and manage authorized views of your Bigtable tables.

You can now select a row in a Bigtable Studio query results table to view formatted row data. For more information, see Query your data with SQL in the query editor.

Cloud Asset Inventory

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Live Stream API
    • livestream.googleapis.com/Asset
    • livestream.googleapis.com/Channel
    • livestream.googleapis.com/Input
    • livestream.googleapis.com/Pool
Cloud Composer

In January 2025, we plan to release Cloud Composer 2 versions that will always use the environment's service account for performing PyPI packages installations:

  • New Cloud Composer 2 environments created in versions 2.10.2 and later will have this change. This change applies only to newly created environments, existing environments that are upgraded to 2.10.2 and later versions will not get this change.
  • Currently, Cloud Composer 2 environments use the default Cloud Build service account if it exists (and the environment's service account if it doesn't). Depending on the way Cloud Build is configured in your project, this might mean that the default Cloud Compute service account or the legacy Cloud Build service account might be used by your environment. We recommend to configure Cloud Build to adhere to the principle of least privilege.
  • Make sure to check the Cloud Build default service account change page for information about changes to the default Cloud Build service account.
  • Cloud Composer 3 environments already use the environment's service account, and are not impacted by this change.

(Cloud Composer 3) It is now possible to upgrade an environment if the [sentry]sentry_on Airflow configuration option is set to true.

Cloud Composer no longer adds any missing IAM permissions to the Cloud Storage bucket when it is used to create an environment with a custom environment's bucket. Make sure that the environment's service account has permissions from the Composer Worker role on the bucket.

The COMPOSER_AGENT_BUILD_SERVICE_ACCOUNT environment variable is changed to reserved. This change improves the security of Cloud Composer environments.

Increased allowed timeouts when detecting tasks stuck in the "queued" state during the Airflow worker liveness check. This change makes it less likely that checks will incorrectly fail in specific scenarios. This change is gradually rolled out to all regions supported by Cloud Composer.

(Cloud Composer 2) Airflow worker liveness check configuration was changed to be consistent with the configuration used in Cloud Composer 3. In particular, this change increases the timeout, giving the liveness check more time to detect unhealthy Airflow workers. This change is gradually rolled out to all regions supported by Cloud Composer.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.4 (default)
  • composer-3-airflow-2.9.3-build.11

New images are available in Cloud Composer 2:

  • composer-2.10.1-airflow-2.10.2 (default)
  • composer-2.10.1-airflow-2.9.3

Cloud Composer version 2.5.3 has reached its end of support period.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

C3 bare metal instances are available in the following additional zones:

  • c3-highcpu-192-metal: asia-southeast1-a and c, europe-west4-c, us-east1-d, us-east4-c, us-east5-a, us-west1-a and b

  • c3-standard-192-metal: europe-west1-b and c, europe-west4-b and c, us-east1-d, us-east4-a, us-west1-a and b

  • c3-highmem-192-metal: europe-west4-c, us-east4-a and c, us-west1-a and b

Generative AI on Vertex AI

The Gemini 2.0 Flash (gemini-2.0-flash-exp) model is Generally available for grounded answer generation with RAG. This model is tuned to address context-based question and answering tasks. For more information, see Ground responses for Gemini models.

Google Cloud Architecture Center Google Distributed Cloud (software only) for bare metal

Release 1.28.1300-gke.59

Google Distributed Cloud for bare metal 1.28.1300-gke.59 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1300-gke.59 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following container image security vulnerabilities have been fixed in 1.28.1300-gke.59:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Policy Intelligence

You can use Policy Simulator for deny policies to simulate changes to deny policies before you apply them. This feature is available in Preview.

VPC Service Controls

VPC Service Controls feature: Support for using identity groups in the ingress and egress rules to allow access to resources protected by a service perimeter is generally available.

For more information, see Configure identity groups and third-party identities in ingress and egress rules.

Virtual Private Cloud

Private Service Connect port mapping is available in General Availability. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.

reCAPTCHA

reCAPTCHA Mobile SDK v18.7.0-beta01 is now available for iOS.

This version contains the following changes:

  • Mitigation for an issue that caused a crash after updating to v18.6.0.
  • Public API is moved to Swift along with support for Objective-C.
  • New integration architecture with RecaptchaInterop for Firebase clients.

December 10, 2024

Apigee Integrated Portal

On December 10, 2024, we released a new version of the Apigee integrated portal.

Bug ID Description
381086551 Fixed an issue that caused the page list view to fail for some portals with large numbers of pages.
Apigee X

On December 10, 2024, we released an updated version of Apigee (1-14-0-apigee-2).

Bug ID Description
357880539 Resolved issue with missing span in the Apigee UI for distributed trace.
237656263 Resolved issue with ServiceCallout policy not working in async mode as expected.
N/A Updates to security infrastructure and libraries.
Cloud SQL for MySQL

Cloud SQL now offers notifications for maintenance that's either started or completed. See the Overview of maintenance on Cloud SQL instances. To find out how to sign up for notifications and check your instances for upcoming maintenance, see Find and set maintenance windows.

Cloud SQL for PostgreSQL

Cloud SQL now offers notifications for maintenance that's either started or completed. See the Overview of maintenance on Cloud SQL instances. To find out how to sign up for notifications and check your instances for upcoming maintenance, see Find and set maintenance windows.

Cloud SQL for SQL Server

Cloud SQL now offers notifications for maintenance that's either started or completed. See the Overview of maintenance on Cloud SQL instances. To find out how to sign up for notifications and check your instances for upcoming maintenance, see Find and set maintenance windows.

Cloud Service Mesh

As part of the Per-cluster entitlement to GKE Enterprise, a GKE cluster needs to have its cluster_tier set to ENTERPRISE in order for that cluster to be considered GKE Enterprise.

Existing clusters and new clusters can follow Update an existing cluster's tier and Enroll a new cluster respectively to make a cluster enterprise.

Clusters created or registered before November 2024 that use GKE Enterprise as part of their fleet membership are automatically enterprise-tier clusters. This is a billing announcement only, Cloud Service Mesh features don't change.

Colab Enterprise

Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, now includes error fixing in Preview. Gemini in Colab Enterprise can suggest fixes when your code produces errors. For more information, see Fix errors.

To enable and activate Gemini in Colab Enterprise features, see Set up Gemini in Colab Enterprise.

Compute Engine

Generally available: Instance flexibility in a managed instance group (MIG) lets you configure multiple machine types in the group. This can improve resource availability for applications that require large-scale capacity and high-demand hardware. Support for Terraform has also been added. For more information, see About instance flexibility in MIGs.

Config Connector

Config Connector version 1.126.0 is now available.

Config Connector system management CRDs ControllerReconciler and NamespacedControllerReconciler are promoted to Beta. See how to configure the Controller manager rate limit.

New Beta resources (direct reconciler)

Use BigQueryConnectionConnection to provide the IAM Service Account

  • IAMPolicyMember

    • Added spec.memberFrom.bigQueryConnectionConnectionRef
    • See an example on IAMPolicyMember use BigqueryConectionConnection "cloudSQL"

  • IAMPartialPolicy

    • Added spec.memberFrom.bigQueryConnectionConnectionRef.

New Alpha Resources

Config Controller

Config Controller now uses the following versions of its included products:

Generative AI on Vertex AI

Imagen 3 image generation models Generally Available to all users

Imagen 3 image generation models are now available to all users without requiring prior approval. These include the following image generation models:

  • imagen-3.0-generate-001
  • imagen-3.0-fast-generate-001 (low latency model)

Prior image generation models (imagegeneration@006, imagegeneration@005, imagegeneration@002) still require approval to use.

For more information, see Imagen on Vertex AI model versions and lifecycle and Generate images using text prompts.

Imagen 3 Customization model Generally Available to approved users

Imagen 3 Customization model is now available to approved users. This includes the following model:

  • imagen-3.0-capability

Imagen 3 Customization lets you guide image generation by providing reference images (few-shot learning). Imagen 3 Customization lets you customize generated images for the following feature categories:

Imagen 3 editing model Generally Available to approved users

The Imagen 3 Editing model is now available to approved users. This includes the following model:

  • imagen-3.0-capability

This model offers the following additional features:

  • Inpainting - Add or remove content from a masked area of an image
  • Outpainting - Expand a masked area of an image
  • Product image editing - Identify and maintain a primary product while changing the background or product position

For more information, see Model versions.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.400-gke.133 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.400-gke.133 runs on Kubernetes v1.30.6-gke.300.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

The following vulnerabilities are fixed in 1.30.400-gke.133:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.400-gke.133

Google Distributed Cloud for bare metal 1.30.400-gke.133 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.400-gke.133 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated snapshots to include new information, including: kubelet config, CPU manager state, and memory manager state.

  • Updated the bmctl push images command to check for the existence of an image digest to determine whether or not to push an image.

  • Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

Fixes:

  • Fixed the issue where non-root users can't run bmctl restore to restore quorum.

  • Fixed an issue where CronJob specs for periodic health checks weren't updated to reflect cluster annotation changes.

  • Fixed an issue that blocked user cluster create and upgrade operations to patch versions 1.30.100, 1.30.200, or 1.30.300. This issue applies only when kubectl or a GKE On-Prem API client (console, gcloud CLI, or Terraform) is used for user cluster creation and upgrades.

The following container image security vulnerabilities have been fixed in 1.30.400-gke.133:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

(2024-R47) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.3-gke.1006000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1041000
    • 1.28.15-gke.1080000
    • 1.28.15-gke.1159000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1071000
    • 1.29.10-gke.1155000
    • 1.29.10-gke.1227000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
    • 1.30.6-gke.1059000
    • 1.30.6-gke.1125000
    • 1.31.1-gke.2105000
    • 1.31.2-gke.1354000
    • 1.31.2-gke.1384000
    • 1.31.2-gke.1518000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.6-gke.1596000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.3-gke.1006000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.3-gke.1006000 with this release.

Regular channel

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1340000
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1496000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1443001
    • 1.31.1-gke.1846000
    • 1.31.1-gke.2008000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

Stable channel

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1099000
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.

Extended channel

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1681000
    • 1.27.16-gke.1742000
    • 1.27.16-gke.2019000
    • 1.28.14-gke.1340000
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1496000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1443001
    • 1.31.1-gke.1846000
    • 1.31.1-gke.2008000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1784000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

No channel

(2024-R47) Version updates

  • Version 1.31.3-gke.1006000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1020000
    • 1.28.15-gke.1041000
    • 1.28.15-gke.1080000
    • 1.28.15-gke.1159000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1071000
    • 1.29.10-gke.1155000
    • 1.29.10-gke.1227000
    • 1.30.5-gke.1699000
    • 1.30.5-gke.1713000
    • 1.30.6-gke.1059000
    • 1.30.6-gke.1125000
    • 1.31.1-gke.2105000
    • 1.31.2-gke.1354000
    • 1.31.2-gke.1384000
    • 1.31.2-gke.1518000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.6-gke.1596000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.3-gke.1006000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.6-gke.1596000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.3-gke.1006000 with this release.

(2024-R47) Version updates

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1340000
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1496000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1443001
    • 1.31.1-gke.1846000
    • 1.31.1-gke.2008000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

(2024-R47) Version updates

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1099000
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.

(2024-R47) Version updates

  • Version 1.30.5-gke.1699000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1681000
    • 1.27.16-gke.1742000
    • 1.27.16-gke.2019000
    • 1.28.14-gke.1340000
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1496000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1443001
    • 1.31.1-gke.1846000
    • 1.31.1-gke.2008000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1784000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

(2024-R47) Version updates

Security Command Center

AI summaries of attack paths are disabled in Security Command Center

Effective December 13, 2024, the preview of Gemini AI-generated summaries of Security Command Center attack paths is discontinued. The summaries are no longer available in the Google Cloud console.

For more information, see Gemini features in Security Command Center.

December 09, 2024

AlloyDB for PostgreSQL

The Perform a vector search tutorial describes how to set up and perform a vector search in AlloyDB for PostgreSQL. You can learn how to perform K-nearest neighbor (KNN) and approximate nearest-neighbor (ANN) with a ScaNN vector index.

App Engine standard environment Go

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment Java

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment Node.js

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment PHP

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment Python

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

App Engine standard environment Ruby

Custom organization policies for Serverless VPC Access connectors are now generally available, and can be applied to projects, folders, or organizations.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.65.0 (2024-12-05)

Features
  • bigquery/reservation: Add a new field is_flat_rate to .google.cloud.bigquery.reservation.v1.CapacityCommitment to distinguish between flat rate and edition commitments (8dedb87)
  • bigquery/reservation: Add the managed disaster recovery API(https (8dedb87)
  • bigquery: Expose IsCaseInsensitive for dataset metadata (#11216) (364b639)
  • bigquery: Support IAM conditions in datasets (#11123) (d93c2d9)
Bug Fixes
Documentation
  • bigquery/reservation: Clarify that Autoscale.current_slots in message .google.cloud.bigquery.reservation.v1.Reservation can temporarily be larger than Autoscale.max_slots if users reduce Autoscale.max_slots (8dedb87)
  • bigquery/reservation: Update comment for slot_capacity in message .google.cloud.bigquery.reservation.v1.Reservation to provide more clarity about reservation baselines, committed slots and autoscaler SKU charges when the baseline exceeds committed slots (8dedb87)
  • bigquery/reservation: Update comments for commitment_start_time and commitment_end_time in message .google.cloud.bigquery.reservation.v1.CapacityCommitment to provide details on how these values are affected by commitment renewal (8dedb87)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.49.0 (2024-12-03)

Features
  • Add support for table deletion protection (#2430) (687b6df)
Bug Fixes
  • Allow factory to export to different projects (#2374) (06b912c)
  • Send priming requests on the channel directly (#2435) (b76698d)
Cloud Run

You can now create custom organization policies for Serverless VPC Access connectors and apply them to projects, folders, or organizations (GA).

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.48.0 (2024-12-05)

Features
  • storage/dataflux: Run worksteal listing parallel to sequential listing (#10966) (3005f5a)
  • storage: Add Writer.ChunkTransferTimeout (#11111) (fd1db20)
  • storage: Allow non default service account (#11137) (19f01c3)
Bug Fixes
  • storage: Add backoff to gRPC write retries (#11200) (a7db927)
  • storage: Correct direct connectivity check (#11152) (a75c8b0)
  • storage: Disable soft delete policy using 0 retentionDurationSeconds (#11226) (f087721)
  • storage: Retry SignBlob call for URL signing (#11154) (f198452)

Python

Changes for google-cloud-storage

2.19.0 (2024-11-21)

Features
  • Add integration test for universe domain (#1346) (02a972d)
  • Add restore_bucket and handling for soft-deleted buckets (#1365) (ab94efd)
  • Add support for restore token (#1369) (06ed15b)
  • IAM signBlob retry and universe domain support (#1380) (abc8061)
Bug Fixes
  • Allow signed post policy v4 with service account and token (#1356) (8ec02c0)
  • Do not spam the log with checksum related INFO messages when downloading using transfer_manager (#1357) (42392ef)
Compute Engine

Fixed the issue causing incorrect detection of CPU load on T2D machine series VMs in managed instance groups (MIGs). This issue affected MIG autoscaling based on CPU utilization in projects that were created before June 18, 2023.

Container Optimized OS

cos-dev-121-18779-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.63 v24.0.9 v2.0.0 See List

Upgraded app-admin/fluent-bit to v3.2.1.

Upgraded sys-apps/makedumpfile to v1.7.6.

Upgraded app-containers/cni-plugins to v1.6.0.

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2464.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2955.

Upgraded chromeos-base/shill-client to v0.0.1-r4782.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2811.

Upgraded chromeos-base/debugd-client to v0.0.1-r2720.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r651.

Upgraded chromeos-base/minijail to v18-r158.

Upgraded dev-libs/nss to v3.107.

Upgraded sys-apps/gentoo-functions to v1.7.3.

Upgraded dev-libs/expat to v2.6.4.

Upgraded dev-db/sqlite to v3.47.0-r1.

Upgraded net-libs/libnetfilter_conntrack to v1.1.0.

Upgraded sys-apps/less to v668.

Upgraded sys-libs/libcap to v2.71.

Upgraded net-dns/c-ares to v1.34.3.

Upgraded sys-apps/pv to v1.9.0.

Upgraded sys-libs/libseccomp to v2.5.5-r2.

Upgraded net-misc/socat to v1.8.0.1.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded app-admin/sudo to v1.9.16_p1.

Upgraded sys-process/lsof to v4.99.4.

Updated the Linux kernel to v6.6.63.

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681.

Runtime sysctl changes:

  • Changed: fs.file-max: 811752 -> 811802

cos-105-17412-495-69

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer.

Upgraded dev-libs/libgcrypt to v1.10.1-r3. Fixes CVE-2024-2236.

Fixed CVE-2024-50278 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

cos-117-18613-75-66

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Fixed CVE-2024-50278 in the Linux kernel.

Fixed CVE-2024-50140 in the Linux kernel.

Fixed CVE-2024-50140 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811804 -> 811763

cos-113-18244-236-70

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Fixed CVE-2024-50278 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812026

cos-109-17800-372-69

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Upgraded cos-gpu-installer to v2.4.6: Support NVIDIA_H200 GPU in cos-gpu-installer

Support NVIDIA_H200 GPU - Added support for the R560 series, including driver versions 560.35.03. Added support for the R550 series, including driver versions 550.127.05 and 550.90.12. Assigned the latest, default, and R560 tags to driver version 560.35.03. Assigned the R550 tag to driver version 550.127.05.

Fixed CVE-2024-50278 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812265

Data Catalog

You can now transition your Data Catalog content and usage to Dataplex Catalog. For more information, see Transition from Data Catalog to Dataplex Catalog.

Dataplex

You can now transition your Data Catalog content and usage to Dataplex Catalog. For more information, see Transition from Data Catalog to Dataplex Catalog.

Datastream

Datastream now supports binary log reader as a CDC method for Oracle sources. The feature is in Preview.

For more information, see the Datastream documentation.

Google Cloud Architecture Center

(New guide) Stream logs from Google Cloud to Datadog: Provides an architecture to send log event data from across your Google Cloud ecosystem to Datadog Log Management. The architecture is accompanied by a deployment guide.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • 1Password Audit Events (Identity and Access Management)
  • Advanced Intrusion Detection Environment (Alert)
  • Airlock Digital Application Allowlisting (Application Whitelisting)
  • Akamai DNS (DNS)
  • Amazon VPC Transit Gateway Flow Logs (Network)
  • Apache Tomcat (Web server)
  • Appian Cloud (Collaboration log types)
  • AppOmni (SAAS Security Application)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS CloudWatch (Cloud service monitoring)
  • AWS Elastic Load Balancer (AWS Specific)
  • AWS GuardDuty (IDS/IPS)
  • AWS Network Firewall (Firewall)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS S3 Server Access (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD Directory Audit (Audit)
  • Azure AD Organizational Context (LDAP)
  • Azure API Management (Schema)
  • Azure App Service (SAAS)
  • Azure Application Gateway (GATEWAY)
  • Azure Firewall (Azure Firewall Application Rule)
  • Azure Key Vault logging (Audit)
  • Azure SQL (Database)
  • Barracuda WAF (Firewall)
  • Barracuda Web Filter (Webfilter)
  • BeyondTrust BeyondInsight (Privileged Account Activity)
  • BeyondTrust Endpoint Privilege Management (Privileged Account Activity)
  • BIND (DNS)
  • BloxOne Threat Defense (DNS)
  • Blue Coat Proxy (Web Proxy)
  • Cato Networks (NDR)
  • Check Point (Firewall)
  • Ciena Router logs (Application server logs)
  • Cisco ACS (Authentication)
  • Cisco APIC (Software-defined Networking (SDN))
  • Cisco Call Manager (NETWORKING)
  • Cisco DNA Center Platform (Network Management and Optimization)
  • Cisco Email Security (Email Server)
  • Cisco EStreamer (Network Monitoring)
  • Cisco Firepower NGFW (Firewall)
  • Cisco FireSIGHT Management Center (SaaS Application)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco ISE (Identity and Access Management)
  • Cisco Router (Switches, Routers)
  • Cisco Secure Workload (AV and Endpoint)
  • Cisco Stealthwatch (Log Aggregator)
  • Cisco Switch (Switches, Routers)
  • Cisco TACACS+ (Authentication)
  • Cisco VPN (VPN)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloudflare (SaaS Application)
  • Colinet Trotta GAUS SEGUROS (Alert)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • CrowdStrike Falcon Stream (Alerts)
  • CrowdStrike Filevantage (IT infrastructure)
  • Cyber 2.0 IDS (IDS)
  • Cyberark Privilege Cloud (Identity & Access Management)
  • CyberArk Privileged Access Manager (PAM) (CyberArk Privileged Access Manager)
  • Cybereason EDR (EDR)
  • Darktrace (NDR)
  • Dell CyberSense (Data Security)
  • Dell EMC PowerStore (DATA STORAGE)
  • Druva Backup (Security)
  • Duo Administrator Logs (Authentication)
  • Duo Auth (Authentication)
  • EfficientIP DDI (Network)
  • ExtraHop RevealX (Firewall IDS/IPS)
  • F5 Advanced Firewall Management (Firewall)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • F5 VPN (VPN)
  • FingerprintJS (Vulnerability scanners)
  • FireEye eMPS (Email server log types.)
  • FireEye HX (EDR)
  • Forcepoint DLP (Forcepoint DLP)
  • Forcepoint NGFW (Network)
  • Forcepoint Proxy (Web Proxy)
  • Forescout NAC (NAC)
  • ForgeRock OpenAM (Identity and Access Management)
  • Forgerock OpenIdM (DATA SECURITY)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • Fortinet Switch (Switches and Routers)
  • GitHub (SaaS Application)
  • Guardicore Centra (Deception Software)
  • Hashicorp Vault (Privileged Account Activity)
  • HCNET Account Adapter Plus (DHCP)
  • IBM MaaS360 (Security)
  • IBM Security Access Manager (WAF)
  • IBM z/OS (OS)
  • Illumio Core (Policy Management)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Attack Analytics (WAF)
  • Ingrian Networks DataSecure Appliance (System and Audit Logs)
  • Intel 471 Malware Intelligence (``)
  • ISC DHCP (DHCP)
  • Jenkins (Automation and DevOps)
  • Journald (Log Aggregation and SIEM Systems)
  • Juniper (Firewall)
  • Juniper Mist (Network Management and Optimization software)
  • Juniper MX Router (Routers and Switches)
  • Keeper Enterprise Security (Security)
  • Kubernetes Audit Azure (Log Aggregator)
  • Lacework Cloud Security (Cloud Security)
  • Lenel Onguard Badge Management (Access Control System)
  • Linux Auditing System (AuditD) (OS)
  • Linux Sysmon (DNS)
  • ManageEngine Log360 (Alert Log)
  • Maria Database (Database)
  • McAfee ePolicy Orchestrator (Policy Management)
  • McAfee Web Gateway (Web Proxy)
  • Microsoft AD (LDAP)
  • Microsoft AD FS (LDAP)
  • Microsoft Azure Activity (Misc Windows Specific)
  • Microsoft Azure NSG Flow (Network Flow)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender Endpoint for iOS Logs (``)
  • Microsoft Defender for Endpoint (EDR)
  • Microsoft PowerShell (Misc. Windows-specific)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Mikrotik Router (Router)
  • Mimecast (Email Server)
  • MISP Threat Intelligence (Cybersecurity)
  • Mobile Endpoint Security (Mobile Endpoint Security)
  • Mobileiron (ENDPOINT MANAGEMENT)
  • NetApp BlueXP (Security)
  • Nozomi Networks Scada Guardian (Network Monitoring)
  • Office 365 (SaaS Application)
  • Okta (Identity and Access Management)
  • OpenVPN (Network)
  • Opnsense (Firewall and Routing Platform)
  • Opswat Metadefender (Threat Protection)
  • Oracle (DATABASE)
  • Oracle Cloud Infrastructure Audit Logs (Oracle Cloud Infrastructure)
  • Oracle Fusion (SaaS Application)
  • Oracle WebLogic Server (Web server logs)
  • Palo Alto Cortex XDR Alerts (NDR)
  • Palo Alto Prisma Cloud (SECURITY PLATFORM)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Ping Federate (Authentication)
  • Ping Identity (Authentication)
  • Ping One (NA)
  • PingIdentity Directory Server Logs (Security)
  • Precisely Ironstream IBM z/OS (ZOS)
  • ProFTPD (Web Server)
  • Proofpoint Observeit (Email Server)
  • Proofpoint On Demand (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Proofpoint Tap Forensics (Email Server)
  • Quest Active Directory (Authentication log)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Remediant SecureONE (Privileged Account Activity)
  • Salesforce (SaaS Application)
  • SAP Sybase Adaptive Server Enterprise Database (Database)
  • Security Command Center Posture Violation (Google Cloud Specific)
  • Security Command Center Threat (Google Cloud Specific)
  • Security Command Center Toxic Combination (Google Cloud Specific)
  • Sentinelone Alerts (Endpoint Security)
  • Shibboleth IDP (Identity and Access Management)
  • Snare System Diagnostic Logs (Security)
  • Snipe-IT (SaaS Applications)
  • Snort (IDS/IPS)
  • SonicWall (Firewall)
  • Squid Web Proxy (Web Proxy)
  • STIX Threat Intelligence (Cybersecurity Threats)
  • Suricata EVE (IPS IDS)
  • Symantec CloudSOC CASB (CASB)
  • Symantec DLP (DLP)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Symantec Event export (SEP)
  • Symantec Web Security Service (Web Proxy)
  • Sysdig (Security)
  • Tailscale (CASB)
  • Tanium Threat Response (Tanium Specific)
  • TeamViewer (Remote Support)
  • Tenable CSPM (Cloud Security)
  • Tenable Security Center (Vulnerability Scanner)
  • Thales Luna Hardware Security Module (THALES_LUNA_HSM specific)
  • Trellix HX Event Streamer (Cybersecurity)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Trend Micro Vision One Workbench (Schema)
  • TrendMicro Deep Discovery Inspector (Physical and virtual network)
  • Tripwire (DLP)
  • TXOne Stellar (AV and Endpoint logs)
  • UberAgent (Security)
  • Unix system (OS)
  • UpGuard (Vulnerability scanners)
  • Upstream Vehicle SOC Alerts (Schema)
  • URLScan IO (Vulnerability scanners)
  • Veeam (Backup software)
  • VMware AirWatch (Wireless)
  • VMware Horizon (VDI)
  • VMware vCenter (Server)
  • VMWare VSphere (virtualization)
  • VPC Flow Logs (Google Cloud Specific)
  • Wallix Bastion (Privileged Account Activity)
  • WindChill (Lifecycle Management Software)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace ChromeOS Devices (Google Cloud Specific)
  • Zimperium (Mobile Device Management)
  • Zoom Operation Logs (Operation-Specific)
  • Zscaler (Web Proxy)
  • Zscaler DLP (Data Loss Prevention)
  • ZScaler DNS (DNS)
  • ZScaler NGFW (Firewall)
  • Zscaler NSS Feeds for Alerts (Alert log types)
  • Zscaler Private Access (Security Service Edge)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Arize Cloud (ARIZE_CLOUD)
  • Aware Audit (AWARE_AUDIT)
  • Aware Signals (AWARE_SIGNALS)
  • Azure PostgreSQL (AZURE_POSTGRESQL)
  • Cisco Umbrella Firewall (CISCO_UMBRELLA_FIREWALL)
  • Cisco Umbrella IPS (CISCO_UMBRELLA_IPS)
  • Cisco Umbrella SWG DLP (CISCO_UMBRELLA_SWG_DLP)
  • CyberArk Secure Cloud Access (CYBERARK_SCA)
  • DBT Cloud (DBT_CLOUD)
  • Delinea Distributed Engine (DELINEA_DISTRIBUTED_ENGINE)
  • Delinea PBA (DELINEA_PBA)
  • Dtex Audit (DTEX_AUDIT)
  • Featurespace Aric (FEATURESPACE_ARIC)
  • Forcepoint One (FORCEPOINT_ONE)
  • Genesys Audit (GENESYS_AUDIT)
  • Hex (HEX)
  • Linkshadow NDR (LINKSHADOW_NDR)
  • Nightfall DLP (NIGHTFALL)
  • Palo Alto Cortex IIS (PAN_CORTEX_XDR_IIS)
  • Relativity (RELATIVITY)
  • Retool (RETOOL)
  • Saturn Cloud (SATURN_CLOUD)
  • SecurityBridge (SECURITY_BRIDGE)
  • TACACS Plus (TACACS_PLUS)
  • Transmit Security FlexID (TRANSMIT_FLEXID)
  • Unifi Router (UNIFI_ROUTER)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • 1Password Audit Events (Identity and Access Management)
  • Advanced Intrusion Detection Environment (Alert)
  • Airlock Digital Application Allowlisting (Application Whitelisting)
  • Akamai DNS (DNS)
  • Amazon VPC Transit Gateway Flow Logs (Network)
  • Apache Tomcat (Web server)
  • Appian Cloud (Collaboration log types)
  • AppOmni (SAAS Security Application)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS CloudWatch (Cloud service monitoring)
  • AWS Elastic Load Balancer (AWS Specific)
  • AWS GuardDuty (IDS/IPS)
  • AWS Network Firewall (Firewall)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS S3 Server Access (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD Directory Audit (Audit)
  • Azure AD Organizational Context (LDAP)
  • Azure API Management (Schema)
  • Azure App Service (SAAS)
  • Azure Application Gateway (GATEWAY)
  • Azure Firewall (Azure Firewall Application Rule)
  • Azure Key Vault logging (Audit)
  • Azure SQL (Database)
  • Barracuda WAF (Firewall)
  • Barracuda Web Filter (Webfilter)
  • BeyondTrust BeyondInsight (Privileged Account Activity)
  • BeyondTrust Endpoint Privilege Management (Privileged Account Activity)
  • BIND (DNS)
  • BloxOne Threat Defense (DNS)
  • Blue Coat Proxy (Web Proxy)
  • Cato Networks (NDR)
  • Check Point (Firewall)
  • Ciena Router logs (Application server logs)
  • Cisco ACS (Authentication)
  • Cisco APIC (Software-defined Networking (SDN))
  • Cisco Call Manager (NETWORKING)
  • Cisco DNA Center Platform (Network Management and Optimization)
  • Cisco Email Security (Email Server)
  • Cisco EStreamer (Network Monitoring)
  • Cisco Firepower NGFW (Firewall)
  • Cisco FireSIGHT Management Center (SaaS Application)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco ISE (Identity and Access Management)
  • Cisco Router (Switches, Routers)
  • Cisco Secure Workload (AV and Endpoint)
  • Cisco Stealthwatch (Log Aggregator)
  • Cisco Switch (Switches, Routers)
  • Cisco TACACS+ (Authentication)
  • Cisco VPN (VPN)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloudflare (SaaS Application)
  • Colinet Trotta GAUS SEGUROS (Alert)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • CrowdStrike Falcon Stream (Alerts)
  • CrowdStrike Filevantage (IT infrastructure)
  • Cyber 2.0 IDS (IDS)
  • Cyberark Privilege Cloud (Identity & Access Management)
  • CyberArk Privileged Access Manager (PAM) (CyberArk Privileged Access Manager)
  • Cybereason EDR (EDR)
  • Darktrace (NDR)
  • Dell CyberSense (Data Security)
  • Dell EMC PowerStore (DATA STORAGE)
  • Druva Backup (Security)
  • Duo Administrator Logs (Authentication)
  • Duo Auth (Authentication)
  • EfficientIP DDI (Network)
  • ExtraHop RevealX (Firewall IDS/IPS)
  • F5 Advanced Firewall Management (Firewall)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • F5 VPN (VPN)
  • FingerprintJS (Vulnerability scanners)
  • FireEye eMPS (Email server log types.)
  • FireEye HX (EDR)
  • Forcepoint DLP (Forcepoint DLP)
  • Forcepoint NGFW (Network)
  • Forcepoint Proxy (Web Proxy)
  • Forescout NAC (NAC)
  • ForgeRock OpenAM (Identity and Access Management)
  • Forgerock OpenIdM (DATA SECURITY)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • Fortinet Switch (Switches and Routers)
  • GitHub (SaaS Application)
  • Guardicore Centra (Deception Software)
  • Hashicorp Vault (Privileged Account Activity)
  • HCNET Account Adapter Plus (DHCP)
  • IBM MaaS360 (Security)
  • IBM Security Access Manager (WAF)
  • IBM z/OS (OS)
  • Illumio Core (Policy Management)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Attack Analytics (WAF)
  • Ingrian Networks DataSecure Appliance (System and Audit Logs)
  • Intel 471 Malware Intelligence (``)
  • ISC DHCP (DHCP)
  • Jenkins (Automation and DevOps)
  • Journald (Log Aggregation and SIEM Systems)
  • Juniper (Firewall)
  • Juniper Mist (Network Management and Optimization software)
  • Juniper MX Router (Routers and Switches)
  • Keeper Enterprise Security (Security)
  • Kubernetes Audit Azure (Log Aggregator)
  • Lacework Cloud Security (Cloud Security)
  • Lenel Onguard Badge Management (Access Control System)
  • Linux Auditing System (AuditD) (OS)
  • Linux Sysmon (DNS)
  • ManageEngine Log360 (Alert Log)
  • Maria Database (Database)
  • McAfee ePolicy Orchestrator (Policy Management)
  • McAfee Web Gateway (Web Proxy)
  • Microsoft AD (LDAP)
  • Microsoft AD FS (LDAP)
  • Microsoft Azure Activity (Misc Windows Specific)
  • Microsoft Azure NSG Flow (Network Flow)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender Endpoint for iOS Logs (``)
  • Microsoft Defender for Endpoint (EDR)
  • Microsoft PowerShell (Misc. Windows-specific)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Mikrotik Router (Router)
  • Mimecast (Email Server)
  • MISP Threat Intelligence (Cybersecurity)
  • Mobile Endpoint Security (Mobile Endpoint Security)
  • Mobileiron (ENDPOINT MANAGEMENT)
  • NetApp BlueXP (Security)
  • Nozomi Networks Scada Guardian (Network Monitoring)
  • Office 365 (SaaS Application)
  • Okta (Identity and Access Management)
  • OpenVPN (Network)
  • Opnsense (Firewall and Routing Platform)
  • Opswat Metadefender (Threat Protection)
  • Oracle (DATABASE)
  • Oracle Cloud Infrastructure Audit Logs (Oracle Cloud Infrastructure)
  • Oracle Fusion (SaaS Application)
  • Oracle WebLogic Server (Web server logs)
  • Palo Alto Cortex XDR Alerts (NDR)
  • Palo Alto Prisma Cloud (SECURITY PLATFORM)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Ping Federate (Authentication)
  • Ping Identity (Authentication)
  • Ping One (NA)
  • PingIdentity Directory Server Logs (Security)
  • Precisely Ironstream IBM z/OS (ZOS)
  • ProFTPD (Web Server)
  • Proofpoint Observeit (Email Server)
  • Proofpoint On Demand (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Proofpoint Tap Forensics (Email Server)
  • Quest Active Directory (Authentication log)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Remediant SecureONE (Privileged Account Activity)
  • Salesforce (SaaS Application)
  • SAP Sybase Adaptive Server Enterprise Database (Database)
  • Security Command Center Posture Violation (Google Cloud Specific)
  • Security Command Center Threat (Google Cloud Specific)
  • Security Command Center Toxic Combination (Google Cloud Specific)
  • Sentinelone Alerts (Endpoint Security)
  • Shibboleth IDP (Identity and Access Management)
  • Snare System Diagnostic Logs (Security)
  • Snipe-IT (SaaS Applications)
  • Snort (IDS/IPS)
  • SonicWall (Firewall)
  • Squid Web Proxy (Web Proxy)
  • STIX Threat Intelligence (Cybersecurity Threats)
  • Suricata EVE (IPS IDS)
  • Symantec CloudSOC CASB (CASB)
  • Symantec DLP (DLP)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Symantec Event export (SEP)
  • Symantec Web Security Service (Web Proxy)
  • Sysdig (Security)
  • Tailscale (CASB)
  • Tanium Threat Response (Tanium Specific)
  • TeamViewer (Remote Support)
  • Tenable CSPM (Cloud Security)
  • Tenable Security Center (Vulnerability Scanner)
  • Thales Luna Hardware Security Module (THALES_LUNA_HSM specific)
  • Trellix HX Event Streamer (Cybersecurity)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Trend Micro Vision One Workbench (Schema)
  • TrendMicro Deep Discovery Inspector (Physical and virtual network)
  • Tripwire (DLP)
  • TXOne Stellar (AV and Endpoint logs)
  • UberAgent (Security)
  • Unix system (OS)
  • UpGuard (Vulnerability scanners)
  • Upstream Vehicle SOC Alerts (Schema)
  • URLScan IO (Vulnerability scanners)
  • Veeam (Backup software)
  • VMware AirWatch (Wireless)
  • VMware Horizon (VDI)
  • VMware vCenter (Server)
  • VMWare VSphere (virtualization)
  • VPC Flow Logs (Google Cloud Specific)
  • Wallix Bastion (Privileged Account Activity)
  • WindChill (Lifecycle Management Software)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace ChromeOS Devices (Google Cloud Specific)
  • Zimperium (Mobile Device Management)
  • Zoom Operation Logs (Operation-Specific)
  • Zscaler (Web Proxy)
  • Zscaler DLP (Data Loss Prevention)
  • ZScaler DNS (DNS)
  • ZScaler NGFW (Firewall)
  • Zscaler NSS Feeds for Alerts (Alert log types)
  • Zscaler Private Access (Security Service Edge)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Arize Cloud (ARIZE_CLOUD)
  • Aware Audit (AWARE_AUDIT)
  • Aware Signals (AWARE_SIGNALS)
  • Azure PostgreSQL (AZURE_POSTGRESQL)
  • Cisco Umbrella Firewall (CISCO_UMBRELLA_FIREWALL)
  • Cisco Umbrella IPS (CISCO_UMBRELLA_IPS)
  • Cisco Umbrella SWG DLP (CISCO_UMBRELLA_SWG_DLP)
  • CyberArk Secure Cloud Access (CYBERARK_SCA)
  • DBT Cloud (DBT_CLOUD)
  • Delinea Distributed Engine (DELINEA_DISTRIBUTED_ENGINE)
  • Delinea PBA (DELINEA_PBA)
  • Dtex Audit (DTEX_AUDIT)
  • Featurespace Aric (FEATURESPACE_ARIC)
  • Forcepoint One (FORCEPOINT_ONE)
  • Genesys Audit (GENESYS_AUDIT)
  • Hex (HEX)
  • Linkshadow NDR (LINKSHADOW_NDR)
  • Nightfall DLP (NIGHTFALL)
  • Palo Alto Cortex IIS (PAN_CORTEX_XDR_IIS)
  • Relativity (RELATIVITY)
  • Retool (RETOOL)
  • Saturn Cloud (SATURN_CLOUD)
  • SecurityBridge (SECURITY_BRIDGE)
  • TACACS Plus (TACACS_PLUS)
  • Transmit Security FlexID (TRANSMIT_FLEXID)
  • Unifi Router (UNIFI_ROUTER)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Identity and Access Management

Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.

You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor) or Owner (roles/owner) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.

Organization Policy

Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.

You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor) or Owner (roles/owner) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.45.3 (2024-12-04)

Bug Fixes
  • pubsub: Convert stream ack deadline seconds from duration (#11214) (b2b05e4)

1.45.2 (2024-12-03)

Bug Fixes
  • pubsub/pstest: Make invalid filter return error instead of panic (#11087) (45e1ce7)
  • pubsub: Only init batch span if trace enabled (#11193) (f843d50)
  • pubsub: Use official semconv variable whenever possible (#10904) (1ce4b6d)
Documentation
  • pubsub: MinExtensionPeriod defaults to 60 seconds (#10791) (cc88fe1)
Resource Manager

Using IAM attributes in custom organization policies is generally available. For more information, see Use custom organization policies.

You can use the iam.managed.preventPrivilegedBasicRolesForDefaultServiceAccounts managed organization policy constraint to prevent default service accounts from being granted the Editor (roles/editor) or Owner (roles/owner) roles. For more information, see Prevent the Owner and Editor role from being granted to default service accounts.

SAP on Google Cloud

New SAP HANA certification: 24 TB and 32TB X4 bare metal machine types for OLAP workloads

SAP has certified the Compute Engine x4-megamem-1440-metal and x4-megamem-1920-metal machine types for use with SAP HANA OLAP workloads in scale-out configurations with up to 8 nodes.

For more information, see X4 memory-optimized bare metal machine types.

Security Command Center

When activating the Security Command Center Enterprise tier, you now have the option to connect Security Command Center to an existing Google Security Operations instance or provision a new instance. For more information, see Activate the Security Command Center Enterprise tier.

Service Health

Personalized Service Health supports Application Integration, BigQuery Data Transfer Service, Cloud Tasks, Cloud Workstations, Google Cloud NetApp Volumes, Dataform, and Integration Connectors. See the updated list.

Vertex AI Agent Builder

Vertex AI Agent Builder: Grounding is available in more languages (GA with allowlist)

The grounded generation API supports more than 35 languages.

This feature is available to select Google Cloud customers (GA with allowlist). For general information about grounding, see Generate grounded answers with RAG. For available languages, see Languages.

Vertex AI Agent Builder: Additional inputs for generating grounded answers (GA with allowlist)

You can specify a language code and a latitude-longitude value when making calls to the grounded generation API.

If the language can't be determined from the query, then the language code is used to set the language for the answer. If the language code is not present, then the latitude-longitude value is used to set the language.

The latitude-longitude value is also used to answer location-related queries, such as "restaurants near me".

This feature is available to select Google Cloud customers (GA with allowlist). For more information, see Generate grounded answers with RAG.

December 08, 2024

Google SecOps SOAR

Release Notes 6.3.27 is in Preview.

In order to align with our flagship Google SecOps platform, we are unifying our themes. The SOAR platform will now offer two themes: gray (default) and light.

Release 6.3.26 is now in General Availability.

December 06, 2024

Cloud Logging

Editing Log Analytics charts that are saved to a dashboard directly in the Dashboards page is now generally available (GA).

Firestore Generative AI on Vertex AI

A vulnerability was discovered in the Vertex AI API serving Gemini multimodal requests, allowing bypass of VPC Service Controls. For details, see the Security bulletins page.

Google Cloud Architecture Center

(New guide) Infrastructure for a RAG-capable generative AI application using Vertex AI and Vector Search: Describes how to design infrastructure for a generative AI application with retrieval-augmented generation (RAG) by using Vector Search.

Google Cloud Architecture Framework: Performance optimization: Major update to align the recommendations with core principles of performance optimization.

Looker

Starting on December 9, 2024, default permissions for OAuth authentication to BigQuery connections are limited to read-only for Looker instances on Looker 24.20+.

On March 1, 2025, Looker will sign out any users with read and write scopes from all corresponding BigQuery connections. This will cause any schedules dependent on these connections to fail. Each of these users will need to reauthorize their OAuth connection credentials in order to ensure uninterrupted schedule delivery. For more information, see the Restricting OAuth scope to read-only for Google BigQuery connections article.

Organization Policy Resource Manager Secret Manager

Parameter Manager, an extension to the Secret Manager service, is available in Preview. You can use Parameter Manager to store, access, and manage the lifecycle of your workload parameters. For more information, see Parameter Manager overview.

Sensitive Data Protection

The current default DATE_OF_BIRTH infoType detection model, which is available when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy.

The old detection model that was previously available by setting InfoType.version to legacy is no longer available.

December 05, 2024

AlloyDB for PostgreSQL

The AlloyDB database performance snapshot reports feature is generally available (GA).This feature lets you improve your database performance by using a report that compares snapshots of system metrics between two different points in time. For more information, see Optimize database performance by comparing performance snapshots.

Anthos Config Management

Hierarchy Controller is no longer available to install. Config Sync upgrades are blocked if Hierarchy Controller is still configured. To continue using similar functionality, migrate from Hierarchy Controller to Hierarchical Namespace Controller before you upgrade Config Sync.

Improved the manual installation process for Config Sync. When you install Config Sync manually using kubectl (not recommended), Config Sync is now deployed directly without relying on the Config Management Operator. This change results in simplified architecture and reduced resource use on your cluster. If you manually installed Config Sync using kubectl, follow the guide to uninstall the Config Management Operator before you upgrade.

When you use Config Sync to manage configurations that are stored in OCI repositories (such as Artifact Registry), you can now enhance your security posture with custom signature verification. Config Sync integrates with your existing signature verification server deployed as a Kubernetes admission webhook, which helps ensure only trusted OCI images are used in your deployments. See the Sync OCI artifacts guide for setup instructions.

Introduced a new field for stopping and resuming syncing. This field is available on clusters with Config Sync auto-upgrades or with Config Sync version 1.20.0. The new field makes it easier to pause syncing by setting the spec.configSync.stopSyncing field to true.

To optimize resource use, Config Sync installations managed through Fleet no longer include the ConfigManagement Operator or the ConfigManagement CRD. These components are automatically removed when you upgrade to version 1.20.0 or later. This change reduces Config Sync's resource consumption in your cluster. See Config Sync architecture for details.

Upgraded the git-sync dependency from v4.2.4 to v4.3.0 to pick up a fix for lingering Git lock files and other vulnerability fixes.

Fixed a bug that prevented the applyset.kubernetes.io/part-of label from being correctly removed from managed objects when they were no longer managed by Config Sync. This fix improves the accuracy of label information.

Fixed an issue that could cause sync delays due to retry backoff problems. This fix helps ensure more timely and consistent updates to your clusters.

Certificate Manager

Certificate Manager has passed HIPAA compliance validation and is listed as a covered product in HIPPA compliance on Google Cloud.

Cloud Composer

New Cloud Composer 3 environments can now be created in VPC SC. This feature is gradually rolled out to all regions supported by Cloud Composer.

Improved Airflow worker liveness checks to detect workers with unexpected idle task slots. This feature improves the stability of Airflow by better detection of unhealthy Airflow workers. This feature is gradually rolled out to all regions supported by Cloud Composer.

Long log entries now have proper task instance annotations.

(Cloud Composer 3) KubernetesPodOperator now works when the do_xcom_push parameter is set to True.

(Cloud Composer 2) If an upgrade operation fails, Cloud Composer 2 now restores the environment with the correct number of triggers.

The maximum limit on the database size during upgrades in Cloud Composer 3 is now the same as the limit for snapshots (20 GB).

(New Cloud Composer 3 environments) Increased the maximum number of internet connections that each Airflow worker can support at the same time.

(Cloud Composer 2 only) It is now possible to upgrade an environment if the [sentry]sentry_on Airflow configuration option is set to true.

Fixed the issue in the environment's component responsible for uploading the logs of Airflow components to Cloud Logging. This bug sometimes lead to a situation where Cloud Composer-level log might be missing for an Airflow component. The same log was still available on the Kubernetes-component level.

(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-google package was upgraded to version 10.26.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.25.0 to version 10.26.0.

(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 10.0.1 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 9.0.1 to version 10.0.1.

The aiohttp package was downgraded from 3.11.0 to 3.10.11.

(Available without upgrading) Fixed an issue where Airflow workers sometimes generated incomplete or unreadable output.

The default version of Airflow is changed to 2.10.2.

Airflow 2.7.3 is no longer included in Cloud Composer images and builds.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.3 (default)
  • composer-3-airflow-2.9.3-build.10

New images are available in Cloud Composer 2:

  • composer-2.10.0-airflow-2.10.2 (default)
  • composer-2.10.0-airflow-2.9.3

Cloud Composer version 2.5.2 has reached its end of support period.

Cloud SQL for MySQL

Cloud SQL Enterprise Plus edition now supports the following regions:

  • africa-south1 (Johannesburg)
  • asia-east2 (Hong Kong)
  • europe-west10 (Berlin)
Cloud SQL for PostgreSQL

Cloud SQL Enterprise Plus edition now supports the following regions:

  • africa-south1 (Johannesburg)
  • asia-east2 (Hong Kong)
  • europe-west10 (Berlin)
Cloud SQL for SQL Server

Cloud SQL Enterprise Plus edition now supports the following regions:

  • africa-south1 (Johannesburg)
  • asia-east2 (Hong Kong)
  • europe-west10 (Berlin)
Firestore

You can monitor performance using client-side traces in Java and Node.js. This feature is in Preview.

Looker Studio

Looker Studio Labs

Learn the fundamentals of Looker Studio and Looker Studio Pro by using these Cloud Skills Boost Labs:

New Conversational Analytics guide

A new educational resource is available in Looker Studio to guide you through how to use Conversational Analytics, a Gemini in Looker feature.

Select Create > Conversation to get started.

Autogenerated titles for charts

When you enable the Show title option for a chart, Looker Studio automatically generates a chart title by default. The title is based on both the chart type and the fields that are used. You can add a custom title to a chart by entering it into the Title field.

More data from New Search Ads 360

You can visualize the following fields using the New Search Ads 360 connector:

  • Conversions (by conv. time)
  • All conv. rate
  • Cost / client account conv.
  • Google Ads Auction-time bidding
  • Currency code

December 04, 2024

Cloud Composer

Scheduled snapshots are available in Cloud Composer 3. This feature will be gradually rolled out to all regions supported by Cloud Composer 3.

Cloud Composer 2 is now available in Mexico (northamerica-south1).

Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.40. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Container Optimized OS

cos-117-18613-75-60

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Upgraded sys-apps/makedumpfile to v1.7.6.

Upgraded containerd from 1.7.23 to 1.7.24.

Upgraded sys-process/lsof to v4.99.4.

Upgraded net-misc/socat to v1.8.0.1.

Upgraded sys-apps/less to v668.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.

Fixed CVE-2024-50142 in the Linux kernel.

Fixed CVE-2024-50182 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

Fixed CVE-2024-53042 in the Linux kernel.

Fixed CVE-2024-50271 in the Linux kernel.

Fixed CVE-2024-50279 in the Linux kernel.

Fixed CVE-2024-50195 in the Linux kernel.

Fixed CVE-2024-50272 in the Linux kernel.

Fixed CVE-2024-50194 in the Linux kernel.

Fixed CVE-2024-50275 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-53054 in the Linux kernel.

Fixed CVE-2024-50169 in the Linux kernel.

Fixed CVE-2024-50063 in the Linux kernel.

Fixed CVE-2024-53082 in the Linux kernel.

Fixed CVE-2024-50151 in the Linux kernel.

Fixed CVE-2024-50163 in the Linux kernel.

Fixed CVE-2024-50162 in the Linux kernel.

Fixed CVE-2024-53066 in the Linux kernel.

Fixed CVE-2024-50060 in the Linux kernel.

Fixed CVE-2024-50228 in the Linux kernel.

Fixed CVE-2024-50258 in the Linux kernel.

Fixed CVE-2024-50257 in the Linux kernel.

Fixed CVE-2024-50262 in the Linux kernel.

Fixed CVE-2024-50147 in the Linux kernel.

Fixed KCTF-6ca5753 in the Linux kernel.

Fixed CVE-2024-50251 in the Linux kernel.

Fixed CVE-2024-50249 in the Linux kernel.

Fixed CVE-2024-50226 in the Linux kernel.

Fixed CVE-2024-50143 in the Linux kernel.

Fixed CVE-2024-50153 in the Linux kernel.

Fixed CVE-2024-50223 in the Linux kernel.

Fixed CVE-2024-50222 in the Linux kernel.

Fixed CVE-2024-50099 in the Linux kernel.

Fixed CVE-2024-50215 in the Linux kernel.

Fixed CVE-2024-50152 in the Linux kernel.

Fixed CVE-2024-50154 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811800 -> 811804

cos-109-17800-372-64

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Upgraded sys-apps/makedumpfile to v1.7.6.

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Upgraded containerd from 1.7.23 to 1.7.24.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded sys-process/lsof to v4.99.4.

Upgraded sys-apps/less to v668.

Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.

Fixed CVE-2024-53042 in the Linux kernel.

Fixed CVE-2024-50195 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

Fixed CVE-2024-50279 in the Linux kernel.

Fixed CVE-2024-50271 in the Linux kernel.

Fixed CVE-2024-50272 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-53054 in the Linux kernel.

Fixed CVE-2024-53082 in the Linux kernel.

Fixed CVE-2024-50151 in the Linux kernel.

Fixed CVE-2024-50142 in the Linux kernel.

Fixed CVE-2024-50163 in the Linux kernel.

Fixed CVE-2024-53066 in the Linux kernel.

Fixed CVE-2024-50162 in the Linux kernel.

Fixed CVE-2024-50060 in the Linux kernel.

Fixed CVE-2024-50072 in the Linux kernel.

Fixed CVE-2024-50257 in the Linux kernel.

Fixed CVE-2024-50228 in the Linux kernel.

Fixed KCTF-6ca5753 in the Linux kernel.

Fixed CVE-2024-50147 in the Linux kernel.

Fixed CVE-2024-50251 in the Linux kernel.

Fixed CVE-2024-50036 in the Linux kernel.

Fixed CVE-2024-50143 in the Linux kernel.

Fixed CVE-2024-50099 in the Linux kernel.

Fixed CVE-2024-50101 in the Linux kernel.

Fixed CVE-2024-49948 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

Fixed CVE-2024-49952 in the Linux kernel.

Fixed CVE-2024-49949 in the Linux kernel.

Fixed CVE-2024-49946 in the Linux kernel.

Fixed CVE-2024-50153 in the Linux kernel.

Fixed CVE-2024-50262 in the Linux kernel.

Fixed CVE-2024-49927 in the Linux kernel.

Fixed CVE-2024-49878 in the Linux kernel.

Fixed CVE-2024-50154 in the Linux kernel.

Fixed CVE-2024-50046 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812261 -> 812253

cos-113-18244-236-64

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to 20241121.00. This enables intent based NIC naming scheme.

Upgraded sys-apps/makedumpfile to v1.7.6.

Upgraded containerd from 1.7.23 to 1.7.24.

Upgraded sys-process/lsof to v4.99.4.

Upgraded sys-apps/less to v668.

Upgraded net-misc/socat to v1.8.0.1.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.

Fixed CVE-2024-50036 in the Linux kernel.

Fixed CVE-2024-50272 in the Linux kernel.

Fixed CVE-2024-50279 in the Linux kernel.

Fixed CVE-2024-53042 in the Linux kernel.

Fixed CVE-2024-50271 in the Linux kernel.

Fixed CVE-2024-50195 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

Fixed CVE-2024-50141 in the Linux kernel.

Fixed CVE-2024-53054 in the Linux kernel.

Fixed CVE-2024-53082 in the Linux kernel.

Fixed CVE-2024-50151 in the Linux kernel.

Fixed CVE-2024-50142 in the Linux kernel.

Fixed CVE-2024-50163 in the Linux kernel.

Fixed CVE-2024-50162 in the Linux kernel.

Fixed CVE-2024-53066 in the Linux kernel.

Fixed CVE-2024-50060 in the Linux kernel.

Fixed CVE-2024-50072 in the Linux kernel.

Fixed CVE-2024-50251 in the Linux kernel.

Fixed CVE-2024-50262 in the Linux kernel.

Fixed CVE-2024-49927 in the Linux kernel.

Fixed CVE-2024-50257 in the Linux kernel.

Fixed CVE-2024-50153 in the Linux kernel.

Fixed KCTF-6ca5753 in the Linux kernel.

Fixed CVE-2024-50147 in the Linux kernel.

Fixed CVE-2024-50143 in the Linux kernel.

Fixed CVE-2024-50101 in the Linux kernel.

Fixed CVE-2024-50099 in the Linux kernel.

Fixed CVE-2024-50154 in the Linux kernel.

Fixed CVE-2024-50215 in the Linux kernel.

Fixed CVE-2024-49878 in the Linux kernel.

Fixed CVE-2024-50228 in the Linux kernel.

Fixed CVE-2024-49949 in the Linux kernel.

Fixed CVE-2024-49948 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811954 -> 812030.

cos-105-17412-495-62

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Upgraded sys-apps/makedumpfile to v1.7.6.

Upgraded sys-process/lsof to v4.99.4.

Upgraded app-shells/dash to v0.5.12-r1.

Upgraded cos-gpu-installer to v2.4.4. This fixes an issue where GPU drivers that only have two numeric version components could not be loaded.

Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.

Updated net-misc/curl to v8.11.0. This fixes CVE-2024-9681. Added duphandle-init-netrc.patch, netrc-large-file.patch, setopt-http_content_decoding.patch to fix regression issues in curl v8.11.0.

Fixed CVE-2024-50279 in the Linux kernel.

Fixed CVE-2024-50192 in the Linux kernel.

Fixed CVE-2024-50195 in the Linux kernel.

Fixed CVE-2024-50151 in the Linux kernel.

Fixed CVE-2024-50142 in the Linux kernel.

Fixed CVE-2024-50163 in the Linux kernel.

Fixed CVE-2024-50162 in the Linux kernel.

Fixed CVE-2024-53066 in the Linux kernel.

Fixed CVE-2024-50072 in the Linux kernel.

Fixed CVE-2024-50099 in the Linux kernel.

Fixed CVE-2024-50257 in the Linux kernel.

Fixed CVE-2024-50251 in the Linux kernel.

Fixed CVE-2024-50262 in the Linux kernel.

Fixed CVE-2024-49946 in the Linux kernel.

Fixed KCTF-6ca5753 in the Linux kernel.

Fixed CVE-2024-38538 in the Linux kernel.

Fixed CVE-2024-50036 in the Linux kernel.

Fixed CVE-2024-50143 in the Linux kernel.

Fixed CVE-2024-50153 in the Linux kernel.

Fixed CVE-2024-50154 in the Linux kernel.

Fixed CVE-2024-50228 in the Linux kernel.

Fixed CVE-2024-49878 in the Linux kernel.

Fixed CVE-2024-49927 in the Linux kernel.

Fixed CVE-2024-49949 in the Linux kernel.

Fixed CVE-2024-49948 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812699 -> 812685

Vertex AI Agent Builder

Vertex AI Search: Boost controls for media recommendations (Public preview)

Boost controls are used to affect the order in which recommendations are listed. Boost controls use filters on string and boolean values in the schema data to determine what media content to boost or bury. The boost value (-1 to 1) determines whether the content should be placed lower (buried) or higher (boosted) in the list of recommendations returned.

Boost controls are attached to serving configs and applied to recommend method calls.

The boost feature is in public preview and is available through the API. For more information about the feature, see Boost and bury media recommendations.

Vertex AI Search: gemini-1.5-flash-002-high-fidelity model (Public preview)

The gemini-1.5-flash-002-high-fidelity model is available for grounded answer generation with RAG. This model is based on the gemini-1.5-flash-002 model and has been further tuned to address context-based question and answering tasks. This model is suitable for specialized industries, such as financial services, healthcare, and insurance.

This model is available in Public preview.

For more information, see High fidelity models.