The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml
May 31, 2024
BigQueryYou can now use IAM conditions to control access to BigQuery resources. This feature is generally available (GA).
The following resource types are now publicly available through the Analyze IAM Policies APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).
- Cloud Config Manager API
config.googleapis.com/Deployment
- Cloud Monitoring
monitoring.googleapis.com/NotificationChannel
monitoring.googleapis.com/Snooze
Cloud SQL for SQL Server now supports storage of point-in-time recovery (PITR) transaction logs in Cloud Storage.
Creating a larger (>90 vCPUs) C3D standard-lssd
or highmem-lssd
VM results in an error message. See Known issues for the workaround. Larger C3D VMs that don't require -lssd
are not impacted.
You can now use Metrics Explorer to find individual DoFns that cause latencies in streaming jobs. These metrics are available in streaming pipelines that use Apache Beam 2.53.0 and later versions. The following new metrics are available:
- Average message processing time per DoFn (
job/dofn_latency_average
) - Maximum message processing time per DoFn (
job/dofn_latency_max
) - Minimum message processing time per DoFn (
job/dofn_latency_min
) - Number of messages processed per DoFn (
job/dofn_latency_num_messages
) - Oldest active message processing time per DoFn (
job/oldest_active_message_age
) - Total message processing time per DoFn (
job/dofn_latency_total
)
For more information about Dataflow metrics, see Google Cloud metrics.
Generative AI on Vertex AI Regional APIs
New Generative AI on Vertex AI regional APIs are available in three additional locations.
Anthropic Claude 3.0 Opus model
The Anthropic Claude 3.0 Opus model is Generally Available. To learn more, see its model card in Model Garden.
Spanner now supports the protocol buffer data type in GoogleSQL. For more information, see Work with protocol buffers in GoogleSQL.
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.61.0 (2024-04-30)
Features
- spanner/admin/instance: Adding
EXPECTED_FULFILLMENT_PERIOD
to the indicate instance creation times (withFULFILLMENT_PERIOD_NORMAL
orFULFILLMENT_PERIOD_EXTENDED
ENUM) with the extended instance creation time triggered by On-Demand Capacity... (#9693) (aa93790) - spanner/executor: Add SessionPoolOptions, SpannerOptions protos in executor protos (2cdc40a)
- spanner: Add support for change streams transaction exclusion option (#9779) (979ce94)
- spanner: Support MultiEndpoint (#9565) (0ac0d26)
Bug Fixes
- spanner/test/opentelemetry/test: Bump x/net to v0.24.0 (ba31ed5)
- spanner: Bump x/net to v0.24.0 (ba31ed5)
- spanner: Fix uint8 conversion (9221c7f)
1.62.0 (2024-05-15)
Features
- spanner/admin/database: Add support for multi region encryption config (3e25053)
- spanner/executor: Add QueryCancellationAction message in executor protos (292e812)
- spanner: Add
RESOURCE_EXHAUSTED
to the list of retryable error codes (1d757c6) - spanner: Add support for Proto Columns (#9315) (3ffbbbe)
Bug Fixes
- spanner: Add ARRAY keywords to keywords (#10079) (8e675cd)
- spanner: Handle unused errors (#10067) (a0c097c)
- spanner: Remove json-iterator dependency (#10099) (3917cca), refs #9380
- spanner: Update staleness bound (#10118) (c07f1e4)
1.63.0 (2024-05-24)
Features
Java
Changes for google-cloud-spanner
6.65.1 (2024-04-30)
Dependencies
Documentation
6.66.0 (2024-05-03)
Features
- Allow DDL with autocommit=false (#3057) (22833ac)
- Include stack trace of checked out sessions in exception (#3092) (ba6a0f6)
Bug Fixes
Dependencies
6.67.0 (2024-05-22)
Features
Performance Improvements
Dependencies
Python
Changes for google-cloud-spanner
3.46.0 (2024-05-02)
Features
- spanner: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (293ecda)
Documentation
Model Monitoring v2 is in Preview, which centralizes model monitoring configuration and visualization on a model version and enables monitoring models being served outside of Vertex AI. For more information, see Vertex AI Model Monitoring overview.
Vertex AI Search: Document ranking API (GA)
The ranking API takes a list of documents and reranks those documents based on how relevant the documents are to a query. This is a stateless API that does not require you to index documents in advance.
The ranking API is Generally available (GA).
For more information, see Rank and rerank documents.
Support for the following connectors is generally available (GA):
May 30, 2024
Anthos Config ManagementUpgraded bundled Helm version from v3.14.3 to v3.14.4 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.
Upgraded the Open Telemetry image from v0.91.0-gke.9 to v0.99.0-gke.1 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.
Fixed an issue where Config Sync installation would fail when using a private registry with a specified port in the image URL.
You can now define a _CHANGE_SEQUENCE_NUMBER for BigQuery change data capture (CDC) to manage streaming UPSERT ordering for BigQuery. This feature is in preview.
Web SDK 2.2 is released
For more information, see Web SDK changelog.
New Dataproc Serverless for Spark runtime versions:
- 1.1.63
- 1.2.7
- 2.0.71
- 2.1.50
- 2.2.7
Dataproc Serverless for Spark: Subminor version 2.1.50
is the last release of runtime version 2.1
, which will no longer be supported and will not receive new releases.
Dataproc Serverless for Spark: Removed Spark data lineage support for runtime version 1.2
.
Dataproc Serverless for Spark: Enabled Spark checkpoint (spark.checkpoint.compress
) and RDD (spark.rdd.compress
) compression in the latest 1.2
and 2.2
runtime versions.
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- Abnormal Security (
ABNORMAL_SECURITY
) - Akamai DNS (
AKAMAI_DNS
) - Akamai WAF (
AKAMAI_WAF
) - Apigee (
GCP_APIGEE_X
) - Array Networks SSL VPN (
ARRAYNETWORKS_VPN
) - AWS CloudFront (
AWS_CLOUDFRONT
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure AD Sign-In (
AZURE_AD_SIGNIN
) - Barracuda Email (
BARRACUDA_EMAIL
) - Barracuda Firewall (
BARRACUDA_FIREWALL
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - BMC AMI Defender (
BMC_AMI_DEFENDER
) - Carbon Black (
CB_EDR
) - Check Point (
CHECKPOINT_FIREWALL
) - Check Point Sandblast (
CHECKPOINT_EDR
) - Checkpoint Audit (
CHECKPOINT_AUDIT
) - Cisco AMP (
CISCO_AMP
) - Cisco EStreamer (
CISCO_ESTREAMER
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco ISE (
CISCO_ISE
) - Cisco Router (
CISCO_ROUTER
) - Cisco Switch (
CISCO_SWITCH
) - Cisco Umbrella DNS (
UMBRELLA_DNS
) - Cisco VPN (
CISCO_VPN
) - Cisco WLC/WCS (
CISCO_WIRELESS
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Cloud Audit Logs (
N/A
) - Cloud SQL (
GCP_CLOUDSQL
) - Cloud Storage Context (
N/A
) - Cohesity (
COHESITY
) - CrowdStrike Falcon (
CS_EDR
) - CyberArk Privileged Access Manager (PAM) (
CYBERARK_PAM
) - ESET AV (
ESET_AV
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - F5 VPN (
F5_VPN
) - Forcepoint DLP (
FORCEPOINT_DLP
) - FortiGate (
FORTINET_FIREWALL
) - GMAIL Logs (
GMAIL_LOGS
) - HID DigitalPersona (
HID_DIGITALPERSONA
) - Honeyd (
HONEYD
) - HP Aruba (ClearPass) (
CLEARPASS
) - IBM AS/400 (
IBM_AS400
) - IBM DS8000 Storage (
IBM_DS8000
) - IBM Security Verify (
IBM_SECURITY_VERIFY
) - Infoblox (
INFOBLOX
) - Island Browser logs (
ISLAND_BROWSER
) - JAMF CMDB (
JAMF
) - JumpCloud Directory Insights (
JUMPCLOUD_DIRECTORY_INSIGHTS
) - Juniper Mist (
JUNIPER_MIST
) - Kubernetes Node (
KUBERNETES_NODE
) - Linux Auditing System (AuditD) (
AUDITD
) - ManageEngine ADAudit Plus (
ADAUDIT_PLUS
) - Microsoft AD FS (
ADFS
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Azure Resource (
AZURE_RESOURCE_LOGS
) - Microsoft CyberX (
CYBERX
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Graph Activity Logs (
MICROSOFT_GRAPH_ACTIVITY_LOGS
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Microsoft SQL Server (
MICROSOFT_SQL
) - Mikrotik Router (
MIKROTIK_ROUTER
) - NetDocuments Solutions (
NETDOCUMENTS
) - Netwrix (
NETWRIX
) - Office 365 (
OFFICE_365
) - Office 365 Message Trace (
OFFICE_365_MESSAGETRACE
) - Okta (
OKTA
) - OneLogin (
ONELOGIN_SSO
) - Opengear Remote Management (
OPENGEAR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - pfSense (
PFSENSE
) - PostFix Mail (
POSTFIX_MAIL
) - Proofpoint Sendmail Sentrion (
PROOFPOINT_SENDMAIL_SENTRION
) - Proofpoint Tap Alerts (
PROOFPOINT_MAIL
) - Pulse Secure (
PULSE_SECURE_VPN
) - Qumulo FS (
QUMULO_FS
) - Rapid7 (
RAPID7_NEXPOSE
) - Rapid7 Insight (
RAPID7_INSIGHT
) - Rubrik Polaris (
RUBRIK_POLARIS
) - SailPoint IAM (
SAILPOINT_IAM
) - SAP SuccessFactors (
SAP_SUCCESSFACTORS
) - Semperis DSP (
SEMPERIS_DSP
) - Sentinelone Alerts (
SENTINELONE_ALERT
) - SentinelOne EDR (
SENTINEL_EDR
) - Signal Sciences WAF (
SIGNAL_SCIENCES_WAF
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - SonicWall (
SONIC_FIREWALL
) - Sophos Central (
SOPHOS_CENTRAL
) - Sophos UTM (
SOPHOS_UTM
) - Spur data feeds (
SPUR_FEEDS
) - Suricata EVE (
SURICATA_EVE
) - Symantec DLP (
SYMANTEC_DLP
) - Symantec Endpoint Protection (
SEP
) - Symantec VIP Authentication Hub (
SYMANTEC_VIP_AUTHHUB
) - Tanium Audit (
TANIUM_AUDIT
) - Thinkst Canary (
THINKST_CANARY
) - Trend Micro Vision One (
TRENDMICRO_VISION_ONE
) - Twingate (
TWINGATE
) - Unix system (
NIX_SYSTEM
) - Vectra Detect (
VECTRA_DETECT
) - Veeam (
VEEAM
) - Verba Recording System (
VERBA_REC
) - VeridiumID by Veridium (
VERIDIUM_ID
) - VMware ESXi (
VMWARE_ESX
) - Windows Defender ATP (
WINDOWS_DEFENDER_ATP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Winscp (
WINSCP
) - WordPress (
WORDPRESS_CMS
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - Zeek TSV (
BRO_TSV
) - Zix Email Encryption (
ZIX_EMAIL_ENCRYPTION
) - Zscaler (
ZSCALER_WEBPROXY
) - ZScaler DNS (
ZSCALER_DNS
) - Zscaler Private Access (
ZSCALER_ZPA
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- Akamai Log Delivery Service (
AKAMAI_LDS
) - AudioCodes Voice DNA (
AUDIOCODES
) - Amazon API Gateway (
AWS_API_GATEWAY
) - Axway (
AXWAY
) - Biztalk (
BIZTALK
) - Check Point FDE (
CHECKPOINT_FDE
) - Cimcor | File Integrity Monitoring (
CIMCOR
) - CS Alerts (
CS_ALERTS
) - Custom CSV Log (
CUSTOM_CSV_LOG
) - Cyral (
CYRAL
) - Druva (
DRUVA
) - Entrust DataControl Audit (
ENTR_DATACTRL_AUDIT
) - Ergon Informatik Airlock IAM (
ERGON_INFORMATIK_AIRLOCK_IAM
) - Eset Protect Platform (
ESET_PROTECT_PLATFORM
) - Exim Internet Mailer (
EXIM_INTERNET_MAILER
) - FM Systems Workplace Management (
FM_SYSTEMS
) - GluWare Network Automation (
GLUWARE_NETWORK_AUTOMATION
) - Guidewire Billing Center (
GUIDEWIRE_BILLING_CENTER
) - Guidewire Claim Center (
GUIDEWIRE_CLAIM_CENTER
) - Guidewire Policy Center (
GUIDEWIRE_POLICY_CENTER
) - HAVI Connect (
HAVI_CONNECT
) - IBM OpenPages (
IBM_OPENPAGES
) - Ingrian Networks DataSecure Appliance (
INGRIAN_NETWORKS_DATASECURE_APPLIANCE
) - iSecurity | Security Services and Remediation (
ISECURITY
) - iTop (
ITOP
) - Microsoft Defender for Office 365 (
MICROSOFT_DEFENDER_MAIL
) - Microsoft Graph Risky Users (
MICROSOFT_GRAPH_RISKY_USERS
) - NetApp BlueXP (
NETAPP_BLUEXP
) - Netgate Firewall (
NETGATE_FIREWALL
) - 1KOSMOS | Identity and Authentication (
ONEKOSMOS
) - Palo Alto Global Protect SVC (
PAN_GPSVC
) - Palo Alto SSLVPN Access (
PAN_SSLVPN_ACCESS
) - Palo Alto Telemetry (
PAN_TELEMETRY
) - Proofpoint Endpoint Data Loss Prevention (
PROOFPOINT_ENDPOINT_DLP
) - SAP ERP (
SAP_ERP
) - Ubika WAAP (
UBIKA_WAAP
) - Webroot Endpoint Protection (
WEBROOT
) - Wolters Kluwer Teammate (
WOLTERS_KLUWER_TEAMMATE
) - Xirrus Wireless Controller (
XIRRUS
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- Abnormal Security (
ABNORMAL_SECURITY
) - Akamai DNS (
AKAMAI_DNS
) - Akamai WAF (
AKAMAI_WAF
) - Apigee (
GCP_APIGEE_X
) - Array Networks SSL VPN (
ARRAYNETWORKS_VPN
) - AWS CloudFront (
AWS_CLOUDFRONT
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure AD Sign-In (
AZURE_AD_SIGNIN
) - Barracuda Email (
BARRACUDA_EMAIL
) - Barracuda Firewall (
BARRACUDA_FIREWALL
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - BMC AMI Defender (
BMC_AMI_DEFENDER
) - Carbon Black (
CB_EDR
) - Check Point (
CHECKPOINT_FIREWALL
) - Check Point Sandblast (
CHECKPOINT_EDR
) - Checkpoint Audit (
CHECKPOINT_AUDIT
) - Cisco AMP (
CISCO_AMP
) - Cisco EStreamer (
CISCO_ESTREAMER
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco ISE (
CISCO_ISE
) - Cisco Router (
CISCO_ROUTER
) - Cisco Switch (
CISCO_SWITCH
) - Cisco Umbrella DNS (
UMBRELLA_DNS
) - Cisco VPN (
CISCO_VPN
) - Cisco WLC/WCS (
CISCO_WIRELESS
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Cloud Audit Logs (
N/A
) - Cloud SQL (
GCP_CLOUDSQL
) - Cloud Storage Context (
N/A
) - Cohesity (
COHESITY
) - CrowdStrike Falcon (
CS_EDR
) - CyberArk Privileged Access Manager (PAM) (
CYBERARK_PAM
) - ESET AV (
ESET_AV
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - F5 VPN (
F5_VPN
) - Forcepoint DLP (
FORCEPOINT_DLP
) - FortiGate (
FORTINET_FIREWALL
) - GMAIL Logs (
GMAIL_LOGS
) - HID DigitalPersona (
HID_DIGITALPERSONA
) - Honeyd (
HONEYD
) - HP Aruba (ClearPass) (
CLEARPASS
) - IBM AS/400 (
IBM_AS400
) - IBM DS8000 Storage (
IBM_DS8000
) - IBM Security Verify (
IBM_SECURITY_VERIFY
) - Infoblox (
INFOBLOX
) - Island Browser logs (
ISLAND_BROWSER
) - JAMF CMDB (
JAMF
) - JumpCloud Directory Insights (
JUMPCLOUD_DIRECTORY_INSIGHTS
) - Juniper Mist (
JUNIPER_MIST
) - Kubernetes Node (
KUBERNETES_NODE
) - Linux Auditing System (AuditD) (
AUDITD
) - ManageEngine ADAudit Plus (
ADAUDIT_PLUS
) - Microsoft AD FS (
ADFS
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Azure Resource (
AZURE_RESOURCE_LOGS
) - Microsoft CyberX (
CYBERX
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Graph Activity Logs (
MICROSOFT_GRAPH_ACTIVITY_LOGS
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Microsoft SQL Server (
MICROSOFT_SQL
) - Mikrotik Router (
MIKROTIK_ROUTER
) - NetDocuments Solutions (
NETDOCUMENTS
) - Netwrix (
NETWRIX
) - Office 365 (
OFFICE_365
) - Office 365 Message Trace (
OFFICE_365_MESSAGETRACE
) - Okta (
OKTA
) - OneLogin (
ONELOGIN_SSO
) - Opengear Remote Management (
OPENGEAR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - pfSense (
PFSENSE
) - PostFix Mail (
POSTFIX_MAIL
) - Proofpoint Sendmail Sentrion (
PROOFPOINT_SENDMAIL_SENTRION
) - Proofpoint Tap Alerts (
PROOFPOINT_MAIL
) - Pulse Secure (
PULSE_SECURE_VPN
) - Qumulo FS (
QUMULO_FS
) - Rapid7 (
RAPID7_NEXPOSE
) - Rapid7 Insight (
RAPID7_INSIGHT
) - Rubrik Polaris (
RUBRIK_POLARIS
) - SailPoint IAM (
SAILPOINT_IAM
) - SAP SuccessFactors (
SAP_SUCCESSFACTORS
) - Semperis DSP (
SEMPERIS_DSP
) - Sentinelone Alerts (
SENTINELONE_ALERT
) - SentinelOne EDR (
SENTINEL_EDR
) - Signal Sciences WAF (
SIGNAL_SCIENCES_WAF
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - SonicWall (
SONIC_FIREWALL
) - Sophos Central (
SOPHOS_CENTRAL
) - Sophos UTM (
SOPHOS_UTM
) - Spur data feeds (
SPUR_FEEDS
) - Suricata EVE (
SURICATA_EVE
) - Symantec DLP (
SYMANTEC_DLP
) - Symantec Endpoint Protection (
SEP
) - Symantec VIP Authentication Hub (
SYMANTEC_VIP_AUTHHUB
) - Tanium Audit (
TANIUM_AUDIT
) - Thinkst Canary (
THINKST_CANARY
) - Trend Micro Vision One (
TRENDMICRO_VISION_ONE
) - Twingate (
TWINGATE
) - Unix system (
NIX_SYSTEM
) - Vectra Detect (
VECTRA_DETECT
) - Veeam (
VEEAM
) - Verba Recording System (
VERBA_REC
) - VeridiumID by Veridium (
VERIDIUM_ID
) - VMware ESXi (
VMWARE_ESX
) - Windows Defender ATP (
WINDOWS_DEFENDER_ATP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Winscp (
WINSCP
) - WordPress (
WORDPRESS_CMS
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - Zeek TSV (
BRO_TSV
) - Zix Email Encryption (
ZIX_EMAIL_ENCRYPTION
) - Zscaler (
ZSCALER_WEBPROXY
) - ZScaler DNS (
ZSCALER_DNS
) - Zscaler Private Access (
ZSCALER_ZPA
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- Akamai Log Delivery Service (
AKAMAI_LDS
) - AudioCodes Voice DNA (
AUDIOCODES
) - Amazon API Gateway (
AWS_API_GATEWAY
) - Axway (
AXWAY
) - Biztalk (
BIZTALK
) - Check Point FDE (
CHECKPOINT_FDE
) - Cimcor | File Integrity Monitoring (
CIMCOR
) - CS Alerts (
CS_ALERTS
) - Custom CSV Log (
CUSTOM_CSV_LOG
) - Cyral (
CYRAL
) - Druva (
DRUVA
) - Entrust DataControl Audit (
ENTR_DATACTRL_AUDIT
) - Ergon Informatik Airlock IAM (
ERGON_INFORMATIK_AIRLOCK_IAM
) - Eset Protect Platform (
ESET_PROTECT_PLATFORM
) - Exim Internet Mailer (
EXIM_INTERNET_MAILER
) - FM Systems Workplace Management (
FM_SYSTEMS
) - GluWare Network Automation (
GLUWARE_NETWORK_AUTOMATION
) - Guidewire Billing Center (
GUIDEWIRE_BILLING_CENTER
) - Guidewire Claim Center (
GUIDEWIRE_CLAIM_CENTER
) - Guidewire Policy Center (
GUIDEWIRE_POLICY_CENTER
) - HAVI Connect (
HAVI_CONNECT
) - IBM OpenPages (
IBM_OPENPAGES
) - Ingrian Networks DataSecure Appliance (
INGRIAN_NETWORKS_DATASECURE_APPLIANCE
) - iSecurity | Security Services and Remediation (
ISECURITY
) - iTop (
ITOP
) - Microsoft Defender for Office 365 (
MICROSOFT_DEFENDER_MAIL
) - Microsoft Graph Risky Users (
MICROSOFT_GRAPH_RISKY_USERS
) - NetApp BlueXP (
NETAPP_BLUEXP
) - Netgate Firewall (
NETGATE_FIREWALL
) - 1KOSMOS | Identity and Authentication (
ONEKOSMOS
) - Palo Alto Global Protect SVC (
PAN_GPSVC
) - Palo Alto SSLVPN Access (
PAN_SSLVPN_ACCESS
) - Palo Alto Telemetry (
PAN_TELEMETRY
) - Proofpoint Endpoint Data Loss Prevention (
PROOFPOINT_ENDPOINT_DLP
) - SAP ERP (
SAP_ERP
) - Ubika WAAP (
UBIKA_WAAP
) - Webroot Endpoint Protection (
WEBROOT
) - Wolters Kluwer Teammate (
WOLTERS_KLUWER_TEAMMATE
) - Xirrus Wireless Controller (
XIRRUS
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
Release 6.3.4 is now in General Availability.
Looker connector support for filter-only fields
Filters that are defined in LookML models with the parameter
and filter
LookML parameters are now displayed as filter-only fields in Looker Studio charts that use a Looker data source.
The Standard in Preview service level is now called Flex and is generally available. You can now use the Flex service level in additional regions. For more information, see NetApp Volumes key features.
The volume replication feature for the Flex service level is now generally available. For more information, see Considerations for volume replication.
The Flex service level now supports zone-redundant storage pools (in Preview). For more information, see Switch active and replica zones.
NetApp Volumes now supports auto-tiering (in Preview). For more information, see Auto-tiering.
Policy Controller bundles have been updated to use cis-gke-v1.5.0
: 202405.0
. For reference, see Policy Controller bundles overview.
The maximum number of concurrent workflow executions has increased from 5,000 to 7,500.
May 29, 2024
Apigee Advanced API SecurityOn May 29, 2024 we released a new version of Advanced API Security
NOTE: Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You might not be able to use the functionality until the rollout is complete.
Preview release of Shadow API Discovery
This release introduces Shadow API Discovery in preview. Shadow API Discovery finds shadow APIs (also known as undocumented or unmanaged APIs) in your existing cloud infrastructure. Shadow APIs pose a security risk to your system, since they might be unsecured, unmonitored, and unmaintained.
For a feature overview and usage information, see Shadow API Discovery.
On May 29, 2024 we released an updated version of Apigee
Preview release of API Management features in Gemini Code Assist: generative AI API spec creation with enterprise context and Apigee policy code explanation. This release also includes the preview release of enhanced API hub interaction in Cloud Code.
This release introduces features for Gemini Code Assist API management:
- Use Gemini Code Assist to facilitate API design including OpenAPI spec generation with enterprise context from natural language prompts and built in visual API designer to further refine the specification.
- Code explain for Apigee policies: When adding or editing a proxy policy, highlight part of the policy XML code, such as an element or attribute, to see Gemini Assist-generated information and guidance about the selection.
For more information and usage instructions, see Use Gemini Code Assist.
This release also includes updates to API hub interaction from Cloud Code: An update to the Cloud Code extension enables you to interact with any API in your API hub using a mock server in Cloud Code, make changes to the API, and publish it back to API hub. For information and usage instructions, see Edit APIs.
The maximum number of partitions per partitioned table limit has changed from 4,000 to 10,000.
Ops Agent version 2.47.0 introduces support for Compute Engine VMs that are running Ubuntu 24.04 LTS (Noble Numbat). For more information, see Operating systems.
Ops Agent version 2.47.0 introduces support for Compute Engine VMs that are running Ubuntu 24.04 LTS (Noble Numbat). For more information, see Operating systems.
Cloud SQL for MySQL major versions that have reached community end-of-life (EOL) will receive extended support starting on February 1, 2025. For more information about extended support, see Extended support for Cloud SQL.
For more information about extended support timelines, see Database versions and version policies.
Cloud SQL for PostgreSQL major versions that have reached community end-of-life (EOL) will receive extended support starting on February 1, 2025. For more information about extended support, see Extended support for Cloud SQL.
For more information about extended support timelines, see Database versions and version policies.
Dataform Core includeDependentAssertions
and dependOnDependencyAssertions
parameters for adding assertions as dependencies are available.
You can set the includeDependentAssertions
parameter in a selected action to automatically add assertions of a selected dependency action as dependencies of the edited action.
You can set dependOnDependencyAssertions
the parameter in a selected action to automatically add assertions of all dependency actions as dependencies of the edited action.
For more information, see Set assertions as dependencies.
Dialogflow CX: You can now integrate with Soul Machines to create 3-D avatars.
On May 29, 2024 we released an updated version of Gemini Code Assist features for use with Apigee
Preview release of API Management features in Gemini Code Assist: generative AI API spec creation with enterprise context and Apigee policy code explanation.
This release introduces features for Gemini Code Assist API management:
- Use Gemini Code Assist to facilitate API design including OpenAPI spec generation with enterprise context from natural language prompts and built in visual API designer to further refine the specification.
- Code explain for Apigee policies: When adding or editing a proxy policy, highlight part of the policy XML code, such as an element or attribute, to see Gemini Assist-generated information and guidance about the selection.
For more information and usage instructions, see Use Gemini Code Assist.
Design an optimal storage strategy for your cloud workload: Added information about the Regional service tier of Filestore.
Release 6.3.5 is currently in Preview.
Trying to set an SLA definition that is too similar to an existing one results in an incorrect error message (ID #00289305)
Tags not showing as expected in the Search page (ID #50691614)
All Environments is not supported when importing networks from CSV (ID #00276371)
Action All CVE Entity filter is not working (ID #51310124)
Subject Entity Search Filters are not working properly (ID #50841312)
Case actions - generate report has missing content (ID #50620576)
Preset topologies are now available in public preview. Network Connectivity Center lets you specify connectivity configuration across all VPC spokes.
Spanner now supports the following new columns in the SPANNER_SYS
query statistics table:
AVG_MEMORY_PEAK_USAGE_BYTES
AVG_MEMORY_USAGE_PERCENTAGE
AVG_QUERY_PLAN_CREATION_TIME_SECS
AVG_FILESYSTEM_DELAY_SECS
AVG_REMOTE_SERVER_CALLS
AVG_ROWS_SPOOLED
reCAPTCHA Enterprise Mobile SDK v18.5.1 is now available for iOS.
This version contains improvement in the detection of network errors.
reCAPTCHA Enterprise Mobile SDK v18.5.1 is now available for Android.
This version contains improvement in the detection of network errors.
reCAPTCHA SMS toll fraud protection is now available in Preview. For more information, see Detect and prevent SMS fraud.
May 28, 2024
Apigee hybridANNOUNCEMENT
hybrid 1.12.0-hotfix.1
On May 28, 2024 we released an updated version of the Apigee hybrid software, 1.12.0-hotfix.1.
Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.12.0, you can install this hotfix release by downloading the charts with the version tag 1.12.0-hotfix.1
and updating the apigee-operator
and apigee-datastore
charts with the helm upgrade
command and your current overrides files.
For example:
export CHART_REPO=oci://us-docker.pkg.dev/apigee-release/apigee-hybrid-helm-charts
export CHART_VERSION=1.12.0-hotfix.1
helm pull $CHART_REPO/apigee-operator --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-datastore --version $CHART_VERSION --untar
helm upgrade operator apigee-operator/ \
--namespace apigee-system \
--atomic \
-f overrides.yaml
helm upgrade datastore apigee-datastore/ \
--namespace apigee \
--atomic \
-f overrides.yaml
- For information on upgrading, see Upgrading Apigee hybrid to version 1.12.0-hotfix.1.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
340889560 | Added csi to the apigee-logger SCC. |
339849002 | Hashicorp Vault integration issues fixed for Google Service Account for Cassandra Backup/Restore. |
You can now order Bare Metal Solution storage and Partner Interconnect resources on a 1 month commitment term. This feature is generally available (GA).
The following Generative AI features are now in preview:
- Creating remote models based on the Vertex AI gemini-1.5-flash foundation model.
- Using the
ML.GENERATE_TEXT
function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. - Using the
ML.GENERATE_TEXT
function with these remote models to perform generative AI tasks, for example audio transcription or document classification, using image, video, audio, PDF, or text content stored in BigQuery object tables.
Try these features with the
Generate text by using the ML.GENERATE_TEXT
function
how-to topic.
Announcing new Open Telemetry samples that show how to instrument your Python and Node.js applications to collect metrics, logs, and traces:
For general instrumentation information and recommendations, and for links to other samples, see:
You can now search a trace for keywords. For more information, see Search a trace.
Announcing new Open Telemetry samples that show how to instrument your Python and Node.js applications to collect metrics, logs, and traces:
For general instrumentation information and recommendations, and for links to other samples, see:
For adaptive translations, when you use the API, you can include up to five reference sentence pairs in a request instead of specifying a dataset.
The Code-OSS preconfigured base image uses version 1.89.1.
Version 3.16 is released
All release notes published on this date are part of version 3.16.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
End co-browse sessions using the Apps API
The Apps API has the following new endpoint that lets you end a co-browse session using an external session ID: POST /apps/api/v1/cobrowse_sessions/{external_session_id}/end
. For more information, see Co-browse.
The agent adapter generates co-browse events
The agent adapter generates events during co-browse sessions. You can use these events to get insights into co-browse session details, such as start and end times and the modes that are requested or accepted by the end-user. For more information, see Event types.
The Next UI is supported in the ServiceNow integration
The Next UI experience is supported in the ServiceNow CRM integration.
Fixed an issue that prevented agents from selecting their next status to exit a campaign when the current call is concluded.
Fixed the problem of the created_at
field being missing from add_started_activity
.
cos-105-17412-370-39
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Improved boot time on A3 machines by around 5 seconds.
Fixed system-accounts-secured benchmark by changing the system account range used in the benchmark.
Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.
Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.
Runtime sysctl changes:
- Changed: fs.file-max: 813024 -> 812685
cos-113-18244-85-17
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Improved boot time on A3 machines by around 5 seconds.
Fixed CVE-2024-21626 in runc
in kubelet.
Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.
Runtime sysctl changes:
- Changed: fs.file-max: 812391 -> 812030
cos-109-17800-218-37
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Improved boot time on A3 machines by around 5 seconds.
Fixed CVE-2024-21626 in runc
in kubelet.
Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.
Runtime sysctl changes:
- Changed: fs.file-max: 812597 -> 812196
cos-101-17162-463-29
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Fixed system-accounts-secured benchmark by changing the system account range used in the benchmark.
Updated sys-apps/apparmor to v2.13.11. This resolves CVE-2016-1585.
Updated net-libs/gnutls to v3.8.5. This fixes CVE-2024-28834.
Dataplex automatic data quality supports the following capabilities:
- Email notifications to alert people about the status and results of a data quality job
- Data quality scores that indicate the percentage of rules that passed
- API support for rule recommendations based on data profiling scans
For more information, see Use auto data quality and Auto data quality overview.
Model pretrained-foundation-model-v1.2-2024-05-10
is available for custom extractor. For more information about available models, see Custom extractor model versions.
(New guide) Build an ML vision analytics solution with Dataflow and Cloud Vision API: Deploy a Dataflow pipeline to process large-scale image files with Cloud Vision. Dataflow stores the results in BigQuery so that you can use them to train BigQuery ML pre-built models. This architecture is accompanied by a reference architecture and a deployment guide.
Release 1.16.9
Google Distributed Cloud for bare metal 1.16.9 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.9 runs on Kubernetes 1.27.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud software.
Fixes:
The following container image security vulnerabilities have been fixed in 1.16.9:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Security bulletin (all minor versions)
A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.
Google Distributed Cloud software doesn't use a vulnerable version of Fluent Bit and is unaffected.
For more information, see the GCP-2024-031 security bulletin.
A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.
Google Distributed Cloud doesn't use a vulnerable version of Fluent Bit and is unaffected.
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.28.9-gke.1000000 is now the default version.
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.26.14-gke.1044001
- 1.26.15-gke.1243000
- 1.26.15-gke.1360000
- 1.27.14-gke.1011000
- 1.28.7-gke.1026000
- 1.28.9-gke.1069000
- 1.28.10-gke.1012000
- 1.29.4-gke.1043001
- 1.29.4-gke.1165000
- 1.29.5-gke.1010000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.9-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1000000 with this release.
Stable channel
- Version 1.26.14-gke.1044001 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.
Regular channel
- Version 1.28.9-gke.1000000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.15-gke.1243000
- 1.27.12-gke.1115000
- 1.28.8-gke.1095000
- 1.28.9-gke.1069000
- 1.29.4-gke.1043001
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1000000 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1300000
- 1.26.15-gke.1360000
- 1.27.13-gke.1166000
- 1.27.14-gke.1011000
- 1.28.9-gke.1209000
- 1.28.10-gke.1012000
- 1.29.4-gke.1165000
- 1.29.5-gke.1010000
- 1.30.1-gke.1015000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1201000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1670000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1670000 with this release.
(2024-R17) Version updates
- Version 1.28.9-gke.1000000 is now the default version.
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.26.14-gke.1044001
- 1.26.15-gke.1243000
- 1.26.15-gke.1360000
- 1.27.14-gke.1011000
- 1.28.7-gke.1026000
- 1.28.9-gke.1069000
- 1.28.10-gke.1012000
- 1.29.4-gke.1043001
- 1.29.4-gke.1165000
- 1.29.5-gke.1010000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.9-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1000000 with this release.
(2024-R17) Version updates
- Version 1.26.14-gke.1044001 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.
(2024-R17) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1300000
- 1.26.15-gke.1360000
- 1.27.13-gke.1166000
- 1.27.14-gke.1011000
- 1.28.9-gke.1209000
- 1.28.10-gke.1012000
- 1.29.4-gke.1165000
- 1.29.5-gke.1010000
- 1.30.1-gke.1015000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1201000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1670000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1670000 with this release.
(2024-R17) Version updates
- Version 1.28.9-gke.1000000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.15-gke.1243000
- 1.27.12-gke.1115000
- 1.28.8-gke.1095000
- 1.28.9-gke.1069000
- 1.29.4-gke.1043001
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1000000 with this release.
Added support for Deletion protection for Memorystore for Redis Cluster.
Vector Search sparse embeddings and hybrid search in Public preview
Vector Search supports sparse embeddings and hybrid search in Public preview. Hybrid search uses both dense and sparse embeddings, which lets you search based on a combination of keyword search and semantic search. For how to format dense, sparse, and hybrid embeddings, see Input data and structure.
May 27, 2024
Anthos clusters on AWSA new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.
GKE on AWS doesn't use a vulnerable version of Fluent Bit and is unaffected.
For more information, see the GCP-2024-031 security bulletin.
A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.
GKE on Azure doesn't use a vulnerable version of Fluent Bit and is unaffected.
For more information, see the GCP-2024-031 security bulletin.
A weekly digest of client library updates from across the Google Cloud SDK.
Python
Changes for google-cloud-bigquery
3.23.1 (2024-05-21)
Performance Improvements
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.39.3 (2024-05-21)
Bug Fixes
Cloud Composer 2 now supports data lineage for environments that have CMEK enabled.
Cloud Composer 2.8.1 images are available:
- composer-2.8.1-airflow-2.7.3 (default)
- composer-2.8.1-airflow-2.6.3
Cloud Storage FUSE now offers the following features:
- You now have the option to disable authentication on custom endpoints using the
--anonymous-access
flag. For more information about the new global option, see the Cloud Storage FUSE CLI options page. - GCS FUSE now supports Rocky Linux versions 8.9 or later. For more information, see Cloud Storage FUSE instructions on how to configure the package manager.
- The GCS FUSE
max-conns-per-host
flag has been updated to offer a default value which specifies no limit on TCP connections except for limitations set by your machine's specifications. For more information, see the GCS FUSE CLI page.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.11.1 (2024-05-21)
Bug Fixes
Java
Changes for google-cloud-storage
2.39.0 (2024-05-22)
Features
Bug Fixes
- Update GapicUnbufferedChunkedResumableWritableByteChannel to be tolerant of non-quantum writes (#2537) (1701fde)
Dependencies
Cloud Workstations is available in the southamerica-east1
region (Osasco, São Paulo, Brazil, South America). For more information, see Locations.
Cloud Workstations is available in the us-east5
region (Columbus, Ohio, North America). For more information, see Locations.
Dataproc Metastore services can now enable deletion-protection to prevent the accidental removal of new or existing services.
We've added a new field, cancellation_reason
, on the Entitlement resource that provides context around why an entitlement was cancelled.
A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.
GKE doesn't use a vulnerable version of Fluent Bit and is unaffected.
For more information, see the GCP-2024-031 security bulletin.
A weekly digest of client library updates from across the Cloud SDK.
ABAP SDK for Google Cloud version v1.7
Version 1.7 of the ABAP SDK for Google Cloud is generally available (GA). This version brings in expanded support for more Google Cloud APIs, authentication improvements for Cloud Functions, SDK feature enhancements, and bug fixes.
For more information, see What's new with the ABAP SDK for Google Cloud.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.13.1 (2024-05-22)
Bug Fixes
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/spanner
7.8.0 (2024-05-24)
Features
- Add
RESOURCE_EXHAUSTED
to the list of retryable error codes (#2032) (a4623c5) - Add support for multi region encryption config (81fa610)
- Add support for Proto columns (#1991) (ae59c7f)
- spanner: Add support for change streams transaction exclusion option (#2049) (d95cab5)
Bug Fixes
May 26, 2024
Application IntegrationThe TIBCO EMS trigger is now available in preview.
May 24, 2024
Artifact RegistryCleanup policies for Artifact Registry are Generally Available (GA).
Cleanup policies help you manage artifacts by automatically deleting artifacts that you no longer need, while keeping artifacts that you want to store.
Deletions requested by Cleanup policies count against Artifact Registry delete request quota and limits.
The Gemini 1.5 Pro (gemini-1.5-pro-001
) and Gemini 1.5 Flash (gemini-1.5-flash-001
) models are Generally Available. For more information, see Google models, Overview of the Gemini API, and Send multimodal prompt requests.
Cloud Armor supports Layer 7 filtering in globally scoped edge security policies for Media CDN in Preview.
We are introducing changes to deleting a private cloud; specifically, when you delete a private cloud, your billing will stop immediately but the private cloud deletion can take up to 24 hours. During this time, you will continue to see your private cloud in the Google Cloud console and your VMs will continue to run but you will not be billed.
If you want your workload network IP CIDRs to be available right away, please shut down all your VMs in your private cloud before deleting it.
GKE now provides insights and recommendations to create a backup plan for unprotected clusters that have existed for more than 7 days. These insights and recommendations are currently available in us-central1-a
. See Backup for GKE and protect clusters with Backup for GKE documents for details.
Dual-token authentication is Generally Available. You can now enable this feature by using the Google Cloud Console in addition to the gcloud SDK and REST API. When this feature is enabled, Media CDN uses a short-duration token and a long-duration token to authenticate requests.
You can use the globally scoped edge security policies of Cloud Armor for Layer 7 filtering. This feature is in Preview. For an example, see Example: Deny requests for cached content with specific headers.
May 23, 2024
BigQueryIn BigQuery ML
univariate time series models,
the
FORECAST_LIMIT_LOWER_BOUND
and
FORECAST_LIMIT_UPPER_BOUND
parameters now work with the
TIME_SERIES_ID_COL
parameter. The FORECAST_LIMIT_LOWER_BOUND
and FORECAST_LIMIT_UPPER_BOUND
arguments let you set the lower and upper bounds of the forecasted values
returned by the model. Try this feature with the
Limit forecasted values for a time series model
tutorial.
BigQuery ML now offers the following Generative AI features:
Grounding and safety attributes when you use Vertex AI Gemini models with the
ML.GENERATE_TEXT
function:- Use the
ground_with_google_search
argument to perform grounding. Grounding lets the Gemini model use additional information from the internet when generating a response, in order to make model responses more specific and factual. - Use the
safety_settings
argument to configure safety attributes.The Gemini model filters the responses it returns based on the attributes you specify.
- Use the
Video embedding (Preview). You can use the
ML.GENERATE_EMBEDDING
function with a remote model based on a Vertex AImultimodalembedding
model to create multimodal embeddings that include video embeddings.To try the new video embedding functionality, see Generate video embeddings by using the
ML.GENERATE_EMBEDDING
function.
Monitoring active queries in Cloud SQL for PostgreSQL, which is part of the Gemini in Databases Preview, is temporarily unavailable. You can still monitor completed queries. For more information about monitoring queries, see Use Query Insights to improve query performance.
Anthos Service Mesh and Traffic Director have converged into a single, unified product: Cloud Service Mesh. Cloud Service Mesh brings together features from both products:
- A fully managed, global, multi-tenant control plane
- Managed data plane and telemetry for Google Cloud
- A choice of APIs
- Open APIs, Istio & Gateway for Kubernetes Engine
- Service Routing APIs for Compute Engine and Kubernetes Engine
- Support for Kubernetes clusters on-prem and on other public clouds
For more information see the Cloud Service Mesh overview.
If you're using the Istio APIs with the Traffic Director control plane implementation, disabling multi-cluster load balancing is not supported.
The regional service tier is now generally available.
Release 6.3.4 is currently in Preview.
Unable to edit case comments via API (ID #49966652)
Unable to create or import advanced reports for certain Looker users (ID #00265303)
Error when trying to add a user to Google SecOps SOAR
Event details search option in alert tab stops working (ID #00287518)
SOAR filtering not working due to unsupported commas in names
Unable to re-run the playbooks (ID #00282282)
Google SecOps SOAR fails to return API keys (ID #50630848)
Looker Studio forum moved to Google Cloud
The Looker Studio Community on Google Cloud is open to all Looker Studio and Looker Studio Pro users to ask questions and interact with fellow Looker Studio customers.
Looker drill fields now available in Looker Studio
Drill fields and links that are defined with the drill_fields
and link
LookML parameters in Looker are now available to Looker Studio report viewers in the Drill Actions menu on Looker Studio table charts.
New partner connectors
The following partner connectors have been added to the Looker Studio Report Gallery:
- Pro Rank Tracker - SEO Data by F.T.B ONLINE LTD.
- CallRail by Catchr.io
- Basis by Supermetrics
- Facebook Ads by Adzviser
- LinkedIn Revenue Attribution by Supermetrics
- Pinterest Organic by Catchr.io
Google Cloud's Agent for SAP version 3.3
Version 3.3 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements to back up SAP HANA while using the agent's Backint and disk snapshot features. It also introduces support for using hdbuserstore
keys to authenticate SAP HANA users.
For more information, see What's new with Google Cloud's Agent for SAP.
The TRADE_UNION
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The Sovereign Controls by SIA/Minsait partner offering is now generally available.
May 22, 2024
AlloyDB for PostgreSQLQuery federation between BigQuery and AlloyDB is now available in Preview. This feature lets you use BigQuery to query data stored in AlloyDB databases.
The interactive SQL translator, the translation API, and the batch SQL translator features let you translate the following SQL dialects into GoogleSQL:
- IBM DB2 SQL
- Greenplum SQL
- SQLite
These features are in preview.
You can now query data in AlloyDB using a federated query. This feature is in preview.
Database Migration Service now supports migrations to MySQL minor version 8.0.36. See Supported source and destination databases in Cloud SQL for MySQL migrations.
New Dataproc Serverless for Spark runtime versions:
- 1.1.62
- 1.2.6
- 2.0.70
- 2.1.49
- 2.2.6
Upgraded Spark BigQuery connector to version 0.36.2 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions.
The C4 machine family is available in Public Preview for Standard clusters running GKE version 1.29.2-gke.1521000 and later. You can select this family by using the --machine-type
flag when creating a cluster or node pool. The following limitations apply:
- GKE versions prior to 1.29.2-gke.1521000 might encounter a volume device path mounting error which can cause Pods to be stuck in a Pending state. If you encounter this issue, try deleting and re-creating the Pod, to trigger re-processing of the volume mount.
- Confidential GKE nodes are not supported in Public Preview.
- Local SSD is not supported.
- Nested virtualization is not supported in Public Preview.
The GKE Container Security API is now enabled automatically when GKE Enterprise is enabled on a project. This change ensures the security and compliance features are ready for use as part of GKE Enterprise activation.
Enhanced the existing curated detections for AWS rule sets in the Cloud Threats category to add 40 new detections. These new rules, added to existing rule sets, expand the coverage and are designed to identify tactics and techniques commonly employed by malicious actors that use popular open source offensive security tools against AWS resources.
Enhanced the existing curated detections for AWS rule sets in the Cloud Threats category to add 40 new detections. These new rules, added to existing rule sets, expand the coverage and are designed to identify tactics and techniques commonly employed by malicious actors that use popular open source offensive security tools against AWS resources.
New curated detections for existing AWS rule sets
Enhanced the existing curated detections for AWS rule sets in the Cloud Threats category to add 40 new detections. These new rules, added to existing rule sets, expand the coverage and are designed to identify tactics and techniques commonly employed by malicious actors that use popular open source offensive security tools against AWS resources.
For more information, see curated detections for AWS rule sets in the Google Security Operations documentation.
May 21, 2024
Application IntegrationApplication Integration is now available in Milan (europe-west8
). For a list of supported regions, see Application Integration locations.
Backup and DR Service 11.0.11.323 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.
Backup and DR Service supports migrating from manual protection to the new dynamic protection using tags. It is now also supported on all types of backup/recovery appliances. Learn more.
Backup and DR Service now supports auto patch updates. Learn more.
If the management console and backup/recovery appliance connectivity is not established for more than 6 hours, contact customer support to resolve the issue. This is particularly relevant to the appliance running on version 11.0.11.323 or later. You can check the connection status from the Connectivity column in the Manage > Appliances page.
You can now order Performance SSD storage for your Bare Metal Solution. For more information and availability in your region, see Performance SSD storage. This feature is generally available (GA). To learn how to order Performance SSD storage, see Order Bare Metal Solution resources.
The following Generative AI features are now in preview:
- Creating
remote models
based on the
Vertex AI
gemini-1.5-pro
foundation model. - Using the
ML.GENERATE_TEXT
function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. - Using the
ML.GENERATE_TEXT
function with these remote models to perform generative AI tasks, for example audio transcription or document classification, using image, video, audio, PDF, or text content stored in BigQuery object tables.
Try these features with the
Generate text by using the ML.GENERATE_TEXT
function how-to topic.
Cloud Data Fusion version 6.10.1 is generally available (GA). This release is in parallel with the CDAP 6.10.1 release.
Creating a private instance with Private Service Connect is GA in Cloud Data Fusion version 6.10.1.
Per Namespace Service Accounts are GA in Cloud Data Fusion version 6.10.1. For more information, see Access control with namespace service accounts.
Syncing multiple pipelines from a namespace is GA in Cloud Data Fusion version 6.10.1, For more information, see Sync Cloud Data Fusion pipelines with a remote repository.
Changed in Cloud Data Fusion 6.10.1:
- Source Control Management supports Bitbucket and Gitlab.
- Cloud Data Fusion uses the subnet used by the shared VPC network attachment in the default compute profile.
- Added support for option string field (keep-strings) in
parse-xml-to-json
Wrangler directive (CDAP-20934). - The BigQuery sink plugin doesn't provide the Dedupe By option while in insert mode (PLUGIN-900).
- The BigQuery plugin supports the JSON type (PLUGIN-1563).
- Improved error messages in the Spanner source (PLUGIN-1748).
- Improved retries in Pub/Sub plugin (PLUGIN-1769).
Fixed in Cloud Data Fusion 6.10.1:
- Fixed an issue causing runtime arguments of pipeline triggers to not propagate to downstream pipelines (CDAP-20947).
- Fixed an issue in Wrangler causing the
send-to-error-and-continue
directive to not initializedq_failure
when the condition is false (PLUGIN-1736). - Fixed an issue that occurs if running a replication pipeline when task workers are enabled (CDAP-20951).
- Improved error reporting in the BigQuery Sink. Fixed an issue in BigQuery Argument Setter where validation error wasn't displayed correctly (PLUGIN-788, PLUGIN-781, PLUGIN-782, PLUGIN-1318).
- Improved retries in BigQuery plugin (PLUGIN-1715).
- Fixed an issue with the Python plugin, where running in native mode doesn't work as intended (PLUGIN-1617).
- Fixed an issue causing certain connection parameters to not propagate in a MySQL connection (PLUGIN-1728).
- Fixed an issue causing the Cloud Storage Copy action to timeout while working with large files (PLUGIN-1735).
- Fixed an issue causing Copy and Move plugins to not create buckets at the destination path as expected, resulting in a runtime error (PLUGIN-1738).
- Fixed an issue causing empty source input to fail in multiple plugins (PLUGIN-1742).
- Fixed an issue with remote execution of Wrangler directives causing type information to not be emitted (PLUGIN-1778).
- Fixed an issue causing a
No record field provided
error (CDAP-21024). - Streaming pipelines in Cloud Data Fusion support the Excel source. Batch pipelines with an Excel source can consume high memory and fail in large pipelines (PLUGIN-1771).
- Fixed an issue with using the Conditional plugin as a source for Wrangler, causing CDAP not to fetch the necessary schema (CDAP-20890).
- Fixed an issue with instance upgrades causing existing schedule names to be improperly encoded in the URL, resulting in pre-upgrade failure (CDAP-20999).
- Fixed an issue with schedules causing the maximum concurrent run property to not work as intended (CDAP-20988).
- Fixed an issue causing committed ID to incorrectly propagate when pushing pipeline configurations to Git (CDAP-20932).
Cloud Data Fusion version 6.10.1 has a known issue in the Cloud Storage plugin causing pipelines to intermittently fail if the plugin contains a * regex pattern and uses Dataproc 2.0. To mitigate this issue:
- Change the Dataproc image to version 2.1.
- Use an older plugin version.
- Increase memory for the executor.
Partner Interconnect support for dual-stack IPv4 and IPv6 is now generally available. For more information, see IPv6 support.
Global external Application Load Balancers and global external proxy Network Load Balancers can now load balance IPv6 traffic. The following backends support dual stack:
- VM instance group
- Zonal NEGs (GCE_VM_IP_PORT)
You can now migrate the load balancer from IPv4 based deployments to dual stack (IPv4 and IPv6) deployments.
For details, see:
IPv6 termination for external Application Load Balancers and external proxy Network Load Balancers
Migrate global external Application Load Balancer to dual-stack backends
Migrate global external proxy Network Load Balancers to dual-stack backends
This feature is available in Preview.
Cloud Router supports BGP route policies in Public Preview. For more information, see BGP route policies overview.
Cloud Router support for IPv6 BGP sessions is generally available. For more information, see BGP peering IP addresses.
cos-101-17162-463-26
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Updated cos-gpu-installer to v2.3.1.
Add IPv6 support for endor boards.
Fixed CVE-2024-26900 in the Linux kernel.
Vertex AI Agents: OpenAPI tools now support private network access
Vertex AI Agents: OpenAPI tool authentication now supports Bearer Token.
Dialogflow CX: VPC Service Controls now support Cloud Functions and Cloud Run.
All new VMware Engine private clouds now deploy with the following:
- VMware vSphere version 7.0 Update 3
- NSX-T version 3.2.3.1
Existing private clouds will be upgraded in May and June 2024.
For more details on the contents of this upgrade, see Service announcements.
(2024-R16) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.15-gke.1191000
- 1.27.11-gke.1062000
- 1.28.9-gke.1250000
- 1.29.1-gke.1589018
- 1.29.3-gke.1282005
- 1.29.4-gke.1043000
- 1.29.4-gke.1447000
- 1.29.4-gke.1447001
- 1.29.4-gke.1542000
Stable channel
- Version 1.27.11-gke.1062004 is now available in the Stable channel.
- Version 1.28.7-gke.1026000 is no longer available in the Stable channel.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.15-gke.1191000
- 1.28.7-gke.1026000
Rapid channel
- Version 1.30.0-gke.1167000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.9-gke.1250000
- 1.29.3-gke.1282000
- 1.29.3-gke.1282001
- 1.29.3-gke.1282005
- 1.29.4-gke.1447001
- 1.29.4-gke.1542000
- 1.30.0-gke.1457000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1165000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1165000 with this release.
(2024-R16) Version updates
- Version 1.27.11-gke.1062004 is now available in the Stable channel.
- Version 1.28.7-gke.1026000 is no longer available in the Stable channel.
(2024-R16) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.15-gke.1191000
- 1.28.7-gke.1026000
(2024-R16) Version updates
- Version 1.30.0-gke.1167000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.9-gke.1250000
- 1.29.3-gke.1282000
- 1.29.3-gke.1282001
- 1.29.3-gke.1282005
- 1.29.4-gke.1447001
- 1.29.4-gke.1542000
- 1.30.0-gke.1457000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1165000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1165000 with this release.
(2024-R16) Version updates
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.15-gke.1191000
- 1.27.11-gke.1062000
- 1.28.9-gke.1250000
- 1.29.1-gke.1589018
- 1.29.3-gke.1282005
- 1.29.4-gke.1043000
- 1.29.4-gke.1447000
- 1.29.4-gke.1447001
- 1.29.4-gke.1542000
May 20, 2024
Application IntegrationTerraform support
You can now use Terraform to provision new regions and create authentication profiles. For a detailed reference document about terraform resources, see google_integrations_client
and google_integrations_auth_config
.
A weekly digest of client library updates from across the Cloud SDK.
You can now use a search index to optimize lookups on the INT64
and TIMESTAMP
data types. The feature is in preview.
You can use DLP functions to support encryption and decryption between BigQuery and Sensitive Data Protection, using AES-SIV. This feature is now generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for logging/apiv2
1.10.0 (2024-05-15)
Features
Bug Fixes
Java
Changes for google-cloud-logging
3.17.2 (2024-05-16)
Dependencies
Uptime checks can now be configured and viewed directly within the Cloud Run "metrics" page.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for storage/internal/apiv2
1.41.0 (2024-05-13)
Features
- storage/control: Make Managed Folders operations public (264a6dc)
- storage: Support for soft delete policies and restore (#9520) (985deb2)
Bug Fixes
- storage/control: An existing resource pattern value
projects/{project}/buckets/{bucket}/managedFolders/{managedFolder=**}
to resource definitionstorage.googleapis.com/ManagedFolder
is removed (3e25053) - storage: Add internaloption.WithDefaultEndpointTemplate (3b41408)
- storage: Bump x/net to v0.24.0 (ba31ed5)
- storage: Disable gax retries for gRPC (#9747) (bbfc0ac)
- storage: More strongly match regex (#9706) (3cfc8eb), refs #9705
- storage: Retry net.OpError on connection reset (#10154) (54fab10), refs #9478
- storage: Wrap error when MaxAttempts is hit (#9767) (9cb262b), refs #9720
Documentation
- storage/control: Update storage control documentation and add PHP for publishing (1d757c6)
cos-109-17800-218-32
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated cos-gpu-installer to v2.3.1.
Upgraded sys-apps/less to v643-r2.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-libs/timezone-data to v2024a-r1.
Upgraded app-editors/vim to v9.1.0366, Upgraded app-editors/vim-core to v9.1.0366.
cos-113-18244-85-14
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated cos-gpu-installer to v2.3.1.
Upgraded sys-apps/less to v643-r2.
Upgraded sys-libs/timezone-data to v2024a-r1.
Added support for nft_fib family of modules in the Linux kernel.
cos-105-17412-370-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Updated cos-gpu-installer to v2.3.1.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-libs/timezone-data to v2024a-r1.
A weekly digest of client library updates from across the Cloud SDK.
The following models have been added to Model Garden:
- E5: A text embedding model series that can be served with a GPU or CPU.
- Instant ID: An identity preserving text-to-image generation model.
- Stable Diffusion XL lightning: A text-to-image generation model that is based on SDXL but requires fewer inference iterations.
To see a list of all available models, see Explore models in Model Garden.
Cloud Armor now supports regional internal Application Load Balancers in public preview. You can use the regional backend security policy type with this load balancer. For more information, see types of security policies.
A weekly digest of client library updates from across the Cloud SDK.
Preview: You can now define organizational best practices for your workloads using custom rules written in the Rego policy language. Workload Manager evaluates your workloads against these rules and creates reports for any violation and helps you prioritize remediation. This helps you continuously improve the quality, reliability, and performance of your workloads. For more information, see Implementing best practices using custom rules.
May 17, 2024
Anthos clusters on AzureYou can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
On May 17, 2024, we released an updated version of Apigee (1-12-0-apigee-4-hotfix).
Bug ID | Description |
---|---|
337876238, 330314128, 333762214 | Resolved issues resulting in an increase in 404/503 responses.Upgraded storage for the Apigee router to the latest version to resolve Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any |
335832119 | Fixed 404 errors caused during Apigee instance update/rollback. |
255772956 | Turned off asynchronous services callout when the <Response> element is not present due to inconsistent scaling of runtime pods. |
338717278 | Reverted problematic commit to address thread pool exhaustion. |
Navigation menus in the Classic Apigee UI have been restored to support the transition from the Classic console to Apigee in the Google Cloud console.
Each menu item in the Classic console now directs you to the corresponding feature location in the Cloud console where you can carry out your task. Please see Apigee UI in Cloud console navigation for more details.
Correction: Apigee hybrid entitlements are available in Apigee Subscription 2024 plans. For more information, see Apigee Subscription 2024 entitlements.
Node.js .22 is now available in preview.
Node.js 22 is now available in preview.
The Cost Estimation API is deprecated
To get estimates for your planned Google Cloud workloads, use the Google Cloud pricing calculator.
Cloud Functions (2nd gen) now supports the Node.js 22 runtime at the Preview release level.
Cloud Run is now covered by FedRAMP High.
Config Controller now uses the following versions of its included products:
- Config Connector v1.117.0, release notes
- Anthos Config Management v1.17.3, release notes
Dataflow no longer supports the NVIDIA Tesla K80 GPU type. For a list of supported GPU types, see Dataflow support for GPUs.
M121 release
- Updated the R CPU container image from R 4.3 to R 4.4. The R 4.3 container image is deprecated. There will be no further updates to this image in future releases.
M121 release
- CUDA 12.2 images are now available.
- Updated TensorFlow 2.15 images from CUDA 12.1 to CUDA 12.2.
- Re-enabled
common-gpu
Deep Learning VM releases that were erroneously deactivated in M117. - Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to
linux-image-5.10.0-29-cloud-amd64
. - The
linux-headers-cloud-amd64
metapackage is now installed for faster driver recompiling on kernel upgrades. - TensorFlow 2.6 CPU and GPU images are deprecated. There will be no further updates to these images in future releases.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.28.8-gke.1095000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.8-gke.200
- 1.26.14-gke.1044000
- 1.27.8-gke.1067004
- 1.29.3-gke.1282000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.
Stable channel
- Version 1.27.11-gke.1062003 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.8-gke.200
- 1.26.14-gke.1044000
- 1.27.11-gke.1062001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026001 with this release.
Regular channel
- Version 1.28.8-gke.1095000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.8-gke.200
- 1.27.11-gke.1062001
- 1.27.11-gke.1062003
- 1.28.7-gke.1026001
- 1.29.1-gke.1589018
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1191000
- 1.27.13-gke.1000000
- 1.28.9-gke.1000000
- 1.29.4-gke.1043000
- 1.29.4-gke.1447000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1300000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1166000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1209000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.9-gke.1209000 with this release.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1191000
- 1.27.13-gke.1000000
- 1.28.9-gke.1000000
- 1.29.4-gke.1043000
- 1.29.4-gke.1447000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1300000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1166000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1209000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.9-gke.1209000 with this release.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
- Version 1.28.8-gke.1095000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.8-gke.200
- 1.27.11-gke.1062001
- 1.27.11-gke.1062003
- 1.28.7-gke.1026001
- 1.29.1-gke.1589018
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
- Version 1.27.11-gke.1062003 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.8-gke.200
- 1.26.14-gke.1044000
- 1.27.11-gke.1062001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026001 with this release.
(2024-R14) Version updates
There are no version updates for 2024-R14.
(2024-R15) Version updates
- Version 1.28.8-gke.1095000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.8-gke.200
- 1.26.14-gke.1044000
- 1.27.8-gke.1067004
- 1.29.3-gke.1282000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.
Release 6.3.2 is now in General Availability.
NetApp Volumes now supports large capacity volumes (in Preview). For more information, see Large capacity volumes.
The IAM recommender generates policy insights and role recommendations for identities in Workload Identity Federation pools. To learn more, see Availability. This feature is available in Preview.
During Preview, the actual observation period might be shorter than the observation period listed in recommendations for these principals.
The LOCATION
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
Storage Transfer Service now supports transfers from Amazon S3 over a Google-managed private network. Transfer jobs that select this option pay no AWS egress fees; instead, a flat per-GiB rate is charged by Google Cloud. This allows you to transfer data at a potentially lower overall cost.
Learn more about egress options for S3 transfers, including the managed private network.
Cloud Logging for Storage Transfer Service now supports transfers involving POSIX file systems.
See Cloud Logging for Storage Transfer Service for more details.
M121 release
The M121 release of Vertex AI Workbench user-managed notebooks includes the following:
- Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to
linux-image-5.10.0-29-cloud-amd64
. - The
linux-headers-cloud-amd64
metapackage is now installed for faster driver recompiling on kernel upgrades. - TensorFlow 2.6 CPU and GPU images are deprecated. There will be no further updates to these images in future releases.
The M121 release of Vertex AI Workbench managed notebooks includes the following:
- Updated the R CPU kernel from R 4.3 to R 4.4.
M121 release
The M121 release of Vertex AI Workbench instances includes the following:
- Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to
linux-image-5.10.0-29-cloud-amd64
. - The
linux-headers-cloud-amd64
metapackage is now installed for faster driver recompiling on kernel upgrades.
May 16, 2024
Apigee Integrated PortalOn May 16, 2024 we released a new version of the Apigee integrated portal.
This release includes general improvements to performance and availability.
Generate a SQL query to BigQuery from your Cloud Billing Reports (in preview)
In the cloud console, on the Billing Reports page, you use the report settings and filters to refine the data returned to your report. If you have enabled Cloud Billing data export to BigQuery, you can analyze your exported billing data using SQL queries. In Billing Reports, you can now click a button to generate a SQL query in BigQuery that is configured to use the equivalent Billing Report settings and filters to query your exported billing data. When run against your exported billing data, the generated query returns the equivalent results in BigQuery as the results in the Billing Report.
The fhir_read_ops
, fhir_write_ops
, and fhir_search_ops
quota metrics are generally available (GA) and have replaced the legacy fhir_ops
quota metric. For more information, see FHIR quotas.
Cloud KMS with Autokey is now in Preview for Cloud Storage, Compute Engine, BigQuery, and Secret Manager.
Autokey simplifies creating and using customer-managed encryption keys (CMEKs) by automating provisioning and assignment. With Autokey, key rings, keys, and service accounts don't need to be planned and provisioned before they're needed. Instead, Autokey generates keys on demand as resources are created.
Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.
For more information, see Autokey overview.
Cloud KMS has two new organization policy constraints that you can use to control key version destruction. These constraints became available on November 1, 2023.
For more information, see Control key version destruction.
Config Connector version 1.118.1 is now available.
This release introduces the direct-reconciliation mechanism to reconcile Config Connector resources. The reconciliation makes API calls directly instead of going through a third-party library. Currently it only applies to LoggingLogMetric
.
LoggingLogMetric
now uses direct reconciliation.
Added support for ComputeNetworkFirewallPolicyRule
resource (v1alpha1).
LoggingLogMetric
- Added
spec.loggingLogBucketRef
field to support bucket reference.
SQLInstance
avoids a bug causing repeated reconciliation when spec.settings.edition
was configured with a non-empty value.
New Dataproc on Compute Engine subminor image versions:
2.0.102-debian10, 2.0.102-rocky8, 2.0.102-ubuntu18
2.1.50-debian11, 2.1.50-rocky8, 2.1.50-ubuntu20, 2.1.50-ubuntu20-arm
2.2.16-debian12, 2.2.16-rocky9, 2.2.16-ubuntu22
Dataproc on Compute Engine latest 2.x
image versions:
Removed
repo.anaconda.com
channel from Dataproc on Compute Engine2.x
image version clusters for installation of packages.Blast radius: Packages installed by conda.
Possible symptoms: Packages installed via default channel is not possible now.
Mitigation: Rollback.
Infrastructure for a RAG-capable generative AI application using Vertex AI: Added information about getting started with deploying the reference architecture by using a Jump Start Solution.
Release 1.29.100-gke.248
Google Distributed Cloud on VMware 1.29.100-gke.248 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.100-gke.248 runs on Kubernetes v1.29.4-gke.200.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
Updated Dataplane V2 to use Cilium 1.13.
The following issues are fixed in 1.29.100-gke.248:
- Fixed the
known issue
that after a user cluster upgrade, the user master nodes with COS OS image
used
172.17.0.1/16
as the Docker bridge IP addresses. - Fixed the static IP count validator for HA admin clusters.
- Fixed
gkeadm
preflight not validating VM folder.
The following vulnerabilities are fixed in 1.29.100-gke.248:
Ubuntu vulnerabilities:
Release 6.3.3 is currently in Preview.
Search results distorting the screen (ID #00273643)
Inline CSS removed in Insights (ID #00273271)
SAML login page showing blank (ID #00279230)
Gitsync power up push content not triggering automatically (ID #00283331)
Job page loading slowly and needs to be refreshed many times (ID #50253417)
Alert Type is empty when trying to add alert grouping rules (ID # 00275434)
Generally Available: Service accounts can now use JSON Web Tokens (JWTs) to programmatically access resources protected by Identity-Aware Proxy (IAP). This provides a streamlined authentication process for workloads accessing IAP-protected applications and services. For more information, see Programmatic authentication.
New Looker Studio log event attributes
New event logging attributes are now available for the Looker Studio log event data source. These attributes let Looker Studio administrators audit and monitor how Looker Studio users in their organization interact with schedules and alerts.
Looker data sources now display LookML filters
Filters that are defined in LookML models with the conditionally_filter
and always_filter
LookML parameters are now displayed in Looker Studio charts with a Looker data source.
NetApp Volumes now supports Google Cloud VMware Engine Peering Automation. For more information, see Google Cloud VMware Engine storage.
May 15, 2024
Anthos clusters on AWSA vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-030 security bulletin.
A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-030 security bulletin.
Commitment recommendations in the FinOps hub now include a Recommended quantity column, so you can see more information about recommendations at a glance.
Learn more about using the FinOps hub to optimize your costs.
You can now attach an IAM role binding to a log view that grants a principal access to the log view. For more information about log views and about controlling access to log views, see Configure log views on a log bucket.
Cloud Run has been added to Google Cloud's Pricing Calculator.
Cloud Source Repositories is scheduled for end of sale on June 17, 2024. Starting June 17, 2024, if your organization hasn't previously used Cloud Source Repositories, you cannot enable the API or use Cloud Source Repositories. New projects not connected to an organization can't enable the Cloud Source Repositories API after June 17, 2024. Customers who have already enabled the API prior to this date will not be affected and can continue to use Cloud Source Repositories.
Generally Available: Advanced maintenance control for sole-tenancy lets you control planned maintenance events for sole-tenant node groups and minimize maintenance-related disruptions. This feature is available only for sole-tenant node groups. To use this feature with your existing virtual machines, you must first move your VMs to sole-tenant node groups that have advanced maintenance control enabled.
The advanced maintenance control for sole-tenancy feature lets you:
- Check for maintenance events scheduled for a sole-tenant node 28 days in advance.
- Trigger maintenance immediately or schedule it for later. Note that if you trigger maintenance immediately, the maintenance takes place within 6 hours from the time you trigger the request.
For more information, see Advanced maintenance control for sole-tenancy.
Effective May 15, 2024, Artifact Registry hosts all images for the gcr.io
domain in projects without previous Container Registry usage.
If you use Container Registry, learn about the deprecation. To get started with managing containers on Google Cloud, use Artifact Registry.
Release 1.29.100-gke.251
GKE on Bare Metal 1.29.100-gke.251 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.29.100-gke.251 runs on Kubernetes 1.29.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Added new API and IAM role requirements for Cloud Monitoring:
You must enable the
kubernetesmetadata.googleapis.com
API for your project and grant theroles/kubernetesmetadata.publisher
IAM role to the Logging and Monitoring service account (anthos-baremetal-cloud-ops
, when created automatically). Clusters use this API as an endpoint to send Kubernetes metadata to Google Cloud. The metadata is vital for cluster monitoring, debugging, and recovery. If you install your clusters behind a proxy, addkubernetesmetadata.googleapis.com
to the list of allowed connections.Due to changes in the way service accounts are checked, you must also grant the following IAM roles to the Logging and Monitoring service account:
roles/monitoring.viewer
roles/serviceusage.serviceUsageViewer
These API and IAM role requirements apply to both creating new 1.29 clusters and upgrading existing clusters to 1.29.
Functionality changes:
Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.
Deprecated the
spec.gkeVersion
field inMachine
andBareMetalMachine
custom resources. After GKE on Bare Metal release 1.30, the value ofgkeVersion
isn't guaranteed to be reliable.Added preflight checks for available disk space in specific directories:
During cluster creation, the following directories are checked:
/
(the root directory) has at least 4 GiB of free space/var/log/fluent-bit-buffers
has at least 12 GiB of free space/var/opt/buffered-metrics
has at least 10016 MiB of free space
During a cluster upgrade, the following directory is checked:
/
(the root directory) has at least 2 GiB of free space
Fixes:
- Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.
The following container image security vulnerabilities have been fixed in 1.29.100-gke.251:
Medium-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-030 security bulletin.
A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-030 security bulletin.
Added a release note to May 16, 2023 for 1.27 available in the Rapid channel. This release note was previously only added to the Release notes (Rapid channel only) page by mistake.
reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for iOS.
This version contains the following changes:
- Performance and reliability improvements in
getClient()
andexecute()
. - Support for Apple Privacy Manifest.
- The minimum iOS version is now iOS 12 to align with Xcode 15 dropping support for iOS 11.
- New exception type is added for devices without a network connection.
reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for Android.
This version contains the following changes:
- Performance and reliability improvements in
getClient()
andexecute()
. - Support for Android API 19 is dropped.
- New exception type is added for devices without a network connection.
May 14, 2024
Anthos clusters on AWSA vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-028 security bulletin.
A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-029 security bulletin.
A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-028 security bulletin.
A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-029 security bulletin.
On May 14, 2024 we released an updated version of Advanced API Security.
NOTE: Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You may not be able to use the functionality until the rollout is complete.
Addition of autonomous system numbers (ASN), HTTP methods, and region codes as supported security action rule condition types.
This new functionality is not available with Apigee hybrid at this time.
See Create a security action to learn more.
You can now view information about upcoming maintenance events for Bare Metal Solution on Upcoming maintenance events page.
You can now create Gemini-enhanced translation rules to use with the interactive SQL translator. Translation rules let you customize and adjust the results of the interactive translator according to your SQL migration needs. This feature is in preview.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Cloud Monitoring
monitoring.googleapis.com/Dashboard
- Discovery Engine
discoveryengine.googleapis.com/Engine
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Importing and exporting FHIR resources, including their historical versions, as history bundles using Cloud Storage is available in Preview.
Developer Connect, Google Cloud's tool for connectivity to third-party source code management platforms, is now available in Preview. To get started, see Quickstart.
Gemini 1.5 Flash (Preview)
Gemini 1.5 Flash (gemini-1.5-flash-preview-0514
) is available in Preview. Gemini 1.5 Flash is a multimodal model designed for fast, high volume, cost-effective text generation and chat applications. It can analyze text, code, audio, PDF, video, and video with audio.
Grounding Gemini with Google Search is GA
The Gemini API Grounding with Google Search feature is available in GA. This is available for Gemini 1.0 Pro models. To learn more about model grounding, see Grounding with Google Search.
Batch prediction support for Gemini
Batch prediction is available for Gemini in preview. Available Gemini models include Gemini 1.0 Pro, Gemini 1.5 Pro, and Gemini 1.5 Flash. To get started with batch prediction, see Get batch predictions for Gemini.
PaliGemma model
The PaliGemma model is available. PaliGemma is a lightweight open model that's part of the Google Gemma model family. It's the Gemma model family's best model option for image captioning tasks and visual question and answering tasks. Gemma models are based on Gemini models and intended to be extended by customers.
New stable text embedding models
The following text embedding models are available GA:
text-embedding-004
text-multilingual-embedding-002
For details on how to use these models, see Get text embeddings.
(New guide) Global deployment with Compute Engine and Spanner: Learn how to architect a multi-tier application that runs on Compute Engine VMs and Spanner in a global topology on Google Cloud.
A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-029 security bulletin.
A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-029 security bulletin.
Google SecOps now supports the following functions in Detection Engine rules:
- fingerprint
- sample_rate
For more information about these functions, see YARA-L 2.0 language syntax.
Google SecOps now supports the following functions in Detection Engine rules:
- fingerprint
- sample_rate
For more information about these functions, see YARA-L 2.0 language syntax.
Rapid Vulnerability Detection preview shuts down on July 14, 2024
The Preview release of the Rapid Vulnerability Detection service is discontinued and the service will be shut down on July 14, 2024.
No action is required.
On July 14, 2024, the status of any findings produced by the Rapid Vulnerability Detection service will be automatically set to Inactive
and will be retained for a period defined by the Security Command Center data retention policy.
Cloud Text-to-Speech now offers updated Journey voices with an additional speaker, en-us-Journey-O.
Ray on Vertex AI is now Generally Available and includes the following updates:
- Ray version 2.9.3 and Python 3.10 are supported. For information about Ray image support policies, see Supported versions.
- VPC peering connection is no longer required if you use public endpoints.
- Custom images are supported with Ray on Vertex AI.
- You can use custom service accounts with Ray on Vertex AI.
- A Colab template is not automatically created when you create a Ray Cluster. Instead, you can connect directly to Ray on Vertex AI clusters from Colab Enterprise's side panel.
For Ray on Vertex AI, Ray version 2.4 is no longer supported. Migrate your code to support Ray 2.9.3 or later and then delete Ray clusters that are running 2.4.
Vertex AI Search: Check grounding (GA)
The check grounding API is Generally available (GA).
The check grounding API determines how grounded a piece of text is in a given set of facts. The API returns support scores and citations.
Filler and introductory statements can be deemed as not requiring attribution. No scores or citations are provided for those statements.
Additionally, as an experimental feature, the API also generates contradicting citations that show which facts contradict the text and how strongly.
For more information, see Check grounding and the check
API.
May 13, 2024
Backup for GKEBackup for GKE now supports creating a backup plan when creating a cluster.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.40.1 (2024-05-06)
Dependencies
2.40.0 (2024-05-06)
Features
Dependencies
Python
Changes for google-cloud-bigquery
3.22.0 (2024-04-19)
Features
Phrase support for the SEARCH
function is in preview.
A weekly digest of client library updates from across the Cloud SDK.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.17.1 (2024-05-06)
Dependencies
You can now configure dashboards to display events by using the Monitoring API.
- For event information, see Event types.
- For information about enabling events, see Show events on a dashboard.
- For an example, see API examples: Enable dashboard events and filters.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.11.0 (2024-05-03)
Features
Java
Changes for google-cloud-storage
2.38.0 (2024-05-09)
Features
Bug Fixes
- Add strict client side response validation for gRPC chunked resumable uploads (#2527) (c1d1f4a)
- An existing resource pattern value
projects/{project}/buckets/{bucket}/managedFolders/{managedFolder=**}
to resource definitionstorage.googleapis.com/ManagedFolder
is removed (#2524) (7d7f526) - deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#2501) (518d4be)
- ParallelCompositeUpload in Transfer Manager hangs when encountering OOM (#2526) (67a7c6b)
- Update grpc WriteObject response handling to provide context when a failure happens (#2532) (170a3f5)
- Update GzipReadableByteChannel to be tolerant of one byte reads (#2512) (87b63f4)
- Update StorageOptions to carry forward fields that aren't part of ServiceOptions (#2521) (b84654e)
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#2523) (3e573f7)
- Update dependency info.picocli:picocli to v4.7.6 (#2535) (f26888a)
Documentation
Config Connector version 1.117.0 is now available.
This release improves our support for VertexAI.
VertexAIDataSet
is promoted from alpha to beta.
Output fields are now in
status.observedState
.The KMS key is now specified using a reference:
spec.encryptionSpec.kmsKeyNameRef
VertexAIIndex
is promoted from alpha to beta.
Output fields are now in
status.observedState
.Note that
isCompleteOverwrite
is currently not supported: it is not obviously compatible with declarative operation.
VertexAIEndpoint
is promoted from alpha to beta.
Output fields are now in
status.observedState
.The KMS key is now specified using a reference:
spec.encryptionSpec.kmsKeyNameRef
The network is now specified using a reference:
spec.networkRef
ComputeNetwork
- The
spec.enableUlaInternalIpv6
field is no longer immutable - it can now be changed without recreating the network.
cos-113-18244-85-5
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
This is an LTS Refresh release.
Upgraded app-admin/node-problem-detector to v0.8.18.
Upgraded app-admin/google-osconfig-agent to v20240501.00.
Upgraded app-admin/google-guest-agent to v20240314.00.
Upgraded app-containers/docker and app-containers/docker-cli to v24.0.9.
Upgraded app-admin/google-guest-configs to v20240307.00.
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Upgraded app-emulation/cloud-init to v23.4.4.
Added support for i6300 watchdog timer device.
Uprev GPU driver version to v470.239.06.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Fixed CVE-2024-26900 in the Linux kernel.
Fixed CVE-2024-26809 in the Linux kernel.
Fixed CVE-2024-26882 in the Linux kernel.
Fixed CVE-2024-26884 in the Linux kernel.
Fixed CVE-2024-26885 in the Linux kernel.
Fixed CVE-2024-26883 in the Linux kernel.
Fixed CVE-2024-26907 in the Linux kernel.
Runtime sysctl changes:
- Added: net.core.mem_pcpu_rsv: 256
- Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
- Changed: fs.file-max: 812400 -> 812391
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
- Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
cos-109-17800-218-26
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Uprev GPU driver version to v470.239.06.
Fixed CVE-2024-26900 in the Linux kernel.
cos-105-17412-370-29
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Fixed CVE-2024-26900 in the Linux kernel.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for datastore/admin/apiv1
1.17.0 (2024-05-08)
Features
Java
Changes for google-cloud-datastore
2.19.2 (2024-05-03)
Bug Fixes
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#1426) (ac3a1c1)
- Update dependency com.google.errorprone:error_prone_core to v2.27.0 (#1411) (a3f5a2c)
- Update dependency com.google.errorprone:error_prone_core to v2.27.1 (#1421) (48d7daf)
- Update dependency com.google.guava:guava-testlib to v33.2.0-jre (#1422) (5a5dfdf)
A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-028 security bulletin.
A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-028 security bulletin.
Media CDN supports content targeting, which helps you cache and deliver assets that are customized for your end-user contexts. It enables device characterization and geo-targeting, which are useful for implementing responsive websites, language customization, and currency settings.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
4.4.0 (2024-05-03)
Features
Bug Fixes
Go
Changes for pubsub/apiv1
1.38.0 (2024-05-06)
Features
- pubsub: Add custom datetime format for Cloud Storage subscriptions (4834425)
- pubsub: Support publisher compression (#9711) (4940c3c)
- pubsub: Use Streaming Pull response for ordering check (#9682) (7bf4904)
Bug Fixes
Java
Changes for google-cloud-pubsub
1.129.4 (2024-05-10)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.40.0 (#2016) (beee523)
- Update dependency com.google.cloud:google-cloud-bigquery to v2.40.1 (#2021) (0873594)
- Update dependency com.google.cloud:google-cloud-storage to v2.38.0 (#2019) (ba3dffc)
1.129.3 (2024-05-06)
Dependencies
The IMMIGRATION_STATUS
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The RUSSIA_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The UKRAINE_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The UZBEKISTAN_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
Spanner now supports a new metric in the monitoring console called read_request_latencies_by_change_stream
. Use this metric to view all read latencies and filter latencies by change stream or non-change stream reads. For more information, see Available charts and metrics.
Vector length annotation is now generally available. For more information, see the PostgreSQL vector length parameter or the GoogleSQL vector_length parameter.
May 11, 2024
Cloud ComposerStarting from GKE version 1.27.5, Cloud Composer environment clusters will start using SSD disks as persistent disks. The disk quota will change from Persistent disk standard (GB) to Persistent disk SSD (GB). Please check the Persistent disk SSD (GB) quota in your project and request an increase if this quota approaches its limit.
A single environment created using a Small environment preset requires at least 600 GB SSD disk space and the SSD quota must be able to accommodate it.
Being close to the limit of the SSD quota might impact the autoscaling capabilities of Cloud Composer environments or make impossible to create new environments.
The Logs in Cloud Logging Only feature is enabled by default in new environments:
- New Cloud Composer environments now save Airflow task logs only in Cloud Logging by default.
- Existing environments are not changed. If you upgrade an existing environment to Cloud Composer 2.8.0, it keeps saving logs to the environment's bucket.
- You can enable and disable saving logs to the environment's bucket for an existing environment.
Fixed a problem where some Airflow tasks were failing because the task could not write logs to the environment's bucket.
Cloud Composer 2.8.0 images are available:
- composer-2.8.0-airflow-2.7.3 (default)
- composer-2.8.0-airflow-2.6.3
May 10, 2024
AlloyDB for PostgreSQLModel endpoint management is now available in Preview for both AlloyDB and AlloyDB Omni. For more information, see Register and call remote AI models in AlloyDB or Register and call remote AI models in AlloyDB Omni.
Version 15.5.3 of the simplified installation method for AlloyDB Omni is now available in Preview. Updates include the following:
- Support for all of the environment variables that are supported by the official PostgreSQL Docker image.
- Various bug fixes and performance improvements.
Artifact Registry generic repositories are available in Preview.
Generic repositories store versioned, immutable artifacts that don't have to adhere to any specific package format in Artifact Registry. You can store and manage arbitrary files such as archives, binaries, and media files with no package specifications or management clients.
To get started with generic repositories, see the quickstart.
Gemini, an AI-powered collaborator in Google Cloud, can help you generate code in Dataform. This feature is in preview. For more information, see Write queries with Gemini assistance.
In new Standard clusters running GKE version 1.29 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: 34.118.224.0/20
by default. With this feature, you don't need to specify your own IP address range for Services. For more information, see Subnet secondary IP address range for Services.
Container Threat Detection (KTD) fails to deploy on Autopilot clusters running the following GKE versions:
- 1.28.6-gke.1095000 to 1.28.7-gke.1025000
- 1.29.1-gke.1016000 to 1.29.1-gke.1781000
To mitigate this issue, upgrade the cluster to version 1.28.7-gke.1026000 or later, or to 1.29.2-gke.1060000 or later.
New SAP HANA certification: Hyperdisk Balanced usage with M1 machine types
For use with SAP HANA on Google Cloud, SAP has certified the usage of Hyperdisk Balanced with the M1 series of memory-optimized machine types.
For more information, see:
- Certified Compute Engine VMs for SAP HANA
- The "Hyperdisk Balanced" tab in Minimum sizes for SSD-based Persistent Disk and Hyperdisk volumes
May 09, 2024
Anthos Attached ClustersThis release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
GKE on AWS now supports clusters in the ap-northeast-2
region.
For more information, see
Supported regions.
On May 9, 2024 we released an updated version of Advanced API Security.
Addition of CIDR range support when specifying IPv4 addresses for security action rules.
Apigee Advanced API Security now includes support for CIDR range specification when creating security action rules that restrict access based on IP addresses.
This new functionality is not available with Apigee hybrid at this time.
See Create a security action to learn more.
Limit on number of basepaths per environment
Apigee is enforcing a temporary limit of 500 basepaths per environment to avoid potential failures when deploying API proxy revisions.
While this limit is in place, you can deploy up to 500 API proxy revisions (each containing a single basepath) per environment. If your API proxies or revisions contain more than one basepath, the total number of basepaths per environment must not exceed 500.
To track the status of this issue, see Apigee Known Issues.
You can now configure a logs panel widget to display log entries by log view. For more information, see Display logs and errors on a custom dashboard.
New Dataproc on Compute Engine subminor image versions:
2.0.101-debian10, 2.0.101-rocky8, 2.0.101-ubuntu18
2.1.49-debian11, 2.1.49-rocky8, 2.1.49-ubuntu20, 2.1.49-ubuntu20-arm
2.2.15-debian12, 2.2.15-rocky9, 2.2.15-ubuntu22
GKE on VMware 1.28.500-gke.121 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.28.500-gke.121 runs on Kubernetes v1.28.8-gke.2000.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following issues are fixed in 1.28.500-gke.121:
Added the CNI binaries back to the OS image, so that clusters using multiple network interfaces with these CNI binaries can continue working.
Fixed the static IP count validator for HA admin clusters.
The following vulnerabilities are fixed in1.28.500-gke.121:
Ubuntu vulnerabilities
- CVE-2023-1194
- CVE-2023-32254
- CVE-2023-32258
- CVE-2023-38427
- CVE-2023-38430
- CVE-2023-38431
- CVE-2023-3867
- CVE-2023-46838
- CVE-2023-52340
- CVE-2023-52429
- CVE-2023-52436
- CVE-2023-52438
- CVE-2023-52439
- CVE-2023-52441
- CVE-2023-52442
- CVE-2023-52443
- CVE-2023-52444
- CVE-2023-52445
- CVE-2023-52448
- CVE-2023-52449
- CVE-2023-52451
- CVE-2023-52454
- CVE-2023-52456
- CVE-2023-52457
- CVE-2023-52458
- CVE-2023-52462
- CVE-2023-52463
- CVE-2023-52464
- CVE-2023-52467
- CVE-2023-52469
- CVE-2023-52470
- CVE-2023-52480
- CVE-2023-52609
- CVE-2023-52610
- CVE-2023-52612
- CVE-2024-22705
- CVE-2024-23850
- CVE-2024-23851
- CVE-2024-24860
- CVE-2024-26586
- CVE-2024-26589
- CVE-2024-26591
- CVE-2024-26597
- CVE-2024-26598
- CVE-2024-26631
- CVE-2024-26633
A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-027 security bulletin.
Release 6.3.1 is now in General Availability.
Remote Agents Release 1.6.0 is now in General Availability.
May 08, 2024
Anthos clusters on AWSA vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-027 security bulletin.
A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-027 security bulletin.
On May 8, 2024, we released an updated version of Apigee X.
This release contains the General Availability (GA) release of AppGroups for Apigee and Apigee hybrid (version 1.10.0 and later).
AppGroups represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership. Client support for AppGroups is available with the latest Drupal Teams module.
The migration documentation has been updated to explain how to use workflow services that you have configured for Cloud Life Sciences with Batch instead. Specifically, the documentation mentions Workflows from Google Cloud, Cromwell, dsub, Nextflow, and Snakemake. For more information, see Workflow services in the Batch migration documentation.
Preview: You can now use the Require OS Config organization policy constraint to automatically enable VM Manager for all new VMs in your organization, folder, or project. For more information, see Enable VM Manager using an organization policy.
New Dataproc Serverless for Spark runtime versions:
- 1.1.61
- 1.2.5
- 2.0.69
- 2.1.48
- 2.2.5
Dialogflow ES and Dialogflow CX: The us-dialogflow.googleapis.com
endpoint and locations/us
resource location, which served as aliases for global resources, will be discontinued starting May 21, 2024. We have changed the date
to update resource locations and endpoints from April 16, 2024 to May 21, 2024 to provide you with additional time. For more information, see the email announcement.
Note
- This change affects only the agents created in the
global
region (ES, CX) and only if you use theus
alias in the API requests to these global-region agents. If you created agents inus-central1
,us-east1
,us-west1
, andus
(multi-region) regions, no action is required. - The discontinued endpoint is different than the
us
multi-region endpoint that was announced recently.
Dialogflow CX and Vertex AI Agents: Effective June 15, 2024, the following generative features will be upgraded from text-bison-001 to gemini-1.0-pro-001:
- Vertex AI agent apps
- Data store agents (aka Chat agents)
- Generators
- Generative fallback
For more information, see the email announcement
(New guide) C3 AI architecture on Google Cloud: Develop applications using C3 AI and Google Cloud.
A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-026 security bulletin.
A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-027 security bulletin.
(2024-R13) Version updates
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.26.13-gke.1144000
- 1.26.15-gke.1158000
- 1.26.15-gke.1243000
- 1.27.12-gke.1190000
- 1.27.13-gke.1070000
- 1.28.3-gke.1118000
- 1.28.3-gke.1286000
- 1.28.8-gke.1175000
- 1.28.9-gke.1069000
- 1.29.1-gke.1589017
- 1.29.3-gke.1093000
- 1.29.3-gke.1093006
- 1.29.4-gke.1165000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.13-gke.1144000
- 1.27.8-gke.1067004
- 1.27.11-gke.1062000
- 1.28.3-gke.1118000
- 1.28.3-gke.1286000
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.14-gke.1044000
- 1.29.1-gke.1589017
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.1-gke.1589018 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.
Rapid channel
- Version 1.29.3-gke.1282001 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1158000
- 1.26.15-gke.1243000
- 1.27.12-gke.1190000
- 1.27.13-gke.1070000
- 1.28.8-gke.1175000
- 1.28.9-gke.1069000
- 1.29.3-gke.1093006
- 1.29.3-gke.1282000
- 1.29.4-gke.1165000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282001 with this release.
A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-026 security bulletin.
(2024-R13) Version updates
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.26.13-gke.1144000
- 1.26.15-gke.1158000
- 1.26.15-gke.1243000
- 1.27.12-gke.1190000
- 1.27.13-gke.1070000
- 1.28.3-gke.1118000
- 1.28.3-gke.1286000
- 1.28.8-gke.1175000
- 1.28.9-gke.1069000
- 1.29.1-gke.1589017
- 1.29.3-gke.1093000
- 1.29.3-gke.1093006
- 1.29.4-gke.1165000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.
(2024-R13) Version updates
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.13-gke.1144000
- 1.27.8-gke.1067004
- 1.27.11-gke.1062000
- 1.28.3-gke.1118000
- 1.28.3-gke.1286000
(2024-R13) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.14-gke.1044000
- 1.29.1-gke.1589017
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.1-gke.1589018 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.
(2024-R13) Version updates
- Version 1.29.3-gke.1282001 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1158000
- 1.26.15-gke.1243000
- 1.27.12-gke.1190000
- 1.27.13-gke.1070000
- 1.28.8-gke.1175000
- 1.28.9-gke.1069000
- 1.29.3-gke.1093006
- 1.29.3-gke.1282000
- 1.29.4-gke.1165000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282001 with this release.
When Applied Threat Intelligence is enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an alert when a match is found.
When Applied Threat Intelligence is enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an alert when a match is found.
Release 6.3.2 is currently in Preview.
Issues when Siemplify > Set Case SLA
actions run at the exact same time (ID #49397338)
Wrong error message displays when you to try add a custom list with a name that already exists (ID #50610331)
User mentioned in case not receiving an email notification (ID #00274991)
Widgets not fully aligned on Case view page (ID #49711925)
Number increased for integer type integration parameters (ID #00287205)
Looker 24.8 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, May 13, 2024
Expected Looker (original) final deployment and download available: Thursday, May 23, 2024
Expected Looker (Google Cloud core) deployment start: Monday, May 13, 2024
Expected Looker (Google Cloud core) final deployment: Monday, May 20, 2024
Database connection pooling is becoming generally available. For Looker (original) instances, the feature is moved out of Looker Labs. For dialects that support database connection pooling, the Connection settings page will include a Database Connection Pooling option. As part of this update, the Database Connection Pooling Labs setting for your instance has been applied to the Database Connection Pooling setting for the applicable database connections on your instance. If you very recently changed the Database Connection Pooling Labs setting, please check your connection settings to verify that the migration has applied the Database Connection Pooling setting that you want for each database connection.
The last_logged_in_at
time is now captured when a URL that is created by the create_embed_url
is used to log in to the Looker instance. This feature now performs as expected.
Previously, queries for totals would not run when a derived table referenced an ephemeral derived table using the SQL_TABLE_NAME
syntax. This feature now performs as expected.
An issue has been fixed with the scrollbar appearing in text tiles. This feature now performs as expected.
An issue has been fixed where embed download filter parameters for cookieless embed were incorrectly escaped (space mapped to x2B [+] rather than x20). This feature now performs as expected.
An issue has been fixed where ↙ ↘ characters were being reversed in single value visualizations. This feature now performs as expected.
Text is now properly truncated in table visualizations even when the underlying field has defined html
and link
parameters.
Previously, an issue could cause Look titles to be cut off. This feature now performs as expected.
Previously, an issue caused filters to be incorrectly restored in the dashboard edit filter dialog. This feature now performs as expected.
Previously, if Looker encountered an invalid visualization type on a tile, the dashboard would not load. This feature now performs as expected.
Previously, queries that were defined with the API occasionally could not be downloaded as PNGs or JPGs. This feature now performs as expected.
Quick start queries with missing identifiers will no longer cause validation to fail.
Referencing the ALL_FIELDS
set in a join or view will no longer cause validation to fail.
You can now see longer embedded Look titles without needing to scroll.
For LookML projects with a large number of files, IDE folders were slow to respond when you were navigating and creating, editing, or deleting LookML files. A performance issue has been identified and fixed.
When you search for a user or group, strings with commas now work as expected.
An issue where paper size did not change correctly when Fit to Dashboard was used has been fixed. This feature now performs as expected.
Previously, when embedded Explores were rendered in an iframe, a screen jump might have occurred. This feature now performs as expected.
Previously, query downloads of type json_bi
could have failed if they included fields that were hidden from the visualization. This feature now performs as expected.
Looker now initializes Development Mode projects for Looker projects that are in Production Mode.
Text in the project IDE will now be line wrapped.
When a Git project becomes corrupted, Looker now proactively converts it to a clone to prevent further issues.
When a LookML project fails to load, a log message will now be generated.
The log error about getting an access token from the Google OAuth library has been reclassified as a warning.
When a custom filter is too large for the JSON parser to handle, Looker now returns a more descriptive error.
HSQLDB has been updated to version 2.7.2 to comply with GHSA-77xx-rxvh-q682.
On the Looker Labs page, links to documentation will now open in a new browser tab instead of navigating away from the Looker UI.
May 07, 2024
AlloyDB for PostgreSQLPrivate Service Connect is now generally available (GA). Private Service Connect lets you connect to an AlloyDB for PostgreSQL instance from multiple VPC networks belonging to different groups, teams, projects, or organizations.
AlloyDB Omni version 15.5.1 and later lets you add sidecar containers to your database cluster when you use the AlloyDB Omni Kubernetes Operator.
A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-026 security bulletin.
A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-026 security bulletin.
On May 7, 2024, we released an updated version of Apigee.
Target server SSL enforcement
With this release, Apigee customers can specify strict SSL
southbound enforcement in TargetServer configurations using the object's enforce
key. If set to true
, SSL enforcement is applied to service callouts.
The option to specify this behavior is analogous to usage of the <Enforce>
tag in the <SSLInfo>
block of the TargetEndpoint configuration.
For more information, see Configure strict SSL enforcement .
Environment-level flag for SSL enforcement
Apigee customers can specify strict SSL southbound enforcement across an Apigee environment, using the SSLInfo.Enforce
flag.
If SSLInfo.Enforce
is set to true
or false
, the value specified overrides any granular enforcement options specified in <SSLInfo>
blocks in TargetEndpoint or TargetServer configurations.
If SSLInfo.Enforce
is unset, SSL enforcement is determined by any values specified using the <Enforce>
element within individual <SSLInfo>
blocks.
For more information, see TLS/SSL TargetEndpoint configuration.
Two-way HTTPS health monitor support
Apigee health monitors using <HTTPMonitor>
can now use all SSL parameters available in the <SSLInfo>
block of their TargetServer configurations when performing health checks.
To enable access, set <UseTargetServerSSLInfo>
to true
in the <Request>
block of the HTTPMonitor configuration.
For more information, see Health monitor using HTTP monitor .
JavaScript user-defined aggregate functions (UDAFs) are in preview. You can create a JavaScript UDAF with the CREATE AGGREGATE FUNCTION statement.
You can now store columns in your vector indexes and pre-filter data in your vector searches to improve query efficiency. This feature is in preview.
Using a filter when exporting HL7v2 messages to Cloud Storage is generally available (GA) and available in Preview.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
May 06, 2024
AlloyDB for PostgreSQLYou can now set password policies for local database users.
Apigee API hub is available in preview.
With Apigee API hub, you can consolidate and organize critical information about your APIs in one place. Use API hub to accelerate the consistency, use, reuse, and governance of your API portfolio.
Use API hub to:
- Create and manage a complete catalog of your APIs and API resources.
- Add rich attributes to your APIs for tracking, organizing, and filtering.
- Link to one or more Apigee projects to automatically fetch and store Apigee API proxy information.
- Find APIs with powerful free-form semantic search capabilities.
- Track compliance for your API specification files using Linting functionality.
To learn more about the features and functionality available, see What is Apigee API hub?
NOTE: Rollouts of this feature will begin on May 6, 2024, and may take four or more business days to be completed across all Google Cloud zones. You may not be able to provision API hub until the rollout is complete.
This legacy version of AutoML Natural Language is deprecated and new models can no longer be trained nor deployed on the legacy platform. Already deployed models will stop working on May 30, 2024. All the functionality of legacy AutoML Natural Language and new features are available on the Vertex AI platform. See Migrate to Vertex AI to learn how to migrate your resources.
Backup and DR Service 11.0.10.425 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance. This release includes fixes for the following security vulnerabilities:
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.7.0 (2024-05-03)
Features
Java
Changes for google-cloud-bigquery
2.39.1 (2024-04-29)
Bug Fixes
Dependencies
- Update actions/checkout action (#3267) (c297ed2)
- Update actions/upload-artifact action to v4.3.3 (#3258) (5215235)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.44.0 (#3270) (ee09ab6)
- Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.5.0 (e7c6201)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.48.0 (#3271) (3b6e0d5)
- Update github/codeql-action action to v2.25.2 (#3260) (3302dc4)
- Update github/codeql-action action to v2.25.3 (#3268) (1cf2377)
BigQuery Managed Disaster Recovery provides managed failover and redundant compute capacity for business critical workloads. It is intended for use in the case of a total region outage and is supported with the BigQuery Enterprise Plus edition only. This feature is now available in preview.
You can now create AWS Glue federated datasets using the the Google Cloud console. This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Implement fine-grained policy controls over your certificate issuance using certificate templates. Certificate templates can be used in conjunction with IAM conditions to effectively create different policy controls for different users on the same CA pool. You can test certificate issuance in a validation mode and proactively identify conflicts between the CA pool's issuance policies and the certificate template's policies. For information, see Request a certificate using a certificate template. The feature is in General Availability (GA).
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Compute Engine
compute.googleapis.com/StoragePool
Download committed use discount data as a CSV file
You can now download data about all your committed use discounts (CUD) as a flat comma-separated value (CSV) file. The CSV file includes the subscription ID for each commitment, which you can use join your CUDs data to your usage data in the BigQuery export.
Synthetic monitors no longer require that the ingress rule be set to allow all traffic. For more information, see Cloud Function configuration.
A Selenium WebDriver sample is now available for synthetic monitors. For more information, see Selenium WebDriver template.
cos-101-17162-463-16
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Fixed CVE-2017-18207 in dev-lang/python.
Fixed CVE-2023-32681 in dev-python/requests.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2022-2806 in app-admin/sosreport.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.
Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.
Fixed CVE-2024-26921 in the Linux kernel.
cos-105-17412-370-23
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
Upgraded sys-apps/makedumpfile to v1.7.5.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.
Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.
Fixed CVE-2023-32681 in dev-python/requests.
Fixed CVE-2024-26921 in the Linux kernel.
cos-109-17800-218-20
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded sys-apps/makedumpfile to v1.7.5.
Upgraded app-admin/node-problem-detector to v0.8.18.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.
Fixed CVE-2023-32681 in dev-python/requests.
cos-113-18244-1-65
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded sys-apps/makedumpfile to v1.7.5.
Upgraded app-admin/sosreport to v4.7.1.
Updated cos-gpu-installer to v2.3.0.
Fixed CVE-2023-52620 in Linux kernel.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.7 (2024-05-01)
Bug Fixes
- dataflow: Bump x/net to v0.24.0 (ba31ed5)
New Dataproc on Compute Engine subminor image versions:
- 2.0.100-debian10, 2.0.100-rocky8, 2.0.100-ubuntu18
- 2.1.48-debian11, 2.1.48-rocky8, 2.1.48-ubuntu20, 2.1.48-ubuntu20-arm
- 2.2.14-debian12, 2.2.14-rocky9, 2.2.14-ubuntu22
Dataproc on Compute Engine:
- Backported patches for HIVE-14557, HIVE-19326, HIVE-20514, HIVE-21100, HIVE-22165, HIVE-22416, HIVE-24435.
- Hive: Improved ORC split generation.
Batch processing with Layout Parser is available. For more about Layout Parser, see Process documents with Layout Parser.
Model pretrained-foundation-model-v1.1-2024-03-12
is available for custom extractor. For more information about available models, see Custom extractor model versions.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for datastore/admin/apiv1
1.16.0 (2024-04-29)
Features
- datastore: Adding BeginLater and transaction state (#8984) (5f8e21f)
- datastore: Adding BeginLater transaction option (#8972) (4067f4e)
- datastore: Adding reserve IDs support (#9027) (2d66de0)
- datastore: Configure both mTLS and TLS endpoints for Datastore client (#9653) (38bd793)
- datastore: Respect DATASTORE_EMULATOR_HOST setting (#9789) (7259373)
Bug Fixes
- datastore: Add explicit sleep before read time use (#9080) (0538be4)
- datastore: Adding tracing to run method (#9602) (a5e197c)
- datastore: Bump x/net to v0.24.0 (ba31ed5)
- datastore: Enable universe domain resolution options (fd1d569)
- datastore: Prevent panic on GetMulti failure (#9656) (55845ad)
- datastore: Update protobuf dep to v1.33.0 (30b038d)
Cloud Deploy now uses Skaffold 2.11 as the default Skaffold version for all target types.
Gemini for investigation assistance
Gemini for investigation assistance can now support you with the following:
- Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.
- Search summaries: Gemini can automatically summarize search results after every search and subsequent filter action. Gemini can also answer contextual follow-up questions about the summaries it provides.
- Rule generation: Gemini can create new YARA-L rules from the UDM search queries it generates.
- Security questions and threat intelligence analysis: Gemini can answer general security domain questions and specific threat intelligence questions. Gemini can provide summaries about threat actors, IOCs, and other threat intelligence topics.
- Incident remediation: Based on the event information returned, Gemini can suggest follow-on steps.
For more information, see Use Gemini to investigate security issues.
Gemini for investigation assistance
Gemini for investigation assistance can now support you with the following:
- Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.
- Search summaries: Gemini can automatically summarize search results after every search and subsequent filter action. Gemini can also answer contextual follow-up questions about the summaries it provides.
- Rule generation: Gemini can create new YARA-L rules from the UDM search queries it generates.
- Security questions and threat intelligence analysis: Gemini can answer general security domain questions and specific threat intelligence questions. Gemini can provide summaries about threat actors, IOCs, and other threat intelligence topics.
- Incident remediation: Based on the event information returned, Gemini can suggest follow-on steps.
For more information, see Use Gemini to investigate security issues.
Identity-Aware Proxy (IAP) now supports Workforce Identity Federation for application access. You can now use your extended workforce identities to access IAP-protected applications without having to sync your identities into Cloud Identity. For more information, see Configure IAP with Workforce Identity Federation.
The Migrate to Containers UI in the Google Cloud console, migctl
, and CRDs that used processing clusters to migrate workloads to Google Cloud are no longer available.
To perform migrations, use the Migrate to Containers CLI on your local machine. For more information, see Migrate to Containers overview.
If you have any questions or require additional support, then reach out to m2c-external-feedback@google.com.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.129.2 (2024-04-30)
Dependencies
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.13.0 (2024-05-01)
Features
- secretmanager: Add Secret Version Delayed Destroy changes for client libraries (1d757c6)
Bug Fixes
- secretmanager: Bump x/net to v0.24.0 (ba31ed5)
Assign high-value resources based on Sensitive Data Protection insights for Cloud SQL
The attack path simulations feature can now automatically set the resource value of a Cloud SQL resource based on the sensitivity of the data that the instance contains.
For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.
For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.
May 03, 2024
Application IntegrationLoop Metadata variables are changing
In the For each loop and While loop tasks, there's a Loop metadata
variable in which you will find duplicate keys for the output variable–for example, Current Iteration Count
and current_iteration_count
. We recommend you to use the variables that contain the underscore (_
) symbol because the other keys are being deprecated.
For more information, see Known issue: Duplicate keys in the Loop metadata.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- AI Platform
aiplatform.googleapis.com/Index
aiplatform.googleapis.com/IndexEndpoint
- Compute Engine
compute.googleapis.com/NetworkAttachment
Create a new playbook using Gemini (Preview)
You can now use Gemini to create a fully structured playbook. All you need to do is write a well structured prompt and click Create. For more information, see Create playbook with Gemini.
As of May 3, 2024, when you create a new organization, it enforces the following organization policy constraints by default:
iam.disableServiceAccountKeyCreation
iam.disableServiceAccountKeyUpload
iam.automaticGrantsForDefaultServiceAccounts
iam.allowedPolicyMemberDomains
For more information, see Restricting service account usage and Restricting identities by domain.
Installing Policy Controller 1.18.0 or newer will fail unless you first enable the anthospolicycontroller.googleapis.com
API. For more information on directly installing and managing Policy Controller, see Install Policy Controller.
Policy Controller bundles have been updated to the following versions: cis-gke-v1.5.0
: 202403.0
, nist-sp-800-190
: 202403.0
, nist-sp-800-53-r5
: 202403.0
, pci-dss-v3.2.1
: 202403.0
, pci-dss-v4.0
: 202403.0
, policy-essentials-v2022
: 202403.0
, pss-baseline-v2022
: 202403.1
, pss-restricted-v2022
: 202403.1
. For reference, see Policy Controller bundles overview.
Some Policy Intelligence features are only available for customers with organization-level activations of Security Command Center. For more information, see Billing questions.
Private Service Connect supports IPv6 in Preview for the following supported configurations:
- Service consumers can access published services by using Private Service Connect endpoints that have IPv6 addresses.
- Service producers that use supported load balancers can publish services by using service attachments that have IPv6 addresses.
For more information, see IP version translation.
May 02, 2024
Anthos Config ManagementInstalling Policy Controller 1.18.0 or newer will fail unless you first enable the anthospolicycontroller.googleapis.com
API. For more information on directly installing and managing Policy Controller, see Install Policy Controller.
Policy Controller now has its own release notes page. For future announcements, visit Policy Controller release notes.
Dynamic namespace selection using the spec.mode
field in the NamespaceSelector CRD is now generally available (GA). This feature supports deploying namespace-scoped resources in matching Namespaces statically-declared in the source of truth and dynamically present on the cluster. For more information, refer to NamespaceSelector mode.
Config Sync now supports specifying CA certificates for helm and OCI source types. This is surfaced on the caCertSecretRef
field on the RootSync and RepoSync APIs. For more information, refer to RootSync and RepoSync fields.
Policy Controller bundles have been updated to the following versions: cis-gke-v1.5.0
: 202403.0
, nist-sp-800-190
: 202403.0
, nist-sp-800-53-r5
: 202403.0
, pci-dss-v3.2.1
: 202403.0
, pci-dss-v4.0
: 202403.0
, policy-essentials-v2022
: 202403.0
, pss-baseline-v2022
: 202403.1
, pss-restricted-v2022
: 202403.1
. For reference, see Policy Controller bundles overview.
When syncing from Helm, Config Sync now retries faster on errors with exponential backoff.
Reduced memory footprint in reconcilers by not loading the OpenAPI when the Config Sync admission webhook is disabled.
On Autopilot clusters, the helm-sync
container CPU request is changed from 150m to 250m, and memory request is changed from 256Mi to 384Mi. For information on resource requirements, see Resource requests.
Upgraded bundled Helm version from v3.13.3 to v3.14.3 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.
You can now set up Ops Agent on your Bare Metal Solution server to view Bare Metal Solution metrics. This feature is generally available (GA).
Bare Metal Solution now supports Oracle Linux 9. This feature is generally available (GA). For more information, see Operating systems and Change the OS for a server.
Analytics Hub Subscription Management is generally available (GA). Data Publishers can now manage their subscriptions, view information about their subscribers, and revoke access to their data at any time.
Analytics Hub Provider Usage Metrics is now generally available (GA). The usage metrics include the following:
- Jobs that run against your shared data.
- The consumption details of your shared data by subscribers' projects and organizations.
- The number of rows and bytes processed by the job.
The Bigtable Spark connector lets you read and write data from and to Bigtable using Spark SQL and DataFrames inside your Spark application. This feature is generally available (GA).
You can now revert an instance to a snapshot state. This feature is generally available for instances created in the zonal and enterprise service tiers.
Filestore supports IP-based access control for your volumes. You can now use the Filestore CSI driver to configure IP-based access control at volume creation.
Release 1.28.500-gke.120
GKE on Bare Metal 1.28.500-gke.120 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.500-gke.120 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
The following container image security vulnerabilities have been fixed in 1.28.500-gke.120:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
The new release of the GKE Gateway controller (2024-R1) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities and fixes:
New capabilities:
- Gateway API CRDs v1.0.0
- Cloud Armor backend security policy support for Regional external Gateways
- Self-managed certificates with Certificate Manager on Regional internal & external Gateways
- Google-managed certificates with Certificate Manager on Regional internal & external Gateways [Preview]
Bug fixes:
- Fixed missing permissions to MCI service agent role for regional SSL policy
To learn more about our GKE Gateway controller capabilities, see the supported capabilities per GatewayClass.
Starting in GKE 1.30, the metric scheduler_pod_scheduling_duration_seconds
in control plane metrics package will no longer be available, as a result of deprecation in the upstream OSS. The replacement metric scheduler_pod_scheduling_sli_duration_seconds
will be exported as part of the the control plane metrics package instead.
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- AIX system (
AIX_SYSTEM
) - Arcsight CEF (
ARCSIGHT_CEF
) - Arista Switch (
ARISTA_SWITCH
) - Aruba (
ARUBA_WIRELESS
) - Aruba Switch (
ARUBA_SWITCH
) - Attivo Networks (
ATTIVO
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - AWS Control Tower (
AWS_CONTROL_TOWER
) - AWS Elastic Load Balancer (
AWS_ELB
) - AWS WAF (
AWS_WAF
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure AD Organizational Context (
AZURE_AD_CONTEXT
) - Azure Application Gateway (
AZURE_GATEWAY
) - Azure Storage Audit (
AZURE_STORAGE_AUDIT
) - Azure WAF (
AZURE_WAF
) - Barracuda Firewall (
BARRACUDA_FIREWALL
) - BeyondTrust Endpoint Privilege Management (
BEYONDTRUST_ENDPOINT
) - BigQuery (
N/A
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Brocade Switch (
BROCADE_SWITCH
) - Check Point (
CHECKPOINT_FIREWALL
) - Cisco ASA (
CISCO_ASA_FIREWALL
) - Cisco Firepower NGFW (
CISCO_FIREPOWER_FIREWALL
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco Internetwork Operating System (
CISCO_IOS
) - Cisco ISE (
CISCO_ISE
) - Cisco Meraki (
CISCO_MERAKI
) - Cisco VPN (
CISCO_VPN
) - Cisco WLC/WCS (
CISCO_WIRELESS
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Claroty Enterprise Management Console (
CLAROTY_EMC
) - Cloud Audit Logs (
N/A
) - Cloud Intrusion Detection System (
GCP_IDS
) - Corelight (
CORELIGHT
) - CrowdStrike Detection Monitoring (
CS_DETECTS
) - CrowdStrike Falcon (
CS_EDR
) - CyberArk (
CYBERARK
) - Cyberark Privilege Cloud (
CYBERARK_PRIVILEGE_CLOUD
) - Cybergatekeeper NAC (
CYBERGATEKEEPER_NAC
) - Darktrace (
DARKTRACE
) - Dell ECS Enterprise Object Storage (
DELL_ECS
) - Dell Switch (
DELL_SWITCH
) - Elastic Packet Beats (
ELASTIC_PACKETBEATS
) - ESET (
ESET_EDR
) - ESET AV (
ESET_AV
) - F5 Advanced Firewall Management (
F5_AFM
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - FireEye HX (
FIREEYE_HX
) - FireEye NX Audit (
FIREEYE_NX_AUDIT
) - Firewall Rule Logging (
N/A
) - Forcepoint DLP (
FORCEPOINT_DLP
) - Forescout NAC (
FORESCOUT_NAC
) - Forgerock OpenIdM (
FORGEROCK_OPENIDM
) - FortiGate (
FORTINET_FIREWALL
) - Fortinet FortiAnalyzer (
FORTINET_FORTIANALYZER
) - Fortra Powertech SIEM Agent (
FORTRA_POWERTECH_SIEM_AGENT
) - Cloud NAT (
N/A
) - GCP_SWP (
GCP_SWP
) - Gitlab (
GITLAB
) - GMAIL Logs (
GMAIL_LOGS
) - GMV Checker ATM Security (
GMV_CHECKER
) - Guardicore Centra (
GUARDICORE_CENTRA
) - HPE BladeSystem C7000 (
HPE_BLADESYSTEM_C7000
) - HYPR MFA (
HYPR_MFA
) - IBM AS/400 (
IBM_AS400
) - IBM DS8000 Storage (
IBM_DS8000
) - IBM Guardium (
GUARDIUM
) - IBM Tape Storages (
IBM_LTO
) - IBM Tivoli (
IBM_TIVOLI
) - IBM-i Operating System (
IBM_I
) - Illumio Core (
ILLUMIO_CORE
) - Imperva (
IMPERVA_WAF
) - Imperva Advanced Bot Protection (
IMPERVA_ABP
) - Imperva SecureSphere Management (
IMPERVA_SECURESPHERE
) - Infoblox (
INFOBLOX
) - ION Spectrum (
ION_SPECTRUM
) - Ipswitch MOVEit Transfer (
IPSWITCH_MOVEIT_TRANSFER
) - Jamf Protect Alerts (
JAMF_PROTECT
) - Jamf Protect Telemetry (
JAMF_TELEMETRY
) - Juniper Junos (
JUNIPER_JUNOS
) - Juniper MX Router (
JUNIPER_MX
) - Kubernetes Node (
KUBERNETES_NODE
) - LastPass Password Management (
LASTPASS
) - Linux Auditing System (AuditD) (
AUDITD
) - McAfee Enterprise Security Manager (
MCAFEE_ESM
) - Medigate IoT (
MEDIGATE_IOT
) - Microsoft AD (
WINDOWS_AD
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Defender for Identity (
MICROSOFT_DEFENDER_IDENTITY
) - Microsoft Exchange (
EXCHANGE_MAIL
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Microsoft IAS Server (
MICROSOFT_IAS
) - Microsoft Intune (
AZURE_MDM_INTUNE
) - Microsoft SQL Server (
MICROSOFT_SQL
) - Mongo Database (
MONGO_DB
) - Netscout Arbor Sightline (
ARBOR_SIGHTLINE
) - Netskope Web Proxy (
NETSKOPE_WEBPROXY
) - NGFW Enterprise (
GCP_NGFW_ENTERPRISE
) - Office 365 (
OFFICE_365
) - Office 365 Message Trace (
OFFICE_365_MESSAGETRACE
) - Opengear Remote Management (
OPENGEAR
) - Oracle (
ORACLE_DB
) - OSQuery (
OSQUERY_EDR
) - OSSEC (
OSSEC
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Prisma Cloud (
PAN_PRISMA_CLOUD
) - PerimeterX Bot Protection (
PERIMETERX_BOT_PROTECTION
) - Phishlabs (
PHISHLABS
) - Proofpoint Tap Alerts (
PROOFPOINT_MAIL
) - Pulse Secure (
PULSE_SECURE_VPN
) - Riverbed Steelhead (
STEELHEAD
) - RSA SecurID Access Identity Router (
RSA_SECURID
) - SAP SM20 (
SAP_SM20
) - SAP SuccessFactors (
SAP_SUCCESSFACTORS
) - SAP Webdispatcher (
SAP_WEBDISP
) - Security Command Center Posture Violation (
GCP_SECURITYCENTER_POSTURE_VIOLATION
) - Security Command Center Threat (
N/A
) - Security Command Center Toxic Combination (
GCP_SECURITYCENTER_TOXIC_COMBINATION
) - Sentinelone Alerts (
SENTINELONE_ALERT
) - SentinelOne EDR (
SENTINEL_EDR
) - SentinelOne Singularity Cloud Funnel (
SENTINELONE_CF
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - Solaris system (
SOLARIS_SYSTEM
) - SonicWall (
SONIC_FIREWALL
) - Sonicwall Secure Mobile Access (
SONICWALL_SMA
) - Splunk Platform (
SPLUNK
) - Squid Web Proxy (
SQUID_WEBPROXY
) - Suricata EVE (
SURICATA_EVE
) - Suricata IDS (
SURICATA_IDS
) - Swift Alliance Messaging Hub (
SWIFT_AMH
) - Symantec CloudSOC CASB (
SYMANTEC_CASB
) - Symantec DLP (
SYMANTEC_DLP
) - Tenable OT (
TENABLE_OT
) - Tetragon Ebpf Audit Logs (
TETRAGON_EBPF_AUDIT_LOGS
) - Trellix HX Event Streamer (
TRELLIX_HX_ES
) - Trend Micro (
TIPPING_POINT
) - Trend Micro Cloud one (
TRENDMICRO_CLOUDONE
) - Trend Micro Deep Security (
TRENDMICRO_DEEP_SECURITY
) - TrendMicro Apex Central (
TRENDMICRO_APEX_CENTRAL
) - TrendMicro Web Proxy (
TRENDMICRO_WEBPROXY
) - Unifi AP (
UNIFI_AP
) - Unix system (
NIX_SYSTEM
) - Vectra Detect (
VECTRA_DETECT
) - VeridiumID by Veridium (
VERIDIUM_ID
) - VPC Flow Logs (
GCP_VPC_FLOW
) - Windows Defender ATP (
WINDOWS_DEFENDER_ATP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Network Policy Server (
WINDOWS_NET_POLICY_SERVER
) - Windows Sysmon (
WINDOWS_SYSMON
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - Workspace Alerts (
WORKSPACE_ALERTS
) - Workspace ChromeOS Devices (
WORKSPACE_CHROMEOS
) - Workspace Groups (
WORKSPACE_GROUPS
) - Workspace Mobile Devices (
WORKSPACE_MOBILE
) - Workspace Privileges (
WORKSPACE_PRIVILEGES
) - Workspace Users (
WORKSPACE_USERS
) - YAMAHA ROUTER RTX1200 (
YAMAHA_ROUTER
) - Zeek JSON (
BRO_JSON
) - Zimperium (
ZIMPERIUM
) - Zscaler (
ZSCALER_WEBPROXY
) - Zscaler CASB (
ZSCALER_CASB
) - ZScaler NGFW (
ZSCALER_FIREWALL
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- Adaxes (
ADAXES
) - Air Table (
AIR_TABLE
) - Alert Enterprise Guardian (
ALERT_GUARDIAN
) - Amavis (
AMAVIS
) - Atlassian Beacon (
ATLASSIAN_BEACON
) - Banner dd (
BANNER_DD
) - BetterStack Uptime (
BETTERSTACK_UPTIME
) - BloodHound (
BLOODHOUND
) - Core Privileged Access Manager (BoKS) (
BOKS
) - Cisco Secure Access (
CISCO_SECURE_ACCESS
) - Cleafy (
CLEAFY
) - Clear Bank Portal Audit (
CLEARBANK_PORTAL
) - CloudBees (
CLOUDBEES
) - Comforte SecurDPS (
COMFORTE_SECURDPS
) - Control Plane (
CONTROL_PLANE
) - Corrata (
CORRATA
) - Cubist Audit (
CUBIST_AUDIT
) - C Zentrix (
C_ZENTRIX
) - DefectDojo (
DEFECTDOJO
) - Dmarcian (
DMARCIAN
) - DocuSign (
DOCUSIGN
) - Duo Activity Logs (
DUO_ACTIVITY
) - E2 Guardian (
E2_GUARDIAN
) - Egress Defend (
EGRESS_DEFEND
) - Egress Prevent (
EGRESS_PREVENT
) - Emsisoft AntiVirus (
EMSISOFT_ANTIVIRUS
) - F5 System Logs (
F5_SYSTEM_LOGS
) - Fastly CDN (
FASTLY_CDN
) - FireEye CMS (
FIREEYE_CMS
) - Forcepoint Mail Relay (
FORCEPOINT_MAIL_RELAY
) - Google Ads (
GOOGLE_ADS
) - H3C Comware Platform Switch
- Halcyon Anti Ransomware (
HALCYON
) - Halo (
HALO
) - HP Poly (
HP_POLY
) - Huawei CloudEngine (
HUAWEI_CLOUDENGINE
) - Intruder.IO (
INTRUDER_IO
) - Ivanti Connect Secure (
IVANTI_CONNECT_SECURE
) - Keyfactor (
KEYFACTOR
) - Kyverno (
KYVERNO
) - LaunchDarkly (
LAUNCH_DARKLY
) - LeanIX Enterprise (
LEANIX
) - Leanix CMDB (
LEANIX_CMDB
) - Lucid (
LUCID
) - Lumeta Spectre (
LUMETA
) - ManageEngine Asset Explorer (
MANAGE_ENGINE_ASSET_EXPLR
) - ManageEngine Endpoint Central (
MANAGE_ENGINE_ENDPT_CNTRL
) - Mandiant Digital Threat Monitoring (
MANDIANT_DTM_ALERTS
) - Manhattan Warehouse Management System (
MANHATTAN_WMS
) - Mend IO (
MEND_IO
) - Meta Marketing (
META_MARKETING
) - Miasma SecretScanner (
MIASMA_SECRETSCANNER
) - Microsoft Ads (
MICROSOFT_ADS
) - Microsoft Purview (
MICROSOFT_PURVIEW
) - ModSecurity (
MODSECURITY
) - Netapp Storagegrid (
NETAPP_STORAGEGRID
) - NetBrain (
NETBRAIN
) - Netenrich Entity Context (
NETENRICH_ENTITY_CONTEXT
) - Netwrix Activity Monitor (
NETWRIX_ACTIVITY_MONITOR
) - Netwrix Stealth Intercept (
NETWRIX_STEALTH_INTERCEPT
) - Netwrix Threat Manager (
NETWRIX_THREAT_MANAGER
) - Nexus Sonatype (
NEXUS_SONATYPE
) - Oracle Fusion (
ORACLE_FUSION
) - PAGELY (
PAGELY
) - Palantir (
PALANTIR
) - Proofpoint Meta (
PROOFPOINT_META
) - Qumulo FS (
QUMULO_FS
) - Radware Alteon (
RADWARE_ALTEON
) - SailPoint IdentityIQ (
SAILPOINT_IIQ
) - Sentinelone Activity (
SENTINELONE_ACTIVITY
) - Siga Level Zero OT Resilience (
SIGA
) - Site24x7 (
SITE24X7
) - Winevtlog Snare (
SNARE_WINEVTLOG
) - Solar System (
SOLAR_SYSTEM
) - Stealthbits DLP (
STEALTHBITS_DLP
) - Symantec VIP Authentication Hub (
SYMANTEC_VIP_AUTHHUB
) - Temenos Journey Manager System Event Publisher (
TEMENOS_MANAGER_SYSTEMEVENT
) - Teradata Aster (
TERADATA_ASTER
) - Tiktok for Developers (
TIKTOK
) - Transmit BindID (
TRANSMIT_BINDID
) - Trend Micro Vision One Audit (
TRENDMICRO_VISION_ONE_AUDIT
) - Trend Micro Vision One Observerd Attack Techniques (
TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES
) - Trend Micro Vision One Workbench (
TRENDMICRO_VISION_ONE_WORKBENCH
) - TrueNAS (
TRUENAS
) - E-Motional Transparent Screen Lock TSL RFID (
TSL_PRO
) - UPX AntiDDoS (
UPX_ANTIDDOS
) - Verba Recording System (
VERBA_REC
) - Vercara (
VERCARA
) - Veza Access Control Platform (
VEZA
) - Web Methods Api Gateway (
WEBMETHODS_API_GATEWAY
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- AIX system (
AIX_SYSTEM
) - Arcsight CEF (
ARCSIGHT_CEF
) - Arista Switch (
ARISTA_SWITCH
) - Aruba (
ARUBA_WIRELESS
) - Aruba Switch (
ARUBA_SWITCH
) - Attivo Networks (
ATTIVO
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - AWS Control Tower (
AWS_CONTROL_TOWER
) - AWS Elastic Load Balancer (
AWS_ELB
) - AWS WAF (
AWS_WAF
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure AD Organizational Context (
AZURE_AD_CONTEXT
) - Azure Application Gateway (
AZURE_GATEWAY
) - Azure Storage Audit (
AZURE_STORAGE_AUDIT
) - Azure WAF (
AZURE_WAF
) - Barracuda Firewall (
BARRACUDA_FIREWALL
) - BeyondTrust Endpoint Privilege Management (
BEYONDTRUST_ENDPOINT
) - BigQuery (
N/A
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Brocade Switch (
BROCADE_SWITCH
) - Check Point (
CHECKPOINT_FIREWALL
) - Cisco ASA (
CISCO_ASA_FIREWALL
) - Cisco Firepower NGFW (
CISCO_FIREPOWER_FIREWALL
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco Internetwork Operating System (
CISCO_IOS
) - Cisco ISE (
CISCO_ISE
) - Cisco Meraki (
CISCO_MERAKI
) - Cisco VPN (
CISCO_VPN
) - Cisco WLC/WCS (
CISCO_WIRELESS
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Claroty Enterprise Management Console (
CLAROTY_EMC
) - Cloud Audit Logs (
N/A
) - Cloud Intrusion Detection System (
GCP_IDS
) - Corelight (
CORELIGHT
) - CrowdStrike Detection Monitoring (
CS_DETECTS
) - CrowdStrike Falcon (
CS_EDR
) - CyberArk (
CYBERARK
) - Cyberark Privilege Cloud (
CYBERARK_PRIVILEGE_CLOUD
) - Cybergatekeeper NAC (
CYBERGATEKEEPER_NAC
) - Darktrace (
DARKTRACE
) - Dell ECS Enterprise Object Storage (
DELL_ECS
) - Dell Switch (
DELL_SWITCH
) - Elastic Packet Beats (
ELASTIC_PACKETBEATS
) - ESET (
ESET_EDR
) - ESET AV (
ESET_AV
) - F5 Advanced Firewall Management (
F5_AFM
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - FireEye HX (
FIREEYE_HX
) - FireEye NX Audit (
FIREEYE_NX_AUDIT
) - Firewall Rule Logging (
N/A
) - Forcepoint DLP (
FORCEPOINT_DLP
) - Forescout NAC (
FORESCOUT_NAC
) - Forgerock OpenIdM (
FORGEROCK_OPENIDM
) - FortiGate (
FORTINET_FIREWALL
) - Fortinet FortiAnalyzer (
FORTINET_FORTIANALYZER
) - Fortra Powertech SIEM Agent (
FORTRA_POWERTECH_SIEM_AGENT
) - Cloud NAT (
N/A
) - GCP_SWP (
GCP_SWP
) - Gitlab (
GITLAB
) - GMAIL Logs (
GMAIL_LOGS
) - GMV Checker ATM Security (
GMV_CHECKER
) - Guardicore Centra (
GUARDICORE_CENTRA
) - HPE BladeSystem C7000 (
HPE_BLADESYSTEM_C7000
) - HYPR MFA (
HYPR_MFA
) - IBM AS/400 (
IBM_AS400
) - IBM DS8000 Storage (
IBM_DS8000
) - IBM Guardium (
GUARDIUM
) - IBM Tape Storages (
IBM_LTO
) - IBM Tivoli (
IBM_TIVOLI
) - IBM-i Operating System (
IBM_I
) - Illumio Core (
ILLUMIO_CORE
) - Imperva (
IMPERVA_WAF
) - Imperva Advanced Bot Protection (
IMPERVA_ABP
) - Imperva SecureSphere Management (
IMPERVA_SECURESPHERE
) - Infoblox (
INFOBLOX
) - ION Spectrum (
ION_SPECTRUM
) - Ipswitch MOVEit Transfer (
IPSWITCH_MOVEIT_TRANSFER
) - Jamf Protect Alerts (
JAMF_PROTECT
) - Jamf Protect Telemetry (
JAMF_TELEMETRY
) - Juniper Junos (
JUNIPER_JUNOS
) - Juniper MX Router (
JUNIPER_MX
) - Kubernetes Node (
KUBERNETES_NODE
) - LastPass Password Management (
LASTPASS
) - Linux Auditing System (AuditD) (
AUDITD
) - McAfee Enterprise Security Manager (
MCAFEE_ESM
) - Medigate IoT (
MEDIGATE_IOT
) - Microsoft AD (
WINDOWS_AD
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Defender for Identity (
MICROSOFT_DEFENDER_IDENTITY
) - Microsoft Exchange (
EXCHANGE_MAIL
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Microsoft IAS Server (
MICROSOFT_IAS
) - Microsoft Intune (
AZURE_MDM_INTUNE
) - Microsoft SQL Server (
MICROSOFT_SQL
) - Mongo Database (
MONGO_DB
) - Netscout Arbor Sightline (
ARBOR_SIGHTLINE
) - Netskope Web Proxy (
NETSKOPE_WEBPROXY
) - NGFW Enterprise (
GCP_NGFW_ENTERPRISE
) - Office 365 (
OFFICE_365
) - Office 365 Message Trace (
OFFICE_365_MESSAGETRACE
) - Opengear Remote Management (
OPENGEAR
) - Oracle (
ORACLE_DB
) - OSQuery (
OSQUERY_EDR
) - OSSEC (
OSSEC
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Prisma Cloud (
PAN_PRISMA_CLOUD
) - PerimeterX Bot Protection (
PERIMETERX_BOT_PROTECTION
) - Phishlabs (
PHISHLABS
) - Proofpoint Tap Alerts (
PROOFPOINT_MAIL
) - Pulse Secure (
PULSE_SECURE_VPN
) - Riverbed Steelhead (
STEELHEAD
) - RSA SecurID Access Identity Router (
RSA_SECURID
) - SAP SM20 (
SAP_SM20
) - SAP SuccessFactors (
SAP_SUCCESSFACTORS
) - SAP Webdispatcher (
SAP_WEBDISP
) - Security Command Center Posture Violation (
GCP_SECURITYCENTER_POSTURE_VIOLATION
) - Security Command Center Threat (
N/A
) - Security Command Center Toxic Combination (
GCP_SECURITYCENTER_TOXIC_COMBINATION
) - Sentinelone Alerts (
SENTINELONE_ALERT
) - SentinelOne EDR (
SENTINEL_EDR
) - SentinelOne Singularity Cloud Funnel (
SENTINELONE_CF
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - Solaris system (
SOLARIS_SYSTEM
) - SonicWall (
SONIC_FIREWALL
) - Sonicwall Secure Mobile Access (
SONICWALL_SMA
) - Splunk Platform (
SPLUNK
) - Squid Web Proxy (
SQUID_WEBPROXY
) - Suricata EVE (
SURICATA_EVE
) - Suricata IDS (
SURICATA_IDS
) - Swift Alliance Messaging Hub (
SWIFT_AMH
) - Symantec CloudSOC CASB (
SYMANTEC_CASB
) - Symantec DLP (
SYMANTEC_DLP
) - Tenable OT (
TENABLE_OT
) - Tetragon Ebpf Audit Logs (
TETRAGON_EBPF_AUDIT_LOGS
) - Trellix HX Event Streamer (
TRELLIX_HX_ES
) - Trend Micro (
TIPPING_POINT
) - Trend Micro Cloud one (
TRENDMICRO_CLOUDONE
) - Trend Micro Deep Security (
TRENDMICRO_DEEP_SECURITY
) - TrendMicro Apex Central (
TRENDMICRO_APEX_CENTRAL
) - TrendMicro Web Proxy (
TRENDMICRO_WEBPROXY
) - Unifi AP (
UNIFI_AP
) - Unix system (
NIX_SYSTEM
) - Vectra Detect (
VECTRA_DETECT
) - VeridiumID by Veridium (
VERIDIUM_ID
) - VPC Flow Logs (
GCP_VPC_FLOW
) - Windows Defender ATP (
WINDOWS_DEFENDER_ATP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Network Policy Server (
WINDOWS_NET_POLICY_SERVER
) - Windows Sysmon (
WINDOWS_SYSMON
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - Workspace Alerts (
WORKSPACE_ALERTS
) - Workspace ChromeOS Devices (
WORKSPACE_CHROMEOS
) - Workspace Groups (
WORKSPACE_GROUPS
) - Workspace Mobile Devices (
WORKSPACE_MOBILE
) - Workspace Privileges (
WORKSPACE_PRIVILEGES
) - Workspace Users (
WORKSPACE_USERS
) - YAMAHA ROUTER RTX1200 (
YAMAHA_ROUTER
) - Zeek JSON (
BRO_JSON
) - Zimperium (
ZIMPERIUM
) - Zscaler (
ZSCALER_WEBPROXY
) - Zscaler CASB (
ZSCALER_CASB
) - ZScaler NGFW (
ZSCALER_FIREWALL
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- Adaxes (
ADAXES
) - Air Table (
AIR_TABLE
) - Alert Enterprise Guardian (
ALERT_GUARDIAN
) - Amavis (
AMAVIS
) - Atlassian Beacon (
ATLASSIAN_BEACON
) - Banner dd (
BANNER_DD
) - BetterStack Uptime (
BETTERSTACK_UPTIME
) - BloodHound (
BLOODHOUND
) - Core Privileged Access Manager (BoKS) (
BOKS
) - Cisco Secure Access (
CISCO_SECURE_ACCESS
) - Cleafy (
CLEAFY
) - Clear Bank Portal Audit (
CLEARBANK_PORTAL
) - CloudBees (
CLOUDBEES
) - Comforte SecurDPS (
COMFORTE_SECURDPS
) - Control Plane (
CONTROL_PLANE
) - Corrata (
CORRATA
) - Cubist Audit (
CUBIST_AUDIT
) - C Zentrix (
C_ZENTRIX
) - DefectDojo (
DEFECTDOJO
) - Dmarcian (
DMARCIAN
) - DocuSign (
DOCUSIGN
) - Duo Activity Logs (
DUO_ACTIVITY
) - E2 Guardian (
E2_GUARDIAN
) - Egress Defend (
EGRESS_DEFEND
) - Egress Prevent (
EGRESS_PREVENT
) - Emsisoft AntiVirus (
EMSISOFT_ANTIVIRUS
) - F5 System Logs (
F5_SYSTEM_LOGS
) - Fastly CDN (
FASTLY_CDN
) - FireEye CMS (
FIREEYE_CMS
) - Forcepoint Mail Relay (
FORCEPOINT_MAIL_RELAY
) - Google Ads (
GOOGLE_ADS
) - H3C Comware Platform Switch
- Halcyon Anti Ransomware (
HALCYON
) - Halo (
HALO
) - HP Poly (
HP_POLY
) - Huawei CloudEngine (
HUAWEI_CLOUDENGINE
) - Intruder.IO (
INTRUDER_IO
) - Ivanti Connect Secure (
IVANTI_CONNECT_SECURE
) - Keyfactor (
KEYFACTOR
) - Kyverno (
KYVERNO
) - LaunchDarkly (
LAUNCH_DARKLY
) - LeanIX Enterprise (
LEANIX
) - Leanix CMDB (
LEANIX_CMDB
) - Lucid (
LUCID
) - Lumeta Spectre (
LUMETA
) - ManageEngine Asset Explorer (
MANAGE_ENGINE_ASSET_EXPLR
) - ManageEngine Endpoint Central (
MANAGE_ENGINE_ENDPT_CNTRL
) - Mandiant Digital Threat Monitoring (
MANDIANT_DTM_ALERTS
) - Manhattan Warehouse Management System (
MANHATTAN_WMS
) - Mend IO (
MEND_IO
) - Meta Marketing (
META_MARKETING
) - Miasma SecretScanner (
MIASMA_SECRETSCANNER
) - Microsoft Ads (
MICROSOFT_ADS
) - Microsoft Purview (
MICROSOFT_PURVIEW
) - ModSecurity (
MODSECURITY
) - Netapp Storagegrid (
NETAPP_STORAGEGRID
) - NetBrain (
NETBRAIN
) - Netenrich Entity Context (
NETENRICH_ENTITY_CONTEXT
) - Netwrix Activity Monitor (
NETWRIX_ACTIVITY_MONITOR
) - Netwrix Stealth Intercept (
NETWRIX_STEALTH_INTERCEPT
) - Netwrix Threat Manager (
NETWRIX_THREAT_MANAGER
) - Nexus Sonatype (
NEXUS_SONATYPE
) - Oracle Fusion (
ORACLE_FUSION
) - PAGELY (
PAGELY
) - Palantir (
PALANTIR
) - Proofpoint Meta (
PROOFPOINT_META
) - Qumulo FS (
QUMULO_FS
) - Radware Alteon (
RADWARE_ALTEON
) - SailPoint IdentityIQ (
SAILPOINT_IIQ
) - Sentinelone Activity (
SENTINELONE_ACTIVITY
) - Siga Level Zero OT Resilience (
SIGA
) - Site24x7 (
SITE24X7
) - Winevtlog Snare (
SNARE_WINEVTLOG
) - Solar System (
SOLAR_SYSTEM
) - Stealthbits DLP (
STEALTHBITS_DLP
) - Symantec VIP Authentication Hub (
SYMANTEC_VIP_AUTHHUB
) - Temenos Journey Manager System Event Publisher (
TEMENOS_MANAGER_SYSTEMEVENT
) - Teradata Aster (
TERADATA_ASTER
) - Tiktok for Developers (
TIKTOK
) - Transmit BindID (
TRANSMIT_BINDID
) - Trend Micro Vision One Audit (
TRENDMICRO_VISION_ONE_AUDIT
) - Trend Micro Vision One Observerd Attack Techniques (
TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES
) - Trend Micro Vision One Workbench (
TRENDMICRO_VISION_ONE_WORKBENCH
) - TrueNAS (
TRUENAS
) - E-Motional Transparent Screen Lock TSL RFID (
TSL_PRO
) - UPX AntiDDoS (
UPX_ANTIDDOS
) - Verba Recording System (
VERBA_REC
) - Vercara (
VERCARA
) - Veza Access Control Platform (
VEZA
) - Web Methods Api Gateway (
WEBMETHODS_API_GATEWAY
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
Remote Agents Release 1.6.0 is currently in Preview.
Jobs can now be run remotely over remote agents.
Chart titles
You can now add a title directly to a chart in Looker Studio. You can customize the title's font, color, size, styling, and positioning within the Title section of the Style tab of the properties panel.
Service producers are no longer charged producer data processing for ingress or egress traffic through a Private Service Connect service attachment. For more information, see pricing for published services.
Private Service Connect now offers consumers volume-based discounts for consumer data processing. For more information, see Consumer data processing.
May 01, 2024
AlloyDB for PostgreSQLYou can now set maintenance windows for your AlloyDB clusters. If you do, then AlloyDB schedules non-emergency maintenance events to begin only during the weekly period that you specify. You can also opt in to receive email notifications of upcoming maintenance events.
On May 1, 2024 we released an updated version of Apigee integrated portal.
This release contains multiple security fixes.
A new Confidential Space image (240402) is now available. This image provides support for automatically resizing the boot disk stateful partition. See disk and memory limits for more information.
cos-113-18244-1-61
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated Konlet to v.0.12.0. This fixes an iptables compatibility issue.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Fixed CVE-2023-32681 in dev-python/requests.
Fixed CVE-2024-3772 in dev-python/pydantic.
Fixed CVE-2023-5388 in dev-libs/nss.
Updated net-dns/c-ares to version 1.27. This fixes CVE-2024-25629.
Updated dev-python/pyyaml to version 6.0.1. This fixes CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated dev-vcs/git to version VERSION. This fixes CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to version 8.7.1. This fixes CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to version 2.6.2. This fixes CVE-2024-28757.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26602 in the Linux kernel.
Fixed CVE-2024-26603 in the Linux kernel.
Fixed CVE-2024-26601 in the Linux kernel.
New Dataproc Serverless for Spark runtime versions:
- 1.1.60
- 1.2.4
- 2.0.68
- 2.1.47
- 2.2.4
Dataproc Serverless for Spark:
- Upgraded Spark RAPIDS to version 24.04.0 in 1.2 and 2.2 Dataproc Serverless for Spark runtimes.
When you submit a Dataproc Serverless Batch with a CMEK key:
- In addition to encrypting disk and Cloud Storage data, Dataproc Serverless will use your CMEK to also encrypt batch job arguments. This change will require you to do the following:
- Assign the Cloud KMS CryptoKey Encrypter/Decrypter role to the Dataproc Service Agent service account.
- Enable the Cloud KMS API on the project that runs Dataproc Batches resources.
- If the Dataproc Service Agent role is not attached to the Dataproc Service Agent service account, then add the
serviceusage.services.use
permission to the custom role attached to the Dataproc Service Agent service account.
- batches.list will return an
unreachable
field that lists any batches with job arguments that couldn't be decrypted. You can issue a batches.get request to obtain more information on an unreachable batch. - Multi-regional and cross-regional CMEKs will no longer be permitted. The key (CMEK) must be located in the same location as the encrypted resource.
For example, the CMEK used to encrypt a batch that runs in the
us-central1
region must also be located in theus-central1
region.
Online processing is available for Layout Parser in Document AI. The Document AI Layout Parser transforms documents in various formats into structured representations, making content like paragraphs, tables, lists, and structural elements like headings, page headers, and footers easily accessible, and creating context-aware chunks that facilitate information retrieval in a range of generative AI and discovery applications. For more information, see Process documents with Layout Parser.
Eventarc support for creating triggers for direct events from Cloud Speech-to-Text is generally available (GA).
1.30 is now available in the Rapid channel
Kubernetes 1.30 is now available in the Rapid channel. For more information about the content of Kubernetes 1.30, read the Kubernetes 1.30 Release Notes.
New features in 1.30
The following features are new in Kubernetes 1.30:
- ValidatingAdmissionPolicy is GA and now enabled by default.
- Validation Ratcheting is beta and enabled by default, and makes CustomResourceDefinitions even safer and easier to manage.
New APIs in 1.30
The following APIs are new in Kubernetes 1.30:
admissionregistration.k8s.io/v1
ValidatingAdmissionPolicyBinding
andValidatingAdmissionPolicy
Deprecated APIs in 1.30
The following Beta versions of graduated APIs were previously deprecated in 1.29 in favor of newer versions:
flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
: Deprecated since 1.29, will no longer be served in 1.32. Instead, useflowcontrol.apiserver.k8s.io/v1
, which is available since Kubernetes 1.29- The
status.nodeInfo.kubeProxyVersion
field in the Node API is deprecated and will not be populated starting in v1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.
Deprecated features in 1.30
The Ceph CephFS (kubernetes.io/cephfs
) and RBD (kubernetes.io/rbd
) volume plugins are deprecated since 1.28 and will be removed in a future release.
To determine if you have volumes/pods using RBD or Ceph volumes, run the following commands. If either of them print output, then you are using a deprecated volume type:
kubectl describe pv | egrep -i 'Type: *(RBD|CephFS)'
kubectl describe pod -A | egrep -i 'Type: *(RBD|CephFS)'
Switch to use an RBD or CephFS CSI driver (like the CSI drivers provided in the Ceph CSI driver project), or a Google Cloud-managed solution like Filestore. For more information, refer to the OSS Kubernetes announcement and to the Ceph CSI driver project.
(2024-R12) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
Stable channel
- Version 1.27.11-gke.1062001 is now the default version in the Stable channel.
- Version 1.27.11-gke.1062001 is now available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
Regular channel
- Version 1.27.11-gke.1062001 is now available in the Regular channel.
- Version 1.27.11-gke.1062000 is no longer available in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
Rapid channel
- Version 1.29.3-gke.1282000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- Version 1.29.3-gke.1093000 is no longer available in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1191000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.0-gke.1167000 with this release.
(2024-R12) Version updates
- The following control plane and node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
(2024-R12) Version updates
- Version 1.27.11-gke.1062001 is now the default version in the Stable channel.
- Version 1.27.11-gke.1062001 is now available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
(2024-R12) Version updates
- Version 1.27.11-gke.1062001 is now available in the Regular channel.
- Version 1.27.11-gke.1062000 is no longer available in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.
(2024-R12) Version updates
- Version 1.29.3-gke.1282000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- Version 1.29.3-gke.1093000 is no longer available in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1191000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1000000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.0-gke.1167000 with this release.
Release 6.3.1 is currently in Preview.
Create a new playbook using Gemini (Preview)
You can now use Gemini to create a fully structured playbook. All you need to do is write a well structured prompt and click Create.
For more information, see Create playbooks with Gemini.
Change entities to be marked as non suspicious
When an entity is marked as IsSuspicious
, you can now change the value from True to False.
Two changes have been made to the sort within cases ability:
- Option to sort cases by name has been removed.
- Added ability to sort through all existing cases and not only across a single page.
Cannot insert images in reports (ID #00244001)
HTML templates, case sensitivity issue and generic error (ID #44058663)
Change Alert Priority action not working as expected (ID #00277602)
Clicking on events configuration takes you to the wrong mapping & modeling rules
Alert Grouping settings not displaying correctly.
AI summaries of finding are disabled in Security Command Center
Effective May 1, 2024, the preview of Gemini AI-generated summaries of Security Command Center findings is discontinued. The summaries are no longer available in the Google Cloud console.
For more information, see Gemini features in Security Command Center.
reCAPTCHA Enterprise Mobile SDK v18.5.0-beta03 is now available for Android.
This version contains the following changes:
- Performance and reliability improvements in
getClient()
andexecute()
. - Dependency from OkHttp is removed.
April 30, 2024
Anthos clusters on AWSGKE on AWS now supports clusters in the ap-northeast-2
region.
For more information, see
Supported regions.
AWS Glue federated datasets are now generally available (GA).
An AWS Glue federated dataset is a connection at the dataset level between BigQuery and an existing database in AWS Glue.
You can now specify translation configurations in the BigQuery interactive SQL translator and use it to debug batch SQL translator jobs. This feature is generally available (GA).
The following BigQuery ML data preprocessing features are now generally available (GA):
- The
ML.TRANSFORM
function, which you can use to preprocess feature data. This function processes input data by applying the data transformations captured in theTRANSFORM
clause of an existing model. - Transform-only models, which you can use to apply preprocessing functions to input data and return the preprocessed data. Transform-only models decouple data preprocessing from model training, making it easier for you to capture and reuse a set of data preprocessing rules.
You can now reference Iceberg tables in materialized views instead of migrating that data to BigQuery-managed storage. This feature is in preview.
The global serial console gateway is deprecated. For more information, see Global serial console gateway deprecation.
cos-101-17162-463-8
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
This is an LTS Refresh release.
Included nvidia plugin in sosreport.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.
Updated docker and docker-cli to v20.10.27.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.
Updated sys-apps/shadow to v4.12.3. This resolves CVE-2013-4235.
Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.
Fixed CVE-2023-5678 in dev-libs/openssl.
Updated dev-vcs/git to v2.44.0. This fixed CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-dns/c-ares to v1.19.1. This fixed CVE-2022-4904, CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067
Updated dev-python/pyyaml to v5.4.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated app-arch/tar to v1.35. This fixed CVE-2023-39804.
Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to v2.6.2. This fixed CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.
Updated sys-libs/zlib to v1.2.13. This fixed CVE-2018-25032, CVE-2022-37434.
Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2022-33070, CVE-2022-43995, CVE-2023-22809, CVE-2023-27320, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26603 in the Linux kernel.
Fixed CVE-2024-26602 in the Linux kernel.
Fixed CVE-2024-26601 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 813030 -> 813025
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
cos-109-17800-218-14
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
This is an LTS Refresh release.
Updated app-containers/containerd to v1.7.15.
Set serial port baudrate to 115200.
Included nvidia plugin in sosreport.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.
Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.
Fixed CVE-2024-3772 in dev-python/pydantic.
Updated dev-python/pyyaml to v6.0.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated dev-vcs/git to v2.44.0 This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to v2.6.2. This fixed CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.
Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2023-42465.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26808 in the Linux kernel.
Fixed CVE-2024-26642 in the Linux kernel.
Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812605 -> 812597
- Changed: kernel.threads-max: 63520 -> 63519
- Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94089 125455 188178
- Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188181 250911 376362
- Changed: user.max_cgroup_namespaces: 31760 -> 31759
- Changed: user.max_ipc_namespaces: 31760 -> 31759
- Changed: user.max_mnt_namespaces: 31760 -> 31759
- Changed: user.max_net_namespaces: 31760 -> 31759
- Changed: user.max_pid_namespaces: 31760 -> 31759
- Changed: user.max_time_namespaces: 31760 -> 31759
- Changed: user.max_user_namespaces: 31760 -> 31759
- Changed: user.max_uts_namespaces: 31760 -> 31759
cos-105-17412-370-14
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.239.06(default),v550.54.15(latest) |
This is an LTS Refresh release.
Updated app-emulation/containerd to v1.7.15.
Included nvidia plugin in sosreport.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.
Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.
Updated net-dns/c-ares to v1.19.1. This fixed CVE-2022-4904, CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067
Updated dev-python/pyyaml to v5.4.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.
Updated app-arch/tar to v1.35. This fixed CVE-2023-39804.
Updated dev-vcs/git to v2.44.0. This fixed CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.
Updated dev-libs/expat to v2.6.2. This fixed CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.
Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2022-43995, CVE-2023-22809, CVE-2023-27320, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Fixed CVE-2024-26808 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 813029 -> 813024
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
Vertex AI Conversation has been renamed to Vertex AI Agents
Vertex AI Agents: Agent apps now support all languages supported by Vertex AI generative models.
Vertex AI Agents: Agent apps now support the eu
multi-region.
Dialogflow CX: You can now access the session ID with built-in parameters.
You can now configure access to private image registries that use private certificates using a containerd configuration file. For details, see Customize containerd configuration in GKE nodes.
In GKE 1.29.2-gke.1355000 and later, GPU workloads using the Accelerator compute class in GKE Autopilot support scheduling multiple GPU pods on a single node. To schedule multiple GPU Pods on the same node, specify the gke-accelerator-count
node selector with a value that's higher than the Pod GPU request. For details, see Deploy GPU workloads in GKE Autopilot.
A Quick Start Solution and Reference Architecture are now available for developing and deploying Retrieval Augmented Generation (RAG) applications on GKE. RAG improves the quality of Large Language Model (LLM) responses for a specific application. For example, RAG can enable a customer service chatbot to access help center articles, a shopping assistant to tap into product catalogs and customer reviews, or a travel booking agent to access up-to-date flight and hotel information.
(2024-R11) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1460000
- 1.25.16-gke.1537000
- 1.25.16-gke.1570000
- 1.25.16-gke.1711000
- 1.25.16-gke.1759000
- 1.26.14-gke.1006000
- 1.27.7-gke.1121002
- 1.27.10-gke.1055000
- 1.28.5-gke.1217000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
Stable channel
- The following versions are no longer available in the Stable channel:
- 1.25.16-gke.1460000
- 1.25.16-gke.1537000
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1537000
- 1.25.16-gke.1570000
- 1.26.14-gke.1006000
- 1.27.10-gke.1055000
- 1.28.3-gke.1286000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1044000 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1711000
- 1.25.16-gke.1759000
- 1.26.15-gke.1090000
- 1.27.12-gke.1115000
- 1.28.8-gke.1095000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1158000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1190000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1175000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.8-gke.1175000 with this release.
(2024-R11) Version updates
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1460000
- 1.25.16-gke.1537000
- 1.25.16-gke.1570000
- 1.25.16-gke.1711000
- 1.25.16-gke.1759000
- 1.26.14-gke.1006000
- 1.27.7-gke.1121002
- 1.27.10-gke.1055000
- 1.28.5-gke.1217000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
(2024-R11) Version updates
- The following versions are no longer available in the Stable channel:
- 1.25.16-gke.1460000
- 1.25.16-gke.1537000
(2024-R11) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1537000
- 1.25.16-gke.1570000
- 1.26.14-gke.1006000
- 1.27.10-gke.1055000
- 1.28.3-gke.1286000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1044000 with this release.
(2024-R11) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1711000
- 1.25.16-gke.1759000
- 1.26.15-gke.1090000
- 1.27.12-gke.1115000
- 1.28.8-gke.1095000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1158000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1190000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1175000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.8-gke.1175000 with this release.
Migrate to Virtual Machines now supports importing virtual disk image files in the following formats:
- QEMU copy-on-write (QCOW)
- QEMU copy-on-write 2 (QCOW2)
- QEMU enhanced disk format (QED)
- VPC
- Virtual disk image (VDI)
- Virtual hard disk v2 (VHDX)
- Virtual hard disk (VHD)
In addition to these formats, Virtual machine disk (VMDK), and raw files compressed as a .tar.gz file are also supported.
Spanner now supports the following for PostgreSQL arrays:
Through self-service and with zero downtime, you can now add and remove read-only replicas in base instance configurations and move your Spanner instance to a different instance configuration. For more information, see Move an instance.
A monthly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-spanner
6.62.1 (2024-03-28)
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring to v3.39.0 (#2966) (a5cb1dd)
- Update dependency com.google.cloud:google-cloud-trace to v2.38.0 (#2967) (b2dc788)
6.63.0 (2024-03-30)
Features
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring to v3.40.0 (#2987) (0a1ffcb)
- Update dependency com.google.cloud:google-cloud-trace to v2.39.0 (#2988) (cf11641)
- Update dependency commons-io:commons-io to v2.16.0 (#2986) (4697261)
6.64.0 (2024-04-12)
Features
- Add endpoint connection URL property (#2969) (c9be29c)
- Add PG OID support (#2736) (ba2a4af)
- Add SessionPoolOptions, SpannerOptions protos in executor protos (#2932) (1673fd7)
- Support max_commit_delay in Connection API (#2954) (a8f1852)
Bug Fixes
- Executor framework changes skipped in clirr checks, and added exception for partition methods in admin class (#3000) (c2d8e95)
Dependencies
- Update actions/checkout action to v4 (#3006) (368a9f3)
- Update actions/github-script action to v7 (#3007) (b0cfea6)
- Update actions/setup-java action to v4 (#3008) (d337080)
- Update dependency com.google.cloud:google-cloud-monitoring to v3.42.0 (#2997) (0615beb)
- Update dependency com.google.cloud:google-cloud-trace to v2.41.0 (#2998) (f50cd04)
- Update dependency commons-io:commons-io to v2.16.1 (#3020) (aafd5b9)
- Update opentelemetry.version to v1.37.0 (#3021) (8f1ed2a)
- Update stcarolas/setup-maven action to v5 (#3009) (541acd2)
6.65.0 (2024-04-20)
Features
- Remove grpclb (#2760) (1df09d9)
- Support client-side hints for tags and priority (#3005) (48828df), closes #2978
Bug Fixes
- deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#3001) (6cec1bf)
- NullPointerException on AbstractReadContext.span (#3036) (55732fd)
Dependencies
Node.js
Changes for @google-cloud/spanner
7.6.0 (2024-03-26)
Features
- Add instance partition support to spanner instance proto (#2001) (4381047)
- Managed Autoscaler (#2015) (547ca1b)
- spanner: Add a sample for max commit delays (#1993) (91c7204)
- spanner: Add support for float32 (#2020) (99e2c1d)
7.7.0 (2024-04-17)
Features
- OptimisticLock option for getTransaction method (#2028) (dacf869)
- spanner: Adding
EXPECTED_FULFILLMENT_PERIOD
to the indicate instance creation times (withFULFILLMENT_PERIOD_NORMAL
orFULFILLMENT_PERIOD_EXTENDED
ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (#2024) (5292e03)
Bug Fixes
Python
Changes for google-cloud-spanner
3.45.0 (2024-04-17)
Features
Bug Fixes
Vertex AI custom training supports TPU v5e. For details, see Training with TPU accelerators.
April 29, 2024
AlloyDB for PostgreSQLAlloyDB now supports up to 64 TiB storage per cluster in all locations. For more information about available locations, see AlloyDB locations.
With Gemini, you can now build integrations in Application Integration:
- Create and build integrations
- Configure connector tasks in an integration
- Add edge conditions and append additional tasks to an integration
- Generate integration description
This feature is in preview.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.6.1 (2024-04-26)
Bug Fixes
Go
Changes for bigquery/storage/apiv1beta1
1.61.0 (2024-04-24)
Features
- bigquery/storage/managedwriter/adapt: Add RANGE support to adapt (#9836) (ae25253)
- bigquery: RANGE support for basic data movement (#9762) (07f0806)
- bigquery: RANGE support when reading Arrow format (#9795) (da245fa)
- bigquery: RANGE type StandardSQLDataType support (#9754) (33666cf)
Bug Fixes
Java
Changes for google-cloud-bigquery
2.39.0 (2024-04-22)
Features
- Add ExportDataStats to QueryStatistics (#3244) (e91be80)
- Add new fields to copy job statistics (#3205) (64bdda8)
- Add Range object to allow reading range value (#3236) (2c3399d)
- Add support for inserting Range values (#3246) (ff1ebc6)
- Add support for ObjectMetadata (#3217) (975df05)
- Add totalSlotMs to JobStatistics (#3250) (75ea095)
Bug Fixes
- Fix BigQuery#listDatasets to include dataset location in the response (#3238) (c50c17b)
- Remove @InternalApi from TableResult (#3257) (19d92a1)
Dependencies
- Update actions/checkout action (#3256) (6df3a32)
- Update actions/upload-artifact action to v4.3.2 (#3248) (066b51f)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.40.0 (#3210) (bf7e97e)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.41.0 (#3219) (9d71b8b)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.43.0 (#3225) (a897306)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240323-2.0.0 (#3239) (2c0f48f)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.44.0 (#3211) (6993b51)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.45.0 (#3220) (21ae09c)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.47.0 (#3226) (d45d168)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#3207) (6204331)
- Update dependency org.threeten:threeten-extra to v1.8.0 (#3242) (66d5efd)
- Update github/codeql-action action to v2.24.9 (#3204) (7a24d3e)
- Update github/codeql-action action to v2.25.1 (#3229) (aeedf29)
You can now let users that are in Microsoft Entra groups access BigQuery data in Power BI by using Workforce Identity Federation. This feature is generally available.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Vertex AI Workbench
notebooks.googleapis.com/Instance
The apache-airflow-providers-google
package is upgraded to version 10.17.0. For more information about changes, see the apache-airflow-providers-google changelog from version 10.16.0 to version 10.17.0.
The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 8.1.0.
Cloud Composer 2.7.1 images are available:
- composer-2.7.1-airflow-2.7.3 (default)
- composer-2.7.1-airflow-2.6.3
Cloud Composer version 2.1.14 has reached its end of full support period.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.17.0 (2024-04-25)
Features
Bug Fixes
Dependencies
A weekly digest of client library updates from across the Cloud SDK.
Cloud Workstations base images are being upgraded to Ubuntu 22.04 from Ubuntu 20.04 this week. The last images built on Ubuntu 20.04 are tagged with last-ubuntu2004
for building backwards compatible custom images.
Cloud Workstations base images now default to Python 3.10.12
Starting the week of April 29, 2024, when you limit the run time of a standalone VM or a VM in a managed instance group (MIG), the following changes take effect:
When you stop or suspend a VM that has a time limit, the time limit will no longer be automatically removed. Whenever you start or resume the VM, its time limit is reapplied until you update or remove the time limit. If a VM's time limit is defined as a specific time and that time has passed, you can't rerun the VM until you update or remove its time limit.
When a VM in a MIG reaches its time limit, the MIG deletes that VM instead of repairing it.
For more information, see Limit the run time of a VM and Limit the run time of VMs in a MIG.
New Dataproc on Compute Engine subminor image versions:
- 2.0.99-debian10, 2.0.99-rocky8, 2.0.99-ubuntu18
- 2.1.47-debian11, 2.1.47-rocky8, 2.1.47-ubuntu20, 2.1.47-ubuntu20-arm
- 2.2.13-debian12, 2.2.13-rocky9, 2.2.13-ubuntu22
Firestore now supports the us-south1
Dallas region.
For a full list of supported locations, see Locations.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-datastore
2.19.1 (2024-04-19)
Dependencies
Firestore in Datastore mode now supports the us-south1
Dallas region.
For a full list of supported locations, see Locations.
Release 1.29.0-gke.1449
GKE on Bare Metal 1.29.0-gke.1449 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.29.0-gke.1449 runs on Kubernetes 1.29.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Version 1.15 end of life: In accordance with the Version Support Policy, version 1.15 (all patch releases) of GKE on Bare Metal has reached its end of life and is no longer supported.
Added new API and IAM role requirements for Cloud Monitoring:
You must enable the
kubernetesmetadata.googleapis.com
API for your project and grant theroles/kubernetesmetadata.publisher
IAM role to the Logging and Monitoring service account (anthos-baremetal-cloud-ops
, when created automatically). Clusters use this API as an endpoint to send Kubernetes metadata to Google Cloud. The metadata is vital for cluster monitoring, debugging, and recovery. If you install your clusters behind a proxy, addkubernetesmetadata.googleapis.com
to the list of allowed connections.Due to changes in the way service accounts are checked, you must also grant the following IAM roles to the Logging and Monitoring service account:
roles/monitoring.viewer
roles/serviceusage.serviceUsageViewer
These API and IAM role requirements apply to both creating new 1.29 clusters and upgrading existing clusters to 1.29.
GA: Support GKE Identity Service v2 capability for an improved security flow when you authenticate with third-party identity solutions.
The GA offering of GKE Identity Service v2 has the following requirements and restrictions:
GKE Identity Service v2 now requires ports
11001
and11002
on the control plane load balancer nodes, instead of8443
and8444
. Ensure these ports are open and available before you upgrade a cluster to version 1.29.0-gke.1449 and higher. If the ports aren't open, upgrade preflight checks fail.GKE Identity Service v2 requires version 1.5.1 or higher of the Anthos Auth gcloud CLI component. If necessary, update the Anthos Auth component (
gcloud components update anthos-auth
). If you use the Google Cloud SDK, updating the SDK (gcloud components update
) to version 474.0.0 or later also updates the Anthos Auth component to the required version.GKE Identity Service v2 doesn't work with GKE on Bare Metal clusters with the following configurations:
Clusters with a single control plane node only.
Clusters that use control plane nodes for load balancing. That is, clusters that aren't configured with either a separate load balancing node pool or manual load balancing.
GA: Added support for skews of up to two minor versions for selective node pool upgrades.
GA: Added capability to pause and resume cluster upgrades.
GA: Maintenance mode now uses eviction-based draining for nodes, instead of taint-based draining. Eviction-based draining uses the Eviction API, which honors Pod Disruption Budgets (PDBs). Draining nodes this way provides better protection against workload disruptions.
Preview: Added support for node-level private registry configuration for workload images.
Preview: Added support for rolling back select node pool upgrades.
Preview: Added support for admin and hybrid clusters to manage multiple versions user clusters concurrently.
Preview: Added support for using an intermediate Certificate Authority (CA) as the cluster root CA.
Preview: Added support to route workload logs to a third-party custom Kafka destination. This capability isn't enabled by default. You enable this capability in the cluster
stackdriver
resource spec by adding theunmanagedKafkaOutputConfig
section. This section lets you specify the IP addresses of Kafka message brokers (brokers
), topic names (topics
), and keys to map the topics to partitions (topicKeys
).Improved command-line interface errors and error documentation.
Functionality changes:
GKE Identity Service v2 now sends extra parameters (
extraParams
) to your OIDC provider.Extra node viewing permissions are added for accounts specified with the
spec.clusterSecurity.authorization.clusterViewer.gcpAccounts
field in the Cluster resource.Added
Status.Available
field toBareMetalMachine
resources to indicate whether the machine is available.Updated preflight checks add a check for networking kernel modules (
ip_tables
ornp_tables
) and remove theiptables
package check.The Google plugin for the GKE Identity Service now caches the public keys based on
max-age
incache-control
header.
Fixes:
Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.
Fixed a cluster upgrade issue where the
lifecycle-controller-deployer
Pod was unable to migrate existing GKE on Bare Metal resources to the latest API version. This issue blocked upgrades to earlier version 1.28 releases.Fixed an issue with configuring a proxy for your cluster that required you to manually set
HTTPS_PROXY
andNO_PROXY
environment variables on the admin workstation.Fixed an issue where upgrades are blocked because
cluster-operator
can't delete stale, failing preflight check resources.Fixed an issue where the network check ConfigMap wasn't updated when nodes were added or removed.
The following container image security vulnerabilities have been fixed in version 1.29.0-gke.1449:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
- Clusters that use bundled load balancing with BGP might have performance degradation as the total number of Services of type
LoadBalancer
approaches 2,000.
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
GKE on VMware 1.29.0-gke.1456 is now available. To upgrade, see Upgrade a cluster or a node pool. GKE on VMware 1.29.0-gke.1456 runs on Kubernetes v1.29.3-gke.600.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
- Preview: Support migrating a vSphere datastore to SPBM.
- Preview: Support migrating the configuration for integrated F5 BIG-IP to manual load balancing mode.
- Preview: Support migrating a user cluster to Controlplane V2.
- Preview: Support migrating a non-HA admin cluster to HA.
- GA: Support migrating disks from one vSphere datastore to another vSphere datastore with SPBM.
- GA: Support updating multiple service account keys together with
gkectl update credentials
. - GA: A user cluster control plane can be two minor versions later than its node pools and admin cluster.
- GA: Support for cgroupv2 Linux images for cluster nodes.
GA: Support GKE Identity Service v2 capability for an improved security flow when you authenticate with third-party identity solutions.
Warning: GKE Identity Service v2 requires ports 11001 and 11002 on the user cluster control plane nodes. Ensure these ports are open and available before you upgrade a cluster to version 1.29.0-gke.1456 and higher.
Server-side preflight checks are enabled by default for admin and user cluster create, update, and upgrade. Server-side preflight checks require the following additional firewall rules from your admin cluster control-plane nodes:
- Admin cluster F5 BIG_IP API (only if using the F5 BIG-IP load balancer)
- User cluster F5 BIG_IP API (only if using the F5 BIG-IP load balancer)
- Admin cluster NTP servers
- User cluster NTP servers
- Admin cluster DNS servers
- User cluster DNS servers
- User cluster on-premises local Docker registry (if your user cluster is
configured to use a local private Docker registry instead of
gcr.io
) - Admin cluster nodes
- User cluster nodes
- Admin cluster Load Balancer VIPs
- User cluster Load Balancer VIPs
- User cluster worker nodes
For the complete list of firewall rules required for server-side preflight checks, see Firewall rules for admin clusters and search for "Preflight checks".
Version changes in GKE on VMware 1.29.0-gke.1456:
- Updated Dataplane V2 to use Cilium 1.13.
- Bumped the AIS version to hybrid_identity_charon_20240331_0730_RC00.
Other changes in GKE on VMware 1.29.0-gke.1456:
- The
gkectl create cluster
command prompts for confirmation if the cluster configuration file enables legacy features. - The
gkectl prepare
command always prepares cgroup v2 images. - Cluster configuration files are prepopulated with
ubuntu_cgv2
(cgroupv2) as theosImageType
. - The
gkeadm
tool isn't supported on macOS and Windows. - A lightweight version of
gkectl diagnose snapshot
is available for both admin and user clusters. - User cluster upgrades: the
--dry-run
flag forgkectl upgrade cluster
runs preflight checks but doesn't doesn't start the upgrade process. - The
--async
flag forgkectl upgrade cluster
to run an asynchronous upgrade is now supported for admin clusters
The following issues are fixed in 1.29.0-gke.1456:
- Fixed the issue where the admin cluster backup did a retry on non-idempotent operations.
- Fixed the
known issue
where the
controlPlaneNodePort
field defaults to 30968 when themanualLB
spec is empty` - Fixed the known issue that caused the preflight check to fail when the hostname wasn't in the IP block file.
- Fixed the known issue that caused Kubelet to be flooded with logs stating that "/etc/kubernetes/manifests" does not exist on the worker nodes.
- Fixed the manual load balancer issue where the IngressIP is overwritten
with the
Spec.LoadBalancerIP
even if it is empty. - Fixed the issue that preflight jobs might be stuck in the pending state.
- Fixed an issue where egress NAT erroneously broke long-lived connections.
- Fixed Seesaw crashing on duplicated service IP.
- Fixed a warning in the storage preflight check.
Fixed the following vulnerabilities GKE on VMware 1.29.0-gke.1456:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
Dual-stack LoadBalancer Services are now generally available with GKE. You can now create a dual-stack GKE cluster and expose GKE Services using either IPv4, IPv6 ,or a combination of both, depending on your ipFamilyPolicy
and ipFamilies
specs.
To learn more, see GKE LoadBalancer Service parameters.
Cloud DNS additive VPC scope is now available in Preview. You can now configure your GKE clusters to add GKE headless Service entries to your Cloud DNS private zone visible from your VPC networks, on top of using Cloud DNS (cluster scope) as your GKE DNS provider.
To learn more, see Cloud DNS scopes for GKE.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.129.1 (2024-04-25)
Bug Fixes
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.39.0 (#2002) (88517fe)
- Update dependency com.google.cloud:google-cloud-core to v2.37.0 (#1997) (b4573ae)
- Update dependency com.google.cloud:google-cloud-storage to v2.37.0 (#1999) (cff6d6a)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.29.0 (#1998) (bb80924)
General availability support for the following integration:
General availability support for the following integration:
Vertex AI Search: Order healthcare search results (Public preview)
When you search over FHIR resource types that contain unstructured text, you can order your search results according to their relevance to your query. For more information, see Order healthcare search results.
Vertex AI Search: Boost search results (Public preview)
Boosting search results for media apps and for generic search apps that contain unstructured and website data is available in Public preview. For more information, see Boost search results.
Vertex AI Search: Add structured data for advanced website indexing (Public preview)
If advanced website indexing is enabled in your data store, you can use structured data, such as Google-inferred page dates, meta
tags, and PageMap content, to enrich your indexing.
For more information, see Use structured data for advanced site indexing and Example use case using a Google-inferred page date.
Vertex AI Search: gemini-1.0-pro-002/answer_gen/v1 for answer generation
Model version gemini-1.0-pro-002/answer_gen/v1
is available for generating answers in Vertex AI Search. For more information, see Answer generation model versions and lifecycle.
M120 release
The M120 release of Vertex AI Workbench managed notebooks includes the following:
- Minor bug fixes for the
libcurl
package.
reCAPTCHA Enterprise Mobile SDK v18.5.0-beta04 is now available for iOS.
This version contains the workaround for the bug in Xcode 15.3 that prevents apps from being published in AppStore.
April 28, 2024
Application IntegrationWhile configuring a Cloud Pub/Sub trigger, you can now add a config variable for your service account. Config variables let you externalize configuration for integrations.
April 26, 2024
Apigee XOn April 26, 2024, we released an updated version of Apigee.
Logging Apigee access logs
Apigee Subscription and Pay-as-you-go customers can now enable Cloud Logging ingress access logs for each Apigee instance in their organization. Once enabled, this feature allows you to view the logs generated by ingress gateways in your Apigee infrastructure, such as an external Application Load Balancer or an Anthos gateway, to assist in troubleshooting Apigee API calls.
For more information, see Logging Apigee access logs.
SQL code generation is now available for all BigQuery projects. This feature is available in preview. To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.
The HTTP plugin (version 1.4.2) is available in Cloud Data Fusion versions 6.8.0 and later. The release fixed an issue in the HTTP source causing an error in the retrieved schema when one of the retrieved columns contained a quoted value with a delimiter, such as a comma (PLUGIN-1781).
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Broken-link checkers collect screenshots of failing tests in a Cloud Storage bucket. You can configure this feature to collect screenshots for all tests or disable this feature. For more information, see Create a broken-link checker.
Generally available: Zonal metadata (previously known as project zonal metadata) is custom metadata that you define at a zonal scope within a project and provides information about VMs in that specific zone. Zonal metadata helps you with fault isolation and provides greater reliability. By setting custom zonal metadata, you gain more control over the metadata for VMs in your project and limit the impact of any incorrect metadata updates to VMs within a specific zone.
To get started working with zonal metadata, see Set custom zonal metadata.
The following Dataflow templates now support user-defined functions (UDFs) written in Python:
New Dataproc Serverless for Spark runtime versions:
- 1.1.59
- 1.2.3
- 2.0.67
- 2.1.46
- 2.2.3
We've added a new field, wholesale_charges
, to Detailed Disbursements reports and Customer Insights reports for Cloud Marketplace.
A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-024 security bulletin.
You can now use the node system configuration file in GKE to enable and use Linux huge pages in your Pods. For instructions, see Linux huge page configuration options.
GKE Standard clusters now support nested virtualization. For details, including requirements and limitations, see Use nested VMs with GKE Standard clusters.
GKE Sandbox supports the use of NVIDIA GPUs (H100, A100, L4, and T4) in Public Preview in GKE version 1.29.2-gke.1108000 and later on both Standard and Autopilot clusters. GKE Sandbox provides an extra layer of security to prevent untrusted code from affecting the host kernel on your cluster nodes. For GPUs, while GKE Sandbox doesn't mitigate all NVIDIA driver vulnerabilities, it helps protect against Linux kernel vulnerabilities. For details, see GPUs in GKE Sandbox.
The feed management feature is now enhanced to include the following:
- Feed names: You can assign custom names to new and existing data feeds.
- Troubleshooting information: You can diagnose error feeds by accessing detailed information about the cause of an issue and recommended actions.
- Last succeeded time: Stay informed about the status of a feed, with a timestamp identifying when data was last successfully fetched by each feed.
You can now set up feeds to push logs using an HTTPS endpoint by using either the feed management user interface or the feed management API. You can use the following feed management source types to set up ingestion using an HTTPS endpoint:
- Amazon Data Firehose
- Google Cloud Pub/Sub
- Webhooks
You can also generate a secret key and API key to authenticate feeds that use Amazon Data Firehose and webhooks as the feed source type.
The feed management feature is now enhanced to include the following:
- Feed names: You can assign custom names to new and existing data feeds.
- Troubleshooting information: You can diagnose error feeds by accessing detailed information about the cause of an issue and recommended actions.
- Last succeeded time: Stay informed about the status of a feed, with a timestamp identifying when data was last successfully fetched by each feed.
You can now set up feeds to push logs using an HTTPS endpoint by using either the feed management user interface or the feed management API. You can use the following feed management source types to set up ingestion using an HTTPS endpoint:
- Amazon Data Firehose
- Google Cloud Pub/Sub
- Webhooks
You can also generate a secret key and API key to authenticate feeds that use Amazon Data Firehose and webhooks as the feed source type.
Bring your own IP v2 for regional addresses is available in General Availability.
- v2 public advertised prefixes are provisioned in approximately two weeks.
- v2 public delegated prefixes are provisioned in minutes.
- v2 prefixes are not automatically announced when provisioned; you control when to announce or withdraw advertisements.
April 25, 2024
Anthos clusters on AWSA vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. For more information, see the GCP-2024-024 security bulletin.
A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. For more information, see the GCP-2024-024 security bulletin.
A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:
- More sensitive skew metrics for better model and data quality monitoring
- A bugfix for risk score threshold estimation used in recall metrics in AML AI resource metadata
BigQuery Studio is now available in the following regions:
- Johannesburg (africa-south1)
- Hong Kong (asia-east2)
- Seoul (asia-northeast3)
- Jakarta (asia-southeast2)
- Sydney (australia-southeast1)
- Madrid (europe-southwest1)
- Turin (europe-west12)
- Doha (me-central1)
- Dammam (me-central2)
- Montréal (northamerica-northeast1)
- N. Virginia (us-east4)
- Columbus (us-east5)
- Dallas (us-south1)
- Los Angeles (us-west2)
- Las Vegas (us-west4)
For more information, see BigQuery Studio locations.
The BigQuery Data Transfer Service for Google Merchant Center supports the Product Targeting report.
Config Controller is now supported in region us-west4
, us-west3
, us-west1
, europe-central2
, europe-west10
, europe-west12
, europe-west4
, europe-west9
, africa-south1
, asia-east1
, asia-east2
, asia-northeast3
, asia-south1
, asia-south2
, me-west1
, europe-southwest1
, us-south1
, asia-southeast2
, me-central1
, southamerica-west1
and southamerica-east1
.
Config Controller now uses the following versions of its included products:
- Config Connector v1.115.0, release notes
- Anthos Config Management v1.17.3, release notes
Dataplex automatic data quality supports the following capabilities:
- The SQL assertion rule type for custom SQL rules lets you check for an invalid state of a dataset.
- You can use the data reference parameter in a custom SQL rule to refer to a data source table and all of its precondition filters, instead of explicitly mentioning the table and its filters.
M120 release
- Upgraded TensorFlow 2.15 container images to TensorFlow 2.15.1.
- Added CUDA-specific release tags for all TensorFlow and PyTorch container images, for example,
us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cu121.2-15
.
M120 release
- Upgraded TensorFlow 2.15 images to TensorFlow 2.15.1.
- Added Ubuntu 22.04 support for CPU images, and for GPU images using CUDA 12.1 or higher.
You can now create multiple orders for the same product with flat fee pricing. This feature is available in Preview. For more information about creating multiple orders, see Create multiple orders of the same product.
Release 1.16.8
GKE on Bare Metal 1.16.8 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.8 runs on Kubernetes 1.27.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Fixes:
The following container image security vulnerabilities have been fixed in 1.16.8:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
GKE on VMware 1.16.8-gke.19 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.16.8-gke.19 runs on Kubernetes v1.27.12-gke.1000.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following vulnerabilities are fixed in 1.16.8-gke.19:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-024 security bulletin.
Chronicle Security Operations (Chronicle SecOps) has been rebranded to Google Security Operations (Google SecOps). Both the logo and the platform name have been rebranded as part of this change. This rebranding reflects our commitment to bringing you the best of Google security operations features. There is no change to functionality in the platform.
Timeline chart option
The new timeline chart option lets you visualize the relationships between groups of events and compare the timespans over which these events took place.
Create a Looker Studio report within Google Sheets
You can create a Looker Studio report directly within Google Sheets. To create a report from a Google Sheets worksheet or range, use the Looker Studio extension in Google Sheets.
Create a Google Cloud project while subscribing to Looker Studio Pro
You can create a new Cloud project during the Looker Studio Pro subscription process. This project is used to host your Looker Studio Pro content.
Learn more about linking Looker Studio Pro to a Google Cloud project.
A new detection model is available for the STREET_ADDRESS
infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the STREET_ADDRESS
infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the STREET_ADDRESS
infoType. In 30 days, the new model will be promoted to stable
.
M120 release
The M120 release of Vertex AI Workbench user-managed notebooks includes the following:
- Upgraded TensorFlow 2.15 user-managed notebooks to TensorFlow 2.15.1.
- Minor bug fixes for the
libcurl
package.
M120 release
The M120 release of Vertex AI Workbench instances includes the following:
- Minor bug fixes for the
libcurl
package.
April 24, 2024
Application IntegrationFor Cloud Pub/Sub triggers, the default value of the expiration period option for subscriptions is changed from 31 days
to never expire
. If you want to change the value of the expiration period, then you must update the Cloud Pub/Sub subscription in the Google Cloud console.
User-defined aggregate functions (UDAFs) that support SQL expressions are in preview. You can create a UDAF with the CREATE AGGREGATE FUNCTION statement.
Support for Direct VPC egress, which lets you send traffic directly to a VPC network with no Serverless VPC Access connector required, is now at general availability (GA).
1.18.7-asm.21 is now available for in-cluster Anthos Service Mesh.
This patch release contains the fix for the security vulnerability listed in GCP-2024-023. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh. Anthos Service Mesh v1.18.7-asm.21 uses Envoy v1.26.8.
1.19.10-asm.0 is now available for in-cluster Anthos Service Mesh.
This patch release contains the fix for the security vulnerability listed in GCP-2024-023. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh. Anthos Service Mesh v1.19.10-asm.0 uses Envoy v1.27.5.
1.20.6-asm.0 is now available for in-cluster Anthos Service Mesh.
This patch release contains the fix for the security vulnerability listed in GCP-2024-022. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh. Anthos Service Mesh v1.20.6-asm.0 uses Envoy v1.28.3.
A known issue causes a subset of Pods in GKE Autopilot clusters to occasionally become stuck during termination or creation. As a result, we temporarily disabled bursting in Autopilot clusters that were created or upgraded to version 1.29.2-gke.1060000 and later on or after April 24, 2024. Clusters that enabled bursting prior to April 24, 2024 continue to support bursting. For information and troubleshooting steps, see Pods stuck during termination or creation.
Vertex AI Agent Builder: Renamed in the console and documentation
The Google Cloud console and the documentation at cloud.google.com have been updated to show the current product name for Vertex AI Agent Builder. On the console, look for "Agent Builder".
You might see the old name (Vertex AI Search and Conversation) in some places—for example, in videos.
April 23, 2024
Cloud InterconnectVerified Peering Provider is now generally available. Verified Peering Provider lets you reach all publicly available Google Cloud resources through an internet service provider, without the need to directly peer with Google.
Default replication monitoring for multi-region and dual-region buckets in the Google Cloud console is now available for the following graphs:
- Percent of minutes out of RPO
- Percent of objects out of target
- Meeting RPO
Mobile SDK 2.6 is released
For more information, see the following:
Deployment schedules
With deployment schedules, you can control the timing of Google's automatic updates to your contact center instance. For more information, see Deployment schedules.
cos-beta-113-18244-1-44
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.15 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated app-containers/containerd to v1.7.15.
Fixed CVE-2024-26642 in the Linux kernel.
Fixed CVE-2024-26642, CVE-2024-26643 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812399 -> 812400
- Changed: kernel.threads-max: 63503 -> 63504
- Changed: user.max_cgroup_namespaces: 31751 -> 31752
- Changed: user.max_ipc_namespaces: 31751 -> 31752
- Changed: user.max_mnt_namespaces: 31751 -> 31752
- Changed: user.max_net_namespaces: 31751 -> 31752
- Changed: user.max_pid_namespaces: 31751 -> 31752
- Changed: user.max_time_namespaces: 31751 -> 31752
- Changed: user.max_user_namespaces: 31751 -> 31752
- Changed: user.max_uts_namespaces: 31751 -> 31752
cos-105-17412-294-68
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.15(latest) |
Fixed a crash during CIFS volumes mount.
Fixed CVE-2024-26642 in the Linux kernel.
cos-101-17162-386-65
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Fixed a crash during CIFS volumes mount.
Dialogflow CX: The following new region is available:
us
: United States multi-region accessed viausa-dialogflow.googleapis.com
hostname
WebSocket support for managing Compute Engine resource sessions is now available. For more information, see Managing IAP sessions .
The Private Service Connect interface documentation has been updated. Google recommends avoiding multi-tenant architectures, where multiple consumers connect to the same Private Service Connect interface VM. In a multi-tenant architecture, if one consumer terminates their Private Service Connect interface connection, other consumers that are connected to the same VM also lose connectivity. For more information, see Limitations.
April 22, 2024
Backup and DRBackup and DR Service now support viewing Backup and DR Service pre built reports in Looker Studio. Learn more.
Backup for GKE now supports Smart Scheduling, an alternative backup creation scheduling approach based on desired RPO instead of a fixed schedule. This approach is in addition to the existing cron scheduling approach. For more information, see Automatic backup creation and deletion.
Backup index is now available for viewing the resource information in backups. See details on view backup index.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.6.0 (2024-04-09)
Features
Bug Fixes
Python
Changes for google-cloud-bigquery
3.21.0 (2024-04-18)
Features
- Add compression option ZSTD. (#1890) (5ed9cce)
- Adds billing to opentel (#1889) (38697fb)
- Support RANGE in queries Part 1: JSON (#1884) (3634405)
Bug Fixes
- Add types to DatasetReference constructor (#1601) (bf8861c)
- Creates linting-typing.cfg in presubmit (#1881) (c852c15)
- Remove duplicate key time_partitioning from Table._PROPERTY_TO_A… (#1898) (82ae908)
- Retry query jobs that fail even with ambiguous
jobs.getQueryResults
REST errors (#1903, #1900) (1367b58)
Performance Improvements
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.38.0 (2024-04-15)
Features
- Add Data Boost configurations to admin API (f29c5bb)
- Add feature flag for client side metrics (#2179) (f29c5bb)
- Migrate to OTEL and enable metrics by default (#2166) (1682939)
Bug Fixes
Python
Changes for google-cloud-bigtable
2.23.1 (2024-04-15)
Bug Fixes
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.16.3 (2024-04-17)
Dependencies
The pgvector
extension is upgraded from version 0.5.1 to version 0.6.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.
To use this version of the extension, update your instance to [PostgreSQL version].R20240130.00_09
. For more information, see Self-service maintenance.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.10.0 (2024-04-15)
Features
- Add ability to create a File object from URL (#2432) (1b71fcc)
- Allow setting contentEncoding during compose (#2431) (6e81e05)
Bug Fixes
Java
Changes for google-cloud-storage
2.37.0 (2024-04-19)
Features
- Adds a ZeroCopy response marshaller for grpc ReadObject handling (#2489) (8c7404d)
- Port BufferToDiskThenUpload to work with HttpStorageOptions (#2473) (d84e255)
- Port DefaultBlobWriteSessionConfig to work with HttpStorageOptions (#2472) (e5772a4)
- Port ParallelCompositeUploadBlobWriteSessionConfig to work with HttpStorageOptions (#2474) (3bf6026)
- Transfer Manager ParallelCompositeUploads (#2494) (8b54549)
Bug Fixes
- Ensure all BlobWriteSession types conform to the semantics specified in BlobWriteSession (#2482) (d47afcf)
- Fix BidiBlobWriteSessionConfigs to respect preconditions (#2481) (955d78a)
- Update ApiaryUnbufferedWritableByteChannel to be graceful of non-quantum aligned write calls (#2493) (f548335)
- Update BidiBlobWriteSessionConfig to respect a provided bufferSize (#2471) (e1fb857)
- Update grpc handling of IAM Policy etag to account for base64 encoding (#2499) (032f2f2)
- Update Grpc Retry Conformance after new additions to testbench (#2309) (09043c5)
Dependencies
- Update dependency com.google.apis:google-api-services-storage to v1-rev20240319-2.0.0 (#2460) (9c2ee90)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#2467) (c12f329)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.29.0 (#2502) (7ed8446)
- Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.43.0 (#2459) (2dc4748)
- Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.44.0 (#2497) (9b0253c)
Documentation
Version 3.15 is released
All release notes published on this date are part of version 3.15.
Authentication context
You can select the authentication context that you want when you set up single sign-on (SSO) for CRMs that use the Security Assertion Markup Language (SAML) standard.
Glossary support in live translation
Live translation supports glossaries, helping you ensure that specific terms are translated appropriately. For more information, see Set up live translation.
Email channel endpoints in the Manager API
The Manager API has the following two new endpoints for email data management and analysis:
- Email manager.
GET /manager/api/v1/emails
- Email session data report.
GET /manager/api/v1/emails/managed
Skip CRM account and record creation
With the Salesforce CRM and custom CRMs, you can skip account creation or record creation (or both) during a session. For more information, see Skip CRM account and record creation.
Configure chat auto answer at the queue level
You can configure auto answer settings for chat at the queue level. For more information, see Auto-answer.
Chat dismissal warning for agents
Agents receive a chat dismissal warning at the same time that an end-user receives one.
New event field in session reports from the Manager API
Session reports from the Manager API now include an event
field. This field indicates how sessions end—for example, finished
, failed
, or abandoned
. For more information, see Calls Endpoints and Chats Endpoints.
On the Agents page, the All teams filter now shows all teams, regardless of whether an agent is assigned.
Fixed an issue where the Create a Record API used the user ID instead of the queue name.
Fixed a reporting error that showed Wait, Queue, and Handle times as 0 for expired or abandoned chats that were escalated from a virtual agent to a queue.
Fixed an issue where the All teams filter on the Agents page didn't display the complete team hierarchy.
Fixed an issue where a user with a custom role that included the Settings > Queue permission was not able to view the Queues page.
Fixed an issue where a user could sometimes still hear a call after ending call monitoring.
Fixed an issue with the ServiceNow CRM where selecting Skip CRM record creation disabled the contact lookup feature.
Fixed an issue with the Chat API where photos and videos sent by an end-user would sometimes not be visible to the agent in the adapter.
Fixed an issue where virtual escalations canceled by an end-user were not being logged as abandoned.
Fixed an issue where the virtual agent streaming service ended mid-session.
We've made the following updates to the the provider Entitlement resource:
- A new field called
new_offer_start_time
is populated with the start time of an offer that's scheduled to start in the future. This field works the same way as the field in the Pub/Sub messages. - The existing field named
new_offer_end_time
is now also populated when an offer with a specified end date activates. The field is now empty only if the offer was created with a term instead of a specified end date, or if there is no upcoming offer.
The ingestion_stats
table in BigQuery is deprecated and will no longer be updated after May 15, 2024. We recommend that you use the Chronicle ingestion_metrics
table in BigQuery, which provides more accurate ingestion metrics.
The ingestion alerting system using Chronicle has been deprecated. This system will no longer be updated, and no alerts will be sent from this system after September 01, 2024. We recommend that you use the Cloud Monitoring integration which provides more flexibility in alert logic, alert workflow, and integration with third-party ticketing systems.
The ingestion_stats
table in BigQuery is deprecated and will no longer be updated after May 15, 2024. We recommend that you use the Chronicle ingestion_metrics
table in BigQuery, which provides more accurate ingestion metrics.
The ingestion alerting system using Chronicle has been deprecated. This system will no longer be updated, and no alerts will be sent from this system after September 01, 2024. We recommend that you use the Cloud Monitoring integration which provides more flexibility in alert logic, alert workflow, and integration with third-party ticketing systems.
A weekly digest of client library updates from across the Cloud SDK.
Resolved an issue where Pub/Sub pull RPCs incorrectly return a "cancelled" status when the configured deadline is reached in the absence of a backlog. This fix ensures deadlines are honored.
VOD configs are now used to create VOD sessions. When you create a VOD session, specify a VOD config in the vodConfig
field to use the config's sourceUri
and adTagUri
fields.
Workflows is available in the following additional region: me-central1
(Doha, Qatar).
April 21, 2024
Application IntegrationApache Kafka trigger is now in preview.
New Dataproc on Compute Engine subminor image versions:
- 2.0.98-debian10, 2.0.98-rocky8, 2.0.98-ubuntu18
- 2.1.46-debian11, 2.1.46-rocky8, 2.1.46-ubuntu20, 2.1.46-ubuntu20-arm
- 2.2.12-debian12, 2.2.12-rocky9, 2.2.12-ubuntu22
April 20, 2024
DataprocAnnouncing Dataproc Workflow Templates supports the CMEK organization policy.
April 19, 2024
Apigee XOn April 19, 2024, we released an updated version of Apigee.
With this release, Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features and expanded limits on deployments.
With this upgrade:
- Standard and extensible API proxy calls are counted equally when calculating overall API call entitlement for Subscription 2021 contracts.
- The maximum number of shared flow deployments is 75 per environment.
- There are no limits on the total number of API proxy deployments per environment.
- The maximum limit of total deployment units (API proxies or shared flows) per organization is 4250.
Note: The fleetwide upgrade is complete for the majority of Subscription 2021 contract organizations. Organization administrators for the remaining 5% of organizations have been contacted by Apigee representatives regarding timelines for the release.
To learn more about:
- Standard and Extensible API Proxy types, see API Proxy types.
- Expanded limits for API proxy and shared flow deployments, see Limits.
- Account level deployment limits, see Subscription 2021 entitlements.
- Viewing proxy deployment count, see View proxy deployment usage.
Subscription Apigee organizations (without hybrid entitlements) upgraded in this release will see changes to the user experience in the Classic Apigee UI. To support management of the upgraded functionality now available to these organizations, a number of feature administration pages are now only available in the Apigee UI in Cloud console.
For more information, see Apigee UI in Cloud console navigation.
Artifact Registry download file feature is Generally Available (GA) for standard repositories and remote repositories.
The download file feature allows users to download individual files without configuring authentication for format-specific tooling. For more information, see Download files.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
App Hub
Integration Connectors
connectors.googleapis.com/EndpointAttachment
connectors.googleapis.com/EventSubscription
connectors.googleapis.com/ManagedZone
Database Migration Service for homogeneous migrations to Cloud SQL for MySQL and homogeneous migrations to Cloud SQL for PostgreSQL now supports migrations to existing destination instances that have read replicas enabled.
For more information, see:
General purpose C3 VMs are now available in Sydney, (australia-southeast1-c)
.
Dataproc Serverless for Spark: runtime version 2.2 will become the default Dataproc Serverless for Spark runtime version on June 28, 2024 (instead of May 3, 2024, as previously announced).
A bug in the Image streaming feature might cause containers to fail because of missing files.
Containers running on a node with image streaming enabled on specific GKE versions might fail to be created with the following error:
"CreateContainer in sandbox from runtime service failed" err="rpc error: code = Unknown desc = failed to create containerd container: failed to mount [PATH]: too many levels of symbolic links"
The following GKE versions are impacted:
- All 1.28 versions
- All 1.29 versions
We're working on fixing this issue. In the meantime, if you're impacted by this issue, disable Image streaming.
Release 6.2.54 is now in General Availability.
Cloud Text-to-Speech now offers es-ES Studio voices: es-ES-Studio-C and es-ES-Studio-F
April 18, 2024
Artifact RegistryThe immutable tags setting is generally available for Docker repositories. When tags are immutable, you can't change the image digest that a tag references in the repository. You can configure this setting when you create a repository or change the setting on an existing repository.
The quantified LIKE
operator is generally available (GA). With this operator, you can check a search value for matches against a list of patterns or an array of patterns, using one of these conditions:
LIKE ANY
: Checks if at least one pattern matches.LIKE SOME
: Synonym forLIKE ANY
.LIKE ALL
: Checks if every pattern matches.
Python 3.11.8 is available in environments with Airflow 2.6.3 and 2.7.3:
Existing environments with Airflow 2.6.3 and 2.7.3 switch to Python 3.11.8 when upgraded.
Before upgrading, make sure that custom PyPI packages in your environment are compatible with Python 3.11.8.
Between April 16, 2024, 2:00 AM (PST) and April 17, 2024, 3:30 AM (PST), Cloud Composer service experienced problems with environment creation, upgrades, and changing the environment size. The problem is resolved and all operations are working. If you think that your environment is still impacted by this issue, please reach out to the Cloud Support team.
(New environments only) Increased the default value of the [webserver]auto_refresh_interval
Airflow configuration option to 15 seconds. Pages in the Airflow UI, such as the list of DAGs, now will update every 15 seconds.
(Available without upgrading) Fixed a problem where enabling or disabling Logs in Cloud Logging Only could render the Airflow web server and workers inoperative. If your environment is affected, apply the fix by enabling or disabling this feature again.
Airflow 2.5.3 is no longer included in Cloud Composer images.
The default version of Airflow is changed to 2.7.3.
Cloud Composer 2.7.0 images are available:
- composer-2.7.0-airflow-2.7.3 (default)
- composer-2.7.0-airflow-2.6.3
Cloud Composer versions 2.1.13, 2.1.12 and 1.20.12 have reached their end of full support period.
New Dataproc Serverless for Spark runtime versions:
- 1.1.58
- 1.2.2
- 2.0.66
- 2.1.45
- 2.2.2
Set the soft delete policy of newly created Dataproc staging and temp Cloud Storage buckets to 0
days.
Updated the default autoscaling V2 cool-down time from 2m
to 1m
to reduce scaling latency.
Fixed a bug where Dataproc Serverless sessions that live longer than 48 hours are underbilled.
Dialogflow CX: The Conversation history API is now available for public preview.
Meta's open weight Llama 3 model is available in the Vertex AI Model Garden.
(2024-R10) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.28.7-gke.1026000 is now the default version.
- The following control plane versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.25.15-gke.1115000
- 1.25.16-gke.1041000
- 1.25.16-gke.1596000
- 1.25.16-gke.1648000
- 1.26.11-gke.1055000
- 1.26.14-gke.1076000
- 1.26.14-gke.1133000
- 1.27.3-gke.100
- 1.27.11-gke.1118000
- 1.27.11-gke.1202000
- 1.28.3-gke.1203001
- 1.28.7-gke.1226000
- 1.29.0-gke.1381000
- 1.29.2-gke.1521000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
Stable channel
- Version 1.27.11-gke.1062000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.25.15-gke.1115000
- 1.25.16-gke.1041000
- 1.26.11-gke.1055000
- 1.27.7-gke.1121002
- 1.28.3-gke.1203001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
Regular channel
- Version 1.28.7-gke.1026000 is now the default version in the Regular channel.
- Version 1.25.16-gke.1570000 is now available in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1460000
- 1.27.8-gke.1067004
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
Rapid channel
- Version 1.29.3-gke.1093000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1596000
- 1.25.16-gke.1648000
- 1.26.14-gke.1076000
- 1.26.14-gke.1133000
- 1.27.11-gke.1118000
- 1.27.11-gke.1202000
- 1.28.7-gke.1026000
- 1.28.7-gke.1226000
- 1.29.1-gke.1589017
- 1.29.2-gke.1521000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1711000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1093000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1093000 with this release.
(2024-R10) Version updates
- Version 1.28.7-gke.1026000 is now the default version.
- The following control plane versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.25.15-gke.1115000
- 1.25.16-gke.1041000
- 1.25.16-gke.1596000
- 1.25.16-gke.1648000
- 1.26.11-gke.1055000
- 1.26.14-gke.1076000
- 1.26.14-gke.1133000
- 1.27.3-gke.100
- 1.27.11-gke.1118000
- 1.27.11-gke.1202000
- 1.28.3-gke.1203001
- 1.28.7-gke.1226000
- 1.29.0-gke.1381000
- 1.29.2-gke.1521000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
(2024-R10) Version updates
- Version 1.27.11-gke.1062000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.25.15-gke.1115000
- 1.25.16-gke.1041000
- 1.26.11-gke.1055000
- 1.27.7-gke.1121002
- 1.28.3-gke.1203001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
(2024-R10) Version updates
- Version 1.28.7-gke.1026000 is now the default version in the Regular channel.
- Version 1.25.16-gke.1570000 is now available in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1460000
- 1.27.8-gke.1067004
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
(2024-R10) Version updates
- Version 1.29.3-gke.1093000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1596000
- 1.25.16-gke.1648000
- 1.26.14-gke.1076000
- 1.26.14-gke.1133000
- 1.27.11-gke.1118000
- 1.27.11-gke.1202000
- 1.28.7-gke.1026000
- 1.28.7-gke.1226000
- 1.29.1-gke.1589017
- 1.29.2-gke.1521000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1711000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1095000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1093000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1093000 with this release.
Release 6.3.0 is currently in Preview.
Chronicle SOAR is being rebranded to Google Security Operations (Google SecOps). Both the logo and the platform name have been rebranded as part of this change. This rebranding reflects our commitment to bringing you the best of Google security operations features. There is no change to functionality in the platform.
Context-sensitive help added to the platform When you click the documentation link at the top of the platform, you will now be directed to the exact documentation page that relates to the screen you are on.
Custom List import error not propagated to the user (ID #1032784)
Advanced Text Editor text formatting not working (ID #00274952)
Issues with Login (ID #00283928)
Parse case wall email doesn't work in playbook simulator (ID #00260679)
Unable to create advanced reports when a specific environment is selected (ID #49898167)
Playbooks not visible due to missing categoryId
and categoryName
values (ID #00274872)
Events tab lists all artifacts even though they are part of different events (ID #49103838)
Tagged user is not highlighted or hyperlinked on the Case Wall page & Notification popup
Viewer role for team workspaces
The Viewer role can now be assigned to members of a team workspace. The Viewer role lets users view existing assets in the team workspace, view folders in the team workspace, and view the team workspace Trash.
Pro feature: New Viewer permissions to create scheduled report deliveries
When sharing a Pro report, Pro users can now grant users with a Viewer role the ability to create scheduled deliveries of the shared report.
reCAPTCHA Enterprise Mobile SDK v18.5.0-beta03 is now available for iOS.
This version contains the following changes:
- Support for Apple Privacy Manifest.
- The minimum supported version of Xcode is 15.3.
- The minimum supported version of client's CocoaPods version is 1.12.0.
April 17, 2024
Apigee hybridhybrid v1.12.0
On April 17, 2024 we released an updated version of the Apigee hybrid software, v1.12.0.
For information on upgrading, see Upgrading Apigee hybrid to version v1.12.0. For information on new installations, see The big picture.
A new suite of metrics for monitoring Apigee proxies and target endpoints is now available for Hybrid 1.12.
You can now add your own contractEncryptionKey
for new Apigee hybrid installations. For details, see Data encryption.
The JAR file dependencies required to create a Java callout are now hosted securely in Artifact Registry.
For more information on downloading the JAR dependencies from Artifact Regsitry, see Compile your code with Maven.
Hybrid 1.12 validates required conditions are satisfied before allowing Runtime services to be created. See Diagnosing issues with guardrails.
Apigee hybrid now supports Workload Identity Federation for component authentication on AKS and EKS installations. See Enabling Workload Identity Federation on AKS and EKS.
Hybrid v1.12 now supports storing service account keys in Hashicorp Vault. See Storing service account keys in Hashicorp Vault.
The apigeectl
command-line tool is deprecated. as of April 17, 2024. The apigeectl
tool is not supported for Apigee hybrid v1.12. Support for apigeectl
for hybrid v1.10 and v1.11 will end on April 17, 2025. For more information, see apigeectl deprecation.
The Proxyv2
and targetv2
metrics suite is deprecated. The Apigee hybrid v1.12 release supports the new proxy and target metrics by default. Support for Proxyv2
and targetv2
metrics in hybrid v 1.10 and v1.11 will end on April 17, 2025. For more information, see ProxyV2 and TargetV2 deprecation.
Bug ID | Description |
---|---|
284034011 | Modified Apigee Watcher and Apigee Ingress to leverage a sidecar instead of pod/exec for collecting ingress routing status. |
298202120 | The Datastore component now uses Cassandra 4. |
311705715 | Use a non-default service account for the remove-dc component. (Fixed in Apigee hybrid 1.10.3-hotfix.4, 1.10.4, and 1.11.1) |
306341401 | Fixed regression where virtualhost cipherSuites overrides weren't being used. (Fixed in Apigee hybrid 1.10.4 and 1.11.1) |
302186503 | Added the missing HTTP proxy template settings to the Apigee Hybrid Helm datastore component. (Fixed in Apigee hybrid 1.10.4) |
300542690 | Added dedicated service accounts for Apigee Connect, Redis, and UDCA to prevent Kubernetes from automatically injecting credentials for a specified Service Account or the default Service Account. (Fixed in Apigee hybrid 1.10.4) |
277353680 | Fixed issue causing target server HealthMonitors to continue beyond revision or deletion of the proxy. Target health checks are now terminated as soon as the proxy is removed from the runtime (undeployed or deleted). Note: There may be a delay between removal of the proxy and termination of the target server health checks. (Fixed in Apigee hybrid 1.10.4) |
These security bugs were fixed in Apigee hybrid v1.12.0
These security bugs were fixed in Apigee hybrid v1.10.4.
Bug ID | Description |
---|---|
315034009 | Security fixes: apigee-asm-ingress and apigee-asm-istiod (ingressgateway and ingressgateway-controller ) are upgraded to Service Mesh version 1.17.8-asm.4. This addresses the following vulnerabilities:
|
311167948 | A security issue was addressed. |
303460289 | Security fixes for apigee-prometheus-adapter . This addresses the following vulnerabilities: |
303459588 | Security fixes for apigee-prom-prometheus . This addresses the following vulnerabilities: |
300319489 | Security fixes for fluentd . This addresses the following vulnerabilities: |
294892189 | Security fixes for apigee-diagnostics-collector . This addresses the Guava vulnerability: |
N/A | Security fixes for apigee-cassandra-backup-utility and apigee-prom-prometheus . This addresses the following vulnerabilities:
|
N/A | Security fixes for apigee-fluent-bit . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-hybrid-cassandra and apigee-hybrid-cassandra-client . This addresses the following vulnerabilities:
|
N/A | Security fixes for apigee-installer , apigee-operators , and apigee-watcher . This addresses the following vulnerabilities:
|
N/A | Security fixes for apigee-kube-rbac-proxy . This addresses the following vulnerabilities: |
These security bugs were fixed in Apigee hybrid v1.11.1.
Bug ID | Description |
---|---|
315034009 | Security fixes: apigee-asm-ingress and apigee-asm-istiod (ingressgateway and ingressgateway-controller ) are upgraded to Service Mesh version 1.17.8-asm.4. This addresses the following vulnerabilities:
|
303460289 | Security fixes to apigee-prometheus-adapter . This addresses the following vulnerabilities: |
303459588 | Security fixes to apigee-prom-prometheus . This addresses the following vulnerabilities: |
303292806 | Restrict connections from the Cassandra backup utility to Cassandra server pods in the apigee namespace. |
N/A | Security fixes to apigee-cassandra-backup-utility . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-fluent-bit . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-hybrid-cassandra . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-hybrid-cassandra-client . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-kube-rbac-proxy . This addresses the following vulnerabilities: |
N/A | Security fixes to apigee-installer , apigee-operators , and apigee-watcher . This addresses the following vulnerabilities:
|
These security bugs were fixed in Apigee hybrid v1.11.1-hotfix.1.
Bug ID | Description |
---|---|
324460830 | Security fix for apigee-ingress. This addresses the following vulnerabilities: |
These security bugs were fixed in Apigee hybrid v1.10.4-hotfix.1.
Bug ID | Description |
---|---|
324460830 | Security fix for apigee-ingress. This addresses the following vulnerabilities: |
More permissions are now supported by deny policies. This feature is in preview.
The Salesforce Marketing Cloud plugin (version 1.3.1) is available in Cloud Data Fusion version 6.8.0 and later. The release fixed an issue in the Salesforce Marketing sink plugin causing upsert operations to fail (PLUGIN-1773).
Config Connector version 1.116.0 is now available.
An error treats merge
as invalid value in cnrm.cloud.google.com/state-into-spec
annotation in IAMPolicy
, IAMPartialPolicy
, IAMPolicyMember
, and IAMAuditConfig
resources. Upgrading Config Connector to 1.117 or newer versions can fix the issue.
This release includes enhanced support for DNSRecordSet, enabling advanced configurations such as geo-routing, primary/backup, and weighted round-robin load-balancing.
ContainerCluster
- Added
spec.nodeConfig.linuxNodeConfig.cgroupMode
field.
ContainerNodePool
- Added
spec.nodeConfig.linuxNodeConfig.cgroupMode
field.
DNSRecordSet
Added
spec.routingPolicy.geo.healthCheckedTargets
field.Added
spec.routingPolicy.primaryBackup
field.Added
spec.routingPolicy.wrr
field.
EventArcTrigger
Added
spec.destination.httpEndpoint
field.Added
spec.destination.networkConfig
field.
LoggingLogBucket
- Added
spec.enableAnalytics
field.
Web SDK 2.19 is released
For more information, see Web SDK changelog.
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Personalized Service Health.
We've made the following changes to Cloud Marketplace reports:
- A new field,
offer_title
, has been added to the Detailed disbursements report and the Customer Insights report. - The
entitlement_id
field from the Detailed disbursements report is now also available in the Customer Insights report.
GKE on VMware 1.28.400-gke.75 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.28.400-gke.75 runs on Kubernetes v1.28.7-gke.1700.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following vulnerabilities are fixed in1.28.400-gke.75:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
BigQuery Connector for SAP version v2.7
Version 2.7 of the BigQuery Connector for SAP is generally available (GA). This version extends support for using the SAP SLT add-on DMIS 2018 SP 11.
For more information, see What's new with BigQuery Connector for SAP.
Storage Transfer Service has added support for Shared Keys as an authentication method when transferring from Microsoft Azure Storage.
To use an Azure Shared Key, you must store the key value in Secret Manager. See Save your Microsoft credentials in Secret Manager for details.
April 16, 2024
BigQueryBigQuery now supports subqueries in row level access policies. This feature is now in public preview.
Client-side metrics are enabled by default in the Bigtable client library for Java versions 2.38.0 and later.
Internal passthrough Network Load Balancer now supports load-balancing for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE protocols. To handle multiple protocol traffic, you set the load balancer's forwarding rule protocol to L3_DEFAULT
and set the backend service protocol to UNSPECIFIED
.
For details, see:
This feature is available in General Availability.
Generally available: Z3 VMs, which offer the latest compute, networking, and storage innovations in one platform with a particular focus on high density, high performing Local SSD are now available on Compute Engine. For more information, see Storage-optimized machine family.
Generally available: Hyperdisk Balanced is available with M1 and M2 VMs. Hyperdisk Balanced is a good fit for a wide range of use cases such as LOB applications, and medium-tier databases that don't require the performance of Hyperdisk Extreme. For more information, see About Hyperdisk.
New Dataproc Metastore services configured with Private Service Connect can be connected from subnetworks of any region within the same VPC network.
Existing services configured with Private Service Connect do not inherit this change and continue to only support access from the VPC subnetworks that were specified during service creation.
Disaster recovery building blocks: Added DNS policies to the DR building blocks.
The Z3 machine family is generally available in Standard clusters running for GKE 1.25 and later. You can select this family by using the --machine-type
flag when creating a cluster or node pool. The following limitations apply:
- Node auto-provisioning for Z3 is supported in 1.29 and later.
- GKE Autopilot is supported in 1.29 and later.
- Z3 machines are gracefully terminated during host maintenance.
New SAP HANA certification: Hyperdisk Balanced usage with M2 machine types
For use with SAP HANA on Google Cloud, SAP has certified the usage of Hyperdisk Balanced with the M2 series of memory-optimized machine types.
For more information, see:
- Certified Compute Engine VMs for SAP HANA
- The "Hyperdisk Balanced" tab in Minimum sizes for SSD-based Persistent Disk and Hyperdisk volumes
April 15, 2024
Apigee XOn April 15, 2024, we released an updated version of Apigee (1-12-0-apigee-4).
Bug ID | Description |
---|---|
332981542 | Optimized VerifyAPI policy execution time for high count of API products. |
Binary Authorization legacy continuous validation (CV) is deprecated and will no longer be available on Google Cloud after May 1, 2025. You can instead use continuous validation with check-based platform policies. To learn how to migrate to check-based platform policies, see Legacy continuous validation deprecation and shutdown.
Cloud KMS now supports asymmetric signing and validation using ECDSA on the Curve25519 in PureEdDSA mode, which takes raw data as input instead of hashed data.
For more information on this and other algorithms supported by Cloud KMS, see Key purposes and algorithms.
The Direct VPC egress feature of Cloud Run is now supported in all regions.
cos-dev-117-18374-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.10 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Updated the Linux kernel to v6.1.85.
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
cos-113-18244-1-37
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.77 | v24.0.9 | v1.7.10 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Fixed integrity-fs dm-crypt creation flakiness.
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Runtime sysctl changes:
- Changed: fs.file-max: 812400 -> 812399
- Changed: kernel.threads-max: 63504 -> 63503
- Changed: user.max_cgroup_namespaces: 31752 -> 31751
- Changed: user.max_ipc_namespaces: 31752 -> 31751
- Changed: user.max_mnt_namespaces: 31752 -> 31751
- Changed: user.max_net_namespaces: 31752 -> 31751
- Changed: user.max_pid_namespaces: 31752 -> 31751
- Changed: user.max_time_namespaces: 31752 -> 31751
- Changed: user.max_user_namespaces: 31752 -> 31751
- Changed: user.max_uts_namespaces: 31752 -> 31751
cos-105-17412-294-66
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.13 | v470.239.06(default),v550.54.15(latest) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.
cos-109-17800-147-60
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.9 | v1.7.13 | v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
cos-101-17162-386-64
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v550.54.15(latest) |
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Disaster recovery building blocks: Added information about the soft-deletion feature in Cloud Storage.
The following labels
fields for UDM nouns are deprecated and these fields will not appear in the search results after November 29, 2024: about.labels
, intermediary.labels
, observer.labels
, principal.labels
, src.labels
, security_result.about.labels
, and target.labels
. For existing parsers, in addition to these UDM fields, the logs fields are also mapped to key and value additional.fields
UDM fields. For new parsers, the key and value settings in additional.fields
UDM fields are used instead of the deprecated labels
UDM fields. We recommend that you update the existing rules to use the key and value settings in the additional.fields
UDM fields instead of the deprecated labels
UDM fields.
The following labels
fields for UDM nouns are deprecated and these fields will not appear in the search results after November 29, 2024: about.labels
, intermediary.labels
, observer.labels
, principal.labels
, src.labels
, security_result.about.labels
, and target.labels
. For existing parsers, in addition to these UDM fields, the logs fields are also mapped to key and value additional.fields
UDM fields. For new parsers, the key and value settings in additional.fields
UDM fields are used instead of the deprecated labels
UDM fields. We recommend that you update the existing rules to use the key and value settings in the additional.fields
UDM fields instead of the deprecated labels
UDM fields.
Automatic, anonymous account deletion is now enforced for all projects that have autodelete_anonymous_users
enabled.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
This is the second preview release of the Pub/Sub client that includes OpenTelemetry Tracing.
CHANGES
- Fix leak of ackIDs in
activeSpans
map - Allow passing of context into user callback
- Align attributes for batch operation spans (publish, ack, nack, modack) with that of the main message spans
Java
Changes for google-cloud-pubsub
1.128.1 (2024-04-10)
Dependencies
Security Health Analytics use of security marks for asset allowlists deprecated
Starting April 15, 2025, Security Health Analytics will no longer use security marks to allowlist assets for Security Health Analytics detectors.
After that date, you can still apply security marks to assets, but they will no longer affect the way that Security Health Analytics processes assets.
For more information about security marks for assets, see Add assets to allowlists.
Historical snapshots to be disabled in Security Command Center API
Starting July 15, 2024, Security Command Center will discontinue historical snapshot capabilities in the Security Command Center API, which were used to query for findings at a particular point in time. Specifically, readTime
and compareDuration
will be removed from list
and group
API calls for findings. Also, start_time
will be removed from SetFindingState
, SetFindingWorkflowState
and UpdateSecurityMarks
.
For more information about the Security Command Center API, see Overview.
Data retention period to be reduced for Standard tier findings
For existing Standard tier users, on July 14, 2024, the data retention period for findings will be reduced from 13 months to 35 days. For new users activating the Standard tier after April 15, 2024, the data retention period for findings is 35 days.
The retention period for findings in the Premium tier and Enterprise tier remains 13 months.
For more information, see Data retention.
Persistent resource for Vertex AI custom training is generally available (GA).
Vertex AI Feature Store
The following features of Vertex AI Feature Store are now generally available (GA):
Optimized online serving: Serve features at ultra-low latencies. For more information, see Optimized online serving.
Search using embeddings: Perform vector similarity searches to retrieve semantically similar or related features for real-time serving. You can search using embeddings if your online store is configured to support embeddings. For more information, see Search using embeddings.
Feature view sync: Refresh or synchronize the feature data in a feature view within an online store from the feature data source in BigQuery. For more information, see Sync feature data to online store.
April 12, 2024
AlloyDB for PostgreSQLAlloyDB Omni version 15.5.2 is now available. This version fixes the issue causing AlloyDB Omni running in Kubernetes to run out of memory and crash under some heavy workloads. To apply this fix to a database cluster running in Kubernetes, update its DBCluster
manifest definition so that its databaseVersion
value is "15.5.2"
.
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Vertex AI online predictions.
Deploying the enterprise application blueprint: Added information about using a single Git repository (a monorepo) instead of a separate repository for each application.
GPUDirect-TCPX is now supported on GKE version 1.27 and later and requires the following patch versions:
- For GKE version 1.27, use GKE patch version 1.27.7-gke.1121000 or later.
- For GKE version 1.28, use GKE patch version 1.28.8-gke.1095000 or later.
- For GKE version 1.29, use GKE patch version 1.29.3-gke.1093000 or later.
To use GPUDirect-TCPX, see Maximize GPU network bandwidth with GPUDirect-TCPX and multi-networking.
Release 6.2.53 is now in General Availability.
Remote Agent Release 1.5.0 is now in General Availability.
April 11, 2024
BigtableBigtable now integrates with LangChain, an LLM orchestration framework. For more information, see Build LLM-powered applications using LangChain. This feature is available in Preview.
Starting from June 15, 2024 it will not be possible to create Cloud Composer 1 environments in Google Cloud console. It will still be possible to create Cloud Composer 1 environments through Google Cloud SDK, Terraform, and API in allowlisted projects.
Anthropic Claude 3.0 Opus model
The Anthropic Claude 3.0 Opus model is available in Preview. The Claude 3.0 Opus model is an Anthropic partner model that you can use with Vertex AI. It's the most capable of the Anthropic models at performing complex tasks quickly. To learn more, see its model card in Model Garden.
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Vertex AI batch predictions.
If you've turned on Marketplace reports in Producer Portal, you now receive proactive email notifications from Google when reports are delayed, have inaccurate data, or have been regenerated. For steps to set up reports and receive these notifications, see Set up to receive reports.
Release 6.2.54 is currently in Preview.
In Release 6.2.45 the option to manually enter General placeholders was added. The General Placeholders section has now been added to the platform.
Error when adding or removing a tag on a closed case (ID #50195120)
Unable to import dynamic parameters (ID #00262571)
Playbooks re-running during platform update (ID 00282275)
Playbook block input can't be used to select dynamic instance (ID #00276416)
Refreshing dashboard changes displayed data (ID #49716319)
Playbooks not saving correctly (ID #49142793)
When logging in via SAML it doesn't show up in the SOAR Audit logs.
If you use Pub/Sub metrics as a signal to autoscale your pipeline, refer to Best practices for using Pub/Sub metrics as a scaling signal.
April 10, 2024
Google Kubernetes EngineThe N4 machine family is generally available in GKE Standard clusters running on GKE 1.29 and later. You can select this family by using the --machine-type
flag when creating a cluster or node pool. The following limitations apply:
- Confidential GKE nodes is not supported.
- Local SSD is not supported.
hyperdisk-balanced
is the only supported boot disk type.
Looker 24.6 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Wednesday, April 17, 2024
Expected Looker (original) final deployment and download available: Tuesday, April 30, 2024
Expected Looker (Google Cloud core) deployment start: Monday, April 15, 2024
Expected Looker (Google Cloud core) final deployment: Monday, April 22, 2024
The Embedded Looker Studio feature is now available to preview. This feature lets you view and edit Looker Studio reports in Looker and create ad hoc analyses in embedded Looker Studio reports with the Open in Reports feature on Looker Explores.
To participate in this closed experiment, you must meet the following requirements:
Your Looker instance must be running on Looker 24.6 or later.
Your Looker instance must be using Google OAuth authentication.
You must have a Looker Studio Pro license for each user who accesses embedded Looker Studio.
You must submit the sign-up form for the closed experiment.
More information for using the Embedded Looker Studio feature is coming soon.
The Allow Legacy Maps legacy feature is now disabled by default. When the Allow Legacy Maps legacy feature is disabled, any map visualization that uses the Map (Legacy) chart type will be converted to use the Google Maps chart type. This may be a breaking change for some customers who are still using Legacy Maps.
Open SQL Interface now supports parameters and filter-only fields.
As part of a Looker Studio Pro subscription, Looker Studio Pro licenses are available at no cost to Looker users. Looker admins of Looker (original) instances and Looker (Google Cloud core) instances can accept these complimentary licenses and finish setting up a Looker Studio Pro subscription to get started using Looker Studio.
The Performant Field Picker is now generally available. Search modifiers in the Field Picker can no longer be used.
An issue that caused user attribute filter values to fail to load in some situations has been fixed. This feature now performs as expected.
The json_bi
and json_detail_lite_stream
query result formats did not respect the apply_formatting
parameter in certain cases. This feature now performs as expected.
Previously, fields with full_suggestions
would not show suggestions while interacting with the filter. This feature now performs as expected.
An issue has been fixed where the fiscal year was not rendering correctly in some Excel downloads. This feature now performs as expected.
A more descriptive error message is now returned when a user tries to delete a project using the API while not in dev mode.
An issue has been fixed where some projects were empty when a user first entered dev mode. This feature now performs as expected.
Previously, an issue would cause Looker to incorrectly generate derived table SQL if a derived table referenced a view that referenced another derived table that was using the SQL_TABLE_NAME
syntax. This feature now performs as expected.
When New LookML Runtime is enabled, the LookML Validator will now include more descriptive error information when an aliased derived table's definition references an unqualified field name in Liquid.
Previously, comparison text on single value visualization dashboard tiles could be cut off when the tile was a specific height. This feature now performs as expected.
Performance for PDT stable view publishing has been improved.
An issue was causing the LookML Validator to incorrectly mark some fields as duplicates. This feature now performs as expected.
Previously, an unclear error message was returned when you selected a measure in an aggregate query using the SQL interface. The language of this error message has been clarified.
An intermittent issue was rendering a blank page when content was added to a board. This feature now performs as expected.
An issue was causing QR codes for mobile app authentication to be improperly generated. This feature now performs as expected.
April 09, 2024
AlloyDB for PostgreSQLThe following Gemini in Databases features are now available in Public Preview:
- Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
- AlloyDB Studio (GA): lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- Monitor active queries: monitor and troubleshoot the queries that are active in your database.
- Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
- Enhanced Query Insights: an assistive query performance diagnostics platform that lets you detect, troubleshoot, and prevent database and query performance problems in near real-time.
- 4-week query metric retention in the Query Insights dashboard.
- 5 new database insight recommendations.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
AlloyDB Omni version 15.5.1 has the following AlloyDB AI features available in Preview:
- Model endpoint management lets you maintain a per-project registry of AI model endpoints from a variety of sources and providers.
- The
postgres_ann
extension provides a configurable and highly efficient nearest-neighbor index powered by the ScaNN algorithm. - You can query your database using natural language. This Technology Preview includes parameterized secure views, which let you narrowly define the scope of data that natural-language queries have access to.
BigQuery ML now offers the following expanded embedding support features in preview:
- Using the
ML.GENERATE_EMBEDDING
function with a remote model based on a Vertex AImultimodalembedding
large language model (LLM) to create multimodal embeddings, which embed text and images into the same semantic space. - Using the
ML.GENERATE_EMBEDDING
function with a principal component analysis (PCA) model or autoencoder model to create embeddings for structured independent and identically distributed random variables (IID) data. - Using the
ML.GENERATE_EMBEDDING
function with a matrix factorization model to create embeddings for user or item data.
Try the new multimodal embedding functionality:
You can now create a data canvas in BigQuery Studio. A data canvas lets you discover, transform, query, and visualize data using natural language. It provides a graphic interface for your analysis that lets you work with data sources, queries, and visualizations in a directed acyclic graph (DAG), giving you a graphical view of your analysis workflow that maps to your mental model. You can iterate on query results and work with multiple branches of inquiry in a single place. This feature is in preview and access can be requested here.
The following Gemini in BigQuery features are now available in Public Preview:
- Data insights: an automated and intuitive way to explore and understand your data.
- Data canvas: a graphic interface that lets you discover, transform, query, and visualize data using natural language.
- SQL and Python code assistance: Gemini-assisted code generation, completion, and explanation.
- Materialized views, partitioning, and clustering recommendations: recommendations to reduce cost and improve performance.
- Autotune and troubleshoot serverless Spark: optimize and explain Spark workloads.
To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.
Bigtable Data Boost, a serverless compute service designed for high-throughput read jobs and queries, is available in Preview.
You can now build distributed counters with Bigtable with write-time aggregates. This feature is available in Preview.
You can control access to data in your Bigtable tables with authorized views. This feature is generally available (GA).
Bigtable app profiles let you configure request priorities to prioritize certain workload data requests over others. This feature is now generally available (GA).
Bigtable now lets you increase the retention period in the garbage collection policy for a column family in a replicated table. For more information, see Changing age-based garbage collection policies.
Database Migration Service support for code conversion with Gemini assistance is now available in preview. For more information, see:
Database Migration service support for homogeneous SQL Server migrations to Cloud SQL for SQL Server is now available in preview. For more information, see Database Migration Service for SQL Server.
Database Migration Service support for Oracle to AlloyDB for PostgreSQL migrations is now generally available. For more information, see Database Migration Service for Oracle to AlloyDB for PostgreSQL.
Database Migration Service conversion workspaces for heterogeneous migrations are now generally available (GA). For more information, see:
The following Gemini in Databases features are now available in Public Preview:
- Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
- Cloud SQL Studio: lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- Monitor active queries: monitor and troubleshoot the queries that are active in your database.
- Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
- 4-week query metric retention in the Query Insights dashboard.
- 17 new database insight recommendations.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
Cloud SQL for MySQL now supports the storage of vector embeddings in MySQL 8.0.36 and later databases. To use this feature, update your instance to MySQL 8.0.36.R20240401.03_00
or later.
After you store vector embeddings in your database, you can then perform K-nearest neighbor (KNN) searches on the dataset along with the rest of your data. Cloud SQL for MySQL also supports the creation of vector search indexes for several different index types using approximate nearest neighbor (ANN) search.
For more information, see Working with vector embeddings using Cloud SQL for MySQL. This feature is in Preview.
The following Gemini in Databases features are now available in Public Preview:
- Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
- Cloud SQL Studio: lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- Monitor active queries: monitor and troubleshoot the queries that are active in your database.
- Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
- 4-week query metric retention in the Query Insights dashboard.
- 15 new database insight recommendations.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
The following Gemini in Databases features are now available in Public Preview:
- Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
- Cloud SQL Studio: lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- 9 new database insight recommendations.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
Generally available: N4 VMs are generally available on the Intel Emerald Rapids CPU with 640 GB DDR5 memory. The N4 machine series offers predefined and custom machine types with extended memory and Hyperdisk Balanced storage.
N4 VMs are available in limited regions and zones.
See VM pricing for cost details.
Generally available: You can plan ahead for VM maintenance on M1, M2, and M3 machine types by viewing their maintenance schedule notifications. For specific machine types within these families, you can also trigger VM maintenance ahead of schedule.
Dataproc Serverless for Spark: The preview release of Advanced troubleshooting, including Gemini-assisted troubleshooting, is now available for Spark workloads submitted with the following or later-released runtime versions:
- 1.1.55
- 1.2.0-RC1
- 2.0.63
- 2.1.42
- 2.2.0-RC15
Dataproc Serverless for Spark: Announcing the preview release of Autotuning Spark workloads.
New Imagen on Vertex AI image generation model and features
The 006 version of the Imagen 2 image generation model (imagegeneration@006
) is now available. This model offers the following additional features:
- Additional aspect ratios (1:1, 3:4, 4:3, 9:16, 16:9)
- Digital watermark (SynthID) enabled by default
- Watermark verification*
- New user-configurable safety features (safety setting, person/face setting)
For more information, see Model versions and Generate images using text prompts.
* The seed
field can't be used while digital watermark is enabled.
New Imagen on Vertex AI image editing model and features
The 006 version of the Imagen 2 image editing model (imagegeneration@006
) is now available. This model offers the following additional features:
- Inpainting - Add or remove content from a masked area of an image
- Outpainting - Expand a masked area of an image
- Product image editing - Identify and maintain a primary product while changing the background or product position
For more information, see Model versions.
Change in Imagen image generation version 006 (imagegeneration@006
) seed
field behavior
For the new Imagen image generation model version 006 (imagegeneration@006
) the seed
field behavior has changed. For the v.006 model a digital watermark is enabled by default for image generation. To be able to use a seed
value to get deterministic output you must disable digital watermark generation by setting the following parameter
: "addWatermark": false
.
For more information, see the Imagen for image generation and editing API reference.
CodeGemma model
The CodeGemma model is available. CodeGemma is a lightweight open model that's part of the Google Gemma model family. CodeGemma is the Gemma model family's code generation and code completion offering. Gemma models are based on Gemini models and intended to be extended by customers.
Grounding Gemini and Grounding with Google Search
The Gemini API now supports Grounding with Google Search in Preview. Currently available for Gemini 1.0 Pro models.
Regional APIs
- Regional APIs are available in 11 new countries for Gemini, Imagen, and embeddings.
- US and EU have machine-learning processing boundaries for the
gemini-1.0-pro-001
,gemini-1.0-pro-002
,gemini-1.0-pro-vision-001
, andimagegeneration@005
models.
Generative AI on Vertex AI security control update
Security controls are available for the online prediction feature for Gemini 1.0 Pro and Gemini 1.0 Pro Vision.
Gemini 1.5 Pro (Preview)
Gemini 1.5 Pro (gemini-1.5-pro-preview-0409
) is available in Preview. Gemini 1.5 Pro is a multimodal model that analyzes text, code, audio, PDF, video, and video with audio.
New text embedding models
The following text embedding models are now in Preview.
text-embedding-preview-0409
text-multilingual-embedding-preview-0409
When evaluated using the MTEB benchmarks, these models produce better embeddings compared to previous versions. The new models also offer dynamic embedding sizes, which you can use to output smaller embedding dimensions, with minor performance loss, to save on computing and storage costs.
For details on how to use these models, refer to the public documentation and try out our Colab.
System instructions
System instructions are supported in Preview by the Gemini 1.0 Pro (stable version gemini-1.0-pro-002
only) and Gemini 1.5 Pro (Preview) multimodal models. Use system instructions to guide model behavior based on your specific needs and use cases. For more information, see System instructions examples.
Supervised Tuning for Gemini
Supervised tuning is available for the gemini-1.0-pro-002 model
.
Online Evaluation Service
Generative AI evaluation supports online evaluation in addition to pipeline evaluation. The list of supported evaluation metrics has also expanded. See API reference and SDK reference.
Generative AI Knowledge Base
The Jump Start Solution: Generative AI Knowledge Base demonstrates how to build a simple chatbot with business- and domain-specific knowledge.
Text translation
Translate text in Vertex AI Studio is available in Preview.
Gemini 1.0 Pro stable version 002
The 002 version of the Gemini 1.0 Pro multimodal model (gemini-1.0-pro-002
) is available. For more information about stable versions of Gemini models, see Gemini model versions and lifecycle.
Vertex AI Studio features and updates
- The Vertex AI Studio supports side-by-side comparison to allow users to compare up to 3 prompts in a side-by-side view.
- The Vertex AI Studio supports rapid evaluation in console and the ability to upload a ground truth response (or a model response to try to emulate).
To learn more, see Try your prompts in Vertex AI Studio
GitLab on Google Cloud is in Preview. The integration enables customers to deploy source from GitLab to Google Cloud run-time environments. The integration simplifies authentication and authorization to Google for GitLab piplines, and uses GitLab and Google CI/CD components. To get started, try the GitLab end-to-end tutorial.
GKE on VMware 1.16.7-gke.46 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.16.7-gke.46 runs on Kubernetes v1.27.10-gke.500.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following issues are fixed in 1.16.7-gke.46.
- Fixed the
known issue
where the
controlPlaneNodePort
field defaults to 30968 when themanualLB
spec is empty.
The following vulnerabilities are fixed in 1.16.7-gke.46:
High-severity container vulnerabilities:
Ubuntu vulnerabilities:
Container-optimized OS vulnerabilities:
Cloud Tensor Processing Units (TPUs) are now available in GKE Autopilot clusters running version 1.29.2-gke.1521000 or later. To learn more, visit Deploy TPU workloads on GKE Autopilot.
Flow Analyzer is now available in Preview.
Flow Analyzer lets you quickly and efficiently understand your VPC traffic flows without the need to write complex SQL queries for analyzing VPC Flow Logs.
The following Gemini in Databases features are now available in Public Preview:
- Spanner Studio (GA): lets users interact with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
- Spanner now supports the use of Gemini models with GoogleSQL and PostgreSQL machine learning prediction functions.
To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.
Spanner now supports the ML_PREDICT_ROW()
function for PostgreSQL. You can use this function to generate predictions using SQL. To learn more about this function and how to use it, see Using Spanner Vertex AI integration functions.
You can now generate ML predictions using the Spanner emulator with GoogleSQL and PostgreSQL.
Spanner GoogleSQL now supports SAFE.ML.PREDICT()
, which allows you to return a null
instead of an error in your predictions.
You can generate and backfill vector embeddings for textual data (STRING
or JSON
) stored in Spanner using GoogleSQL partitioned DML and the Vertex AI textembedding-gecko
model. For more information, see Generate vector embeddings for textual data in bulk using partitioned DML.
Spanner now supports several new PostgreSQL JSONB
functions:
spanner.jsonb_query_array()
jsonb_build_array()
jsonb_build_object()
The PostgreSQL CONCAT()
function also supports more than 4 arguments.
For more information, see Supported PostgreSQL functions.
Spanner has extended the array data type with the VECTOR LENGTH
parameter (in Preview). This optional parameter sets an array to a fixed size for use in a vector search. For more information, see the PostgreSQL array
data type or the GoogleSQL array
data type.
Spanner now supports the dot_product()
function (in Preview). For more information, see Choose among vector distance functions to measure vector embeddings similarity.`
Spanner now supports the float32
(GoogleSQL) and float4/real
(PostgreSQL) data type (in Preview).
Spanner now supports the use of Gemini models with GoogleSQL and PostgreSQL machine learning prediction functions (in Preview).
Spanner now supports using LangChain with the vector store, document loader, and chat message history objects. For more information, see Build LLM-powered applications using LangChain.
Vertex AI Search: Document chunking support for more search types (Public preview)
When document chunking is turned on for an unstructured data store, search summaries and search with follow-ups are supported in Public preview.
For information, see Chunk documents for RAG.
Vertex AI Search: Document ranking API (Public preview)
The ranking API takes a list of documents and reranks those documents based on how relevant the documents are to a query. This is a stateless API that does not require you to index documents in advance.
For more information, see Rank and rerank documents.
Vertex AI Search: Check grounding (Public preview)
The check grounding API is available as a Public preview feature.
The check grounding API determines how grounded a piece of text is in a given set of facts. Perfect grounding requires that every statement in the text can be attributed to one or more of the given facts. The API returns support scores and citations.
Additionally, as an experimental feature, the API also generates contradicting citations that show which facts contradict the text and how strongly.
For more information, see Check grounding and the check
API.
Vertex AI Search: Answers with summaries and follow-ups (Public preview)
The answer API improves on the search with summary and search with follow-ups features. For example, it better handles complex queries, can do multi-step retrieval, and provides customization of answer styles.
The answer API is supported in Public preview.
For more information, see Get answers and follow-ups.
Vertex AI Search: FHIR data streaming ingestion (Private preview)
Select the import frequency for your healthcare FHIR data. You can either perform a one-time batch import or set up a streaming import. Streaming import is available as a Private preview feature.
For more information, see Create a healthcare search data store.
Vertex AI Search: Autocomplete support for healthcare search (Public preview)
Autocomplete is available as a Public preview feature for healthcare data search. The autocomplete configuration uses a canonical medical data source to generate autocomplete suggestions for healthcare data stores.
For more information, see Configure autocomplete.
Vertex AI Search: Connect Google Drive to Vertex AI Search (GA)
Syncing Google Drive data to Vertex AI Search is available in GA. For more information about creating a Google Drive data store, see Sync from Google Drive.
Vertex AI Search: Connect multiple search apps to the same data store (GA)
Connecting more than one generic search app to a single data store is supported in GA. With this capability, you can create multiple apps that search across the same data without having to ingest that data multiple times.
Vertex AI Search: Blended search (GA)
Blended search, where you can search across multiple data stores using a single search app, is available in GA. For more information about blended search, see About connecting multiple data stores.
Vertex AI Search: Connect Spanner, Cloud SQL, Firestore, and Bigtable to Vertex AI Search (Public preview)
Importing data from Spanner, Cloud SQL, Firestore, and Bigtable to Vertex AI Search is available in Public preview. For more information about creating a Google Drive data store, see Create a search data store.
Vertex AI Search: Media search (GA)
Vertex AI Search for media is Generally available (GA).
You can create media search apps on media data stores. You can connect the media search app to an existing media data store or create a new one. You can also use document metadata to filter search queries of your media content.
Vertex AI Search: Additional languages supported for media search
Vertex AI Search for media is supported in nine languages: Arabic, English, French, German, Hindi, Korean, Japanese, Portuguese, and Spanish.
For more information, see Languages.
Vertex AI Search: Search-as-you-type for media apps (GA)
The search-as-you-type feature is Generally available (GA) for media search apps.
Search results are returned after each character instead of after the full query is entered. Search-as-you-type is ideal for search apps with awkward input devices such as television remotes. You can enable search-as-you-type through the widget UI as well as through the API.
For more information, see Get search-as-you-type results for a media app.
April 08, 2024
AlloyDB for PostgreSQLYou can preview a simplified installation method for AlloyDB Omni. This lets you install and run AlloyDB Omni on your environment using portable open-source tools, such as the docker
command-line interface.
AlloyDB Omni version 15.5.1 is now available. This version includes the following features and changes:
The AlloyDB Omni Kubernetes Operator version 1.0.0 is Generally Available (GA). The operator includes the following new features:
- Backups now support point-in-time recovery (PITR).
- You can create asynchronous read pool instances.
- High availability (HA) database clusters can have more than one standby replica
- HA database clusters don't require any change in connection parameters when failing over.
- You can use an HA standby replica as a read-only instance.
- You can enable and configure logical replication.
- You can set up physical replication between a primary and secondary database cluster running on two separate Kubernetes clusters.
- You can restrict AlloyDB Omni pods to run on specific nodes in your Kubernetes cluster.
- A number of database and system metrics are available.
The
pg_squeeze
extension version 1.0 is included.Various bug fixes and performance improvements.
The following issue was fixed on April 12, 2024.
Some heavy workloads might cause AlloyDB Omni running in Kubernetes to run out of memory and crash.
To mitigate this issue, make sure that transparent huge pages are enabled on your Kubernetes nodes:
- Follow the instructions on Configuring Transparent Huge Pages.
On every node that you enable transparent huge pages on, run the following command:
echo within_size > /sys/kernel/mm/transparent_hugepage/shmem_enabled
You can now enable Chrome Security Insights to monitor insider risk and data loss with enhanced monitoring for Chrome activity if you have Chrome Enterprise Core and Workspace Enterprise Standard or Workspace Enterprise Plus with assigned licenses. For more information, see Monitoring for insider risk and data loss.
BigQuery Studio is generally available (GA).
BigQuery Studio lets you save, share, and manage versions of code assets such as notebooks and saved queries.
BigQuery DataFrames is generally available (GA).
BigQuery DataFrames is a set of open source Python libraries that implements the pandas
and scikit-learn
APIs with server-side processing. To get started, you can try BigQuery DataFrames.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigquery
3.20.1 (2024-04-01)
Bug Fixes
The BigQuery materialized view recommender analyzes your past query jobs to identify opportunities to apply materialized views to your queries for potential cost savings. You can view all available materialized view recommendations through the BigQuery UI or Recommender API. This feature is in preview.
Cloud NGFW Enterprise, including the intrusion prevention service, is available in General Availability. Use intrusion prevention service to safeguard your workload traffic from threats such as malware, spyware, and command-and-control attacks.
Starting April 9, 2024, you will be charged for the Cloud NGFW Enterprise feature—intrusion prevention service. For more information about billing, see Cloud NGFW pricing.
Cloud Firewall in Google Cloud is now Cloud Next Generation Firewall (NGFW). For more information, see Cloud NGFW.
Application Load Balancers now support Certificate Manager allowlisted certificates. For more information, see Mutual TLS authentication.
This capability is in General Availability.
Hybrid NAT is now available in Preview.
Cloud SQL Enterprise Plus edition primary instances with high availability (HA) now require less than one second of downtime for planned maintenance.
Cloud SQL Enterprise Plus edition primary instances with high availability (HA) now require less than one second of downtime for planned maintenance.
Code Transformations for Gemini Code Assist are now available for Public Preview. You can now use an inline text box directly in your code file to do the following:
- Generate comment lines to document your code.
- Troubleshoot code with issues.
- Improve code readability.
- Make code more efficient.
You can also view context sources of a generated response in the Gemini: Chat pane.
For more information, see Code with Gemini Code Assist.
Code Transformations for Gemini Code Assist are now available for Public Preview. You can now use an inline text box directly in your code file to do the following:
- Generate comment lines to document your code.
- Troubleshoot code with issues.
- Improve code readability.
- Make code more efficient.
You can also view context sources of a generated response in the Gemini: Chat pane.
For more information, see Code with Gemini Code Assist.
Pricing change: On January 26, 2024, Red Hat announced a price model update on RHEL and RHEL for SAP for all Cloud providers that scales image subscription costs according to vCPU count. The new pricing model will be reflected on Compute Engine starting July 1, 2024.
For the pricing changes, see Premium images. To learn about your options to optimize subscription costs, see the Red Hat Enterprise Linux pricing FAQs.
On January 26, 2024, Red Hat announced a price model update on RHEL and RHEL for SAP for all Cloud providers that scales image subscription costs according to vCPU count. As a result, starting July 1, 2024, any active commitments for RHEL and RHEL for SAP licenses will be canceled and will not be charged for the remainder of the commitment's term duration.
Google Cloud has notified and will issue adjustments to affected customers.
Firestore now supports the following additional locations:
africa-south1
Johannesburgeurope-north1
Finlandeurope-southwest1
Madrideurope-west10
Berlineurope-west12
Turineurope-west8
Milansouthamerica-west1
Santiagous-central1
Iowaus-east5
Columbus
For a full list of supported locations, see Locations.
Firestore in Datastore mode now supports the following additional locations:
africa-south1
Johannesburgeurope-north1
Finlandeurope-southwest1
Madrideurope-west10
Berlineurope-west12
Turineurope-west8
Milansouthamerica-west1
Santiagous-central1
Iowaus-east5
Columbus
For a full list of supported locations, see Locations.
Deploy an enterprise developer platform on Google Cloud: Consolidated the eab-fleet-(env)
project into the eab-gke-(env)
project in each environment.
Release 1.28.400-gke.77
GKE on Bare Metal 1.28.400-gke.77 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.400-gke.77 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Functionality changes:
- Updated preflight checks to add a check for networking kernel modules.
- Updated preflight checks to remove the check for
iptables
package availability.
Fixes:
- Fixed a cluster upgrade issue where the
lifecycle-controller-deployer
Pod was unable to migrate existing GKE on Bare Metal resources to the latest API version. This issue blocked upgrades to earlier version 1.28 releases.
Fixes:
The following container image security vulnerabilities have been fixed in 1.28.400-gke.77:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
Release 1.16.7
GKE on Bare Metal 1.16.7 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.7 runs on Kubernetes 1.27.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Fixes:
- Fixed an issue with configuring a proxy for your cluster that required you to manually set
HTTPS_PROXY
andNO_PROXY
environment variables on the admin workstation.
The following container image security vulnerabilities have been fixed in 1.16.7:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
(2024-R09) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following cluster and node versions are now available:
Stable channel
- There are no new releases in the Stable release channel.
Regular channel
- There are no new releases in the Regular release channel.
Rapid channel
- The following versions are now available in the Rapid channel:
(2024-R09) Version updates
- The following cluster and node versions are now available:
(2024-R09) Version updates
- There are no new releases in the Stable release channel.
(2024-R09) Version updates
- There are no new releases in the Regular release channel.
(2024-R09) Version updates
- The following versions are now available in the Rapid channel:
Vector search capabilities are now Generally Available on Memorystore for Redis.
You can now ingest streaming data from Amazon Kinesis Data Streams into Pub/Sub by using an import topic. For more information about import topics, including required roles and permissions and how to create an import topic, see Create an import topic. The change is being rolled out in a phased manner over the rest of the week.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-pubsub
1.128.0 (2024-04-03)
Features
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.38.2 (#1965) (ec3b386)
- Update dependency com.google.cloud:google-cloud-storage to v2.36.1 (#1968) (524109c)
- Update dependency com.google.protobuf:protobuf-java-util to v4.26.1 (#1972) (53c1120)
Documentation
Python
Changes for google-cloud-pubsub
2.21.1 (2024-04-04)
Bug Fixes
You can now add a time to live (TTL)-based deletes filter to your Spanner change streams using the exclude_ttl_deletes
option.
You can now add a table modification type filter to your Spanner change streams to exclude INSERT
, UPDATE
, or DELETE
table modifications.
Spanner change streams now support a new value capture type called NEW_ROW_AND_OLD_VALUES
. This new type captures all new values for both modified and unmodified columns, and old values for modified columns.
April 05, 2024
Advisory NotificationsAdvisory Notifications for users using Google Cloud without an organization is now in General Availability. Advisory Notifications now lets users opt in to or out of optional notification types.
The following extensions are added to the extensions supported by AlloyDB.
autoinc
insert_username
moddatetime
pg_background
pg_squeeze
tcn
The extension pgvector
is updated to version 0.6.0.
You can now use BigLake to access Delta Lake tables. For more information, see Create Delta Lake BigLake tables. This feature is available in preview.
The Cloud Billing FinOps hub is now Generally Available
Use the FinOps hub to monitor and share your current savings, explore recommended opportunities to optimize costs, and plan your optimization goals. The FinOps hub dashboard generates recommendations based on historical usage, including recent usage and current commitments, and helps you gauge how well you're using Google Cloud tools to monitor and save costs.
Database Migration Service now supports physical backup files created by using the Percona XtraBackup utility for homogeneous MySQL to Cloud SQL for MySQL migrations. For more information, see Migrate your databases by using a Percona XtraBackup physical file.
Custom constraints for Cloud Storage are now available. You can use custom constraints to enforce policies on Cloud Storage resources, such as a policy that enforces all buckets to have Object Versioning enabled.
You can now use Quality AI as a preview feature within the Insights console to evaluate contact center conversations and agent performance more efficiently. See the Overview and Basics pages for more details.
The following Dataflow templates are generally available (GA):
Support for Customer-managed encryption keys (CMEK). This feature is in Preview.
Support for Customer-managed encryption keys (CMEK). This feature is in Preview.
(New guide) Use Google Cloud Armor, load balancing, and Cloud CDN to deploy programmable global front ends: Provides an architecture that uses a global front end incorporating Google Cloud best practices to help scale, secure, and accelerate the delivery of internet-facing applications.
GPU NVIDIA Multi-Process Service (MPS) is available in version 1.27.7-gke.1088000 and later, which allows multiple workloads to share a single NVIDIA GPU hardware accelerator with NVIDIA MPS.
Added support for new node types, including smaller and larger nodes. For more details, see Cluster and node specification.
Added support for AOF and RDB persistence (Preview). For more details, see Persistence overview.
Added support for instance configurations (Preview). For more details, see Supported instance configurations.
SAP BTP edition of the ABAP SDK for Google Cloud
Version 1.0 of the SAP BTP edition of ABAP SDK for Google Cloud is generally available (GA). With the BTP edition of the SDK, developers can create innovative solutions using Google Cloud APIs in their SAP BTP, ABAP environment.
For more information, see: