Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

June 07, 2023

Cloud Data Fusion

Zendesk plugins version 1.2.0 is available in the Cloud Data Fusion Hub. The following changes are included in version 1.2.0:

Cloud Load Balancing

The global external HTTP(S) load balancer now supports a configurable client HTTP Keepalive Timeout. The client HTTP keepalive timeout represents the maximum amount of time that a TCP connection can be idle between the (downstream) client and the target HTTP/S proxy.

For details, see

This capability is available in Preview.

Cloud SQL for SQL Server

You can now import and export differential database backups. This can help you import and export data more frequently, reducing migration downtime.

Cloud Spanner

Fine-grained access control is now available for PostgreSQL-dialect databases. For more information, see About fine-grained access control.

Google Kubernetes Engine

(2023-R12) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.25.8-gke.1000 is now the default version in the Stable channel.
  • Version 1.21.14-gke.18100 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.18800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.18800 with this release.

Regular channel

  • Version 1.24.13-gke.2500 is now available in the Regular channel.
  • Version 1.24.12-gke.500 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.1000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.8000
    • 1.23.17-gke.2000
    • 1.23.17-gke.3600
    • 1.24.13-gke.2500
    • 1.25.8-gke.1000
    • 1.26.4-gke.500
    • 1.26.4-gke.1400
    • 1.27.1-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.5600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.14-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.9-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.9-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.2-gke.1200 with this release.

(2023-R12) Version updates

(2023-R12) Version updates

  • Version 1.25.8-gke.1000 is now the default version in the Stable channel.
  • Version 1.21.14-gke.18100 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.18800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.18800 with this release.

(2023-R12) Version updates

  • Version 1.24.13-gke.2500 is now available in the Regular channel.
  • Version 1.24.12-gke.500 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.1000 with this release.

(2023-R12) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.8000
    • 1.23.17-gke.2000
    • 1.23.17-gke.3600
    • 1.24.13-gke.2500
    • 1.25.8-gke.1000
    • 1.26.4-gke.500
    • 1.26.4-gke.1400
    • 1.27.1-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.5600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.14-gke.1200 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.9-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.9-gke.2300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.2-gke.1200 with this release.
Vertex AI

PaLM Text and Embeddings APIs, and Generative AI Studio

The Generative AI support on Vertex AI is now available in (GA). With this feature launch, you can leverage the PaLM API to generate AI models that you can test, tune, and deploy in your AI-powered applications. With the GA of these features, you will incur usage costs if you use the text-bison and textembedding-gecko PaLM APIs. To learn about pricing, see the Vertex AI pricing page.

Features and models in this release include:

  • PaLM 2 for Text: text-bison
  • Embedding for Text: textembedding-gecko
  • Generative AI Studio for Language

Vertex AI Model Garden

The Vertex AI Model Garden is now available in (GA). The Model Garden is a platform that helps you discover, test, customize, and deploy Vertex AI and select OSS models. These models range from tunable to task-specific - all available on the Model Garden page in the Google Cloud console.

To get started, see Explore AI models and APIs in Model Garden.

Vertex AI Codey APIs

The Vertex AI Codey APIs are now in (Preview). With the Codey API, code generation, code completion, and code chat APIs can be used from any GCP project without allowlisting. The APIs can be accessed from the us-central1 region. The Codey APIs can be used in the Generative AI studio or programmatically in REST commands.

To get started, see the Code models overview.

June 06, 2023

Access Transparency

Access Transparency supports Memorystore for Redis in the GA stage.

Anthos clusters on AWS

Security bulletin

A new vulnerability (CVE-2023-2878) has been discovered in the secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. For more information, see the GCP-2023-009 security bulletin.

Anthos clusters on Azure

Security bulletin

A new vulnerability (CVE-2023-2878) has been discovered in the secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. For more information, see the GCP-2023-009 security bulletin.

Anthos clusters on VMware

Security bulletin

A new vulnerability (CVE-2023-2878) has been discovered in the secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. The severity of this Security Bulletin is None. For more information, see the GCP-2023-009 security bulletin.

Chronicle

The following changes are available in the Unified Data Model.

New fields were added to Entity, called risk_score and metric.

A new field was added to EntityMetadata, called event_metadata.

The following new types were added to Entity:

  • EntityRisk
  • Metric
  • RiskDelta
  • Metric.Measure

The following new types were added to Event:

  • AttackDetails
  • ExifInfo
  • FileMetadataCodesign
  • FileMetadataPE
  • FileMetadataSignatureInfo
  • PDFInfo
  • SignatureInfo
  • X509
  • AttackDetails.Tactic
  • AttackDetails.Technique
  • SecurityResult.Association
  • SecurityResult.Association.AssociationAlias
  • SecurityResult.Source
  • SecurityResult.ProviderMLVerdict
  • SecurityResult.AnalystVerdict
  • SecurityResult.Verdict

The following new enumerated types were added to Entity:

  • Metric.AggregateFunction
  • Metric.Dimension
  • Metric.MetricName
  • Relation.EntityLabel

The following new enumerated types were added to Event:

  • Process
  • TokenElevationType
  • SecurityResult.VerdictResponse
  • SecurityResult.Association.AssociationType

New field added to Relation, called entity_label.

New value added to EntityMetadata.EntityType, called METRIC.

New fields added to Event.Metadata called log_type, base_labels, enrichment_labels.

New fields added to Noun, called security_result and network.

New fields added to SecurityResult, called risk_score, attack_details, first_discovered_time, associations, campaigns, and verdicts.

New fields added to File, called pe_file, tags, last_analysis_time, embedded_urls, embedded_domains, embedded_ips, exif_info, signature_info, pdf_info.

New field added to Process, called integrity_level_rid and token_elevation_type.

New fields added to SignerInfo, called status, valid_usage, cert_issuer.

The Resource.id field was deprecated. Use resource.name or resource.product_object_id instead.

The following values were added to the EventTypes enumerated type:

  • DEVICE_FIRMWARE_UPDATE
  • DEVICE_CONFIG_UPDATE
  • DEVICE_PROGRAM_UPLOAD
  • DEVICE_PROGRAM_DOWNLOAD

The following additional values were added to the ApplicationProtocol enumerated type:

  • CIP
  • COTP
  • DNP3
  • DICOM
  • GOOSE
  • IEC104
  • MMS
  • PTP
  • SNMP
  • SV

New values added to the Network.IpProtocol enumerated type, called ICMP and SCTP.

For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.

Cloud Billing

Use folders and organizations in budgets: When you set up budgets for your Cloud Billing account, you can set the budget's scope to one or more folders or organizations that are linked to your account, in addition to the current options for specific projects and labels.

When you create a budget that applies to a folder or organization, the budget also covers future projects that you create in the folder or organization.

Learn about creating and modifying budgets for your Cloud Billing account.

Compute Engine

For MIGs that have T2D machine series VMs, autoscaling based on CPU utilization doesn't work as expected. For more details, see Known issues.

Google Kubernetes Engine

A new vulnerability (CVE-2023-1872) has been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-008.

A new vulnerability (CVE-2023-2878) has been discovered in the secrets-store-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. On GKE, the severity is None. For more information, see the GCP-2023-009 security bulletin.

Memorystore for Redis

Access Transparency is now Generally Available for Memorystore for Redis.

Migrate to Virtual Machines

Generally available: The Estimated cut-over time field is now generally available. This field gives an estimate of the time it takes to complete a cut-over job for a VM once the cut-over is triggered. This field is populated only for an active VM that has completed a few replication cycles.

Storage Transfer Service

We discovered a security vulnerability in the Storage Transfer Service agent container. We've fixed this issue with a container update that is more secure.

If you're running agents that were installed on or before February 17, 2023, you should follow the instructions in the Action required email sent to your account email address to update the container image.

Agents installed after February 17, 2023 do not need to be updated.

June 05, 2023

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL is now available in the following regions:

  • us-east5 (Columbus)
  • us-south1 (Dallas)

For more information, see AlloyDB Locations.

Anthos Attached Clusters

This release includes the following Anthos attached clusters platform versions:

  • 1.24.0-gke.4
  • 1.25.0-gke.4
  • 1.26.0-gke.2

This release fixes the following vulnerability:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions:

  • 1.24.13-gke.500
  • 1.25.8-gke.500
  • 1.26.4-gke.2200

This release fixes the following vulnerability:

For information about the latest known issues, see Known issues for Anthos clusters on AWS.

Security bulletin

A new vulnerability (CVE-2023-1872) has been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-008.

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions:

  • 1.24.13-gke.500
  • 1.25.8-gke.500
  • 1.26.4-gke.2200

This release fixes the following vulnerability:

Known issues:

For information about the latest known issues, see Known issues for Anthos clusters on Azure.

Security bulletin

A new vulnerability (CVE-2023-1872) has been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-008.

Anthos clusters on VMware

Known issue

If you create a version 1.13.8 or version 1.14.4 admin cluster, or upgrade an admin cluster to version 1.13.8 or 1.14.4, the kind cluster pulls the following container images from docker.io:

  • docker.io/kindest/kindnetd
  • docker.io/kindest/local-path-provisioner
  • docker.io/kindest/local-path-helper

If docker.io isn't accessible from your admin workstation, the admin cluster creation or upgrade fails to bring up the kind cluster.

This issue affects the following versions of Anthos clusters on VMware:

  • 1.14.4
  • 1.13.8

For more information, including a workaround, see kind cluster pulls container images from docker.io on the Known issues page.

Security bulletin

A new vulnerability (CVE-2023-1872) has been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-008.

Apigee hybrid

ANNOUNCEMENT

hybrid v1.9.3

On June 5, 2023 we released an updated version of the Apigee hybrid software, v1.9.3.

Bug ID Description
284488296 Removed an unneeded Workload Identify on the Cassandra Schema Validation cron job.
Bug ID Description
273800965 Security fix for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerability:
273800345, 281572616 Security fixes for apigee-diagnostics-collector, apigee-mart-server, apigee-mint-task-scheduler, apigee-runtime, apigee-synchronizer, and apigee-udca.
This addresses the following vulnerabilities:
273801301 Security fixes for apigee-mart-server and apigee-runtime.
This addresses the following vulnerability:
283826216 Security fixes for apigee-ingressgateway.
This addresses the following vulnerabilities:
283826785 Security fixes for istiod.
This addresses the following vulnerabilities:
281561243 Security fix for apigee-diagnostics-collector, apigee-mint-task-scheduler, apigee-runtime, and apigee-synchronizer.
This addresses the following vulnerability:
Batch

Batch is available in the following regions:

  • asia-east2 (Hong Kong)
  • europe-central2 (Warsaw)
  • us-south1 (Dallas)
  • us-west2 (Los Angeles)
  • us-west3 (Salt Lake City)
  • us-west4 (Las Vegas)

For more information, see Locations.

Blockchain Node Engine

On June 5, 2023 Blockchain Node Engine released a limited GA version of the software. Access to the user interface and APIs is limited to specific customers until the full GA release.

Features supported in this release include:

  • Blockchain Node Engine is a fully-managed service for dedicated blockchain nodes.
  • Ethereum support:
    • Execution and consensus clients
    • Full and Archive nodes
    • JSON-RPC and WebSocket endpoints.
  • With a single operation, Blockchain Node Engine provisions a new node with the specified configuration (network, region, client, node type), bootstrap it from a known-good snapshot, sync it with the blockchain, and ensure its availability.
  • Google Cloud Armor always enabled.

See:

Chronicle

Chronicle now links to a customer-supplied Google Cloud Project to integrate more closely with Google Cloud services, such as Cloud IAM, Cloud Monitoring, and Cloud Audit Logs. Customers can now use Cloud IAM and workforce identity federation to authenticate using their existing identity provider.

Chronicle provides an onboarding and migration portal, available via Cloud Console, where new customers are able to provision and configure a new Chronicle SIEM instance, and existing customers can bind their current Chronicle SIEM instance to Google Cloud services.

For more information, see the following documentation:

Cloud Asset Inventory Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

4.6.1 (2023-05-30)

Bug Fixes
  • Properly handle asynchronous read from stream (#1284) (55d86ba). This could result in silently dropped rows in a createReadStream. The bug is active when the ReadRows stream would be piped into a consumer that would defer the processing of the rows until the next event loop run (i.e. use a Transform that would defer the callback invocation via setTimeout()).

Java

Changes for google-cloud-bigtable

2.23.2 (2023-05-30)

Documentation
  • samples: Add bigtable filter snippet (#1762) (48a6ed0)
  • samples: Remove client initialization as the snippets are not used standalone (#1768) (a6ac97c)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.19.0 (#1769) (956c851)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.10.1 (#1767) (901b88f)
  • Update dependency com.google.truth.extensions:truth-proto-extension to v1.1.4 (#1770) (a94a522)
  • Update doclet version to v1.9.0 (#1761) (a5d4215)
Cloud Firewall

Use Geo-location objects in firewall policy rules to filter external IPv4 and external IPv6 traffic based on specific geographic locations or regions. This feature is available in General Availability.

Use Threat Intelligence for firewall policy rules to secure your network by allowing or blocking traffic based on threat intelligence data. This feature is available in General Availability.

Cloud Logging

You can now configure CMEK and a default storage location for individual folders, in addition to organizations. For more information, see Configure default settings for organizations and folders and Configure CMEK for Cloud Logging.

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

10.5.0 (2023-05-30)

Features
  • Log Analytics features of the Cloud Logging API (#1416) (3c3de6d)

Java

Changes for google-cloud-logging

3.15.2 (2023-05-30)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.10.1 (#1354) (b2f1111)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.22 (#1340) (b3b9d5f)
Cloud Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.46.0 (2023-05-12)

Features
  • spanner/admin/database: Add support for UpdateDatabase in Cloud Spanner (#7917) (83870f5)
  • spanner: Make leader aware routing default enabled for supported RPC requests. (#7912) (d0d3755)
Bug Fixes
  • spanner: Update grpc to v1.55.0 (1147ce0)

Java

Changes for google-cloud-spanner

6.41.0 (2023-04-28)

Features
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-spanner-executor-v1 to v1.4.0 (#2395) (02dc53c)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.17.0 (#2406) (d46097f)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.8.0 (#2400) (b815cb8)
  • Update dependency com.google.cloud:google-cloud-trace to v2.16.0 (#2407) (7993be2)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.3 (#2401) (8aa7a1d)

6.42.0 (2023-05-15)

Features
  • Add support for UpdateDatabase in Cloud Spanner (#2265) (2ea06e7)
  • Add support for UpdateDatabase in Cloud Spanner (#2429) (09f20bd)
Bug Fixes
  • Add error details for INTERNAL error (#2413) (ed62aa6)
  • Use javax.annotation.Nonnull in executor framework (#2414) (afcc598)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.18.0 (#2426) (05a45f8)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.9.0 (#2427) (42dbfe3)
  • Update dependency com.google.cloud:google-cloud-trace to v2.17.0 (#2428) (6f7fee8)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.22 (#2423) (679bb36)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.22 (#2424) (a72f4ff)
  • Update dependency org.graalvm.sdk:graal-sdk to v22.3.2 (#2391) (c082a1f)

6.42.1 (2023-05-22)

Dependencies
  • Update dependency commons-io:commons-io to v2.12.0 (#2439) (d08b226)

6.42.2 (2023-05-30)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.19.0 (#2466) (6de2cf6)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.10.1 (#2465) (0a89f49)
  • Update dependency com.google.cloud:google-cloud-trace to v2.18.0 (#2467) (45609ed)

6.42.3 (2023-05-31)

Performance Improvements
  • Only capture the call stack if the call is actually async (#2471) (ae9c8ad)

Node.js

Changes for @google-cloud/spanner

6.9.0 (2023-04-26)

Features

6.10.0 (2023-05-17)

Features
Bug Fixes

6.10.1 (2023-05-30)

Bug Fixes
  • Set database admin and instance as having handwritten layers (republish docs) (3e3e624)

Python

Changes for google-cloud-spanner

3.32.0 (2023-04-25)

Features

3.33.0 (2023-04-27)

Features

3.34.0 (2023-05-16)

Features
  • Add support for UpdateDatabase in Cloud Spanner (#941) (38fb890)
Bug Fixes

3.35.0 (2023-05-16)

Features
  • Add support for updateDatabase in Cloud Spanner (#914) (6c7ad29)

3.35.1 (2023-05-25)

Bug Fixes
  • Catch rst stream error for all transactions (#934) (d317d2e)
Compute Engine

Generally available: Accelerator-optimized (G2) machine types with attached NVIDIA® L4 GPUs are generally available in the following regions and zones:

  • Singapore, APAC: asia-southeast1-b
  • Netherlands, Europe: europe-west4-a,b,c
  • Iowa, North America: us-central1-a,b
  • South Carolina, North America: us-east1-b,d
  • Virginia, North America: us-east4-a
  • Oregon, North America: us-west1-a,b
Container Optimized OS

cos-105-17412-101-17

Kernel Docker Containerd GPU Drivers
COS-5.15.109 v23.0.3 v1.7.0 v470.182.03(default),v525.105.17

Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.

cos-93-16623-402-22

Kernel Docker Containerd GPU Drivers
COS-5.10.177 v20.10.14 v1.5.18 v450.236.01(default),v470.182.03(R470),v525.105.17

Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.

cos-97-16919-294-28

Kernel Docker Containerd GPU Drivers
COS-5.10.176 v20.10.14 v1.6.20 v470.182.03(default),v525.105.17

Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.

cos-101-17162-210-21

Kernel Docker Containerd GPU Drivers
COS-5.15.107 v20.10.24 v1.6.18 v470.182.03(default),v525.105.17

Updated ncurses to v6.4p20220423. This resolves CVE-2023-29491.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.0 (2023-05-30)

Features
  • dataflow: Update all direct dependencies (b340d03)

0.9.0 (2023-05-30)

Features
  • dataflow: Update all direct dependencies (b340d03)
Google Kubernetes Engine

(2023-R11) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.17-gke.7500
    • 1.22.17-gke.9400
    • 1.23.17-gke.1700
    • 1.24.10-gke.2300
    • 1.25.7-gke.1000
    • 1.25.9-gke.400
    • 1.26.2-gke.1000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.8-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.

Stable channel

  • Version 1.24.12-gke.500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.22.17-gke.7500
    • 1.23.17-gke.1700
    • 1.24.10-gke.2300
    • 1.25.8-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.8-gke.1000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.17-gke.7500
    • 1.23.17-gke.1700
    • 1.24.11-gke.1000
    • 1.26.2-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.9400
    • 1.23.17-gke.1700
    • 1.24.13-gke.500
    • 1.25.9-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.13-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.13-gke.2500 with this release.

(2023-R11) Version updates

  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.17-gke.7500
    • 1.22.17-gke.9400
    • 1.23.17-gke.1700
    • 1.24.10-gke.2300
    • 1.25.7-gke.1000
    • 1.25.9-gke.400
    • 1.26.2-gke.1000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.8-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.

(2023-R11) Version updates

  • Version 1.24.12-gke.500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.22.17-gke.7500
    • 1.23.17-gke.1700
    • 1.24.10-gke.2300
    • 1.25.8-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.8-gke.1000 with this release.

(2023-R11) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.22.17-gke.7500
    • 1.23.17-gke.1700
    • 1.24.11-gke.1000
    • 1.26.2-gke.1000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.12-gke.500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.3-gke.1000 with this release.

(2023-R11) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.22.17-gke.9400
    • 1.23.17-gke.1700
    • 1.24.13-gke.500
    • 1.25.9-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.17-gke.8000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.17-gke.2000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.13-gke.2500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.13-gke.2500 with this release.
SAP on Google Cloud

Google Cloud's Agent for SAP version 2.0

Version 2.0 of Google Cloud's Agent for SAP is generally available (GA). This version introduces the opt-in feature of collecting SAP HANA monitoring metrics, making Google Cloud's Agent for SAP version 2.0 the successor to Google Cloud's monitoring agent for SAP HANA.

For more information, see What's new with Google Cloud's Agent for SAP.

Google Cloud's monitoring agent for SAP HANA is deprecated, and is replaced by the SAP HANA monitoring metrics collection feature of version 2.0 of Google Cloud's Agent for SAP. For upgrade instructions, see Google Cloud's Agent for SAP operations guide.

Support for the monitoring agent for SAP HANA ends on May 31, 2024.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.11.0 (2023-05-30)

Features
  • secretmanager: Update all direct dependencies (b340d03)

June 04, 2023

Virtual Private Cloud

Support for IPv6 static routes with the following next hops is available in Preview:

  • next-hop-gateway
  • next-hop-instance

June 02, 2023

Access Transparency

Access Transparency supports Anthos Identity Service in the GA stage.

Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Aruba (ARUBA_WIRELESS)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Cato Networks (CATO_NETWORKS)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco PIX Firewall (CISCO_PIX_FIREWALL)
  • Dope Security SWG (DOPE_SWG)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • Falco IDS (FALCO_IDS)
  • Fidelis Network (FIDELIS_NETWORK)
  • ForgeRock OpenAM (OPENAM)
  • FortiGate (FORTINET_FIREWALL)
  • FortiMail Email Security (FORTINET_FORTIMAIL)
  • Fortinet Web Application Firewall (FORTINET_FORTIWEB)
  • GMAIL Logs (GMAIL_LOGS)
  • IBM Safenet (IBM_SAFENET)
  • IBM Security Access Manager (IBM_SAM)
  • IBM Security QRadar SIEM (IBM_QRADAR)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Mongo Database (MONGO_DB)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Security Command Center Threat (N/A)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • SonicWall (SONIC_FIREWALL)
  • Strong Swan VPN (STRONGSWAN_VPN)
  • ThreatLocker Platform (THREATLOCKER)
  • VMware vRealize Suite (VMWARE_VREALIZE)
  • VPC Flow Logs (GCP_VPC_FLOW)
  • WatchGuard (WATCHGUARD)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Workspace Activities (WORKSPACE_ACTIVITY)

For details about changes in each parser, see Supported default parsers.

Cloud Data Fusion

The SAP Ariba Batch Source plugin is generally available (GA). You can connect your data pipeline to an SAP Ariba Source and a BigQuery Sink with this plugin in Cloud Data Fusion versions 6.5.1 and later.

The SAP SuccessFactors Batch Source plugin is GA. You can connect your data pipeline to an SAP SuccessFactors Source and a BigQuery Sink with this plugin in Cloud Data Fusion versions 6.5.1 and later.

Cloud SQL for PostgreSQL

The rollout of the following minor versions, extension versions, and plugin versions is currently underway:

Minor versions

  • 10.22 is upgraded to 10.23.
  • 11.17 is upgraded to 11.19.
  • 12.12 is upgraded to 12.14.
  • 13.8 is upgraded to 13.10.
  • 14.5 is upgraded to 14.7.

Extension and plugin versions

  • pg_cron is upgraded from 1.4.1 to 1.5.
  • pg_partman is upgraded from 4.7.0 to 4.7.3.
  • postgresql-hll is upgraded from 2.16 to 2.17.
  • pg_repack is upgraded from 1.4.7 to 1.4.8.
  • wal2json is upgraded from 2.4 to 2.5.
  • pg_hint_plan is upgraded, as follows:
    • from 1.3.7 to 1.3.8 (for PostgreSQL versions 11-13)
    • from 1.4.0 to 1.4.1 (for PostgreSQL version 14)
    • from 1.4.0 to 1.5.0 (for PostgreSQL version 15)

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20230530.01_00. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Cloud SQL for SQL Server

A vulnerability was recently discovered in Cloud SQL for SQL Server that allowed customer administrator accounts to create triggers in the tempdb database and use those to gain sysadmin privileges in the instance. The sysadmin privileges would give the attacker access to system databases and partial access to the machine running that SQL Server instance.

Google Cloud resolved the issue by patching the security vulnerability by March 1, 2023. Google Cloud didn't find any compromised customer instances.

For instructions and more details, see the Cloud SQL security bulletin.

Dataproc

Upgrade Cloud Storage connector to 2.2.14 version in Dataproc Serverless for Spark runtimes.

Security Command Center

The Google Cloud console has been updated to change how you open Security Command Center pages. Previously, you selected pages using tabs on the main page. Now you select pages from the slide-out menu on the left side of the console. To show the menu, hold your pointer over the icons on the left side of the console.

For an overview of the pages, see Using Security Command Center in the Google Cloud console.

June 01, 2023

AlloyDB for PostgreSQL

Continuous backup and recovery is generally available (GA).

Anthos clusters on VMware

Anthos clusters on VMware 1.15.1-gke.40 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.15.1-gke.40 runs on Kubernetes 1.26.2-gke.1001.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

  • Fixed a known issue where node ID verification failed to handle hostnames with dots.

  • Fixed continuous increase of logging agent memory.

  • Fixed an issue where cluster-api-controllers in a high-availability admin cluster had no Pod anti-affinity. This could allow the three clusterapi-controllers Pods not to be scheduled on different control-plane nodes.

  • Fixed the wrong admin cluster resource link annotation key that can cause the cluster to be enrolled again by mistake.

  • Fixed a known issue where node pool creation failed because of duplicated VM-Host affinity rules.

  • The preflight check for StorageClass parameter validations now throws a warning instead of a failure on ignored parameters after CSI Migration. StorageClass parameter diskformat=thin is now allowed and does not generate a warning.

  • Fixed an issue where gkectl repair admin-master might fail with Failed to repair: failed to delete the admin master node object and reboot the admin master VM.

  • Fixed a race condition where some cluster nodes couldn't access the high-availability control plane when the underlying network performed ARP suppression.

  • Fixed a false error message for gkectl prepare when using a high-availability admin cluster.

  • Fixed an issue where during user cluster update, DeprecatedKubeception always shows up in the diff.

  • Fixed an issue where there were leftover Pods with failed status due to Predicate NodeAffinity failed during node re-creation.

Fixed the following vulnerabilities:

Anthos clusters on bare metal

Release 1.13.8

Anthos clusters on bare metal 1.13.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.8 runs on Kubernetes 1.24.

Fixes:

Known issues:

For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.

App Engine flexible environment Node.js

For Node.js runtimes version 18 and version 20 (preview), you can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your runtime.

App Engine standard environment Node.js

You can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your runtime.

Buildpacks

You can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your application.

Chronicle

Updated content to reflect the new Alert view and Alert list. The following changes have been made to Alert view:

  • New Overview and Alert History tabs. The Overview section provides a snapshot of important alert information. This is separate from the History tab to clearly differentiate between alert investigation and audit area.
  • Detection widget now has a view other alerts from this rule button to get fast access to more alerts that came from this rule. Users can pivot to other alerts from this rule.
  • Updated information on how to close an alert and change alert status.
  • Updated information on how to adjust the time range.
  • Updated information on how to apply single and multiple filters.

The following changes have been made to Alert list:

  • Expanded columns to include Risk Score and Tags. This helps users to focus on and prioritize high-risk and critical security findings.
  • Ingestion Time and Last Modified were also added to Alert List.
  • Users can now customize columns in the Alert list, add or remove columns from the table.
  • Expanded filters to include OR and AND operators to allow more complex filtering.
  • Updated information on how to refresh Alert List.

These changes are documented in Investigate an alert and View Alerts and IOCs.

Cloud Functions

You can use the Pnpm package manager to configure dependencies for Node.js runtimes. Learn how to configure your runtime.

Dataproc

New sub-minor versions of Dataproc images:

  • 2.0.66-debian10, 2.0.66-rocky8, 2.0.66-ubuntu18
  • 2.1.14-debian11, 2.1.14-rocky8, 2.1.14-ubuntu20

Upgrade Cloud Storage connector version to 2.2.14 for 2.0 and 2.1 images

Backport HIVE-22891, HIVE-21660, HIVE-21915 to 2.0 images.

Backport HIVE-22891, HIVE-21660, HIVE-25520, HIVE-25521 to 2.1 images.

Google Cloud Deploy

The price of an active delivery pipeline is reduced. Also, single-target delivery pipelines no longer incur a charge. Underlying service charges continue to apply. See the Google Cloud Deploy pricing page for details.

Google Kubernetes Engine

Agones on GKE users will get recommendations and insights if they did not install the Agones controller on dedicated nodes.

VPC Service Controls

Preview stage support for the following integration:

Vertex AI

Vertex Prediction

You can now specify a multi-region BigQuery table as the input or output to a batch prediction request.

May 31, 2023

Anthos clusters on bare metal

Release 1.15.1

Anthos clusters on bare metal 1.15.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.15.1 runs on Kubernetes 1.26.

Functionality changes:

  • Updated the cluster snapshot capability so that information can be captured for the target cluster even when the cluster custom resource is missing or unavailable.

  • Improved bmctl error reporting for failures during the creation of a bootstrap cluster.

  • Added support for using the baremetal.cluster.gke.io/maintenance-mode-deadline-seconds cluster annotation to specify the maximum node draining duration, in seconds. By default, a 20-minute (1200 seconds) timeout is enforced. When the timeout elapses, all pods are stopped and the node is put into maintenance mode. For example to change the timeout to 10 minutes, add the annotation baremetal.cluster.gke.io/maintenance-mode-deadline-seconds: "600" to your cluster.

  • Added node_pool_name to the anthos_baremetal_node_os_count metric.

Fixes:

Known issues:

For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Interconnect

Cross-Cloud Interconnect is now generally available. Cross-Cloud Interconnect is a new variant of Cloud Interconnect that helps you establish high-bandwidth dedicated connectivity between Google Cloud and another cloud service provider.

When you buy Cross-Cloud Interconnect, Google provisions a dedicated physical connection between the Google network and that of another cloud service provider. You can use this connection to peer your Google Virtual Private Cloud (VPC) network with your network that's hosted by a supported cloud service provider. Supported providers include the following:

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Oracle Cloud Infrastructure (OCI)
  • Alibaba Cloud

For more information about the benefits and limitations of Cross-Cloud Interconnect, see the Cross-Cloud Interconnect overview.

Cloud Logging

Cloud Logging no longer creates a dedicated service account for each log sink. Instead, Logging reuses an existing service account when one is available for the resource type. Logging creates a service account when none are available. For more information, see Set destination permissions.

Compute Engine

Preview: In a managed instance group (MIG), you can set metadata and labels for all VMs in the group without the need to create a new instance template. For more information, see Override instance template properties with an all-instances configuration.

The image import tool now supports importing CentOS Stream 9 and CentOS Stream 8 images to Google Cloud.

Dataflow

Data sampling is now generally available (GA). Data sampling lets you observe the data at each step of a pipeline. For more information, see Use data sampling to observe pipeline data.

Dataproc Metastore

Dataproc Metastore gRPC endpoints are generally available (GA).

Metadata federation support for BigQuery and BigLake is generally available (GA).

Network Connectivity Center

Cross-Cloud Interconnect is now generally available. You can use a Cross-Cloud Interconnect connection to peer your Google Virtual Private Cloud (VPC) network with your network that's hosted by a supported cloud service provider. You can also use Cross-Cloud Interconnect VLAN attachments as part of a site-to-site data transfer strategy.

For example, after you configure a VLAN attachment for your Cross-Cloud Interconnect connection, you can create a Network Connectivity Center spoke to represent the attachment. If the spoke has site-to-site data transfer enabled, you can then transfer data between your remote cloud network and your other external sites. Other external sites can include your on-premises network or your network in other clouds.

For information about the cloud service providers that Cross-Cloud Interconnect supports, see the Cross-Cloud Interconnect overview. For information about site-to-site data transfer, see the Site-to-site data transfer overview.

Site-to-site data transfer is supported only in certain locations.

May 30, 2023

Cloud CDN

The advanced traffic management using flexible pattern matching capability with Global External HTTP(S) Load Balancer is now Generally Available.

Cloud Composer

Starting July 2023, the new composer.environments.executeAirflowCommand permission will be required to run Airflow CLI commands through the gcloud environments run command:

  • The composer.user and composer.environmentAndStorageObjectViewer roles do not have this permission and will not be permitted to run Airflow CLI commands starting July 2023.

  • This permission is already available in IAM and you can assign it in advance.

  • This permission is already added to the composer.admin composer.environmentAndStorageObjectAdmin roles.

  • This change applies only to Cloud Composer 2 environments. It will still be possible to run Airflow CLI commands on Cloud Composer 1 environments without this permission.

(Cloud Composer 2) The number of web server workers is now set dynamically based on available web server CPU and memory. This change improves Airflow web server performance and scalability by allowing it to handle more users.

  • These workers are internal to the gunicorn web server and are not related to workers that run tasks.

  • The new value is applied to the [webserver]workers Airflow configuration option when you change the environment's configuration. To use a different value, override this Airflow configuration option.

  • The number of web server workers is clamped between 2 and 12 workers and is calculated as the minimum of (web_server_CPU * 2) + 1 and web_server_memory * 1.1.

(Cloud Composer 2) The deprecated [core]non_pooled_task_slot_count Airflow configuration option is replaced with the [core]default_pool_task_slot_count configuration option in the default Airflow configuration. Make sure to update your custom Airflow configuration overrides to use the new option instead of the deprecated one.

An improved error message is now displayed when a subnetwork with unsupported IPv4 ranges is used to create an environment in a shared VPC configuration.

Cloud Composer 2.2.1 images are available:

  • composer-2.2.1-airflow-2.5.1 (default)
  • composer-2.2.1-airflow-2.4.3

Cloud Composer versions 2.0.14, 2.0.13, 1.18.10, and 1.18.9, have reached their end of full support period.

Cloud Healthcare API

Using the notificationConfig object on a FHIR store is deprecated. Use the notificationConfigs object instead.

Cloud Load Balancing

The global external HTTP(S) load balancer now supports advanced traffic management using flexible pattern matching. This allows you to use wildcards anywhere in your path matcher. You can use this to customize origin routing for different types of traffic, request and response behaviors, and caching policies. In addition, you can now use results from your pattern matching to rewrite the path that is sent to the origin.

For details, see URL maps overview: Wildcards and pattern matching operators in path templates for route rules.

This capability is available in General availability.

Cloud NAT Config Controller

Config Controller now uses the following versions of its included products:

Container Optimized OS

cos-97-16919-294-27

Kernel Docker Containerd GPU Drivers
COS-5.10.176 v20.10.14 v1.6.20 v470.182.03(default),v525.105.17

Fixed CVE-2023-28842 in docker.

cos-93-16623-402-21

Kernel Docker Containerd GPU Drivers
COS-5.10.177 v20.10.14 v1.5.18 v450.236.01(default),v470.182.03(R470),v525.105.17

Fixed CVE-2023-28842 in docker.

Identity Platform

Password policies are generally available (GA).

May 29, 2023

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

4.6.0 (2023-05-26)

Features
  • Add ChangeStreamConfig to CreateTable and UpdateTable (#1269) (2b05fa4)

4.5.2 (2023-05-24)

Bug Fixes
  • Parsing for qualifiers with colon characters (#1277) (b80f533)
reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.2.1 is now available for Android.

This version fixed the issue that caused Failed to parse the message or Protocol message contained an invalid tag (zero) error. For more information about the issue, see unhandled exception in Android SDK 18.2.0.

May 26, 2023

Access Approval

Access Approval supports Firestore in the GA stage.

Chronicle

Starting June 7, 2023, Chronicle will no longer use reference lists to reduce the number of alerts generated by Curated Detection rule sets. The predefined reference lists for Curated Detections will be replaced by rule exclusions. You will see the following changes:

  • Reference lists will not be available in the Cloud Threats and Windows Threats categories and will not be displayed in the settings page for these rule sets.
  • Any category-specific reference lists that are currently empty will be deleted.
  • Any category-specific reference lists that are not empty will be automatically migrated to an equivalent rule exclusion.

No action is required. Rule set behavior should not be affected because category-specific reference lists will be replaced with rule exclusions.

Going forward, we recommend using rule exclusions to tune the number of alerts returned by Curated Detections.

The end of support process is gradual, and you may see some Curated Detection rule sets in a partial migration state before the process is complete. The process should complete by June 21, 2023.

Cloud Monitoring

Observability for Google Kubernetes Engine: The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.

Cloud Storage

You can now add custom object metadata in the final request of a JSON API resumable upload by using the X-Goog-Meta- header.

Cloud Talent Solution Job Search

Jobs with commutable city-level locations are returned when allowImpreciseAddresses is set in CommuteFilter.

Jobs with matching nation-level locations are boosted for telecommute searches.

Adds MAX_THREE_PER_COMPANY DiversificationLevel option.

Config Connector

Config Connector version 1.105.0 is now available.

Resource AlloyDBBackup(v1alpha1):

  • Added spec.encryptionConfig field.

  • Added status.encryptionInfo field.

Resource AlloyDBCluster(v1alpha1):

  • Added spec.encryptionConfig field.

  • Added spec.automatedBackupPolicy.encryptionConfig field.

  • Added status.encryptionInfo field.

Resource BigQueryJob(v1beta1):

  • Added spec.load.parquetOptions field.

Resource CertificateManagerCertificate(v1alpha1):

  • Added spec.location field.

Resource CloudBuildTrigger(v1beta1):

  • Added spec.build.step.items.allowExitCodes field.

  • Added spec.build.step.items.allowFailure field.

  • Added spec.gitFileSource.repositoryRef field.

  • Added spec.sourceToBuild.repositoryRef field.

Resource ComputeBackendService(v1beta1):

  • Added spec.cdnPolicy.bypassCacheOnRequestHeaders field.

Resource ComputeDisk(v1beta1):

  • Added spec.asyncPrimaryDisk.diskRef field.

Resource ComputeForwardingRule(v1beta1):

  • Added spec.allowPscGlobalAccess field.

  • Added spec.sourceIpRanges field.

  • Added status.baseForwardingRule field.

Resource ComputeNetworkPeering(v1beta1):

  • Added spec.stackType field.

Resource ComputeResourcePolicy(v1beta1):

  • Added spec.diskConsistencyGroupPolicy field.

Resource ComputeRouterPeer(v1beta1):

  • Added spec.enableIpv6 field.

  • Added spec.ipv6NexthopAddress field.

  • Added spec.peerIpv6NexthopAddress field.

Resource ContainerCluster(v1beta1):

  • Added spec.addonsConfig.gcsFuseCsiDriverConfig field.

Resource VertexAIEndpoint(v1alpha1):

  • Added spec.region field.

Resource WorkflowsWorkflow(v1alpha1):

  • Added spec.cryptoKeyName field.

Resource WorkstationsWorkstationCluster(v1alpha1):

  • Added status.resourceConditions field.

  • Restructured status.conditions field to be consistent with status.conditions field of any Config Connector kind.

Fixed the issue that the SecretManagerSecretVersion resource stuck in DeleteFailed state when it's deleted after the referenced SecretManagerSecret is deleted.

Dataproc

New sub-minor versions of Dataproc images:

  • 2.0.65-debian10, 2.0.65-rocky8, 2.0.65-ubuntu18
  • 2.1.13-debian11, 2.1.13-rocky8, 2.1.13-ubuntu20
Google Kubernetes Engine

The Observability tab for each of your GKE clusters now includes metrics for ephemeral storage. For more information, see View observability metrics.

Vertex AI Vision

Image batch processing now available as a Preview feature

Vertex AI Vision now offers batch image processing as a Preview feature. This new processing mode lets you provide a Cloud Storage path with image files as input and Cloud Storage path to store output batch processing results.

For more information, see the image batch processing documentation.

Python SDK now available

A new Python SDK is now available for Vertex AI Vision. For more information, see the following documentation pages:

Virtual Private Cloud

General Availibility: You can use the private.googleapis.com and restricted.googleapis.com virtual IP addresses (VIPs) to access Google APIs and services with IPv6 addresses. For more information, see the following pages:

May 25, 2023

Anthos Config Management

Added a new field spec.helm.deployNamespace in the RootSync API to support specifying which namespace to deploy the rendered chart. For more information, see RootSync and RepoSync fields.

The constraint template library includes a new template: K8sHorizontalPodAutoscaler. For reference, see the Constraint template library.

The constraint template library's K8sStorageClass template now supports an allowed list of storage classes using the new allowedStorageClasses parameter. For reference, see Constraint template library.

Upgraded bundled Kustomize version from v5.0.1 to v5.0.3 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

The constraint template library's K8sReplicaLimits template now includes the object's actual kind instead of always deployment in violation messages. For reference, see Constraint template library.

BigQuery

The BigQuery partitioning and clustering recommender is now in preview. The recommender analyzes your BigQuery tables to identify partitioning or clustering opportunities for potential cost savings. You can view partition or cluster recommendations through the BigQuery UI or recommender API. You can also apply recommendations directly to your BigQuery tables.

Chronicle

On or after July 1, 2023, the existing udm_events table in Chronicle-managed BigQuery projects will be fully replaced with a new table named events. This new table is currently available for all customers. Chronicle will handle all changes in-product for this new table. Customers issuing queries against the udm_events table through the Cloud console or through the API should fully migrate queries to the new table by July 1 to avoid interruption.

Cloud Healthcare API

Exporting and streaming FHIR data to partitioned tables in BigQuery is generally available (GA).

Compute Engine

Generally available: NVIDIA A100 80GB GPUs are now available in the following additional regions and zones:

  • Netherlands, Europe: europe-west4-a
  • Singapore, APAC: asia-southeast1-c

For more information about using GPUs on Compute Engine, see GPU platforms.

Contact Center AI Platform

CCAI Platform now supports Agent Assist Session Summarization. This feature automatically provides a summary of the conversation transcript at the end of a chat or phone call. The summary includes brief overview of the conversation, key discussion points and resolutions or solutions agreed upon. For more information, see the Agent Assist voice or Agent Assist chat documentation.

Google Cloud VMware Engine

VMware Engine nodes are now available in the following additional region:

  • Turin, Italy (europe-west12)
Google Kubernetes Engine

CVE-2022-4450, CVE-2022-2097, CVE-2023-0286, CVE-2023-0215, and CVE-2022-4304 have been patched in all minor versions for all existing and new clusters using the Compute Engine persistent disk CSI driver.

For VPC peering-based private clusters running version 1.27 or later, traffic from kube-apiserver to nodes routes through the Konnectivity service. If your cluster was created before 2020-09-17, this traffic from does not route through Konnectivity unless you have rotated the control plane IP address after 2020-09-17.

May 24, 2023

Anthos Service Mesh

The following images are now rolling out for managed Anthos Service Mesh:

  • The image for 1.16.4-asm.14 is rolling out to the regular release channel
  • The image for 1.15.7-asm.14 is rolling out to the stable release channel

See Select a managed Anthos Service Mesh release channel for more information.

Anthos clusters on bare metal

Release 1.14.5

Anthos clusters on bare metal 1.14.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.14.5 runs on Kubernetes 1.25.

Fixes:

Known issues:

For information about the latest known issues, see Anthos clusters on bare metal known issues in the Troubleshooting section.

Chronicle

Chronicle has updated Rules Engine's YARA-L 2.0 language to support more functionality for handling arrays.

  • A new arrays.length() function has been added. This function returns the number of elements in a repeated field. For more information, see YARA-L 2.0 language syntax.

  • You can now perform array indexing on repeated fields using bracket notation. This lets you access an element of a repeated field at a specific index. For more information, see YARA-L 2.0 language syntax.

Chronicle Curated Detections has been enhanced with the following additional detection content for Cloud threats. A new rule set was added, called Cloud SQL Ransom, that detects activity associated with exfiltration or ransom of data within Cloud SQL databases.

Cloud Debugger

Cloud Debugger is scheduled for shutdown on May 31, 2023. To help with your debugging needs after this shutdown, we've built an open source CLI tool, Snapshot debugger.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Load Balancing

Cloud Load Balancing introduces the external regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic in a single region behind an external regional IP address. External regional TCP proxy load balancer will load-balance external TCP traffic from the internet to backends in the same region.

For details, see the External Regional TCP Proxy Load Balancing overview

To set up an external regional TCP proxy load balancer, see the following pages:

This capability is in General Availability.

Cloud SQL for PostgreSQL

PostgreSQL version 15 is now generally available. To start using PostgreSQL 15, see Create instances.

Cloud Spanner

Cloud Spanner lets you use a generated column in the primary key.

Cloud Spanner database deletion protection is now available in Preview. You can enable database deletion protection to prevent the accidental deletion of databases. For more information, see Prevent accidental database deletion.

Cloud Workstations

Cloud Workstations adds Google Cloud console support for the me-west1 region (Tel Aviv, Israel, Middle East). For more information, see Locations.

Config Controller

Config Controller now uses the following versions of its included products:

Dataproc

Upgraded the Cloud Storage connector to 2.2.13 version in Dataproc on Compute Engine 2.0 and 2.1 image versions.

Unauthorized callers attempting to get, delete, or terminate non-existent Sessions will now receive a 403 response code instead of a 404 response code. This does not impact authorized callers.

Fixed Serverless history server endpoint URL when Persistent History Server (PHS) was setup without using a wildcard.

Dialogflow

Dialogflow CX quota for design time read requests has been increased to 200 per minute.

Translation Hub

Translation Hub is now enforcing the following behaviors:

  • For new projects, you must enable the Translation Hub API starting today. For existing projects, Google performed a one-time automatic enablement of the Translation Hub API to prevent service interruptions.
  • Translation Hub has expanded Identity and Access Management (IAM) permission enforcement. Previously, Translation Hub IAM permissions weren't required to add and remove users from Translation Hub. To modify user access to Translation Hub portals, you must have the Translation Hub administrator role. If you already have this role, no action is necessary.

May 23, 2023

Anthos Service Mesh

1.16.4-asm.14 is now available for in-cluster Anthos Service Mesh.

You can now download 1.16.4-asm.14 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.16.4 subject to the list of supported features. Anthos Service Mesh 1.16.4-asm.14 uses Envoy v1.24.8.

Apigee Integration Application Integration BigQuery

DML statements no longer count toward the number of table or partitioned tables modifications per day. The limit of table and partitioned table modifications has not changed.

Chronicle

Single event rules meeting all of the following conditions have been reclassified as multiple event rules to increase detections:

  • Includes a match section.
  • Includes one or more conditions on outcome variables in the condition section.
  • Includes a simple existence condition on exactly one event variable in the condition section.

Affected rules will be automatically reprocessed to find any missed detections over the next 5 to 6 business days.

Cloud Bigtable

You can now view information about which customer-managed encryption keys (CMEK) are used to protect your Cloud Bigtable resources and projects using Cloud Key Management Service (KMS). This feature is generally available (GA). For more information, see View key usage.

Firestore

Support for the asia-south2 (Delhi) region.

Firestore in Datastore mode

Support for the asia-south2 (Delhi) region.

Google Kubernetes Engine

CVE-2023-26604 has been fixed in clusters running version 1.25 using the Filestore CSI driver. The fix is transparent, but to mitigate instability, it is available by manually upgrading the cluster to the newest 1.25 patch version. The CVE is not present in clusters running version 1.26 or later.

Virtual Private Cloud

Reserving static regional external IPv6 addresses is available in General Availability.

Reserving static regional internal IPv6 addresses is available in General Availability.

Internal ranges are available in Preview. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.

Support for IPv6 extension headers is available in Preview.

May 22, 2023

Apigee Integrated Portal

On May 22, 2023 we released an updated version of Apigee integrated portal.

Bug ID Description
274916981 Fixed issue where an API specification set via URL could fail.
277265034 App names can start with numeric characters as described in Naming guidelines.
Apigee Integration

Error catcher trigger

The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.

For more information, see Error catcher trigger.

Return task

The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.

For more information, see Return task.

App Engine flexible environment Node.js

Node.js 20 is now available in preview. Note that Node.js 20 enters long-term support (LTS) in October and is the Node.js "Current" version until that time. We encourage you to explore the new features and benefits included in this release to evaluate their potential impact on your applications. For more information, see the Node.js 20 announcement .

Application Integration

Support for Google-managed encryption keys

Application Integration now uses Google-managed encryption keys as the default method of data encryption for your provisioned regions. You can optionally modify your encryption method with customer-managed encryption keys (CMEK).

For more information, see Encryption methods.

Error catcher trigger

The Error Catcher trigger lets you invoke an error catcher that is defined or customized to handle the failure of an identified trigger, task, or edge condition in your integration.

For more information, see Error catcher trigger.

Return task

The Return task lets you customize the error messages corresponding to the HTTP response codes that are returned during an integration execution failure.

For more information, see Return task.

Batch

Documentation has been added to explain how to use Terraform to run a Cloud Scheduler cron job that creates Batch jobs. For more information, see Create and run Batch jobs using Terraform and Cloud Scheduler.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.26.1 (2023-05-16)

Bug Fixes

2.26.0 (2023-05-15)

Features
  • Add field in HivePartitioningOptions (#2678) (4165e55)
  • Allow passing autodetect_schema on table update (#2661) (4c01698)
Bug Fixes
  • Move ratio calculation for whether to use read API to avoid NPE with setUseReadAPI(false) (#2509) (e1326c8)
Dependencies
  • Update arrow.version to v12 (major) (#2675) (7700cf5)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.19.0 (#2691) (1939803)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.23.0 (#2692) (f56e541)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.9.0 (#2685) (b74da29)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.22 (#2687) (cf5d758)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.22 (#2688) (32ea8ab)
  • Update github/codeql-action action to v2.3.3 (#2658) (487f207)
Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigtable

2.18.1 (2023-05-11)

Bug Fixes
  • Revert "Feat: Threaded MutationsBatcher" (#773) (a767cff)
Cloud Data Loss Prevention

The COUNTRY_DEMOGRAPHIC infoType detector, which identifies when countries are used for place of birth, residency, or citizenship, is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Cloud Key Management Service

The Key Usage dashboard in the Google Cloud console and the new KMS Inventory REST API are now generally available.

For more information about the Key Usage dashboard, see View key usage.

For more information about the KMS Inventory REST API, see KMS Inventory API.

For example curl commands using the KMS Inventory REST API, see View key usage and View keys by project.

Cloud Logging

You can now use SQL JOIN and UNION operators in queries on the Log Analytics page. For more information, see Combine data from multiple sources.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.15.1 (2023-05-12)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.9.0 (#1342) (8b14ae1)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.22 (#1341) (cfc0106)
Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.33. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Cloud Spanner

Cloud Spanner automatically increases the degree of parallelism on a query when the instance size allows. For more information on parallel execution of queries, see Life of a Spanner Query.

Compute Engine

Generally available: General purpose C3 VMs are now generally available in the following regions:

  • Council Bluffs, Iowa, North America : us-central1
  • Moncks Corner, South Carolina, North America: us-east1
  • Ashburn, Virginia, North America: us-east4
  • St. Ghislain, Belgium, Europe: europe-west1
  • Eemshaven, Netherlands, Europe : europe-west4
  • Jurong West, Singapore, APAC: asia-southeast1
Container Optimized OS

cos-dev-109-17637-0-0

Kernel Docker Containerd GPU Drivers
COS-6.1.29 v23.0.3 v1.7.0 v470.182.03(default),v525.105.17

Updated the Linux kernel to v6.1.29.

Added noexec, nodev, nosuid to /etc/resolv.conf bind mount. It fixes EPERM errors when running a pod in UserNS in COS.

Added rt-tests package.

Upgraded sys-apps/grep to v3.11.

Upgraded sys-apps/ethtool to v6.3.

Upgraded net-misc/wget to v1.21.4

Upgraded sys-libs/libcap to v2.69.

Upgraded sys-apps/coreutils to v9.3-r1.

Updated app-emulation/cloud-init to 23.1.2.

Fixed CVE-2023-1255 in the dev-libs/openssl package.

Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.

Runtime sysctl changes:

  • Added: fs.overflowgid: 65534
  • Added: fs.overflowuid: 65534

cos-105-17412-101-13

Kernel Docker Containerd GPU Drivers
COS-5.15.109 v23.0.3 v1.7.0 v470.182.03(default),v525.105.17

Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.

Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.

Fixed CVE-2023-32233.

cos-93-16623-402-17

Kernel Docker Containerd GPU Drivers
COS-5.10.177 v20.10.14 v1.5.18 v450.236.01(default),v470.182.03(R470),v525.105.17

Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.

Fixed CVE-2022-36109 in app-emulation/docker.

Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.

cos-97-16919-294-23

Kernel Docker Containerd GPU Drivers
COS-5.10.176 v20.10.14 v1.6.20 v470.182.03(default), v525.105.17

Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.

Fixed CVE-2022-36109 in app-emulation/docker.

Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.

cos-101-17162-210-18

Kernel Docker Containerd GPU Drivers
COS-5.15.107 v20.10.24 v1.6.18 v470.182.03(default), v525.105.17

Updated app-emulation/cloud-init to 23.1.2 which fixes CVE-2023-1786.

Updated app-editors/vim, app-editors/vim-core to v9.0.1562. This resolves CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.

Filestore Google Kubernetes Engine

The C3 machine family is generally available for GKE Standard clusters running on version 1.22 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool.

The following features are not supported for this machine family:

  • Node auto-provisioning.
  • Confidential GKE nodes.
  • Local SSD.
  • Standard persistent disks (pd-standard).

For more information, refer to the C3 machine series documentation.

Migrate to Containers

On May 22, 2023 we released Migrate to Containers 1.15.0.

The use of migration sources based on Migrate to Virtual Machines v4 is no longer supported.

To migrate application components from VMs running on VMWare clusters, you can use Migrate to Virtual Machines v5 integration. For more information, see Adding Migrate to Virtual Machines as a migration source.

To migrate application components from AWS or Azure use Migrate to Virtual Machines v5 to migrate VMs to Compute Engine, and then use Migrate to Containers to perform a migration from the created Compute Engine instance. For more information, see the Migrate to Virtual Machines version 5.0 documentation.

In-place processing on Anthos on AWS is no longer supported. You cannot install new versions of Migrate to Containers on Anthos on AWS clusters. To migrate application components of VMs on AWS, you can migrate VMs from AWS to Compute Engine using Migrate to Virtual Machines v5, and then use Migrate to Containers to perform a migration from the created Compute Engine instance. For more information, see the Migrate to Virtual Machines version 5.0 documentation.

In-place processing on Anthos on VMware is no longer supported. You cannot install new versions of Migrate to Containers on Anthos on VMWare clusters. Instead, you can migrate application components to GKE or Anthos clusters on bare metal using Migrate to Virtual Machines v5 or the local VMWare source respectively.

The legacy Linux runtime is now deprecated. The generated migration plan now uses the enhanced Linux runtime by default. You can choose to use the legacy Linux runtime, which is planned to be supported until August 2023, by setting the value of the v2kServiceManager flag in the migration plan to false.

To see how to convert existing migrations to the new Linux runtime, see Upgrade container workloads for enhanced runtime.

If you have migrated applications using the legacy runtime, you can install the legacy runtime support using the following command:

migctl setup install --runtime

For more information, see Before you begin deploying a Linux workload to a target cluster.

Enhanced the Windows features filtering to only allow features supported by Windows Docker images to work.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.123.12 (2023-05-12)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.25.0 (#1566) (7e63280)
  • Update dependency com.google.cloud:google-cloud-core to v2.17.0 (#1574) (9c80f14)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.9.0 (#1576) (03a027f)
  • Update dependency org.easymock:easymock to v5.1.0 (#1448) (5ad86fe)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.22 (#1570) (bbe9a8b)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.22 (#1571) (e7b62d3)
  • Update dependency org.xerial.snappy:snappy-java to v1.1.9.0 - abandoned (#1471) (1620e00)
  • Update dependency org.xerial.snappy:snappy-java to v1.1.9.1 (#1572) (1ec2fec)
Secure Web Proxy

Secure Web Proxy is generally available (GA).

May 19, 2023

BigQuery

EXTERNAL_QUERY SQL pushdown optimizes data retrieval from external sources like Cloud SQL or Cloud Spanner databases. Transferring less data reduces execution time and cost. SQL pushdown encompasses both column pruning (SELECT clauses) and filter pushdowns (WHERE clauses). SQL pushdown applies to SELECT * FROM T queries, a significant percentage of all federated queries. Not all data types are supported for filter pushdowns. This feature is generally available (GA).

Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • 1Password (ONEPASSWORD)
  • AMD Pensando DSS Firewall (AMD_DSS_FIREWALL)
  • Atlassian Confluence (ATLASSIAN_CONFLUENCE)
  • AWS Network Firewall (AWS_NETWORK_FIREWALL)
  • AWS Route 53 DNS (AWS_ROUTE_53)
  • AWS S3 Server Access (AWS_S3_SERVER_ACCESS)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Bitdefender (BITDEFENDER)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Firewall Services Module (CISCO_FWSM)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Vision Dynamic Signage Director (CISCO_STADIUMVISION)
  • Cloud DNS (N/A)
  • CrowdStrike Falcon (CS_EDR)
  • Crowdstrike IOC (CROWDSTRIKE_IOC)
  • F5 Advanced Firewall Management (F5_AFM)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • FireEye HX (FIREEYE_HX)
  • ForgeRock OpenAM (OPENAM)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet FortiEDR (FORTINET_FORTIEDR)
  • HAProxy (HAPROXY)
  • Juniper (JUNIPER_FIREWALL)
  • Microsoft IIS (IIS)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta User Context (OKTA_USER_CONTEXT)
  • OpenSSH (OPENSSH)
  • Oracle Cloud Infrastructure VCN Flow Logs (OCI_FLOW)
  • Proofpoint Observeit (OBSERVEIT)
  • Rapid7 Insight (RAPID7_INSIGHT)
  • SAP Netweaver (SAP_NETWEAVER)
  • Security Command Center Threat (N/A)
  • Splunk Platform (SPLUNK)
  • Teleport Access Plane (TELEPORT_ACCESS_PLANE)
  • Thinkst Canary (THINKST_CANARY)
  • Trend Micro AV (TRENDMICRO_AV)
  • Trustwave webmarshal (WEBMARSHAL)
  • VMware AirWatch (AIRWATCH)
  • WatchGuard (WATCHGUARD)

For details about changes in each parser, see Supported default parsers.

Cloud Composer

Cloud Composer API for Highly resilient environments is available. Cloud Console UI, gcloud CLI commands, and Terraform support for this feature will be gradually rolled out in the upcoming days.

Splitting Celery logs into stdout/stderr (#30485) is now possible with the [logging]celery_stdout_stderr_separation Airflow configuration option. The default value for this option is False.

(Cloud Composer 2) Increased the default values of [core]dagbag_import_timeout to 120 seconds, and dag_file_processor_timeout to 300 seconds. The updated parameters allow the DAG Processor to parse more DAGs and provide more time to add parsed DAGs into the DAG bag.

(Cloud Composer 2) Increased the default value of [scheduler]zombie_detection_interval to 20 seconds. This change reduces the chance that Airflow skips retry attempts for a zombie task.

Cloud Composer 2.2.0 images are available:

  • composer-2.2.0-airflow-2.5.1 (default)
  • composer-2.2.0-airflow-2.4.3

Cloud Composer versions 2.0.12 and 1.18.8, have reached their end of full support period.

Cloud Logging

Log buckets with Log Analytics enabled now support the use of Customer Managed Encryption Keys (CMEK). For information about enabling Log Analytics on log buckets, see Create a bucket or Upgrade a bucket to use Log Analytics.

Cloud SQL for MySQL

Cloud SQL for MySQL has launched two database flags that impact the Cloud SQL SLA: innodb_flush_log_at_trx_commit and sync_binlog. For more information about these flags, see supported flags.

Cloud SQL for PostgreSQL

The following extensions, views, utilities, and flags are generally available:

Extensions

  • postgresql_anonymizer: mask or replace personally identifiable information (PII) or sensitive data from a PostgreSQL database.
  • pgtt: create, manage and use Oracle-style global temporary tables.
  • rdkit: compare, manipulate, and identify molecular structures.

Views and utilities

  • pg_authid: access this catalog table that contains hashed passwords and other properties for all database roles.
  • pg_dumpall: extract all PostgreSQL databases of a cluster into a single script file.

Flags

  • log_line_prefix: generate a printf-style string at the beginning of each line of a PostgreSQL log file.

The rollout of the following minor versions, extension versions, and plugin versions is currently underway:

Minor versions

  • 10.21 is upgraded to 10.22.
  • 11.16 is upgraded to 11.17.
  • 12.11 is upgraded to 12.12.
  • 13.7 is upgraded to 13.8.
  • 14.4 is upgraded to 14.5.

Extension and plugin versions

  • plv8 is upgraded from 3.1.2 to 3.1.4.
  • wal2json is upgraded from 2.3 to 2.4.
  • pgTAP is upgraded from 1.1.0 to 1.2.0.
  • PostGIS is upgraded from 3.1.4 to 3.1.7.
  • pg_partman is upgraded from 4.5.1 to 4.7.0.
  • pg_wait_sampling is upgraded from 1.1.3 to 1.1.4.
  • pg_hint_plan is upgraded from 1.3.7 to 1.4.
  • pglogical is upgraded from 2.4.1 to 2.4.2.

This rollout also introduces the following:

  • PostGIS GDAL driver support
  • LZ4 TOAST compression for PostgreSQL versions 14 and later
Cloud Translation Compute Engine

Preview: You can now use the discard-local-ssd=false flag to preserve the contents of a single attached Local SSD disk when suspending or stopping a VM. For more information, see the Local SSD Documentation.

Dataproc

Upgraded the Cloud Storage connector to 2.2.13 version in Dataproc Serverless for Spark runtimes.

Fixed the NoClassDefFoundError for log4j class in Zeppelin BigQuery interpreter in 2.0 images.

Backported HIVE-22891 to 2.0 images.

Google Distributed Cloud Edge

This is a minor release of Google Distributed Cloud Edge (version 1.4.0).

The following features have been introduced in this release of Distributed Cloud Edge:

  • Survivability mode. Distributed Cloud Edge now allows you to create clusters with the Kubernetes control plane running locally on your Distributed Cloud Edge hardware. This improves the reliability of Distributed Cloud Edge when your connection to Google Cloud is intermittent. This is a Public Preview feature. For more information, see Distributed Cloud Edge survivability mode.

  • Symcloud Storage integration. You can now integrate Distributed Cloud Edge with Rakuten Symcloud Storage, a third-party storage abstraction solution that allows Pods to access local storage on different Distributed Cloud Edge nodes. This is a Public Preview feature. For more information, see Configure Distributed Cloud Edge for Symcloud Storage.

  • Enhanced rNDC security. Distributed Cloud Edge has replaced the bond0 interface with the gdcenet0 interface that allows you to use the physical management network interface card for your application workloads while maintaining complete separation from Distributed Cloud Edge control and management traffic. You must manually reconfigure any existing network resources that reference the bond0 interface to use the gdcenet0 interface. For more information, see Upgrade CustomNetworkInterfaceConfig resources from Distributed Cloud Edge 1.3.0 to 1.4.0 and Upgrade NetworkAttachmentDefinition resources to Distributed Cloud Edge 1.4.0.

  • Cloud Router reuse for VPN connections. When creating a VPN connection, Distributed Cloud Edge now automatically reuses any Cloud Router resource it has automatically created for a VPN connection. You can also specify a custom Cloud Router resource when creating a VPN connection. Existing VPN connections are not affected. For more information, see Manage VPN connections.

The following changes have been introduced in this release of Distributed Cloud Edge:

  • The cross-project VPN connection functionality is now generally available. For more information, see Manage cross-project VPN connections.

  • The default behavior of the gcloud edge-cloud clusters get credentials command has changed. The command now requires the `gke-gcloud-auth-plugin plugin, which replaces the legacy in-tree-auth-plugin plugin. For more information about the gke-gcloud-auth-plugin plugin, see Important changes to Kubectl authentication are coming in GKE v1.26. You have the option to revert to the legacy in-tree-auth-plugin plugin by setting the USE_GKE_CLOUD_AUTH_PLUGIN environment flag to false.

  • The Kubernetes control plane has been updated to version 1.25.5-gke.1001 for all clusters.

  • The Kubernetes container daemon (containerd) has been updated to version 1.6.6-gke.1 for remote control plane clusters and to 1.6.12-gke.0 for survivability mode clusters.

  • The Kubernetes worker node agent (kubelet) has been updated to version 1.24.7.gke.1700 for remote control plane clusters and 1.25.5-gke.1001 for local control plane clusters.

  • Distributed Cloud Edge now supports the ConfigSync feature of Anthos Config Management. Distributed Cloud Edge does not support any other Anthos features.

The following issues have been resolved in this release of Distributed Cloud Edge:

  • Distributed Cloud Edge now supports dynamic IPAM for multi-networking configurations.

  • Disabling the Anthos VM Runtime virtual machine subsystem no longer removes the network-controller-manager container. You can now disable the subsystem without affecting Distributed Cloud Edge networking features.

This release of Distributed Cloud Edge contains the following known issues:

  • BGP sessions do not recover when the associated network interface goes down and then comes back up.

  • In the CustomNetworkInterfaceConfig resource, setting the ifname field to gdcenet0 while the masterInterface field is also set to gdcenet0 causes the resource to not apply to the cluster.

  • When configuring a CustomNetworkInterfaceConfig resource, you must explicitly set the MTU size to be no greater than the MTU size of its parent network interface. Otherwise, unpredictable behavior might result.

  • If you reboot a node running a local control plane workload for a local control plane cluster, the cluster loses its GKEConnect connection to GKEHub until the node fully starts up again. The workloads deployed on the cluster continue to run.

  • If you are creating a remote control plane plane cluster, creating a node pool using nodes that were previously part of a local control plane cluster might fail. If you encounter this issue, contact Google Support for assistance.

May 18, 2023

Anthos clusters on AWS

Security bulletin

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-005 security bulletin.

Anthos clusters on Azure

Security bulletin

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-005 security bulletin.

Anthos clusters on VMware

Security bulletin

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. For more information, see the GCP-2023-005 security bulletin.

BigQuery

You can now sort your query results by using the sort menu next to a column name. This feature is in preview.

Dataplex
  • Dataplex auto data quality (AutoDQ) and data profiling can be used on any BigQuery tables, including tables that aren't part of a Dataplex lake. You don't need to create a Dataplex lake to run Dataplex AutoDQ and data profiling.
  • Dataplex AutoDQ and data profiling support BigQuery views, BigLake tables, and BigQuery external tables.
  • Dataplex AutoDQ and data profiling support sampling your data to reduce time and cost.
Dataproc

New sub-minor versions of Dataproc images:

  • 2.0.64-debian10, 2.0.64-rocky8, 2.0.64-ubuntu18
  • 2.1.12-debian11, 2.1.12-rocky8, 2.1.12-ubuntu20

--properties=dataproc:componentgateway.ha.enabled=truecan now be used to enable component gateway and knox along with SHS UI in HA mode.

Google Kubernetes Engine

Two new vulnerabilities (CVE-2023-1281, CVE-2023-1829) have been discovered in the Linux kernel that can lead to a privilege escalation to root on the node. GKE Standard clusters are affected. For more information, see the GCP-2023-005 security bulletin.

Looker Studio

Starting with this week's release, Looker Studio release notes are available on Google Cloud. You can also find release notes, including localized versions, in the Looker Studio Help Center.

Pause report updates. You can pause updates to minimize the number of data requests made while building and editing your report. While the report is paused, changes made to the report's data settings are placed on hold until you resume updates. Pausing report updates can potentially save on query costs because Looker Studio only requests the data needed to meet the report configuration as of the time you resumed updates.

Network Intelligence Center

Network Analyzer is now integrated with the Transparency and Control Center. Google Cloud users can now use this feature to opt out of analysis. For more information, see Opting out of data processing.

Vertex AI

Vertex Prediction

You can now co-host models on the same VM from the Google Cloud Console. Previously, this capability was available only from the REST API. For more information, see Share resources across deployments.

Virtual Private Cloud

Private Service Connect service connectivity automation is available in Preview. Service connectivity automation lets service producers automate deployment and service connectivity to eligible managed services on behalf of consumers.

May 17, 2023

AlloyDB for PostgreSQL

The AlloyDB FORCE_APPLY update policy is available in Preview. Use this policy to modify database flags and apply updates faster (within 1-2 minutes) to an instance.

Apigee X

On May 17, 2023, we released an updated version of Apigee X (1-10-0-apigee-1).

Bug ID Description
N/A Upgraded infrastructure and libraries.
280695936 Fixed issue with incomplete removal of form parameters when using the <Remove> element in the Assign Message policy to delete headers and form parameters simultaneously.
271217050 Fixed issue resulting in missing execution records in debug sessions for the JavaCallout policy.
271894110, 273568673, 273571029 Fix enables support for TLS 1.3 for southbound targets.
271539836 Fixed intermittent Cloud Logging failures.
277090269 Fixed encryption of internal proxy chaining headers to avoid proxy invocation misuse.
273561434 Fixed issue with incomplete debug session information for proxies deployed in the same environment.
158132963 Improved capture of relevant target flow variables in trace and analytics in the event of target timeouts.
271093461 Fixed issue with heap exhaustion when using OASValidation policy.
269514256 Fixed issue causing GoogleTokenGeneration failure.
261924658 Optimization to reduce latency in Quota policy.
252864240 Fixed issue to support bot detection with Analytics obfuscation enabled.
222024484 CORS policy now returns Access-Contol-Allow-Credentials header in preflight response when is set to true.
261205290 Optimization to reduce resource usage on Cassandra connections.
266814873 Fixed issue with retrieval of environment-scoped KVM entries containing encryption keys with non-UTF-8 characters.
260342163 Fixed issue causing 100% CPU usage by runtime pod threads under specific circumstances.
273800523, 273800717 Security fixes for Apigee.

The fixes address the following vulnerabilities:

Batch

Preview: Integrate a job into a workflow using the Batch API connector for Workflows.

Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

  • BigqueryMigration
    • bigquerymigration.googleapis.com/MigrationWorkflow
Cloud Monitoring

Cloud Monitoring now provides GA support to prevent alerting policies from sending notifications and creating incidents during specific time periods. For general information, see Snooze notifications and alerts. For information about how to create, view, and modify a snooze, see Create and manage snoozes.

Cloud Run

Allocating up to 32 GiB of memory and up to 8 CPU to your Cloud Run services is now at general availability (GA).

Managed Service for Microsoft Active Directory

Managed Microsoft AD is available in the following regions:

  • europe-west12 (Turin)
  • me-central1 (Doha)

For more information, see Deploy domain controllers in additional regions.

SAP on Google Cloud

Google Cloud's Agent for SAP version 1.6

Version 1.6 of Google Cloud's Agent for SAP is available. This version includes bug fixes for Process Monitoring metrics collection and agent instances running on Bare Metal Solution servers.

For more information, see What's new with Google Cloud's Agent for SAP.

Security Command Center

With project-level activations of the Security Command Center Premium tier, you can now enable certain Premium-tier threat and vulnerability findings that require organization-level access by activating the Standard tier at the organization level in addition to your project-level activation. These finding categories were previously unsupported with project-level activations.

For more information, see Premium tier feature support with project-level activations.

Virtual Private Cloud

Global access for Private Service Connect endpoints for published services is available in General Availability. When global access is configured, clients in any region can send traffic to Private Service Connect endpoints.

Workflows

Support for a Batch API connector is available in Preview.

May 16, 2023

BigQuery

The VPC Service Controls perimeter that protects the BigQuery API now also protects the BigQuery Reservation API. Customers who have already configured VPC Service Controls for the BigQuery API or the BigQuery Reservation API should update their configurations to reflect this change. For more information, see BigQuery Reservation API.

Cloud Functions

You can now restrict new deployments by product generation (1st gen or 2nd gen). This feature is at the General Availability release level.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for MySQL

The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

Cloud SQL for PostgreSQL

The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

Cloud SQL for SQL Server

The Cloud SQL Proxy Operator is now generally available. To learn more about the Cloud SQL Proxy Operator, see About the Cloud SQL Proxy Operator.

Compute Engine

The image import tool now supports importing Rocky Linux 9 images to Google Cloud.

Contact Center AI Platform

SIP URI Directory - Call Routing: With this release, you can now use the SIP Directory to configure SIP call routing and transfers in IVR queue settings. You can use this functionality to route incoming calls to appropriate destinations based on IVR menu selections or queue routing rules. You can set it up so that a customer calling a support line, for example, can select a department or agent from the IVR menu based on their inquiry. See the SIP URI documentation for details.

Google Cloud Deploy

Security insights for container images are now available on the release details page.

Google Cloud VMware Engine

VMware Aria Operations for Logs is now certified for Google Cloud VMware Engine. You can use VMware Aria Operations for Logs to collect and manage logs from VMware Engine and on-prem environments into a centralized solution.

VMware Aria Operations for Logs with VMware Engine enables more operational visibility and intelligent analytics for both troubleshooting and auditing purposes, making it easier for you to manage and operate your VMware Engine environment. See the VMware blog announcement for more information.

Google Kubernetes Engine

1.27 is now available in the Rapid channel

Kubernetes 1.27 is now available in the Rapid channel. For more information about the content of Kubernetes 1.27, read the Kubernetes 1.27 Release Notes.

Deprecated API versions

These APIs are still served in version 1.27 but are in a deprecation period:

  • The following Beta versions of graduated APIs will be removed in 1.29 in favor of newer versions:

    • flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema, PriorityLevelConfiguration

      • deprecated since 1.26
      • use flowcontrol.apiserver.k8s.io/v1beta3 instead, available since 1.26

Removed API versions

The following Beta versions of graduated APIs will be removed in 1.27 in favor of newer versions:

  • storage.k8s.io/v1beta1 CSIStorageCapacity

    • deprecated since 1.24
    • use storage.k8s.io/v1 instead, available since 1.24
Vertex AI

Vertex AI custom training now supports deep integration with Vertex AI Experiments. You can submit training jobs with autologging enabled to automatically log parameters and model performance metrics. For more information, see Run training job with experiment tracking

The scheduler API for Vertex AI Pipelines is now available in Preview. You can schedule recurring pipeline runs in Vertex AI by specifying a frequency, start time (optional), and end time (optional). For more information, see Schedule a pipeline run with scheduler API.

May 15, 2023

Anthos clusters on VMware

Anthos clusters on VMware 1.13.8-gke.42 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.8-gke.42 runs on Kubernetes 1.24.11-gke.1200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.15, 1.14, and 1.13.

  • Fixed a race condition where some cluster nodes couldn't access the HA control plane when the underlying network performed ARP suppression.

  • Fixed an issue where vsphere-csi-secret was not updated during gkectl update credentials vsphere for an admin cluster.

  • Disabled motd news on the ubuntu_containerd image to avoid unexpected connections to Canonical.

  • Fixed an issue where the Connect Agent continued using the older image after registry credential update.

  • Fixed an issue where cluster autoscaler ClusterRoleBindings in the admin cluster were accidentally deleted upon user cluster deletion. This fix removes dependency on ClusterRole, ClusterRoleBinding and ServiceAccount objects in the admin cluster.

  • Fixed an issue where Connect Agent in admin clusters might fail to be upgraded during cluster upgrade.

  • Fixed an issue where a cluster might not be registered when the initial membership creation attempt failed.

Fixed the following vulnerabilities:

App Engine standard environment PHP

The PHP 8.2 runtime for App Engine standard environment is now generally available.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.51.2 (2023-05-08)

Bug Fixes
  • bigquery: Update grpc to v1.55.0 (1147ce0)

BigQuery Omni is now available in the AWS - Asia Pacific (Seoul) (aws-ap-northeast-2) region.

Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory) and Feed API.

  • AI Platform
    • aiplatform.googleapis.com/NasJob
Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.23.1 (2023-05-11)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.18.0 (#1749) (1d7d391)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.9.0 (#1744) (60df07f)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.22 (#1746) (86ea9db)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.22 (#1747) (caa4462)

2.23.0 (2023-05-09)

Features
  • Resizing channel pool size based on the work load (#1271) (7fb1a09)
Documentation
  • Clean up BetaApi annotations from built in metrics API (#1741) (c2fbd04)

Python

Changes for google-cloud-bigtable

2.18.0 (2023-05-10)

Features
Bug Fixes
  • Pass the "retry" when calling read_rows. (#759) (505273b)
Documentation
  • Fix delete from column family example (#764) (128b4e1)
  • Fix formatting of request arg in docstring (#756) (45d3e43)
Cloud Functions

Cloud Functions has added support for a new runtime, PHP 8.2, at the General Availability release level. PHP 8.2 adds significant new functionality over PHP 8.1 and uses Ubuntu 22.04 for its base O/S image.

Cloud Functions now supports 2nd gen Firestore triggers through Eventarc at the Preview release level.

Cloud Logging

You can now customize the time range of your queries in the Log Analytics page by using the time-range selector. There are several time range options, such as preset times, custom start and end times, and relative time ranges. For more information, see Filter by time.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.15.0 (2023-05-06)

Features
  • Log Analytics features of the Cloud Logging API (#1335) (7d43b80)
Dependencies
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.3 (#1329) (dfb98f4)
Cloud Monitoring

The new interface for creating charts with Metrics Explorer is GA. For more information, see Create charts with Metrics Explorer.

Version 2.31.0 of the Ops Agent introduces preview support for an OpenTelemetry Protocol (OTLP) receiver. You can use this receiver to collect custom metrics and traces from applications written by using OpenTelemetry SDKs. For more information, see Collect OTLP metrics and traces.

Cloud SQL for SQL Server

You can now use the point-in-time-recovery (PITR) feature and read replicas on the same primary instance. For more information, see Point-in-time Recovery.

Cloud Trace

Version 2.31.0 of the Ops Agent introduces preview support for an OpenTelemetry Protocol (OTLP) receiver. You can use this receiver to collect custom traces and metrics from applications written by using OpenTelemetry SDKs. For more information, see Collect OTLP traces.

Compute Engine

Generally available: The local SSD quota per machine family (LOCAL_SSD_TOTAL_GB_PER_VM_FAMILY) is generally available. Use the quota metric compute.googleapis.com/local_ssd_total_storage_per_vm_family instead of compute.googleapis.com/local_ssd_total_storage to view the quota usage and limits for local SSD in your project. For more information, see View and manage local SSD quota per machine family.

Container Optimized OS

cos-dev-109-17622-0-0

Kernel Docker Containerd GPU Drivers
COS-6.1.27 v23.0.3 v1.7.0 v470.182.03(default),v525.105.17

Upgraded sys-apps/pciutils to v3.10.0.

Upgraded app-admin/sudo to v1.9.13_p3-r1.

Upgraded app-arch/xz-utils to v5.4.3.

Upgraded sys-apps/less to v633.

Upgraded sys-apps/acl to v2.3.1-r2.

Upgraded app-misc/ca-certificates to v20230311.3.89.1.

Container Registry

Container Registry is deprecated and is superseded by Artifact Registry. After May 15, 2024. Google Cloud projects without previous Container Registry usage will only host images for the gcr.io domain in Artifact Registry.

Use the following information to help you move to Artifact Registry:

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.8.1 (2023-05-08)

Bug Fixes
  • dataflow: Update grpc to v1.55.0 (1147ce0)
Pub/Sub

BigQuery subscriptions now support the NUMERIC and BIGNUMERIC data types. For more information, see Schema compatibility.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.10.1 (2023-05-08)

Bug Fixes
  • secretmanager: Update grpc to v1.55.0 (1147ce0)
Security Command Center

The pricing for project-level activations of Security Command Center has been reduced by lowering the Security Command Center rate for the usage of the following Google Cloud services:

  • Compute Engine
  • GKE-Autopilot
  • App Engine
  • Cloud SQL

For more information, see Pricing for project-level activations.

May 12, 2023

AlloyDB for PostgreSQL

The AlloyDB admin API now includes user-management methods. These let you use the gcloud command-line tool to manage the user roles of your AlloyDB clusters, in addition to the PostgreSQL functions already supported.

App Engine flexible environment .NET

.NET 6 is now generally available. This version requires you to specify an operating system version in your app.yaml file. Learn more.

Cloud Composer

(Cloud Composer 2) The default [celery]stalled_task_timeout value is set to 1200. Tasks that stay in the queued state for more than 20 minutes (1200 seconds) are now rescheduled.

(Airflow 2.4.3 and 2.5.1) Python packages upgraded:

  • Added new packages: dbt-bigquery and google-cloud-documentai.
  • The apache-airflow-providers-cncf-kubernetes package was upgraded to version 6.0.0.

(Cloud Composer 2 with Airflow 2.5.1 and 2.4.3) Version 6.0.0 of the CNCF Kubernetes Provider package (apache-airflow-providers-cncf-kubernetes) introduces a backwards incompatible change. The kubernetes_default connection is now used by default in the KubernetesPodOperator. For more information, see CNCF Kubernetes Provider Changelog.

(Cloud Composer 2) The default version of Airflow is changed to 2.5.1.

Cloud Composer 2.1.15 images are available:

  • composer-2.1.15-airflow-2.5.1 (default)
  • composer-2.1.15-airflow-2.4.3

Airflow 2.3.4 is no longer included in Cloud Composer images.

Cloud Composer versions 2.0.11 and 1.18.7, have reached their end of full support period.

Cloud Monitoring

The new flow for creating uptime checks, which includes usability improvements and offers a seamless way to create uptime checks on your private resources, is now GA. For more information, see Create public uptime checks and Create private uptime checks.

Cloud Run

You can now deploy sidecar containers to your Cloud Run service. (In Preview.)

You can now configure in-memory volumes for your Cloud Run containers. (In Preview.)

Contact Center AI Platform

Unified Session Types: The new session type variable, Session Type V2, is now available. This update introduces a range of new fields, variables, and columns that will provide you with access to valuable additional information such as the ability to distinguish between Inbound SMS, Outbound SMS, and Outbound SMS via API. For more information, see the session type terminology documentation.

To take advantage of the new fields and variables, you will need to update your scripts, code, automation triggers, and any third-party integrations. The legacy components will no longer be updated with new functionality and will be deprecated on October 6, 2023.

Holiday hours: With Holiday Hours, you now have the ability to create and manage your own set of holidays with complete control over the holiday name, time, and dates. Additionally, you can group your holidays together for easier management. See the holiday hours documentation for details.

Campaign Management: Outbound Number: Outbound Number is a new feature for the Outbound Dialer that allows you to specify which outbound number to use when dialing out for each contact. With this new feature, you can rotate outbound phone numbers to have more control over the outbound phone numbers you use to make your outbound calls. For more information, see the Outbound Number documentation.

To address SSO management issues with various customers in CCAIP, we moved the setting of the SSO values into the create-company rake task which makes sure we only set this when we first create a tenant project. This value is set to allow customers to change their own SSO settings.

Resolved an issue with Manager API endpoints returning "Internal Error".

Resolved an issue where if queue priority was enabled, then chat settings were not populated.

Resolved an issue with incoming calls not ringing for agents who have the Adapter tab in the background on Chrome. Now a chime sound is played when the agent switches to the Available status, which will allow the Adapter tab to play sounds while in the background. This ensures that incoming call notifications will be heard even if the agent has the tab in the background.

Resolved an issue where the Target Pick Up Time under Settings > Operations Management was not updating in the Agent Adapter when receiving a call.

Fixed an issue where agents changing their status from Meeting to Available would not receive campaign calls, requiring the campaign to be paused and restarted. Now campaign calls are received without interruption.

Fixed an issue where when using the outbound call API to start a call, the call adapter would display the mobile SmartActions menu instead of the Start SMS option.

Fixed an issue with chat escalations to a human agent, ensuring session variables are successfully posted to the CRM ticket, as configured in Settings > Operation Management > Virtual Agent.

Fixed unexpected newline characters in admin notification emails.

There were certain scenarios where frontend was showing support@ujet.cx email. This was updated to accept any string to support email branding and display it. For example, the string should change from "Please try again or contact support@ujet.cx for more help" to "Please try again or contact Company X for more help".

Google Kubernetes Engine

The g2-standard machine family with NVIDIA L4 is generally available for node pools in clusters running GKE version 1.22 and later. To select the machine family, use the --machine-type flag in your create command.

SAP on Google Cloud

ABAP SDK for Google Cloud, version 1.0 is generally available (GA)

Version 1.0 of the ABAP SDK for Google Cloud is generally available (GA). The ABAP SDK for Google Cloud enables native, bi-directional, and real-time integration between SAP applications and Google Cloud services such as Google Cloud Storage, Vertex AI, Maps, and Pub/Sub.

Using the ABAP SDK for Google Cloud, ABAP developers can build and deploy ML and AI-driven solutions based on Google Cloud services driven by real-time changes in their SAP enterprise applications.

For more information, see What's new with the ABAP SDK for Google Cloud.

Compliance and sovereign controls for SAP on Google Cloud

SAP workloads can leverage Assured Workloads to meet compliance and sovereign control requirements such as data residency, access control, support personnel, or other regulatory requirements.

For more information, see Compliance and sovereign controls for SAP on Google Cloud.

May 11, 2023

AlloyDB for PostgreSQL

The storage per cluster limit has increased to 32 TiB.

Apigee UI

On May 11, 2023 we released an updated version of the Apigee UI.

This release includes new Permissions Pre-check functionality and UI messaging, which is available when provisioning Apigee with Pay-as-you-go pricing in the Google Cloud console. With the release of this feature, users are alerted when any permissions required to complete the provisioning operations are missing. The missing permissions and the steps to resolve are now identified in the UI messaging.

App Engine flexible environment Ruby

Ruby 3.2 is now generally available. This version requires you to specify an operating system version in your app.yaml file. Learn more.

BigQuery

Object tables are now generally available (GA).

Object tables are read-only tables containing metadata for unstructured data stored in Cloud Storage. They enable you to analyze and perform inference on images, audio files, documents and other file types by using BigQuery ML and BigQuery remote functions. Object tables extend the data security and governance best practices currently applied to structured data to unstructured data as well.

The GA release includes the following new and updated functions:

Cloud Build

You can now create manual triggers, webhook triggers, or Pub/Sub triggers using Cloud Build repositories (2nd gen). This feature is available at the preview release stage. To learn more, see the Repositories overview page.

Cloud Interconnect

Dataplane v2 for Cloud Interconnect is fully available for customers using Dedicated Interconnect or Partner Interconnect in the following regions:

  • asia-northeast1 (Tokyo)
  • asia-northeast2 (Osaka)
  • europe-central2 (Poland)
  • asia-south2 (Delhi)
  • australia-southeast2 (Melbourne)
  • europe-southwest1 (Madrid)

All new VLAN attachments that you create in these regions are automatically provisioned on Dataplane v2. Existing VLAN attachments for these regions can be migrated to Dataplane v2. You can migrate existing attachments yourself by re-creating the attachments, or you can request and schedule an assisted migration. Contact Google Cloud Support for assistance.

For the list of all regions that are Dataplane v2-enabled, see the Locations table (Dedicated Interconnect) or Supported service providers (Partner Interconnect).

Cloud Storage

Custom audit logging for Cloud Storage is now available in Preview.

  • JSON API requests now support user-defined headers that are prefixed with x-goog-custom-audit-.
  • Cloud Audit Logs can subsequently include these headers as part of your request's audit log entry.
Dataproc Datastream

Datastream now supports backfill for PostgreSQL tables of any size. For more information, click here.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Fraud Prevention is generally available.

You can use reCAPTCHA Enterprise Fraud Prevention to protect payment transactions against attacks such as carding, stolen instrument fraud, and account takeover payment fraud. For more information, see Protect payment transactions with Fraud Prevention.

May 10, 2023

AlloyDB for PostgreSQL

The columnar engine now supports columns with json and jsonb data types.

Anthos clusters on bare metal

CentOS Linux 8 Support Deprecated

CentOS Linux 8 reached its end of life (EOL) on December 31st, 2021. We strongly recommend that you migrate to one of the other supported operating systems from Anthos clusters on bare metal. All support for CentOS is removed from Anthos clusters for bare metal release 1.17 (December 2023) and subsequent releases.

BigQuery

BigQuery is now available in the Dallas (us-south1) region.

Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
  • AWS RDS (AWS_RDS)
  • Cloud Audit Logs (N/A)
  • Cloud DNS (N/A)
  • Cloud Run (N/A)
  • Cloud SQL (N/A)
  • Cofense (COFENSE_TRIAGE)
  • CoSoSys Protector (ENDPOINT_PROTECTOR_DLP)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • pfSense (PFSENSE)
  • Qualys VM (QUALYS_VM)
  • SentinelOne EDR (SENTINEL_EDR)
  • VMware AirWatch (AIRWATCH)
  • VMware vRealize Suite (VMWARE_VREALIZE)
  • Windows Event (WINEVTLOG)

For details about changes in each parser, see Supported default parsers.

Cloud Load Balancing

If you're using hybrid NEGs with distributed Envoy health checks, you can't configure the same NON_GCP_PRIVATE_IP_PORT network endpoint in multiple hybrid NEGs. This configuration does not work with Envoy-based load balancers such as the regional external HTTP(S) load balancer, the internal HTTP(S) load balancer, and the internal TCP proxy load balancer.

Cloud Router

The Cloud Router custom learned routes feature is in Preview. This feature lets you configure a Border Gateway Protocol (BGP) session to include learned routes that you manually specify. Cloud Router then behaves as if it learned the routes from the BGP peer.

Custom learned routes can be helpful if you want to avoid the limitations of static routes. For example:

  • Static routes can't detect a loss of reachability in the next hop of a route. In contrast, custom learned routes can detect a loss of reachability, and they react accordingly to avoid dropping traffic without notification.

  • Static routes do not support using HA VPN tunnels or Cloud Interconnect VLAN attachments as next hops. Custom learned routes do.

For more information, see Custom learned routes.

Cloud Run

Cloud Run integrations (Preview) are now available in asia-east1, europe-west4, us-east1, and us-west1.

Cloud Workstations

Cloud Workstations is generally available (GA) and is backed by a Service Level Agreement (SLA).

This release includes support for the following features:

Eventarc

Eventarc is available in the europe-west12 (Turin, Italy) and me-central1 (Doha, Qatar) regions.

Looker

Looker 23.8 includes the following changes, features, and fixes.

Expected Looker (original) rollout start: Monday, May 15, 2023

Expected Looker (original) final deployment and download available: Wednesday, May 24, 2023

Expected Looker (Google Cloud core) deployment start: Monday, May 29, 2023

Expected Looker (Google Cloud core) deployment end: Wednesday, June 7, 2023

Previously, a LookML validation error occurred when a project_name parameter was added to a project manifest file that also defined a Looker extension. This LookML error was triggered when the Local Project Import Labs feature was disabled for the Looker instance. Looker extensions do not require local project import, so with this bug fix this scenario will no longer trigger a LookML validation error.

The API3 keys setting on the Admin API page is now named API keys, in preparation for the deprecation of API3 in June 2023.

Users will now be warned when text on a dashboard tile is close to reaching the maximum length of 256 characters.

The Hide dashboard filters feature is now generally available.

The New Explore Visualizations Labs feature is now generally available. The Explore page, Looks, embedded Looks or Explores, and dashboard tile edit windows will display the same style of funnel chart, timeline, single value, and table visualizations as those that appear on dashboard tiles. Additionally, the drill overlay that appears when you drill into an Explore will match the style of the drill overlay that appears in dashboards, instead of the style that appears in Looks.

Starting in Looker 23.6, customer-hosted Looker instances require Git 2.39.1 or later on the host image. (See the Installing the Looker application documentation page for the full list of requirements for customer-hosted Looker instances.) Git 2.39.1 supports Git worktrees instead of complete Git history clones. Looker uses Git worktrees to provide faster entry into Developer Mode, among other benefits.

Customers who do not have the oem_jar license feature enabled can now access the set_smtp_settings API endpoint.

The Looker IDE will now display an error when incompatible types are being compared in Liquid statements.

The Source column in the Admin > Queries panel now correctly displays the API version for queries that are initiated from the Looker API.

Cookieless embed API endpoints are now marked as stable.

When the filter definition for matches_filter is empty, 1=1 will be added to the WHERE clause so that there are no SQL errors and the query can run. This functionality mirrors the is equal to [empty] standard filter option.

When the Advanced Vis Config Labs feature is enabled, any user who has either the Looker Admin role or the can_override_vis_config permission can access the Advanced Visualization editor. This editor lets users modify HighCharts visualizations by exposing certain JSON parameters of the visualization to enable deep customization. These customizations will not dynamically interact with data.

Conditional formatting logic that is applied in visualization settings now honors hidden No values when the Hide Nos from Visualization setting is applied.

Contents that are displayed in table visualization cells now shift to avoid being cut off when a column is too narrow to display the full range of values.

A new input for specifying a minimum column width override value enables PDFs with a large number of columns to render properly.

Previously, the Content Validator wasn't updating column_order references during rename/replace operations. This issue has been addressed, and the fix adds visualization configuration field references to the Content Validator that were previously missing.

Y-axis scales are no longer miscalculated in bar charts or column charts with trellised grid layouts.

Sorting for custom bin fields on New LookML Runtime now sorts by tier number as expected.

An issue was fixed where, previously, a row's value could be mapped to different tiers for a custom bin field and the internal sort field generated for it.

The Remove option is no longer available for removing table calculations from merged Explore queries. Use the Delete option instead.

An issue was fixed that caused users to be unable to select a domain from an allowlist with more than one item when including a custom link for scheduling.

An issue was fixed for the BigQuery Standard SQL dialect with the Optimistic Pivot feature where pivoted results weren't included for downloads.

Vertex AI

Generative AI Support for Vertex AI

Generative AI Support for Vertex AI is now available in (Preview). With this feature launch, you can leverage the Vertex AI PaLM API to generate AI models that you can test, tune, and deploy in your AI-powered applications.

Features and models in this release include:

  • PaLM 2 for Text: text-bison@001
  • PaLM 2 for Chat: chat-bison@001
  • Embedding for Text: textembedding-gecko@001
  • Generative AI Studio for Language
  • Tuning for PaLM 2
  • Vertex AI SDK v1.25, which includes new features such as TextGenerationModel(text-bison@001), ChatModel(chat-bison@001), TextEmbeddingModel(textembedding-gecko@001)

You can interact with the generative AI features on Vertex AI by using Generative AI Studio in the Google Cloud console, the Vertex AI API, and the Vertex AI SDK for Python.

Vertex AI Model Garden

The Vertex AI Model Garden is now available in (Preview). The Model Garden is a platform that helps you discover, test, customize, and deploy Vertex AI and select OSS models. These models range from tunable to task-specific - all available on the Model Garden page in the Google Cloud console.

Workflows

You can apply call logging to a workflow definition as well as to the execution of a workflow, and specify the level of logging required. The execution log level takes precedence over any workflow log level, unless the execution log level is not specified.

May 09, 2023

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL is now available in the following regions:

  • asia-south2 (Delhi)
  • europe-southwest1 (Madrid)
  • europe-west4 (Netherlands)
  • europe-west8 (Milan)
  • me-west1 (Tel Aviv)
  • northamerica-northeast1 (Montreal)
  • northamerica-northeast2 (Toronto)
  • southamerica-east1 (Brazil)
  • southamerica-west1 (Santiago)

For more information, see AlloyDB Locations.

Apigee Integration

Cloud logs support for Connectors tasks

You can now view the execution logs of a failed Connectors task in Apigee Integration.

For more information, see Execution Logs.

The issue relating to the validation of incorrect variable assignments in an integration has been resolved.

Application Integration

Cloud logs support for Connectors tasks

You can now view the execution logs of a failed Connectors task in Application Integration.

For more information, see Execution Logs.

The issue relating to the validation of incorrect variable assignments in an integration has been resolved.

Batch

Documentation has been added to explain how to run Nextflow pipelines on Batch. For more information, see Orchestrate jobs by running Nextflow pipelines on Batch.

BigQuery

You can now view BI Engine Top Tables Cached Bytes, BI Engine Query Fallback Count, and Query Execution Count as dashboard metrics for BigQuery. This feature is now generally available (GA).

EXTERNAL_QUERY SQL pushdown optimizes data retrieval from external sources like Cloud SQL or Cloud Spanner databases. Transferring less data reduces execution time and cost. SQL pushdown encompasses both column pruning (SELECT clauses) and filter pushdowns (WHERE clauses). SQL pushdown applies to SELECT * FROM T queries, a significant percentage of all federated queries. Pushdowns have limitations, for example not all data types are supported for filter pushdowns. This feature is generally available (GA).

Cloud Build

You can now restrict the creation of Cloud Build builds, triggers, and repositories to a particular location using an Organization Policy Service constraint. This feature is generally available. To learn more, see Restricting Resource Locations.

Cloud Run

Cloud Run now logs container health check failures, including default TCP startup probe failures.

Cloud Spanner

Support for logging the processing duration of your Cloud Spanner read and write requests is now available in Cloud Audit Logs. For more information, see Processing duration.

Config Connector

Config Connector version 1.104.0 is now available.

Resource ComputeFirewallPolicyRule(v1beta1):

  • Added spec.match.destAddressGroups field.
  • Added spec.match.destFqdns field.
  • Added spec.match.destRegionCodes field.
  • Added spec.match.destThreatIntelligences field.
  • Added spec.match.srcAddressGroups field.
  • Added spec.match.srcFqdns field.
  • Added spec.match.srcRegionCodes field.
  • Added spec.match.srcThreatIntelligences field.

Resource IAMWorkforcePoolProvider(v1beta1):

  • Added spec.oidc.webSsoConfig field.

Config Connector CLI tool will now export cluster information for BigTableInstance.

Resources with a reconcile period of 0 will no longer attempt to reconcile when pods are recreated (#795).

Container Optimized OS

cos-105-17412-101-4

Kernel Docker Containerd GPU Drivers
COS-5.15.109 v23.0.3 v1.7.0 v470.182.03(default),v525.105.17

Updated app-admin/google-osconfig-agent to v20230403.00.

Updated docker to v23.0.0.

Updated sys-fs/e2fsprogs package to v1.46.6.

Updated docker to v23.0.3.

Updated google-guest-agent to v20230330.00.

Fixes CVE-2015-20107, CVE-2020-10735, CVE-2021-28861, and CVE-2022-45061 in dev-lang/python.

Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.

Updated ncurses to 6.4p20220423. This resolves CVE-2023-29491.

Runtime sysctl changes:

  • Added: kernel.ops_limit: 10000
  • Added: kernel.warn_limit: 0
  • Changed: net.core.bpf_jit_limit: 264241152 -> 528482304
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_established: 432000 -> 210
  • Changed: vm.mmap_rnd_bits: 32 -> 31
  • Deleted: net.netfilter.nf_conntrack_sctp_timeout_heartbeat_acked: 210

cos-dev-109-17611-0-0

Kernel Docker Containerd GPU Drivers
COS-6.1.27 v23.0.3 v1.7.0 v470.182.03(default),v525.105.17

Add MAX_SKB_FRAGS configuration in the Linux kernel

Added kernel support for nftables.

Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.

cos-101-17162-210-12

Kernel Docker Containerd GPU Drivers
COS-5.15.107 v20.10.24 v1.6.18 v470.182.03(default),v525.105.17

Updated app-emulation/docker-cli to v20.10.24.

Updated app-emulation/docker to 20.10.24. This fixes CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2022-27652, CVE-2022-36109.

Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.

cos-93-16623-402-10

Kernel Docker Containerd GPU Drivers
COS-5.10.177 v20.10.14 v1.5.18 v450.236.01(default),v470.182.03(R470),v525.105.17

Updated app-emulation/docker to v20.10.14. This resolves CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2022-36109, CVE-2022-27652.

Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.

cos-97-16919-294-15

Kernel Docker Containerd GPU Drivers
COS-5.10.176 v20.10.14 v1.6.20 v470.182.03(default),v525.105.17

Updated app-emulation/docker to v20.10.14. This resolves CVE-2023-28840, CVE-2023-28841, CVE-2023-28842, CVE-2022-36109, CVE-2022-27652.

Updated dev-libs/libxml2 to v2.10.4. This resolves CVE-2023-28484.

Deep Learning Containers

M108 update

This update of the M108 release includes the following:

  • The following Deep Learning Containers images are now available:
    • Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cpu.2-12.py310:latest)
    • Tensorflow 2.12 GPU with CUDA 11.8 and Python 3.10 (us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-gpu.2-12.py310:latest)
Deep Learning VM Images

M108 update

This update of the M108 release includes the following:

  • The following Deep Learning VM images are now available:
    • Tensorflow 2.12 CPU with CUDA 11.8 and Python 3.10 (tf-2-12-cpu-debian-11-py310)
    • Tensorflow 2.12 GPU with CUDA 11.8 and Python 3.10 (tf-2-12-gpu-debian-11-py310)
Google Kubernetes Engine

(2023-R10) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.25.8-gke.500 is now the default version.
  • The following control plane versions are now available:
  • The following versions are no longer available:
    • 1.21.14-gke.8500
    • 1.21.14-gke.15800
    • 1.22.17-gke.5400
    • 1.22.17-gke.6100
    • 1.23.16-gke.1400
    • 1.23.16-gke.2500
    • 1.23.17-gke.300
    • 1.24.9-gke.3200
    • 1.24.10-gke.1200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.18100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.17-gke.7500 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.23.17-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.24.11-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.24.11-gke.1000 with this release.

Stable channel

  • Version 1.24.11-gke.1000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.21.14-gke.15800
    • 1.22.17-gke.5400
    • 1.23.16-gke.1400
    • 1.24.9-gke.3200
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.18100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.17-gke.7500 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.23.17-gke.1700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.24.11-gke.1000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.24.11-gke.1000 with this release.