Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

May 31, 2024

BigQuery

You can now use IAM conditions to control access to BigQuery resources. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the Analyze IAM Policies APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Cloud Config Manager API
    • config.googleapis.com/Deployment
  • Cloud Monitoring
    • monitoring.googleapis.com/NotificationChannel
    • monitoring.googleapis.com/Snooze
Cloud SQL for SQL Server

Cloud SQL for SQL Server now supports storage of point-in-time recovery (PITR) transaction logs in Cloud Storage.

Compute Engine

Creating a larger (>90 vCPUs) C3D standard-lssd or highmem-lssd VM results in an error message. See Known issues for the workaround. Larger C3D VMs that don't require -lssd are not impacted.

Dataflow

You can now use Metrics Explorer to find individual DoFns that cause latencies in streaming jobs. These metrics are available in streaming pipelines that use Apache Beam 2.53.0 and later versions. The following new metrics are available:

  • Average message processing time per DoFn (job/dofn_latency_average)
  • Maximum message processing time per DoFn (job/dofn_latency_max)
  • Minimum message processing time per DoFn (job/dofn_latency_min)
  • Number of messages processed per DoFn (job/dofn_latency_num_messages)
  • Oldest active message processing time per DoFn (job/oldest_active_message_age)
  • Total message processing time per DoFn (job/dofn_latency_total)

For more information about Dataflow metrics, see Google Cloud metrics.

Generative AI on Vertex AI

Generative AI on Vertex AI Regional APIs

New Generative AI on Vertex AI regional APIs are available in three additional locations.

Anthropic Claude 3.0 Opus model

The Anthropic Claude 3.0 Opus model is Generally Available. To learn more, see its model card in Model Garden.

Spanner

Spanner now supports the protocol buffer data type in GoogleSQL. For more information, see Work with protocol buffers in GoogleSQL.

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.61.0 (2024-04-30)

Features
  • spanner/admin/instance: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity... (#9693) (aa93790)
  • spanner/executor: Add SessionPoolOptions, SpannerOptions protos in executor protos (2cdc40a)
  • spanner: Add support for change streams transaction exclusion option (#9779) (979ce94)
  • spanner: Support MultiEndpoint (#9565) (0ac0d26)
Bug Fixes
  • spanner/test/opentelemetry/test: Bump x/net to v0.24.0 (ba31ed5)
  • spanner: Bump x/net to v0.24.0 (ba31ed5)
  • spanner: Fix uint8 conversion (9221c7f)

1.62.0 (2024-05-15)

Features
  • spanner/admin/database: Add support for multi region encryption config (3e25053)
  • spanner/executor: Add QueryCancellationAction message in executor protos (292e812)
  • spanner: Add RESOURCE_EXHAUSTED to the list of retryable error codes (1d757c6)
  • spanner: Add support for Proto Columns (#9315) (3ffbbbe)
Bug Fixes

1.63.0 (2024-05-24)

Features

Java

Changes for google-cloud-spanner

6.65.1 (2024-04-30)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.43.0 (#3066) (97b0a93)
Documentation

6.66.0 (2024-05-03)

Features
  • Allow DDL with autocommit=false (#3057) (22833ac)
  • Include stack trace of checked out sessions in exception (#3092) (ba6a0f6)
Bug Fixes
  • Multiplexed session metrics were not included in refactor move (#3088) (f3589c4)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#3082) (ddfc98e)

6.67.0 (2024-05-22)

Features
  • Add tracing for batchUpdate, executeUpdate, and connections (#3097) (45cdcfc)
Performance Improvements
  • Minor optimizations to the standard query path (#3101) (ec820a1)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.44.0 (#3099) (da44e93)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#3116) (d205a73) (d205a73)

Python

Changes for google-cloud-spanner

3.46.0 (2024-05-02)

Features
  • spanner: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (293ecda)
Documentation
Vertex AI

Model Monitoring v2 is in Preview, which centralizes model monitoring configuration and visualization on a model version and enables monitoring models being served outside of Vertex AI. For more information, see Vertex AI Model Monitoring overview.

Vertex AI Agent Builder

Vertex AI Search: Document ranking API (GA)

The ranking API takes a list of documents and reranks those documents based on how relevant the documents are to a query. This is a stateless API that does not require you to index documents in advance.

The ranking API is Generally available (GA).

For more information, see Rank and rerank documents.

Workflows

May 30, 2024

Anthos Config Management

Upgraded bundled Helm version from v3.14.3 to v3.14.4 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

Upgraded the Open Telemetry image from v0.91.0-gke.9 to v0.99.0-gke.1 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.

Fixed an issue where Config Sync installation would fail when using a private registry with a specified port in the image URL.

BigQuery

You can now define a _CHANGE_SEQUENCE_NUMBER for BigQuery change data capture (CDC) to manage streaming UPSERT ordering for BigQuery. This feature is in preview.

Contact Center AI Platform

Web SDK 2.2 is released

For more information, see Web SDK changelog.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.63
  • 1.2.7
  • 2.0.71
  • 2.1.50
  • 2.2.7

Dataproc Serverless for Spark: Subminor version 2.1.50 is the last release of runtime version 2.1, which will no longer be supported and will not receive new releases.

Dataproc Serverless for Spark: Removed Spark data lineage support for runtime version 1.2.

Dataproc Serverless for Spark: Enabled Spark checkpoint (spark.checkpoint.compress) and RDD (spark.rdd.compress) compression in the latest 1.2 and 2.2 runtime versions.

Google SecOps

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Akamai WAF (AKAMAI_WAF)
  • Apigee (GCP_APIGEE_X)
  • Array Networks SSL VPN (ARRAYNETWORKS_VPN)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Barracuda Email (BARRACUDA_EMAIL)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • BMC AMI Defender (BMC_AMI_DEFENDER)
  • Carbon Black (CB_EDR)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Sandblast (CHECKPOINT_EDR)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco AMP (CISCO_AMP)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco ISE (CISCO_ISE)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco VPN (CISCO_VPN)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloud Storage Context (N/A)
  • Cohesity (COHESITY)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • ESET AV (ESET_AV)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 VPN (F5_VPN)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • FortiGate (FORTINET_FIREWALL)
  • GMAIL Logs (GMAIL_LOGS)
  • HID DigitalPersona (HID_DIGITALPERSONA)
  • Honeyd (HONEYD)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM AS/400 (IBM_AS400)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Security Verify (IBM_SECURITY_VERIFY)
  • Infoblox (INFOBLOX)
  • Island Browser logs (ISLAND_BROWSER)
  • JAMF CMDB (JAMF)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper Mist (JUNIPER_MIST)
  • Kubernetes Node (KUBERNETES_NODE)
  • Linux Auditing System (AuditD) (AUDITD)
  • ManageEngine ADAudit Plus (ADAUDIT_PLUS)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • NetDocuments Solutions (NETDOCUMENTS)
  • Netwrix (NETWRIX)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta (OKTA)
  • OneLogin (ONELOGIN_SSO)
  • Opengear Remote Management (OPENGEAR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • pfSense (PFSENSE)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Qumulo FS (QUMULO_FS)
  • Rapid7 (RAPID7_NEXPOSE)
  • Rapid7 Insight (RAPID7_INSIGHT)
  • Rubrik Polaris (RUBRIK_POLARIS)
  • SailPoint IAM (SAILPOINT_IAM)
  • SAP SuccessFactors (SAP_SUCCESSFACTORS)
  • Semperis DSP (SEMPERIS_DSP)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • Signal Sciences WAF (SIGNAL_SCIENCES_WAF)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • SonicWall (SONIC_FIREWALL)
  • Sophos Central (SOPHOS_CENTRAL)
  • Sophos UTM (SOPHOS_UTM)
  • Spur data feeds (SPUR_FEEDS)
  • Suricata EVE (SURICATA_EVE)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Tanium Audit (TANIUM_AUDIT)
  • Thinkst Canary (THINKST_CANARY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Twingate (TWINGATE)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Veeam (VEEAM)
  • Verba Recording System (VERBA_REC)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • VMware ESXi (VMWARE_ESX)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Winscp (WINSCP)
  • WordPress (WORDPRESS_CMS)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zeek TSV (BRO_TSV)
  • Zix Email Encryption (ZIX_EMAIL_ENCRYPTION)
  • Zscaler (ZSCALER_WEBPROXY)
  • ZScaler DNS (ZSCALER_DNS)
  • Zscaler Private Access (ZSCALER_ZPA)

The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

  • Akamai Log Delivery Service (AKAMAI_LDS)
  • AudioCodes Voice DNA (AUDIOCODES)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Axway (AXWAY)
  • Biztalk (BIZTALK)
  • Check Point FDE (CHECKPOINT_FDE)
  • Cimcor | File Integrity Monitoring (CIMCOR)
  • CS Alerts (CS_ALERTS)
  • Custom CSV Log (CUSTOM_CSV_LOG)
  • Cyral (CYRAL)
  • Druva (DRUVA)
  • Entrust DataControl Audit (ENTR_DATACTRL_AUDIT)
  • Ergon Informatik Airlock IAM (ERGON_INFORMATIK_AIRLOCK_IAM)
  • Eset Protect Platform (ESET_PROTECT_PLATFORM)
  • Exim Internet Mailer (EXIM_INTERNET_MAILER)
  • FM Systems Workplace Management (FM_SYSTEMS)
  • GluWare Network Automation (GLUWARE_NETWORK_AUTOMATION)
  • Guidewire Billing Center (GUIDEWIRE_BILLING_CENTER)
  • Guidewire Claim Center (GUIDEWIRE_CLAIM_CENTER)
  • Guidewire Policy Center (GUIDEWIRE_POLICY_CENTER)
  • HAVI Connect (HAVI_CONNECT)
  • IBM OpenPages (IBM_OPENPAGES)
  • Ingrian Networks DataSecure Appliance (INGRIAN_NETWORKS_DATASECURE_APPLIANCE)
  • iSecurity | Security Services and Remediation (ISECURITY)
  • iTop (ITOP)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Graph Risky Users (MICROSOFT_GRAPH_RISKY_USERS)
  • NetApp BlueXP (NETAPP_BLUEXP)
  • Netgate Firewall (NETGATE_FIREWALL)
  • 1KOSMOS | Identity and Authentication (ONEKOSMOS)
  • Palo Alto Global Protect SVC (PAN_GPSVC)
  • Palo Alto SSLVPN Access (PAN_SSLVPN_ACCESS)
  • Palo Alto Telemetry (PAN_TELEMETRY)
  • Proofpoint Endpoint Data Loss Prevention (PROOFPOINT_ENDPOINT_DLP)
  • SAP ERP (SAP_ERP)
  • Ubika WAAP (UBIKA_WAAP)
  • Webroot Endpoint Protection (WEBROOT)
  • Wolters Kluwer Teammate (WOLTERS_KLUWER_TEAMMATE)
  • Xirrus Wireless Controller (XIRRUS)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Akamai WAF (AKAMAI_WAF)
  • Apigee (GCP_APIGEE_X)
  • Array Networks SSL VPN (ARRAYNETWORKS_VPN)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Barracuda Email (BARRACUDA_EMAIL)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • BMC AMI Defender (BMC_AMI_DEFENDER)
  • Carbon Black (CB_EDR)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Sandblast (CHECKPOINT_EDR)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco AMP (CISCO_AMP)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco ISE (CISCO_ISE)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco VPN (CISCO_VPN)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloud Storage Context (N/A)
  • Cohesity (COHESITY)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • ESET AV (ESET_AV)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 VPN (F5_VPN)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • FortiGate (FORTINET_FIREWALL)
  • GMAIL Logs (GMAIL_LOGS)
  • HID DigitalPersona (HID_DIGITALPERSONA)
  • Honeyd (HONEYD)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM AS/400 (IBM_AS400)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Security Verify (IBM_SECURITY_VERIFY)
  • Infoblox (INFOBLOX)
  • Island Browser logs (ISLAND_BROWSER)
  • JAMF CMDB (JAMF)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper Mist (JUNIPER_MIST)
  • Kubernetes Node (KUBERNETES_NODE)
  • Linux Auditing System (AuditD) (AUDITD)
  • ManageEngine ADAudit Plus (ADAUDIT_PLUS)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • NetDocuments Solutions (NETDOCUMENTS)
  • Netwrix (NETWRIX)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta (OKTA)
  • OneLogin (ONELOGIN_SSO)
  • Opengear Remote Management (OPENGEAR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • pfSense (PFSENSE)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Qumulo FS (QUMULO_FS)
  • Rapid7 (RAPID7_NEXPOSE)
  • Rapid7 Insight (RAPID7_INSIGHT)
  • Rubrik Polaris (RUBRIK_POLARIS)
  • SailPoint IAM (SAILPOINT_IAM)
  • SAP SuccessFactors (SAP_SUCCESSFACTORS)
  • Semperis DSP (SEMPERIS_DSP)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • Signal Sciences WAF (SIGNAL_SCIENCES_WAF)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • SonicWall (SONIC_FIREWALL)
  • Sophos Central (SOPHOS_CENTRAL)
  • Sophos UTM (SOPHOS_UTM)
  • Spur data feeds (SPUR_FEEDS)
  • Suricata EVE (SURICATA_EVE)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Tanium Audit (TANIUM_AUDIT)
  • Thinkst Canary (THINKST_CANARY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Twingate (TWINGATE)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Veeam (VEEAM)
  • Verba Recording System (VERBA_REC)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • VMware ESXi (VMWARE_ESX)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Winscp (WINSCP)
  • WordPress (WORDPRESS_CMS)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zeek TSV (BRO_TSV)
  • Zix Email Encryption (ZIX_EMAIL_ENCRYPTION)
  • Zscaler (ZSCALER_WEBPROXY)
  • ZScaler DNS (ZSCALER_DNS)
  • Zscaler Private Access (ZSCALER_ZPA)

The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

  • Akamai Log Delivery Service (AKAMAI_LDS)
  • AudioCodes Voice DNA (AUDIOCODES)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Axway (AXWAY)
  • Biztalk (BIZTALK)
  • Check Point FDE (CHECKPOINT_FDE)
  • Cimcor | File Integrity Monitoring (CIMCOR)
  • CS Alerts (CS_ALERTS)
  • Custom CSV Log (CUSTOM_CSV_LOG)
  • Cyral (CYRAL)
  • Druva (DRUVA)
  • Entrust DataControl Audit (ENTR_DATACTRL_AUDIT)
  • Ergon Informatik Airlock IAM (ERGON_INFORMATIK_AIRLOCK_IAM)
  • Eset Protect Platform (ESET_PROTECT_PLATFORM)
  • Exim Internet Mailer (EXIM_INTERNET_MAILER)
  • FM Systems Workplace Management (FM_SYSTEMS)
  • GluWare Network Automation (GLUWARE_NETWORK_AUTOMATION)
  • Guidewire Billing Center (GUIDEWIRE_BILLING_CENTER)
  • Guidewire Claim Center (GUIDEWIRE_CLAIM_CENTER)
  • Guidewire Policy Center (GUIDEWIRE_POLICY_CENTER)
  • HAVI Connect (HAVI_CONNECT)
  • IBM OpenPages (IBM_OPENPAGES)
  • Ingrian Networks DataSecure Appliance (INGRIAN_NETWORKS_DATASECURE_APPLIANCE)
  • iSecurity | Security Services and Remediation (ISECURITY)
  • iTop (ITOP)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Graph Risky Users (MICROSOFT_GRAPH_RISKY_USERS)
  • NetApp BlueXP (NETAPP_BLUEXP)
  • Netgate Firewall (NETGATE_FIREWALL)
  • 1KOSMOS | Identity and Authentication (ONEKOSMOS)
  • Palo Alto Global Protect SVC (PAN_GPSVC)
  • Palo Alto SSLVPN Access (PAN_SSLVPN_ACCESS)
  • Palo Alto Telemetry (PAN_TELEMETRY)
  • Proofpoint Endpoint Data Loss Prevention (PROOFPOINT_ENDPOINT_DLP)
  • SAP ERP (SAP_ERP)
  • Ubika WAAP (UBIKA_WAAP)
  • Webroot Endpoint Protection (WEBROOT)
  • Wolters Kluwer Teammate (WOLTERS_KLUWER_TEAMMATE)
  • Xirrus Wireless Controller (XIRRUS)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SOAR

Release 6.3.4 is now in General Availability.

Looker Studio

Looker connector support for filter-only fields

Filters that are defined in LookML models with the parameter and filter LookML parameters are now displayed as filter-only fields in Looker Studio charts that use a Looker data source.

Learn more about LookML filters for Looker data sources.

NetApp Volumes

The Standard in Preview service level is now called Flex and is generally available. You can now use the Flex service level in additional regions. For more information, see NetApp Volumes key features.

The volume replication feature for the Flex service level is now generally available. For more information, see Considerations for volume replication.

The Flex service level now supports zone-redundant storage pools (in Preview). For more information, see Switch active and replica zones.

NetApp Volumes now supports auto-tiering (in Preview). For more information, see Auto-tiering.

Policy Controller

Policy Controller bundles have been updated to use cis-gke-v1.5.0: 202405.0. For reference, see Policy Controller bundles overview.

Workflows

The maximum number of concurrent workflow executions has increased from 5,000 to 7,500.

May 29, 2024

Apigee Advanced API Security

On May 29, 2024 we released a new version of Advanced API Security

NOTE: Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You might not be able to use the functionality until the rollout is complete.

Preview release of Shadow API Discovery

This release introduces Shadow API Discovery in preview. Shadow API Discovery finds shadow APIs (also known as undocumented or unmanaged APIs) in your existing cloud infrastructure. Shadow APIs pose a security risk to your system, since they might be unsecured, unmonitored, and unmaintained.

For a feature overview and usage information, see Shadow API Discovery.

Apigee X

On May 29, 2024 we released an updated version of Apigee

Preview release of API Management features in Gemini Code Assist: generative AI API spec creation with enterprise context and Apigee policy code explanation. This release also includes the preview release of enhanced API hub interaction in Cloud Code.

This release introduces features for Gemini Code Assist API management:

  • Use Gemini Code Assist to facilitate API design including OpenAPI spec generation with enterprise context from natural language prompts and built in visual API designer to further refine the specification.
  • Code explain for Apigee policies: When adding or editing a proxy policy, highlight part of the policy XML code, such as an element or attribute, to see Gemini Assist-generated information and guidance about the selection.

For more information and usage instructions, see Use Gemini Code Assist.

This release also includes updates to API hub interaction from Cloud Code: An update to the Cloud Code extension enables you to interact with any API in your API hub using a mock server in Cloud Code, make changes to the API, and publish it back to API hub. For information and usage instructions, see Edit APIs.

BigQuery

The maximum number of partitions per partitioned table limit has changed from 4,000 to 10,000.

Cloud Logging

Ops Agent version 2.47.0 introduces support for Compute Engine VMs that are running Ubuntu 24.04 LTS (Noble Numbat). For more information, see Operating systems.

Cloud Monitoring

Ops Agent version 2.47.0 introduces support for Compute Engine VMs that are running Ubuntu 24.04 LTS (Noble Numbat). For more information, see Operating systems.

Cloud SQL for MySQL

Cloud SQL for MySQL major versions that have reached community end-of-life (EOL) will receive extended support starting on February 1, 2025. For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL major versions that have reached community end-of-life (EOL) will receive extended support starting on February 1, 2025. For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

Dataform

Dataform Core includeDependentAssertions and dependOnDependencyAssertions parameters for adding assertions as dependencies are available.

You can set the includeDependentAssertions parameter in a selected action to automatically add assertions of a selected dependency action as dependencies of the edited action.

You can set dependOnDependencyAssertions the parameter in a selected action to automatically add assertions of all dependency actions as dependencies of the edited action.

For more information, see Set assertions as dependencies.

Dialogflow

Dialogflow CX: You can now integrate with Soul Machines to create 3-D avatars.

Gemini Code Assist in Apigee

On May 29, 2024 we released an updated version of Gemini Code Assist features for use with Apigee

Preview release of API Management features in Gemini Code Assist: generative AI API spec creation with enterprise context and Apigee policy code explanation.

This release introduces features for Gemini Code Assist API management:

  • Use Gemini Code Assist to facilitate API design including OpenAPI spec generation with enterprise context from natural language prompts and built in visual API designer to further refine the specification.
  • Code explain for Apigee policies: When adding or editing a proxy policy, highlight part of the policy XML code, such as an element or attribute, to see Gemini Assist-generated information and guidance about the selection.

For more information and usage instructions, see Use Gemini Code Assist.

Google Cloud Architecture Center

Design an optimal storage strategy for your cloud workload: Added information about the Regional service tier of Filestore.

Google SecOps SOAR

Release 6.3.5 is currently in Preview.

Trying to set an SLA definition that is too similar to an existing one results in an incorrect error message (ID #00289305)

Tags not showing as expected in the Search page (ID #50691614)

All Environments is not supported when importing networks from CSV (ID #00276371)

Action All CVE Entity filter is not working (ID #51310124)

Subject Entity Search Filters are not working properly (ID #50841312)

Case actions - generate report has missing content (ID #50620576)

Live Stream API Network Connectivity Center

Preset topologies are now available in public preview. Network Connectivity Center lets you specify connectivity configuration across all VPC spokes.

Spanner

Spanner now supports the following new columns in the SPANNER_SYS query statistics table:

  • AVG_MEMORY_PEAK_USAGE_BYTES
  • AVG_MEMORY_USAGE_PERCENTAGE
  • AVG_QUERY_PLAN_CREATION_TIME_SECS
  • AVG_FILESYSTEM_DELAY_SECS
  • AVG_REMOTE_SERVER_CALLS
  • AVG_ROWS_SPOOLED
reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.5.1 is now available for iOS.

This version contains improvement in the detection of network errors.

reCAPTCHA Enterprise Mobile SDK v18.5.1 is now available for Android.

This version contains improvement in the detection of network errors.

reCAPTCHA SMS toll fraud protection is now available in Preview. For more information, see Detect and prevent SMS fraud.

May 28, 2024

Apigee hybrid

ANNOUNCEMENT

hybrid 1.12.0-hotfix.1

On May 28, 2024 we released an updated version of the Apigee hybrid software, 1.12.0-hotfix.1.

Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.12.0, you can install this hotfix release by downloading the charts with the version tag 1.12.0-hotfix.1 and updating the apigee-operator and apigee-datastore charts with the helm upgrade command and your current overrides files.

For example: 

export CHART_REPO=oci://us-docker.pkg.dev/apigee-release/apigee-hybrid-helm-charts
export CHART_VERSION=1.12.0-hotfix.1
helm pull $CHART_REPO/apigee-operator --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-datastore --version $CHART_VERSION --untar

helm upgrade operator apigee-operator/ \
  --namespace apigee-system \
  --atomic \
  -f overrides.yaml 
helm upgrade datastore apigee-datastore/ \
  --namespace apigee \
  --atomic \
  -f overrides.yaml
Bug ID Description
340889560 Added csi to the apigee-logger SCC.
339849002 Hashicorp Vault integration issues fixed for Google Service Account for Cassandra Backup/Restore.
Bare Metal Solution

You can now order Bare Metal Solution storage and Partner Interconnect resources on a 1 month commitment term. This feature is generally available (GA).

BigQuery

The following Generative AI features are now in preview:

Try these features with the Generate text by using the ML.GENERATE_TEXT function how-to topic.

Cloud Monitoring

Announcing new Open Telemetry samples that show how to instrument your Python and Node.js applications to collect metrics, logs, and traces:

For general instrumentation information and recommendations, and for links to other samples, see:

Cloud Trace

You can now search a trace for keywords. For more information, see Search a trace.

Announcing new Open Telemetry samples that show how to instrument your Python and Node.js applications to collect metrics, logs, and traces:

For general instrumentation information and recommendations, and for links to other samples, see:

Cloud Translation

For adaptive translations, when you use the API, you can include up to five reference sentence pairs in a request instead of specifying a dataset.

Cloud Workstations

The Code-OSS preconfigured base image uses version 1.89.1.

Contact Center AI Platform

Version 3.16 is released

All release notes published on this date are part of version 3.16.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

End co-browse sessions using the Apps API

The Apps API has the following new endpoint that lets you end a co-browse session using an external session ID: POST /apps/api/v1/cobrowse_sessions/{external_session_id}/end. For more information, see Co-browse.

The agent adapter generates co-browse events

The agent adapter generates events during co-browse sessions. You can use these events to get insights into co-browse session details, such as start and end times and the modes that are requested or accepted by the end-user. For more information, see Event types.

The Next UI is supported in the ServiceNow integration

The Next UI experience is supported in the ServiceNow CRM integration.

Fixed an issue that prevented agents from selecting their next status to exit a campaign when the current call is concluded.

Fixed the problem of the created_at field being missing from add_started_activity.

Container Optimized OS

cos-105-17412-370-39

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Improved boot time on A3 machines by around 5 seconds.

Fixed system-accounts-secured benchmark by changing the system account range used in the benchmark.

Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.

Runtime sysctl changes:

  • Changed: fs.file-max: 813024 -> 812685

cos-113-18244-85-17

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Improved boot time on A3 machines by around 5 seconds.

Fixed CVE-2024-21626 in runc in kubelet.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.

Runtime sysctl changes:

  • Changed: fs.file-max: 812391 -> 812030

cos-109-17800-218-37

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Improved boot time on A3 machines by around 5 seconds.

Fixed CVE-2024-21626 in runc in kubelet.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.

Runtime sysctl changes:

  • Changed: fs.file-max: 812597 -> 812196

cos-101-17162-463-29

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Fixed system-accounts-secured benchmark by changing the system account range used in the benchmark.

Updated sys-apps/apparmor to v2.13.11. This resolves CVE-2016-1585.

Updated net-libs/gnutls to v3.8.5. This fixes CVE-2024-28834.

Dataplex

Dataplex automatic data quality supports the following capabilities:

  • Email notifications to alert people about the status and results of a data quality job
  • Data quality scores that indicate the percentage of rules that passed
  • API support for rule recommendations based on data profiling scans

For more information, see Use auto data quality and Auto data quality overview.

Document AI

Model pretrained-foundation-model-v1.2-2024-05-10 is available for custom extractor. For more information about available models, see Custom extractor model versions.

Google Cloud Architecture Center

(New guide) Build an ML vision analytics solution with Dataflow and Cloud Vision API: Deploy a Dataflow pipeline to process large-scale image files with Cloud Vision. Dataflow stores the results in BigQuery so that you can use them to train BigQuery ML pre-built models. This architecture is accompanied by a reference architecture and a deployment guide.

Google Distributed Cloud (software only) for Bare Metal

Release 1.16.9

Google Distributed Cloud for bare metal 1.16.9 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.9 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud software.

Fixes:

The following container image security vulnerabilities have been fixed in 1.16.9:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Security bulletin (all minor versions)

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

Google Distributed Cloud software doesn't use a vulnerable version of Fluent Bit and is unaffected.

For more information, see the GCP-2024-031 security bulletin.

Google Distributed Cloud (software only) for VMware

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

Google Distributed Cloud doesn't use a vulnerable version of Fluent Bit and is unaffected.

Google Kubernetes Engine

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.26.14-gke.1044001 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.

Regular channel

  • Version 1.28.9-gke.1000000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1243000
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
    • 1.28.9-gke.1069000
    • 1.29.4-gke.1043001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1000000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1360000
    • 1.27.13-gke.1166000
    • 1.27.14-gke.1011000
    • 1.28.9-gke.1209000
    • 1.28.10-gke.1012000
    • 1.29.4-gke.1165000
    • 1.29.5-gke.1010000
    • 1.30.1-gke.1015000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1201000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1670000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1670000 with this release.

(2024-R17) Version updates

(2024-R17) Version updates

  • Version 1.26.14-gke.1044001 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.

(2024-R17) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1360000
    • 1.27.13-gke.1166000
    • 1.27.14-gke.1011000
    • 1.28.9-gke.1209000
    • 1.28.10-gke.1012000
    • 1.29.4-gke.1165000
    • 1.29.5-gke.1010000
    • 1.30.1-gke.1015000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1201000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1670000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1670000 with this release.

(2024-R17) Version updates

  • Version 1.28.9-gke.1000000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1243000
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
    • 1.28.9-gke.1069000
    • 1.29.4-gke.1043001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1000000 with this release.
Memorystore for Redis Cluster

Added support for Deletion protection for Memorystore for Redis Cluster.

Vertex AI

Vector Search sparse embeddings and hybrid search in Public preview

Vector Search supports sparse embeddings and hybrid search in Public preview. Hybrid search uses both dense and sparse embeddings, which lets you search based on a combination of keyword search and semantic search. For how to format dense, sparse, and hybrid embeddings, see Input data and structure.

May 27, 2024

Anthos clusters on AWS

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

GKE on AWS doesn't use a vulnerable version of Fluent Bit and is unaffected.

For more information, see the GCP-2024-031 security bulletin.

Anthos clusters on Azure

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

GKE on Azure doesn't use a vulnerable version of Fluent Bit and is unaffected.

For more information, see the GCP-2024-031 security bulletin.

BigQuery

A weekly digest of client library updates from across the Google Cloud SDK.

Python

Changes for google-cloud-bigquery

3.23.1 (2024-05-21)

Performance Improvements
  • Decrease the threshold in which we use the BigQuery Storage Read API (#1925) (eaa1a52)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.3 (2024-05-21)

Bug Fixes
Cloud Composer

Cloud Composer 2 now supports data lineage for environments that have CMEK enabled.

Cloud Composer 2.8.1 images are available:

  • composer-2.8.1-airflow-2.7.3 (default)
  • composer-2.8.1-airflow-2.6.3
Cloud Storage

Cloud Storage FUSE now offers the following features:

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.11.1 (2024-05-21)

Bug Fixes
  • Add missing projectIdentifier to GetServiceAccountOptions (#2468) (d49e9d2)
  • Allow files in directories to be downloaded onto local machine (#2199) (9f62429)
  • Do not set customEndpoint if apiEndpoint === default (#2460) (b4dbd73)
  • Improve GetFilesResponse interface (#2466) (918db28)

Java

Changes for google-cloud-storage

2.39.0 (2024-05-22)

Features
  • Plumb PartNamingStrategy for Parallel Composite Uploads in Transfer Manager (#2547) (79d721d)
Bug Fixes
  • Update GapicUnbufferedChunkedResumableWritableByteChannel to be tolerant of non-quantum writes (#2537) (1701fde)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#2550) (e9807ec)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#2552) (a207829)
Cloud Workstations

Cloud Workstations is available in the southamerica-east1 region (Osasco, São Paulo, Brazil, South America). For more information, see Locations.

Cloud Workstations is available in the us-east5 region (Columbus, Ohio, North America). For more information, see Locations.

Dataproc Metastore

Dataproc Metastore services can now enable deletion-protection to prevent the accidental removal of new or existing services.

Google Cloud Marketplace Partners

We've added a new field, cancellation_reason, on the Entitlement resource that provides context around why an entitlement was cancelled.

Google Kubernetes Engine

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

GKE doesn't use a vulnerable version of Fluent Bit and is unaffected.

For more information, see the GCP-2024-031 security bulletin.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.129.6 (2024-05-23)

Dependencies
  • Update dependency com.google.cloud:google-cloud-storage to v2.39.0 (#2040) (eb6bd9c)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#2035) (40fdd7a)
SAP on Google Cloud

ABAP SDK for Google Cloud version v1.7

Version 1.7 of the ABAP SDK for Google Cloud is generally available (GA). This version brings in expanded support for more Google Cloud APIs, authentication improvements for Cloud Functions, SDK feature enhancements, and bug fixes.

For more information, see What's new with the ABAP SDK for Google Cloud.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.1 (2024-05-22)

Bug Fixes
  • secretmanager: Enable cloud.google.com/go/auth (#10248) (532d8fb)
Spanner

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/spanner

7.8.0 (2024-05-24)

Features
  • Add RESOURCE_EXHAUSTED to the list of retryable error codes (#2032) (a4623c5)
  • Add support for multi region encryption config (81fa610)
  • Add support for Proto columns (#1991) (ae59c7f)
  • spanner: Add support for change streams transaction exclusion option (#2049) (d95cab5)
Bug Fixes

May 26, 2024

Application Integration

The TIBCO EMS trigger is now available in preview.

May 24, 2024

Artifact Registry

Cleanup policies for Artifact Registry are Generally Available (GA).

Cleanup policies help you manage artifacts by automatically deleting artifacts that you no longer need, while keeping artifacts that you want to store.

Deletions requested by Cleanup policies count against Artifact Registry delete request quota and limits.

Generative AI on Vertex AI

The Gemini 1.5 Pro (gemini-1.5-pro-001) and Gemini 1.5 Flash (gemini-1.5-flash-001) models are Generally Available. For more information, see Google models, Overview of the Gemini API, and Send multimodal prompt requests.

Google Cloud Armor

Cloud Armor supports Layer 7 filtering in globally scoped edge security policies for Media CDN in Preview.

Google Cloud VMware Engine

We are introducing changes to deleting a private cloud; specifically, when you delete a private cloud, your billing will stop immediately but the private cloud deletion can take up to 24 hours. During this time, you will continue to see your private cloud in the Google Cloud console and your VMs will continue to run but you will not be billed.

If you want your workload network IP CIDRs to be available right away, please shut down all your VMs in your private cloud before deleting it.

Google Kubernetes Engine

GKE now provides insights and recommendations to create a backup plan for unprotected clusters that have existed for more than 7 days. These insights and recommendations are currently available in us-central1-a. See Backup for GKE and protect clusters with Backup for GKE documents for details.

Google SecOps SOAR Media CDN

Dual-token authentication is Generally Available. You can now enable this feature by using the Google Cloud Console in addition to the gcloud SDK and REST API. When this feature is enabled, Media CDN uses a short-duration token and a long-duration token to authenticate requests.

You can use the globally scoped edge security policies of Cloud Armor for Layer 7 filtering. This feature is in Preview. For an example, see Example: Deny requests for cached content with specific headers.

May 23, 2024

BigQuery

In BigQuery ML univariate time series models, the FORECAST_LIMIT_LOWER_BOUND and FORECAST_LIMIT_UPPER_BOUND parameters now work with the TIME_SERIES_ID_COL parameter. The FORECAST_LIMIT_LOWER_BOUND and FORECAST_LIMIT_UPPER_BOUND arguments let you set the lower and upper bounds of the forecasted values returned by the model. Try this feature with the Limit forecasted values for a time series model tutorial.

BigQuery ML now offers the following Generative AI features:

Cloud SQL for PostgreSQL

Monitoring active queries in Cloud SQL for PostgreSQL, which is part of the Gemini in Databases Preview, is temporarily unavailable. You can still monitor completed queries. For more information about monitoring queries, see Use Query Insights to improve query performance.

Cloud Service Mesh

Anthos Service Mesh and Traffic Director have converged into a single, unified product: Cloud Service Mesh. Cloud Service Mesh brings together features from both products:

  • A fully managed, global, multi-tenant control plane
  • Managed data plane and telemetry for Google Cloud
  • A choice of APIs
    • Open APIs, Istio & Gateway for Kubernetes Engine
    • Service Routing APIs for Compute Engine and Kubernetes Engine
  • Support for Kubernetes clusters on-prem and on other public clouds

For more information see the Cloud Service Mesh overview.

If you're using the Istio APIs with the Traffic Director control plane implementation, disabling multi-cluster load balancing is not supported.

Filestore Google SecOps SOAR

Release 6.3.4 is currently in Preview.

Unable to edit case comments via API (ID #49966652)

Unable to create or import advanced reports for certain Looker users (ID #00265303)

Error when trying to add a user to Google SecOps SOAR

Event details search option in alert tab stops working (ID #00287518)

SOAR filtering not working due to unsupported commas in names

Unable to re-run the playbooks (ID #00282282)

Google SecOps SOAR fails to return API keys (ID #50630848)

Looker Studio

Looker Studio forum moved to Google Cloud

The Looker Studio Community on Google Cloud is open to all Looker Studio and Looker Studio Pro users to ask questions and interact with fellow Looker Studio customers.

Looker drill fields now available in Looker Studio

Drill fields and links that are defined with the drill_fields and link LookML parameters in Looker are now available to Looker Studio report viewers in the Drill Actions menu on Looker Studio table charts.

Learn more about drill fields in the Looker connector.

New partner connectors

The following partner connectors have been added to the Looker Studio Report Gallery:

SAP on Google Cloud

Google Cloud's Agent for SAP version 3.3

Version 3.3 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements to back up SAP HANA while using the agent's Backint and disk snapshot features. It also introduces support for using hdbuserstore keys to authenticate SAP HANA users.

For more information, see What's new with Google Cloud's Agent for SAP.

Sensitive Data Protection

The TRADE_UNION infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Sovereign Controls by Partners

The Sovereign Controls by SIA/Minsait partner offering is now generally available.

May 22, 2024

AlloyDB for PostgreSQL

Query federation between BigQuery and AlloyDB is now available in Preview. This feature lets you use BigQuery to query data stored in AlloyDB databases.

BigQuery

The interactive SQL translator, the translation API, and the batch SQL translator features let you translate the following SQL dialects into GoogleSQL:

  • IBM DB2 SQL
  • Greenplum SQL
  • SQLite

These features are in preview.

You can now query data in AlloyDB using a federated query. This feature is in preview.

Cloud Database Migration Service

Database Migration Service now supports migrations to MySQL minor version 8.0.36. See Supported source and destination databases in Cloud SQL for MySQL migrations.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.62
  • 1.2.6
  • 2.0.70
  • 2.1.49
  • 2.2.6

Upgraded Spark BigQuery connector to version 0.36.2 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions.

Google Kubernetes Engine

The C4 machine family is available in Public Preview for Standard clusters running GKE version 1.29.2-gke.1521000 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool. The following limitations apply:

  • GKE versions prior to 1.29.2-gke.1521000 might encounter a volume device path mounting error which can cause Pods to be stuck in a Pending state. If you encounter this issue, try deleting and re-creating the Pod, to trigger re-processing of the volume mount.
  • Confidential GKE nodes are not supported in Public Preview.
  • Local SSD is not supported.
  • Nested virtualization is not supported in Public Preview.

The GKE Container Security API is now enabled automatically when GKE Enterprise is enabled on a project. This change ensures the security and compliance features are ready for use as part of GKE Enterprise activation.

Google SecOps

Enhanced the existing curated detections for AWS rule sets in the Cloud Threats category to add 40 new detections. These new rules, added to existing rule sets, expand the coverage and are designed to identify tactics and techniques commonly employed by malicious actors that use popular open source offensive security tools against AWS resources.

Google SecOps SIEM

Enhanced the existing curated detections for AWS rule sets in the Cloud Threats category to add 40 new detections. These new rules, added to existing rule sets, expand the coverage and are designed to identify tactics and techniques commonly employed by malicious actors that use popular open source offensive security tools against AWS resources.

Security Command Center

New curated detections for existing AWS rule sets

Enhanced the existing curated detections for AWS rule sets in the Cloud Threats category to add 40 new detections. These new rules, added to existing rule sets, expand the coverage and are designed to identify tactics and techniques commonly employed by malicious actors that use popular open source offensive security tools against AWS resources.

For more information, see curated detections for AWS rule sets in the Google Security Operations documentation.

May 21, 2024

Application Integration

Application Integration is now available in Milan (europe-west8). For a list of supported regions, see Application Integration locations.

Backup and DR

Backup and DR Service 11.0.11.323 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.

Backup and DR Service supports migrating from manual protection to the new dynamic protection using tags. It is now also supported on all types of backup/recovery appliances. Learn more.

Backup and DR Service now supports auto patch updates. Learn more.

If the management console and backup/recovery appliance connectivity is not established for more than 6 hours, contact customer support to resolve the issue. This is particularly relevant to the appliance running on version 11.0.11.323 or later. You can check the connection status from the Connectivity column in the Manage > Appliances page.

Bare Metal Solution

You can now order Performance SSD storage for your Bare Metal Solution. For more information and availability in your region, see Performance SSD storage. This feature is generally available (GA). To learn how to order Performance SSD storage, see Order Bare Metal Solution resources.

BigQuery

The following Generative AI features are now in preview:

Try these features with the Generate text by using the ML.GENERATE_TEXT function how-to topic.

Cloud Data Fusion

Cloud Data Fusion version 6.10.1 is generally available (GA). This release is in parallel with the CDAP 6.10.1 release.

Creating a private instance with Private Service Connect is GA in Cloud Data Fusion version 6.10.1.

Per Namespace Service Accounts are GA in Cloud Data Fusion version 6.10.1. For more information, see Access control with namespace service accounts.

Syncing multiple pipelines from a namespace is GA in Cloud Data Fusion version 6.10.1, For more information, see Sync Cloud Data Fusion pipelines with a remote repository.

Changed in Cloud Data Fusion 6.10.1:

  • Source Control Management supports Bitbucket and Gitlab.
  • Cloud Data Fusion uses the subnet used by the shared VPC network attachment in the default compute profile.
  • Added support for option string field (keep-strings) in parse-xml-to-json Wrangler directive (CDAP-20934).
  • The BigQuery sink plugin doesn't provide the Dedupe By option while in insert mode (PLUGIN-900).
  • The BigQuery plugin supports the JSON type (PLUGIN-1563).
  • Improved error messages in the Spanner source (PLUGIN-1748).
  • Improved retries in Pub/Sub plugin (PLUGIN-1769).

Fixed in Cloud Data Fusion 6.10.1:

  • Fixed an issue causing runtime arguments of pipeline triggers to not propagate to downstream pipelines (CDAP-20947).
  • Fixed an issue in Wrangler causing the send-to-error-and-continue directive to not initialize dq_failure when the condition is false (PLUGIN-1736).
  • Fixed an issue that occurs if running a replication pipeline when task workers are enabled (CDAP-20951).
  • Improved error reporting in the BigQuery Sink. Fixed an issue in BigQuery Argument Setter where validation error wasn't displayed correctly (PLUGIN-788, PLUGIN-781, PLUGIN-782, PLUGIN-1318).
  • Improved retries in BigQuery plugin (PLUGIN-1715).
  • Fixed an issue with the Python plugin, where running in native mode doesn't work as intended (PLUGIN-1617).
  • Fixed an issue causing certain connection parameters to not propagate in a MySQL connection (PLUGIN-1728).
  • Fixed an issue causing the Cloud Storage Copy action to timeout while working with large files (PLUGIN-1735).
  • Fixed an issue causing Copy and Move plugins to not create buckets at the destination path as expected, resulting in a runtime error (PLUGIN-1738).
  • Fixed an issue causing empty source input to fail in multiple plugins (PLUGIN-1742).
  • Fixed an issue with remote execution of Wrangler directives causing type information to not be emitted (PLUGIN-1778).
  • Fixed an issue causing a No record field providederror (CDAP-21024).
  • Streaming pipelines in Cloud Data Fusion support the Excel source. Batch pipelines with an Excel source can consume high memory and fail in large pipelines (PLUGIN-1771).
  • Fixed an issue with using the Conditional plugin as a source for Wrangler, causing CDAP not to fetch the necessary schema (CDAP-20890).
  • Fixed an issue with instance upgrades causing existing schedule names to be improperly encoded in the URL, resulting in pre-upgrade failure (CDAP-20999).
  • Fixed an issue with schedules causing the maximum concurrent run property to not work as intended (CDAP-20988).
  • Fixed an issue causing committed ID to incorrectly propagate when pushing pipeline configurations to Git (CDAP-20932).

Cloud Data Fusion version 6.10.1 has a known issue in the Cloud Storage plugin causing pipelines to intermittently fail if the plugin contains a * regex pattern and uses Dataproc 2.0. To mitigate this issue:

Cloud Interconnect

Partner Interconnect support for dual-stack IPv4 and IPv6 is now generally available. For more information, see IPv6 support.

Cloud Load Balancing

Global external Application Load Balancers and global external proxy Network Load Balancers can now load balance IPv6 traffic. The following backends support dual stack:

  • VM instance group
  • Zonal NEGs (GCE_VM_IP_PORT)

You can now migrate the load balancer from IPv4 based deployments to dual stack (IPv4 and IPv6) deployments.

For details, see:

This feature is available in Preview.

Cloud Router

Cloud Router supports BGP route policies in Public Preview. For more information, see BGP route policies overview.

Cloud Router support for IPv6 BGP sessions is generally available. For more information, see BGP peering IP addresses.

Container Optimized OS

cos-101-17162-463-26

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.1.

Add IPv6 support for endor boards.

Fixed CVE-2024-26900 in the Linux kernel.

Dialogflow

Vertex AI Agents: OpenAPI tools now support private network access

Vertex AI Agents: OpenAPI tool authentication now supports Bearer Token.

Dialogflow CX: VPC Service Controls now support Cloud Functions and Cloud Run.

Google Cloud VMware Engine

All new VMware Engine private clouds now deploy with the following:

  • VMware vSphere version 7.0 Update 3
  • NSX-T version 3.2.3.1

Existing private clouds will be upgraded in May and June 2024.

For more details on the contents of this upgrade, see Service announcements.

Google Kubernetes Engine

(2024-R16) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.11-gke.1062004 is now available in the Stable channel.
  • Version 1.28.7-gke.1026000 is no longer available in the Stable channel.

Regular channel

Rapid channel

  • Version 1.30.0-gke.1167000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.9-gke.1250000
    • 1.29.3-gke.1282000
    • 1.29.3-gke.1282001
    • 1.29.3-gke.1282005
    • 1.29.4-gke.1447001
    • 1.29.4-gke.1542000
    • 1.30.0-gke.1457000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1165000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1165000 with this release.

(2024-R16) Version updates

  • Version 1.27.11-gke.1062004 is now available in the Stable channel.
  • Version 1.28.7-gke.1026000 is no longer available in the Stable channel.

(2024-R16) Version updates

(2024-R16) Version updates

  • Version 1.30.0-gke.1167000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.9-gke.1250000
    • 1.29.3-gke.1282000
    • 1.29.3-gke.1282001
    • 1.29.3-gke.1282005
    • 1.29.4-gke.1447001
    • 1.29.4-gke.1542000
    • 1.30.0-gke.1457000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1165000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1165000 with this release.

(2024-R16) Version updates

May 20, 2024

Application Integration

Terraform support

You can now use Terraform to provision new regions and create authentication profiles. For a detailed reference document about terraform resources, see google_integrations_client and google_integrations_auth_config.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.23.0 (2024-05-16)

Features
Bug Fixes
  • Add pyarrow version check for range support (#1914) (a86d7b9)
  • Edit presubmit for to simplify configuration (#1915) (b739596)

You can now use a search index to optimize lookups on the INT64 and TIMESTAMP data types. The feature is in preview.

You can use DLP functions to support encryption and decryption between BigQuery and Sensitive Data Protection, using AES-SIV. This feature is now generally available (GA).

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for logging/apiv2

1.10.0 (2024-05-15)

Features
  • logging/logadmin: Allow logging PageSize to override (#9409) (5ca0271)
Bug Fixes
  • logging: Bump x/net to v0.24.0 (ba31ed5)
  • logging: Enable universe domain resolution options (fd1d569)
  • logging: Set default value for BundleByteLimit to 9.5 MiB to avoid payload size limits. (#9662) (d5815da)
  • logging: Update protobuf dep to v1.33.0 (30b038d)

Java

Changes for google-cloud-logging

3.17.2 (2024-05-16)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#1611) (e7a0904)
Cloud Run

Uptime checks can now be configured and viewed directly within the Cloud Run "metrics" page.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.41.0 (2024-05-13)

Features
  • storage/control: Make Managed Folders operations public (264a6dc)
  • storage: Support for soft delete policies and restore (#9520) (985deb2)
Bug Fixes
  • storage/control: An existing resource pattern value projects/{project}/buckets/{bucket}/managedFolders/{managedFolder=**} to resource definition storage.googleapis.com/ManagedFolder is removed (3e25053)
  • storage: Add internaloption.WithDefaultEndpointTemplate (3b41408)
  • storage: Bump x/net to v0.24.0 (ba31ed5)
  • storage: Disable gax retries for gRPC (#9747) (bbfc0ac)
  • storage: More strongly match regex (#9706) (3cfc8eb), refs #9705
  • storage: Retry net.OpError on connection reset (#10154) (54fab10), refs #9478
  • storage: Wrap error when MaxAttempts is hit (#9767) (9cb262b), refs #9720
Documentation
  • storage/control: Update storage control documentation and add PHP for publishing (1d757c6)
Container Optimized OS

cos-109-17800-218-32

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.1.

Upgraded sys-apps/less to v643-r2.

Upgraded app-eselect/eselect-iptables to v20220320.

Upgraded sys-libs/timezone-data to v2024a-r1.

Upgraded app-editors/vim to v9.1.0366, Upgraded app-editors/vim-core to v9.1.0366.

cos-113-18244-85-14

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.1.

Upgraded sys-apps/less to v643-r2.

Upgraded sys-libs/timezone-data to v2024a-r1.

Added support for nft_fib family of modules in the Linux kernel.

cos-105-17412-370-34

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.1.

Upgraded app-eselect/eselect-iptables to v20220320.

Upgraded sys-libs/timezone-data to v2024a-r1.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.19.3 (2024-05-16)

Dependencies
  • Update actions/checkout action to v4 (#1390) (80dbca1)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#1443) (79f6c46)
Generative AI on Vertex AI

The following models have been added to Model Garden:

  • E5: A text embedding model series that can be served with a GPU or CPU.
  • Instant ID: An identity preserving text-to-image generation model.
  • Stable Diffusion XL lightning: A text-to-image generation model that is based on SDXL but requires fewer inference iterations.

To see a list of all available models, see Explore models in Model Garden.

Google Cloud Armor

Cloud Armor now supports regional internal Application Load Balancers in public preview. You can use the regional backend security policy type with this load balancer. For more information, see types of security policies.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.129.5 (2024-05-16)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.38.1 (#2027) (535edf6)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#2028) (aedcffd)
Workload Manager

Preview: You can now define organizational best practices for your workloads using custom rules written in the Rego policy language. Workload Manager evaluates your workloads against these rules and creates reports for any violation and helps you prioritize remediation. This helps you continuously improve the quality, reliability, and performance of your workloads. For more information, see Implementing best practices using custom rules.

May 17, 2024

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Apigee X

On May 17, 2024, we released an updated version of Apigee (1-12-0-apigee-4-hotfix).

Bug ID Description
337876238, 330314128, 333762214 Resolved issues resulting in an increase in 404/503 responses.

Upgraded storage for the Apigee router to the latest version to resolve 404 responses.

Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any 5xx responses.
335832119 Fixed 404 errors caused during Apigee instance update/rollback.
255772956 Turned off asynchronous services callout when the <Response> element is not present due to inconsistent scaling of runtime pods.
338717278 Reverted problematic commit to address thread pool exhaustion.

Navigation menus in the Classic Apigee UI have been restored to support the transition from the Classic console to Apigee in the Google Cloud console.

Each menu item in the Classic console now directs you to the corresponding feature location in the Cloud console where you can carry out your task. Please see Apigee UI in Cloud console navigation for more details.

Correction: Apigee hybrid entitlements are available in Apigee Subscription 2024 plans. For more information, see Apigee Subscription 2024 entitlements.

App Engine flexible environment Node.js

Node.js .22 is now available in preview.

App Engine standard environment Node.js

Node.js 22 is now available in preview.

Cloud Billing

The Cost Estimation API is deprecated

To get estimates for your planned Google Cloud workloads, use the Google Cloud pricing calculator.

Cloud Functions

Cloud Functions (2nd gen) now supports the Node.js 22 runtime at the Preview release level.

Cloud Run

Cloud Run is now covered by FedRAMP High.

Config Controller

Config Controller now uses the following versions of its included products:

Dataflow

Dataflow no longer supports the NVIDIA Tesla K80 GPU type. For a list of supported GPU types, see Dataflow support for GPUs.

Deep Learning Containers

M121 release

  • Updated the R CPU container image from R 4.3 to R 4.4. The R 4.3 container image is deprecated. There will be no further updates to this image in future releases.
Deep Learning VM Images

M121 release

  • CUDA 12.2 images are now available.
  • Updated TensorFlow 2.15 images from CUDA 12.1 to CUDA 12.2.
  • Re-enabled common-gpu Deep Learning VM releases that were erroneously deactivated in M117.
  • Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to linux-image-5.10.0-29-cloud-amd64.
  • The linux-headers-cloud-amd64 metapackage is now installed for faster driver recompiling on kernel upgrades.
  • TensorFlow 2.6 CPU and GPU images are deprecated. There will be no further updates to these images in future releases.
Google Kubernetes Engine

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.11-gke.1062003 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.8-gke.200
    • 1.26.14-gke.1044000
    • 1.27.11-gke.1062001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026001 with this release.

Regular channel

  • Version 1.28.8-gke.1095000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.8-gke.200
    • 1.27.11-gke.1062001
    • 1.27.11-gke.1062003
    • 1.28.7-gke.1026001
    • 1.29.1-gke.1589018
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.

Rapid channel

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

  • Version 1.28.8-gke.1095000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.8-gke.200
    • 1.27.11-gke.1062001
    • 1.27.11-gke.1062003
    • 1.28.7-gke.1026001
    • 1.29.1-gke.1589018
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

  • Version 1.27.11-gke.1062003 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.8-gke.200
    • 1.26.14-gke.1044000
    • 1.27.11-gke.1062001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026001 with this release.

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

Google SecOps SOAR

Release 6.3.2 is now in General Availability.

NetApp Volumes

NetApp Volumes now supports large capacity volumes (in Preview). For more information, see Large capacity volumes.

Policy Intelligence

The IAM recommender generates policy insights and role recommendations for identities in Workload Identity Federation pools. To learn more, see Availability. This feature is available in Preview.

During Preview, the actual observation period might be shorter than the observation period listed in recommendations for these principals.

Sensitive Data Protection

The LOCATION infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

Storage Transfer Service

Storage Transfer Service now supports transfers from Amazon S3 over a Google-managed private network. Transfer jobs that select this option pay no AWS egress fees; instead, a flat per-GiB rate is charged by Google Cloud. This allows you to transfer data at a potentially lower overall cost.

Learn more about egress options for S3 transfers, including the managed private network.

Cloud Logging for Storage Transfer Service now supports transfers involving POSIX file systems.

See Cloud Logging for Storage Transfer Service for more details.

Vertex AI Workbench

M121 release

The M121 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to linux-image-5.10.0-29-cloud-amd64.
  • The linux-headers-cloud-amd64 metapackage is now installed for faster driver recompiling on kernel upgrades.
  • TensorFlow 2.6 CPU and GPU images are deprecated. There will be no further updates to these images in future releases.

The M121 release of Vertex AI Workbench managed notebooks includes the following:

  • Updated the R CPU kernel from R 4.3 to R 4.4.

M121 release

The M121 release of Vertex AI Workbench instances includes the following:

  • Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to linux-image-5.10.0-29-cloud-amd64.
  • The linux-headers-cloud-amd64 metapackage is now installed for faster driver recompiling on kernel upgrades.

May 16, 2024

Apigee Integrated Portal

On May 16, 2024 we released a new version of the Apigee integrated portal.

This release includes general improvements to performance and availability.

Cloud Billing

Generate a SQL query to BigQuery from your Cloud Billing Reports (in preview)

In the cloud console, on the Billing Reports page, you use the report settings and filters to refine the data returned to your report. If you have enabled Cloud Billing data export to BigQuery, you can analyze your exported billing data using SQL queries. In Billing Reports, you can now click a button to generate a SQL query in BigQuery that is configured to use the equivalent Billing Report settings and filters to query your exported billing data. When run against your exported billing data, the generated query returns the equivalent results in BigQuery as the results in the Billing Report.

Cloud Healthcare API

The fhir_read_ops, fhir_write_ops, and fhir_search_ops quota metrics are generally available (GA) and have replaced the legacy fhir_ops quota metric. For more information, see FHIR quotas.

Cloud Key Management Service

Cloud KMS with Autokey is now in Preview for Cloud Storage, Compute Engine, BigQuery, and Secret Manager.

Autokey simplifies creating and using customer-managed encryption keys (CMEKs) by automating provisioning and assignment. With Autokey, key rings, keys, and service accounts don't need to be planned and provisioned before they're needed. Instead, Autokey generates keys on demand as resources are created.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Autokey overview.

Cloud KMS has two new organization policy constraints that you can use to control key version destruction. These constraints became available on November 1, 2023.

For more information, see Control key version destruction.

Config Connector

Config Connector version 1.118.1 is now available.

This release introduces the direct-reconciliation mechanism to reconcile Config Connector resources. The reconciliation makes API calls directly instead of going through a third-party library. Currently it only applies to LoggingLogMetric.

LoggingLogMetric now uses direct reconciliation.

Added support for ComputeNetworkFirewallPolicyRule resource (v1alpha1).

LoggingLogMetric

  • Added spec.loggingLogBucketRef field to support bucket reference.

SQLInstance avoids a bug causing repeated reconciliation when spec.settings.edition was configured with a non-empty value.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.102-debian10, 2.0.102-rocky8, 2.0.102-ubuntu18

  • 2.1.50-debian11, 2.1.50-rocky8, 2.1.50-ubuntu20, 2.1.50-ubuntu20-arm

  • 2.2.16-debian12, 2.2.16-rocky9, 2.2.16-ubuntu22

Dataproc on Compute Engine latest 2.x image versions:

  • Removed repo.anaconda.com channel from Dataproc on Compute Engine 2.x image version clusters for installation of packages.

  • Blast radius: Packages installed by conda.

  • Possible symptoms: Packages installed via default channel is not possible now.

  • Mitigation: Rollback.

Google Cloud Architecture Center

Infrastructure for a RAG-capable generative AI application using Vertex AI: Added information about getting started with deploying the reference architecture by using a Jump Start Solution.

Google Distributed Cloud (software only) for VMware

Release 1.29.100-gke.248

Google Distributed Cloud on VMware 1.29.100-gke.248 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.100-gke.248 runs on Kubernetes v1.29.4-gke.200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Updated Dataplane V2 to use Cilium 1.13.

Google SecOps SOAR

Release 6.3.3 is currently in Preview.

Search results distorting the screen (ID #00273643)

Inline CSS removed in Insights (ID #00273271)

SAML login page showing blank (ID #00279230)

Gitsync power up push content not triggering automatically (ID #00283331)

Job page loading slowly and needs to be refreshed many times (ID #50253417)

Alert Type is empty when trying to add alert grouping rules (ID # 00275434)

Identity-Aware Proxy

Generally Available: Service accounts can now use JSON Web Tokens (JWTs) to programmatically access resources protected by Identity-Aware Proxy (IAP). This provides a streamlined authentication process for workloads accessing IAP-protected applications and services. For more information, see Programmatic authentication.

Looker Studio

New Looker Studio log event attributes

New event logging attributes are now available for the Looker Studio log event data source. These attributes let Looker Studio administrators audit and monitor how Looker Studio users in their organization interact with schedules and alerts.

Learn more about audit log events in Looker Studio.

Looker data sources now display LookML filters

Filters that are defined in LookML models with the conditionally_filter and always_filter LookML parameters are now displayed in Looker Studio charts with a Looker data source.

Learn more about LookML filters for Looker data sources.

NetApp Volumes

NetApp Volumes now supports Google Cloud VMware Engine Peering Automation. For more information, see Google Cloud VMware Engine storage.

May 15, 2024

Anthos clusters on AWS

A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-030 security bulletin.

Anthos clusters on Azure

A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-030 security bulletin.

Cloud Billing

Commitment recommendations in the FinOps hub now include a Recommended quantity column, so you can see more information about recommendations at a glance.

Learn more about using the FinOps hub to optimize your costs.

Cloud Logging

You can now attach an IAM role binding to a log view that grants a principal access to the log view. For more information about log views and about controlling access to log views, see Configure log views on a log bucket.

Cloud Run

Cloud Run has been added to Google Cloud's Pricing Calculator.

Cloud Source Repositories

Cloud Source Repositories is scheduled for end of sale on June 17, 2024. Starting June 17, 2024, if your organization hasn't previously used Cloud Source Repositories, you cannot enable the API or use Cloud Source Repositories. New projects not connected to an organization can't enable the Cloud Source Repositories API after June 17, 2024. Customers who have already enabled the API prior to this date will not be affected and can continue to use Cloud Source Repositories.

Compute Engine

Generally Available: Advanced maintenance control for sole-tenancy lets you control planned maintenance events for sole-tenant node groups and minimize maintenance-related disruptions. This feature is available only for sole-tenant node groups. To use this feature with your existing virtual machines, you must first move your VMs to sole-tenant node groups that have advanced maintenance control enabled.

The advanced maintenance control for sole-tenancy feature lets you:

  • Check for maintenance events scheduled for a sole-tenant node 28 days in advance.
  • Trigger maintenance immediately or schedule it for later. Note that if you trigger maintenance immediately, the maintenance takes place within 6 hours from the time you trigger the request.

For more information, see Advanced maintenance control for sole-tenancy.

Container Registry

Effective May 15, 2024, Artifact Registry hosts all images for the gcr.io domain in projects without previous Container Registry usage.

If you use Container Registry, learn about the deprecation. To get started with managing containers on Google Cloud, use Artifact Registry.

Google Distributed Cloud (software only) for Bare Metal

Release 1.29.100-gke.251

GKE on Bare Metal 1.29.100-gke.251 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.29.100-gke.251 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

  • Added new API and IAM role requirements for Cloud Monitoring:

    • You must enable the kubernetesmetadata.googleapis.com API for your project and grant the roles/kubernetesmetadata.publisher IAM role to the Logging and Monitoring service account (anthos-baremetal-cloud-ops, when created automatically). Clusters use this API as an endpoint to send Kubernetes metadata to Google Cloud. The metadata is vital for cluster monitoring, debugging, and recovery. If you install your clusters behind a proxy, add kubernetesmetadata.googleapis.com to the list of allowed connections.

    • Due to changes in the way service accounts are checked, you must also grant the following IAM roles to the Logging and Monitoring service account:

      • roles/monitoring.viewer

      • roles/serviceusage.serviceUsageViewer

    These API and IAM role requirements apply to both creating new 1.29 clusters and upgrading existing clusters to 1.29.

Functionality changes:

  • Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.

  • Deprecated the spec.gkeVersion field in Machine and BareMetalMachine custom resources. After GKE on Bare Metal release 1.30, the value of gkeVersion isn't guaranteed to be reliable.

  • Added preflight checks for available disk space in specific directories:

    • During cluster creation, the following directories are checked:

      • / (the root directory) has at least 4 GiB of free space

      • /var/log/fluent-bit-buffers has at least 12 GiB of free space

      • /var/opt/buffered-metrics has at least 10016 MiB of free space

    • During a cluster upgrade, the following directory is checked:

      • / (the root directory) has at least 2 GiB of free space

Fixes:

  • Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.

The following container image security vulnerabilities have been fixed in 1.29.100-gke.251:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-030 security bulletin.

Google Kubernetes Engine

A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-030 security bulletin.

Added a release note to May 16, 2023 for 1.27 available in the Rapid channel. This release note was previously only added to the Release notes (Rapid channel only) page by mistake.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for iOS.

This version contains the following changes:

  • Performance and reliability improvements in getClient() and execute().
  • Support for Apple Privacy Manifest.
  • The minimum iOS version is now iOS 12 to align with Xcode 15 dropping support for iOS 11.
  • New exception type is added for devices without a network connection.

reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for Android.

This version contains the following changes:

  • Performance and reliability improvements in getClient() and execute().
  • Support for Android API 19 is dropped.
  • New exception type is added for devices without a network connection.

May 14, 2024

Anthos clusters on AWS

A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-028 security bulletin.

A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-029 security bulletin.

Anthos clusters on Azure

A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-028 security bulletin.

A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-029 security bulletin.

Apigee Advanced API Security

On May 14, 2024 we released an updated version of Advanced API Security.

NOTE: Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You may not be able to use the functionality until the rollout is complete.

Addition of autonomous system numbers (ASN), HTTP methods, and region codes as supported security action rule condition types.

This new functionality is not available with Apigee hybrid at this time.

See Create a security action to learn more.

Bare Metal Solution

You can now view information about upcoming maintenance events for Bare Metal Solution on Upcoming maintenance events page.

BigQuery

You can now create Gemini-enhanced translation rules to use with the interactive SQL translator. Translation rules let you customize and adjust the results of the interactive translator according to your SQL migration needs. This feature is in preview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Monitoring
    • monitoring.googleapis.com/Dashboard
  • Discovery Engine
    • discoveryengine.googleapis.com/Engine
Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Importing and exporting FHIR resources, including their historical versions, as history bundles using Cloud Storage is available in Preview.

Developer Connect

Developer Connect, Google Cloud's tool for connectivity to third-party source code management platforms, is now available in Preview. To get started, see Quickstart.

Generative AI on Vertex AI

Gemini 1.5 Flash (Preview)

Gemini 1.5 Flash (gemini-1.5-flash-preview-0514) is available in Preview. Gemini 1.5 Flash is a multimodal model designed for fast, high volume, cost-effective text generation and chat applications. It can analyze text, code, audio, PDF, video, and video with audio.

Grounding Gemini with Google Search is GA

The Gemini API Grounding with Google Search feature is available in GA. This is available for Gemini 1.0 Pro models. To learn more about model grounding, see Grounding with Google Search.

Batch prediction support for Gemini

Batch prediction is available for Gemini in preview. Available Gemini models include Gemini 1.0 Pro, Gemini 1.5 Pro, and Gemini 1.5 Flash. To get started with batch prediction, see Get batch predictions for Gemini.

PaliGemma model

The PaliGemma model is available. PaliGemma is a lightweight open model that's part of the Google Gemma model family. It's the Gemma model family's best model option for image captioning tasks and visual question and answering tasks. Gemma models are based on Gemini models and intended to be extended by customers.

New stable text embedding models

The following text embedding models are available GA:

  • text-embedding-004
  • text-multilingual-embedding-002

For details on how to use these models, see Get text embeddings.

Google Cloud Architecture Center

(New guide) Global deployment with Compute Engine and Spanner: Learn how to architect a multi-tier application that runs on Compute Engine VMs and Spanner in a global topology on Google Cloud.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-029 security bulletin.

Google Kubernetes Engine

A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-029 security bulletin.

Google SecOps

Google SecOps now supports the following functions in Detection Engine rules:

  • fingerprint
  • sample_rate

For more information about these functions, see YARA-L 2.0 language syntax.

Google SecOps SIEM

Google SecOps now supports the following functions in Detection Engine rules:

  • fingerprint
  • sample_rate

For more information about these functions, see YARA-L 2.0 language syntax.

Security Command Center

Rapid Vulnerability Detection preview shuts down on July 14, 2024

The Preview release of the Rapid Vulnerability Detection service is discontinued and the service will be shut down on July 14, 2024.

No action is required.

On July 14, 2024, the status of any findings produced by the Rapid Vulnerability Detection service will be automatically set to Inactive and will be retained for a period defined by the Security Command Center data retention policy.

Text-to-Speech

Cloud Text-to-Speech now offers updated Journey voices with an additional speaker, en-us-Journey-O.

Vertex AI

Ray on Vertex AI is now Generally Available and includes the following updates:

  • Ray version 2.9.3 and Python 3.10 are supported. For information about Ray image support policies, see Supported versions.
  • VPC peering connection is no longer required if you use public endpoints.
  • Custom images are supported with Ray on Vertex AI.
  • You can use custom service accounts with Ray on Vertex AI.
  • A Colab template is not automatically created when you create a Ray Cluster. Instead, you can connect directly to Ray on Vertex AI clusters from Colab Enterprise's side panel.

For Ray on Vertex AI, Ray version 2.4 is no longer supported. Migrate your code to support Ray 2.9.3 or later and then delete Ray clusters that are running 2.4.

Vertex AI Agent Builder

Vertex AI Search: Check grounding (GA)

The check grounding API is Generally available (GA).

The check grounding API determines how grounded a piece of text is in a given set of facts. The API returns support scores and citations.

Filler and introductory statements can be deemed as not requiring attribution. No scores or citations are provided for those statements.

Additionally, as an experimental feature, the API also generates contradicting citations that show which facts contradict the text and how strongly.

For more information, see Check grounding and the check API.

May 13, 2024

Backup for GKE

Backup for GKE now supports creating a backup plan when creating a cluster.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.40.1 (2024-05-06)

Dependencies

2.40.0 (2024-05-06)

Features
  • Add getStringOrDefault method to FieldValue (#3255) (8bac33a)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#3279) (67f2ea4)

Python

Changes for google-cloud-bigquery

3.22.0 (2024-04-19)

Features

Phrase support for the SEARCH function is in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.2 (2024-05-09)

Dependencies

2.39.1 (2024-05-08)

Bug Fixes
  • Batch time series data when exporting client-side metric (#2222) (1f9f169)
  • Remove stale module from bom (#2218) (7145864)
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.17.1 (2024-05-06)

Dependencies
  • Update actions/checkout action to v4 (#1570) (ea0db35)
  • Update actions/github-script action to v7 (#1571) (16d6192)
  • Update actions/setup-java action to v4 (#1572) (9eb8834)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#1603) (16967e5)
Cloud Monitoring

You can now configure dashboards to display events by using the Monitoring API.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.11.0 (2024-05-03)

Features
  • Add ability to enable hierarchical namespace on buckets (#2453) (4e5726f)

Java

Changes for google-cloud-storage

2.38.0 (2024-05-09)

Features
  • Promoted google-cloud-storage-control to beta (#2531) (09f7191)
Bug Fixes
  • Add strict client side response validation for gRPC chunked resumable uploads (#2527) (c1d1f4a)
  • An existing resource pattern value projects/{project}/buckets/{bucket}/managedFolders/{managedFolder=**} to resource definition storage.googleapis.com/ManagedFolder is removed (#2524) (7d7f526)
  • deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#2501) (518d4be)
  • ParallelCompositeUpload in Transfer Manager hangs when encountering OOM (#2526) (67a7c6b)
  • Update grpc WriteObject response handling to provide context when a failure happens (#2532) (170a3f5)
  • Update GzipReadableByteChannel to be tolerant of one byte reads (#2512) (87b63f4)
  • Update StorageOptions to carry forward fields that aren't part of ServiceOptions (#2521) (b84654e)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#2523) (3e573f7)
  • Update dependency info.picocli:picocli to v4.7.6 (#2535) (f26888a)
Documentation
  • Add in Transfer Manager chunked upload/download samples (#2518) (d1f6bcc)
  • Update readme to include gradle instructions for storage control (#2503) (50ac93b)
  • Update TransportCompatibility annotation for Storage#blobWriteSession (#2520) (b7d673c)
Config Connector

Config Connector version 1.117.0 is now available.

This release improves our support for VertexAI.

VertexAIDataSet is promoted from alpha to beta.

  • Output fields are now in status.observedState.

  • The KMS key is now specified using a reference: spec.encryptionSpec.kmsKeyNameRef

VertexAIIndex is promoted from alpha to beta.

  • Output fields are now in status.observedState.

  • Note that isCompleteOverwrite is currently not supported: it is not obviously compatible with declarative operation.

VertexAIEndpoint is promoted from alpha to beta.

  • Output fields are now in status.observedState.

  • The KMS key is now specified using a reference: spec.encryptionSpec.kmsKeyNameRef

  • The network is now specified using a reference: spec.networkRef

ComputeNetwork

  • The spec.enableUlaInternalIpv6 field is no longer immutable - it can now be changed without recreating the network.
Container Optimized OS

cos-113-18244-85-5

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded app-admin/node-problem-detector to v0.8.18.

Upgraded app-admin/google-osconfig-agent to v20240501.00.

Upgraded app-admin/google-guest-agent to v20240314.00.

Upgraded app-containers/docker and app-containers/docker-cli to v24.0.9.

Upgraded app-admin/google-guest-configs to v20240307.00.

Upgraded sys-boot/grub-lakitu to the FC 39's current version.

Upgraded app-emulation/cloud-init to v23.4.4.

Added support for i6300 watchdog timer device.

Uprev GPU driver version to v470.239.06.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Fixed CVE-2024-26900 in the Linux kernel.

Fixed CVE-2024-26809 in the Linux kernel.

Fixed CVE-2024-26882 in the Linux kernel.

Fixed CVE-2024-26884 in the Linux kernel.

Fixed CVE-2024-26885 in the Linux kernel.

Fixed CVE-2024-26883 in the Linux kernel.

Fixed CVE-2024-26907 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.core.mem_pcpu_rsv: 256
  • Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
  • Changed: fs.file-max: 812400 -> 812391
  • Changed: kernel.threads-max: 63504 -> 63503
  • Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
  • Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
  • Changed: user.max_cgroup_namespaces: 31752 -> 31751
  • Changed: user.max_ipc_namespaces: 31752 -> 31751
  • Changed: user.max_mnt_namespaces: 31752 -> 31751
  • Changed: user.max_net_namespaces: 31752 -> 31751
  • Changed: user.max_pid_namespaces: 31752 -> 31751
  • Changed: user.max_time_namespaces: 31752 -> 31751
  • Changed: user.max_user_namespaces: 31752 -> 31751
  • Changed: user.max_uts_namespaces: 31752 -> 31751

cos-109-17800-218-26

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Uprev GPU driver version to v470.239.06.

Fixed CVE-2024-26900 in the Linux kernel.

cos-105-17412-370-29

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Fixed CVE-2024-26900 in the Linux kernel.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for datastore/admin/apiv1

1.17.0 (2024-05-08)

Features

Java

Changes for google-cloud-datastore

2.19.2 (2024-05-03)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#1406) (b265fb3)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#1426) (ac3a1c1)
  • Update dependency com.google.errorprone:error_prone_core to v2.27.0 (#1411) (a3f5a2c)
  • Update dependency com.google.errorprone:error_prone_core to v2.27.1 (#1421) (48d7daf)
  • Update dependency com.google.guava:guava-testlib to v33.2.0-jre (#1422) (5a5dfdf)
Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-028 security bulletin.

Google Kubernetes Engine

A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-028 security bulletin.

Media CDN

Media CDN supports content targeting, which helps you cache and deliver assets that are customized for your end-user contexts. It enables device characterization and geo-targeting, which are useful for implementing responsive websites, language customization, and currency settings.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.4.0 (2024-05-03)

Features
  • Add several fields to manage state of database encryption update (#1904) (aba9aee)
Bug Fixes
  • deps: Update dependency @types/long to v5 (#1901) (d13d395)

Go

Changes for pubsub/apiv1

1.38.0 (2024-05-06)

Features
  • pubsub: Add custom datetime format for Cloud Storage subscriptions (4834425)
  • pubsub: Support publisher compression (#9711) (4940c3c)
  • pubsub: Use Streaming Pull response for ordering check (#9682) (7bf4904)
Bug Fixes
  • pubsub: Bump x/net to v0.24.0 (ba31ed5)
  • pubsub: Respect gRPC dial option when PUBSUB_EMULATOR_HOST is set (#10040) (95bf6b2)
  • pubsub: Update protobuf dep to v1.33.0 (30b038d)

Java

Changes for google-cloud-pubsub

1.129.4 (2024-05-10)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.40.0 (#2016) (beee523)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.40.1 (#2021) (0873594)
  • Update dependency com.google.cloud:google-cloud-storage to v2.38.0 (#2019) (ba3dffc)

1.129.3 (2024-05-06)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.38.0 (#2011) (4a547d0)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#2012) (811d0e6)
Sensitive Data Protection

The IMMIGRATION_STATUS infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The RUSSIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The UKRAINE_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The UZBEKISTAN_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

Spanner now supports a new metric in the monitoring console called read_request_latencies_by_change_stream. Use this metric to view all read latencies and filter latencies by change stream or non-change stream reads. For more information, see Available charts and metrics.

Vector length annotation is now generally available. For more information, see the PostgreSQL vector length parameter or the GoogleSQL vector_length parameter.

May 11, 2024

Cloud Composer

Starting from GKE version 1.27.5, Cloud Composer environment clusters will start using SSD disks as persistent disks. The disk quota will change from Persistent disk standard (GB) to Persistent disk SSD (GB). Please check the Persistent disk SSD (GB) quota in your project and request an increase if this quota approaches its limit.

A single environment created using a Small environment preset requires at least 600 GB SSD disk space and the SSD quota must be able to accommodate it.

Being close to the limit of the SSD quota might impact the autoscaling capabilities of Cloud Composer environments or make impossible to create new environments.

The Logs in Cloud Logging Only feature is enabled by default in new environments:

  • New Cloud Composer environments now save Airflow task logs only in Cloud Logging by default.
  • Existing environments are not changed. If you upgrade an existing environment to Cloud Composer 2.8.0, it keeps saving logs to the environment's bucket.
  • You can enable and disable saving logs to the environment's bucket for an existing environment.

Fixed a problem where some Airflow tasks were failing because the task could not write logs to the environment's bucket.

Cloud Composer 2.8.0 images are available:

  • composer-2.8.0-airflow-2.7.3 (default)
  • composer-2.8.0-airflow-2.6.3

May 10, 2024

AlloyDB for PostgreSQL

Model endpoint management is now available in Preview for both AlloyDB and AlloyDB Omni. For more information, see Register and call remote AI models in AlloyDB or Register and call remote AI models in AlloyDB Omni.

Version 15.5.3 of the simplified installation method for AlloyDB Omni is now available in Preview. Updates include the following:

Artifact Registry

Artifact Registry generic repositories are available in Preview.

Generic repositories store versioned, immutable artifacts that don't have to adhere to any specific package format in Artifact Registry. You can store and manage arbitrary files such as archives, binaries, and media files with no package specifications or management clients.

To get started with generic repositories, see the quickstart.

Dataform

Gemini, an AI-powered collaborator in Google Cloud, can help you generate code in Dataform. This feature is in preview. For more information, see Write queries with Gemini assistance.

Google Kubernetes Engine

In new Standard clusters running GKE version 1.29 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: 34.118.224.0/20 by default. With this feature, you don't need to specify your own IP address range for Services. For more information, see Subnet secondary IP address range for Services.

Container Threat Detection (KTD) fails to deploy on Autopilot clusters running the following GKE versions:

  • 1.28.6-gke.1095000 to 1.28.7-gke.1025000
  • 1.29.1-gke.1016000 to 1.29.1-gke.1781000

To mitigate this issue, upgrade the cluster to version 1.28.7-gke.1026000 or later, or to 1.29.2-gke.1060000 or later.

SAP on Google Cloud

New SAP HANA certification: Hyperdisk Balanced usage with M1 machine types

For use with SAP HANA on Google Cloud, SAP has certified the usage of Hyperdisk Balanced with the M1 series of memory-optimized machine types.

For more information, see:

May 09, 2024

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

GKE on AWS now supports clusters in the ap-northeast-2 region. For more information, see Supported regions.

Apigee Advanced API Security

On May 9, 2024 we released an updated version of Advanced API Security.

Addition of CIDR range support when specifying IPv4 addresses for security action rules.

Apigee Advanced API Security now includes support for CIDR range specification when creating security action rules that restrict access based on IP addresses.

This new functionality is not available with Apigee hybrid at this time.

See Create a security action to learn more.

Apigee X

Limit on number of basepaths per environment

Apigee is enforcing a temporary limit of 500 basepaths per environment to avoid potential failures when deploying API proxy revisions.

While this limit is in place, you can deploy up to 500 API proxy revisions (each containing a single basepath) per environment. If your API proxies or revisions contain more than one basepath, the total number of basepaths per environment must not exceed 500.

To track the status of this issue, see Apigee Known Issues.

Cloud Monitoring

You can now configure a logs panel widget to display log entries by log view. For more information, see Display logs and errors on a custom dashboard.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.101-debian10, 2.0.101-rocky8, 2.0.101-ubuntu18

  • 2.1.49-debian11, 2.1.49-rocky8, 2.1.49-ubuntu20, 2.1.49-ubuntu20-arm

  • 2.2.15-debian12, 2.2.15-rocky9, 2.2.15-ubuntu22

Google Distributed Cloud (software only) for VMware

GKE on VMware 1.28.500-gke.121 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.28.500-gke.121 runs on Kubernetes v1.28.8-gke.2000.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

Google Kubernetes Engine

A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-027 security bulletin.

Google SecOps SOAR

Release 6.3.1 is now in General Availability.

Remote Agents Release 1.6.0 is now in General Availability.

May 08, 2024

Anthos clusters on AWS

A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-027 security bulletin.

Anthos clusters on Azure

A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-027 security bulletin.

Apigee X

On May 8, 2024, we released an updated version of Apigee X.

This release contains the General Availability (GA) release of AppGroups for Apigee and Apigee hybrid (version 1.10.0 and later).

AppGroups represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership. Client support for AppGroups is available with the latest Drupal Teams module.

Cloud Life Sciences

The migration documentation has been updated to explain how to use workflow services that you have configured for Cloud Life Sciences with Batch instead. Specifically, the documentation mentions Workflows from Google Cloud, Cromwell, dsub, Nextflow, and Snakemake. For more information, see Workflow services in the Batch migration documentation.

Compute Engine

Preview: You can now use the Require OS Config organization policy constraint to automatically enable VM Manager for all new VMs in your organization, folder, or project. For more information, see Enable VM Manager using an organization policy.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.61
  • 1.2.5
  • 2.0.69
  • 2.1.48
  • 2.2.5
Dialogflow

Dialogflow ES and Dialogflow CX: The us-dialogflow.googleapis.com endpoint and locations/us resource location, which served as aliases for global resources, will be discontinued starting May 21, 2024. We have changed the date to update resource locations and endpoints from April 16, 2024 to May 21, 2024 to provide you with additional time. For more information, see the email announcement.

Note

  • This change affects only the agents created in the global region (ES, CX) and only if you use the us alias in the API requests to these global-region agents. If you created agents in us-central1, us-east1, us-west1, and us (multi-region) regions, no action is required.
  • The discontinued endpoint is different than the us multi-region endpoint that was announced recently.

Dialogflow CX and Vertex AI Agents: Effective June 15, 2024, the following generative features will be upgraded from text-bison-001 to gemini-1.0-pro-001:

  • Vertex AI agent apps
  • Data store agents (aka Chat agents)
  • Generators
  • Generative fallback

For more information, see the email announcement

Google Cloud Architecture Center

(New guide) C3 AI architecture on Google Cloud: Develop applications using C3 AI and Google Cloud.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-026 security bulletin.

A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-027 security bulletin.

Google Kubernetes Engine

(2024-R13) Version updates

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.13-gke.1144000
    • 1.27.8-gke.1067004
    • 1.27.11-gke.1062000
    • 1.28.3-gke.1118000
    • 1.28.3-gke.1286000

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.14-gke.1044000
    • 1.29.1-gke.1589017
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.1-gke.1589018 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.

Rapid channel

  • Version 1.29.3-gke.1282001 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1158000
    • 1.26.15-gke.1243000
    • 1.27.12-gke.1190000
    • 1.27.13-gke.1070000
    • 1.28.8-gke.1175000
    • 1.28.9-gke.1069000
    • 1.29.3-gke.1093006
    • 1.29.3-gke.1282000
    • 1.29.4-gke.1165000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282001 with this release.

A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-026 security bulletin.

(2024-R13) Version updates

(2024-R13) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.13-gke.1144000
    • 1.27.8-gke.1067004
    • 1.27.11-gke.1062000
    • 1.28.3-gke.1118000
    • 1.28.3-gke.1286000

(2024-R13) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.14-gke.1044000
    • 1.29.1-gke.1589017
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.1-gke.1589018 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.

(2024-R13) Version updates

  • Version 1.29.3-gke.1282001 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1158000
    • 1.26.15-gke.1243000
    • 1.27.12-gke.1190000
    • 1.27.13-gke.1070000
    • 1.28.8-gke.1175000
    • 1.28.9-gke.1069000
    • 1.29.3-gke.1093006
    • 1.29.3-gke.1282000
    • 1.29.4-gke.1165000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282001 with this release.
Google SecOps

When Applied Threat Intelligence is enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an alert when a match is found.

Google SecOps SIEM

When Applied Threat Intelligence is enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an alert when a match is found.

Google SecOps SOAR

Release 6.3.2 is currently in Preview.

Issues when Siemplify > Set Case SLA actions run at the exact same time (ID #49397338)

Wrong error message displays when you to try add a custom list with a name that already exists (ID #50610331)

User mentioned in case not receiving an email notification (ID #00274991)

Widgets not fully aligned on Case view page (ID #49711925)

Number increased for integer type integration parameters (ID #00287205)

Looker

Looker 24.8 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, May 13, 2024

  • Expected Looker (original) final deployment and download available: Thursday, May 23, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, May 13, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, May 20, 2024

Database connection pooling is becoming generally available. For Looker (original) instances, the feature is moved out of Looker Labs. For dialects that support database connection pooling, the Connection settings page will include a Database Connection Pooling option. As part of this update, the Database Connection Pooling Labs setting for your instance has been applied to the Database Connection Pooling setting for the applicable database connections on your instance. If you very recently changed the Database Connection Pooling Labs setting, please check your connection settings to verify that the migration has applied the Database Connection Pooling setting that you want for each database connection.

The last_logged_in_at time is now captured when a URL that is created by the create_embed_url is used to log in to the Looker instance. This feature now performs as expected.

Previously, queries for totals would not run when a derived table referenced an ephemeral derived table using the SQL_TABLE_NAME syntax. This feature now performs as expected.

An issue has been fixed with the scrollbar appearing in text tiles. This feature now performs as expected.

An issue has been fixed where embed download filter parameters for cookieless embed were incorrectly escaped (space mapped to x2B [+] rather than x20). This feature now performs as expected.

An issue has been fixed where ↙ ↘ characters were being reversed in single value visualizations. This feature now performs as expected.

Text is now properly truncated in table visualizations even when the underlying field has defined html and link parameters.

Previously, an issue could cause Look titles to be cut off. This feature now performs as expected.

Previously, an issue caused filters to be incorrectly restored in the dashboard edit filter dialog. This feature now performs as expected.

Previously, if Looker encountered an invalid visualization type on a tile, the dashboard would not load. This feature now performs as expected.

Previously, queries that were defined with the API occasionally could not be downloaded as PNGs or JPGs. This feature now performs as expected.

Quick start queries with missing identifiers will no longer cause validation to fail.

Referencing the ALL_FIELDS set in a join or view will no longer cause validation to fail.

You can now see longer embedded Look titles without needing to scroll.

For LookML projects with a large number of files, IDE folders were slow to respond when you were navigating and creating, editing, or deleting LookML files. A performance issue has been identified and fixed.

When you search for a user or group, strings with commas now work as expected.

An issue where paper size did not change correctly when Fit to Dashboard was used has been fixed. This feature now performs as expected.

Previously, when embedded Explores were rendered in an iframe, a screen jump might have occurred. This feature now performs as expected.

Previously, query downloads of type json_bi could have failed if they included fields that were hidden from the visualization. This feature now performs as expected.

Looker now initializes Development Mode projects for Looker projects that are in Production Mode.

Text in the project IDE will now be line wrapped.

When a Git project becomes corrupted, Looker now proactively converts it to a clone to prevent further issues.

When a LookML project fails to load, a log message will now be generated.

The log error about getting an access token from the Google OAuth library has been reclassified as a warning.

When a custom filter is too large for the JSON parser to handle, Looker now returns a more descriptive error.

HSQLDB has been updated to version 2.7.2 to comply with GHSA-77xx-rxvh-q682.

On the Looker Labs page, links to documentation will now open in a new browser tab instead of navigating away from the Looker UI.

May 07, 2024

AlloyDB for PostgreSQL

Private Service Connect is now generally available (GA). Private Service Connect lets you connect to an AlloyDB for PostgreSQL instance from multiple VPC networks belonging to different groups, teams, projects, or organizations.

AlloyDB Omni version 15.5.1 and later lets you add sidecar containers to your database cluster when you use the AlloyDB Omni Kubernetes Operator.

Anthos clusters on AWS

A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-026 security bulletin.

Anthos clusters on Azure

A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-026 security bulletin.

Apigee X

On May 7, 2024, we released an updated version of Apigee.

Target server SSL enforcement

With this release, Apigee customers can specify strict SSL southbound enforcement in TargetServer configurations using the object's enforce key. If set to true, SSL enforcement is applied to service callouts.

The option to specify this behavior is analogous to usage of the <Enforce> tag in the <SSLInfo> block of the TargetEndpoint configuration.

For more information, see Configure strict SSL enforcement .

Environment-level flag for SSL enforcement

Apigee customers can specify strict SSL southbound enforcement across an Apigee environment, using the SSLInfo.Enforce flag.

If SSLInfo.Enforce is set to true or false, the value specified overrides any granular enforcement options specified in <SSLInfo> blocks in TargetEndpoint or TargetServer configurations.

If SSLInfo.Enforce is unset, SSL enforcement is determined by any values specified using the <Enforce> element within individual <SSLInfo> blocks. For more information, see TLS/SSL TargetEndpoint configuration.

Two-way HTTPS health monitor support

Apigee health monitors using <HTTPMonitor> can now use all SSL parameters available in the <SSLInfo> block of their TargetServer configurations when performing health checks.

To enable access, set <UseTargetServerSSLInfo> to true in the <Request> block of the HTTPMonitor configuration.

For more information, see Health monitor using HTTP monitor .

BigQuery

JavaScript user-defined aggregate functions (UDAFs) are in preview. You can create a JavaScript UDAF with the CREATE AGGREGATE FUNCTION statement.

You can now store columns in your vector indexes and pre-filter data in your vector searches to improve query efficiency. This feature is in preview.

Cloud Healthcare API

Using a filter when exporting HL7v2 messages to Cloud Storage is generally available (GA) and available in Preview.

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

May 06, 2024

AlloyDB for PostgreSQL Apigee API hub

Apigee API hub is available in preview.

With Apigee API hub, you can consolidate and organize critical information about your APIs in one place. Use API hub to accelerate the consistency, use, reuse, and governance of your API portfolio.

Use API hub to:

  • Create and manage a complete catalog of your APIs and API resources.
  • Add rich attributes to your APIs for tracking, organizing, and filtering.
  • Link to one or more Apigee projects to automatically fetch and store Apigee API proxy information.
  • Find APIs with powerful free-form semantic search capabilities.
  • Track compliance for your API specification files using Linting functionality.

To learn more about the features and functionality available, see What is Apigee API hub?

NOTE: Rollouts of this feature will begin on May 6, 2024, and may take four or more business days to be completed across all Google Cloud zones. You may not be able to provision API hub until the rollout is complete.

AutoML Natural Language

This legacy version of AutoML Natural Language is deprecated and new models can no longer be trained nor deployed on the legacy platform. Already deployed models will stop working on May 30, 2024. All the functionality of legacy AutoML Natural Language and new features are available on the Vertex AI platform. See Migrate to Vertex AI to learn how to migrate your resources.

Backup and DR

Backup and DR Service 11.0.10.425 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance. This release includes fixes for the following security vulnerabilities:

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.7.0 (2024-05-03)

Features

Java

Changes for google-cloud-bigquery

2.39.1 (2024-04-29)

Bug Fixes
  • @Nullable annotations on builder methods (#3222) (0c5eed1)
Dependencies
  • Update actions/checkout action (#3267) (c297ed2)
  • Update actions/upload-artifact action to v4.3.3 (#3258) (5215235)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.44.0 (#3270) (ee09ab6)
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.5.0 (e7c6201)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.48.0 (#3271) (3b6e0d5)
  • Update github/codeql-action action to v2.25.2 (#3260) (3302dc4)
  • Update github/codeql-action action to v2.25.3 (#3268) (1cf2377)

BigQuery Managed Disaster Recovery provides managed failover and redundant compute capacity for business critical workloads. It is intended for use in the case of a total region outage and is supported with the BigQuery Enterprise Plus edition only. This feature is now available in preview.

You can now create AWS Glue federated datasets using the the Google Cloud console. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.0 (2024-04-29)

Features
Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.36.0 (#2215) (5a9259e)
  • Update shared dependencies (#2190) (3f37d8d)
Certificate Authority Service

Implement fine-grained policy controls over your certificate issuance using certificate templates. Certificate templates can be used in conjunction with IAM conditions to effectively create different policy controls for different users on the same CA pool. You can test certificate issuance in a validation mode and proactively identify conflicts between the CA pool's issuance policies and the certificate template's policies. For information, see Request a certificate using a certificate template. The feature is in General Availability (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Compute Engine
    • compute.googleapis.com/StoragePool
Cloud Billing

Download committed use discount data as a CSV file

You can now download data about all your committed use discounts (CUD) as a flat comma-separated value (CSV) file. The CSV file includes the subscription ID for each commitment, which you can use join your CUDs data to your usage data in the BigQuery export.

Learn about downloading your CUDs data.

Cloud Monitoring

Synthetic monitors no longer require that the ingress rule be set to allow all traffic. For more information, see Cloud Function configuration.

A Selenium WebDriver sample is now available for synthetic monitors. For more information, see Selenium WebDriver template.

Container Optimized OS

cos-101-17162-463-16

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Fixed CVE-2017-18207 in dev-lang/python.

Fixed CVE-2023-32681 in dev-python/requests.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2022-2806 in app-admin/sosreport.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.

Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.

Fixed CVE-2024-26921 in the Linux kernel.

cos-105-17412-370-23

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Upgraded sys-apps/makedumpfile to v1.7.5.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.

Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.

Fixed CVE-2023-32681 in dev-python/requests.

Fixed CVE-2024-26921 in the Linux kernel.

cos-109-17800-218-20

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/node-problem-detector to v0.8.18.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.

Fixed CVE-2023-32681 in dev-python/requests.

cos-113-18244-1-65

Kernel Docker Containerd GPU Drivers
COS-6.1.77 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/sosreport to v4.7.1.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2023-52620 in Linux kernel.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.7 (2024-05-01)

Bug Fixes
  • dataflow: Bump x/net to v0.24.0 (ba31ed5)
Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.100-debian10, 2.0.100-rocky8, 2.0.100-ubuntu18
  • 2.1.48-debian11, 2.1.48-rocky8, 2.1.48-ubuntu20, 2.1.48-ubuntu20-arm
  • 2.2.14-debian12, 2.2.14-rocky9, 2.2.14-ubuntu22

Dataproc on Compute Engine:

Document AI

Batch processing with Layout Parser is available. For more about Layout Parser, see Process documents with Layout Parser.

Model pretrained-foundation-model-v1.1-2024-03-12 is available for custom extractor. For more information about available models, see Custom extractor model versions.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for datastore/admin/apiv1

1.16.0 (2024-04-29)

Features
  • datastore: Adding BeginLater and transaction state (#8984) (5f8e21f)
  • datastore: Adding BeginLater transaction option (#8972) (4067f4e)
  • datastore: Adding reserve IDs support (#9027) (2d66de0)
  • datastore: Configure both mTLS and TLS endpoints for Datastore client (#9653) (38bd793)
  • datastore: Respect DATASTORE_EMULATOR_HOST setting (#9789) (7259373)
Bug Fixes
  • datastore: Add explicit sleep before read time use (#9080) (0538be4)
  • datastore: Adding tracing to run method (#9602) (a5e197c)
  • datastore: Bump x/net to v0.24.0 (ba31ed5)
  • datastore: Enable universe domain resolution options (fd1d569)
  • datastore: Prevent panic on GetMulti failure (#9656) (55845ad)
  • datastore: Update protobuf dep to v1.33.0 (30b038d)
Google Cloud Deploy

Cloud Deploy now uses Skaffold 2.11 as the default Skaffold version for all target types.

Google SecOps

Gemini for investigation assistance

Gemini for investigation assistance can now support you with the following:

  • Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.
  • Search summaries: Gemini can automatically summarize search results after every search and subsequent filter action. Gemini can also answer contextual follow-up questions about the summaries it provides.
  • Rule generation: Gemini can create new YARA-L rules from the UDM search queries it generates.
  • Security questions and threat intelligence analysis: Gemini can answer general security domain questions and specific threat intelligence questions. Gemini can provide summaries about threat actors, IOCs, and other threat intelligence topics.
  • Incident remediation: Based on the event information returned, Gemini can suggest follow-on steps.

For more information, see Use Gemini to investigate security issues.

Google SecOps SIEM

Gemini for investigation assistance

Gemini for investigation assistance can now support you with the following:

  • Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.
  • Search summaries: Gemini can automatically summarize search results after every search and subsequent filter action. Gemini can also answer contextual follow-up questions about the summaries it provides.
  • Rule generation: Gemini can create new YARA-L rules from the UDM search queries it generates.
  • Security questions and threat intelligence analysis: Gemini can answer general security domain questions and specific threat intelligence questions. Gemini can provide summaries about threat actors, IOCs, and other threat intelligence topics.
  • Incident remediation: Based on the event information returned, Gemini can suggest follow-on steps.

For more information, see Use Gemini to investigate security issues.

Identity-Aware Proxy

Identity-Aware Proxy (IAP) now supports Workforce Identity Federation for application access. You can now use your extended workforce identities to access IAP-protected applications without having to sync your identities into Cloud Identity. For more information, see Configure IAP with Workforce Identity Federation.

Migrate to Containers

The Migrate to Containers UI in the Google Cloud console, migctl, and CRDs that used processing clusters to migrate workloads to Google Cloud are no longer available.

To perform migrations, use the Migrate to Containers CLI on your local machine. For more information, see Migrate to Containers overview.

If you have any questions or require additional support, then reach out to m2c-external-feedback@google.com.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.129.2 (2024-04-30)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.39.1 (#2006) (a7f4afb)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.0 (2024-05-01)

Features
  • secretmanager: Add Secret Version Delayed Destroy changes for client libraries (1d757c6)
Bug Fixes
  • secretmanager: Bump x/net to v0.24.0 (ba31ed5)
Security Command Center

Assign high-value resources based on Sensitive Data Protection insights for Cloud SQL

The attack path simulations feature can now automatically set the resource value of a Cloud SQL resource based on the sensitivity of the data that the instance contains.

For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.

For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.

May 03, 2024

Application Integration

Loop Metadata variables are changing

In the For each loop and While loop tasks, there's a Loop metadata variable in which you will find duplicate keys for the output variable–for example, Current Iteration Count and current_iteration_count. We recommend you to use the variables that contain the underscore (_) symbol because the other keys are being deprecated.

For more information, see Known issue: Duplicate keys in the Loop metadata.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • AI Platform
    • aiplatform.googleapis.com/Index
    • aiplatform.googleapis.com/IndexEndpoint
  • Compute Engine
    • compute.googleapis.com/NetworkAttachment
Google SecOps

Create a new playbook using Gemini (Preview)

You can now use Gemini to create a fully structured playbook. All you need to do is write a well structured prompt and click Create. For more information, see Create playbook with Gemini.

Identity and Access Management

As of May 3, 2024, when you create a new organization, it enforces the following organization policy constraints by default:

  • iam.disableServiceAccountKeyCreation
  • iam.disableServiceAccountKeyUpload
  • iam.automaticGrantsForDefaultServiceAccounts
  • iam.allowedPolicyMemberDomains

For more information, see Restricting service account usage and Restricting identities by domain.

Policy Controller

Installing Policy Controller 1.18.0 or newer will fail unless you first enable the anthospolicycontroller.googleapis.com API. For more information on directly installing and managing Policy Controller, see Install Policy Controller.

Policy Controller bundles have been updated to the following versions: cis-gke-v1.5.0: 202403.0, nist-sp-800-190: 202403.0, nist-sp-800-53-r5: 202403.0, pci-dss-v3.2.1: 202403.0, pci-dss-v4.0: 202403.0, policy-essentials-v2022: 202403.0, pss-baseline-v2022: 202403.1, pss-restricted-v2022: 202403.1. For reference, see Policy Controller bundles overview.

Policy Intelligence

Some Policy Intelligence features are only available for customers with organization-level activations of Security Command Center. For more information, see Billing questions.

Virtual Private Cloud

Private Service Connect supports IPv6 in Preview for the following supported configurations:

For more information, see IP version translation.

May 02, 2024

Anthos Config Management

Installing Policy Controller 1.18.0 or newer will fail unless you first enable the anthospolicycontroller.googleapis.com API. For more information on directly installing and managing Policy Controller, see Install Policy Controller.

Policy Controller now has its own release notes page. For future announcements, visit Policy Controller release notes.

Dynamic namespace selection using the spec.mode field in the NamespaceSelector CRD is now generally available (GA). This feature supports deploying namespace-scoped resources in matching Namespaces statically-declared in the source of truth and dynamically present on the cluster. For more information, refer to NamespaceSelector mode.

Config Sync now supports specifying CA certificates for helm and OCI source types. This is surfaced on the caCertSecretRef field on the RootSync and RepoSync APIs. For more information, refer to RootSync and RepoSync fields.

Policy Controller bundles have been updated to the following versions: cis-gke-v1.5.0: 202403.0, nist-sp-800-190: 202403.0, nist-sp-800-53-r5: 202403.0, pci-dss-v3.2.1: 202403.0, pci-dss-v4.0: 202403.0, policy-essentials-v2022: 202403.0, pss-baseline-v2022: 202403.1, pss-restricted-v2022: 202403.1. For reference, see Policy Controller bundles overview.

When syncing from Helm, Config Sync now retries faster on errors with exponential backoff.

Reduced memory footprint in reconcilers by not loading the OpenAPI when the Config Sync admission webhook is disabled.

On Autopilot clusters, the helm-sync container CPU request is changed from 150m to 250m, and memory request is changed from 256Mi to 384Mi. For information on resource requirements, see Resource requests.

Upgraded bundled Helm version from v3.13.3 to v3.14.3 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

Bare Metal Solution

You can now set up Ops Agent on your Bare Metal Solution server to view Bare Metal Solution metrics. This feature is generally available (GA).

Bare Metal Solution now supports Oracle Linux 9. This feature is generally available (GA). For more information, see Operating systems and Change the OS for a server.

BigQuery

Analytics Hub Subscription Management is generally available (GA). Data Publishers can now manage their subscriptions, view information about their subscribers, and revoke access to their data at any time.

Analytics Hub Provider Usage Metrics is now generally available (GA). The usage metrics include the following:

  • Jobs that run against your shared data.
  • The consumption details of your shared data by subscribers' projects and organizations.
  • The number of rows and bytes processed by the job.
Bigtable

The Bigtable Spark connector lets you read and write data from and to Bigtable using Spark SQL and DataFrames inside your Spark application. This feature is generally available (GA).

Filestore

You can now revert an instance to a snapshot state. This feature is generally available for instances created in the zonal and enterprise service tiers.

Filestore supports IP-based access control for your volumes. You can now use the Filestore CSI driver to configure IP-based access control at volume creation.

Google Distributed Cloud (software only) for Bare Metal

Release 1.28.500-gke.120

GKE on Bare Metal 1.28.500-gke.120 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.500-gke.120 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Kubernetes Engine

The new release of the GKE Gateway controller (2024-R1) is now generally available. With this release, the GKE Gateway controller will provide the following new capabilities and fixes:

New capabilities:

  • Gateway API CRDs v1.0.0
  • Cloud Armor backend security policy support for Regional external Gateways
  • Self-managed certificates with Certificate Manager on Regional internal & external Gateways
  • Google-managed certificates with Certificate Manager on Regional internal & external Gateways [Preview]

Bug fixes:

  • Fixed missing permissions to MCI service agent role for regional SSL policy

To learn more about our GKE Gateway controller capabilities, see the supported capabilities per GatewayClass.

Starting in GKE 1.30, the metric scheduler_pod_scheduling_duration_seconds in control plane metrics package will no longer be available, as a result of deprecation in the upstream OSS. The replacement metric scheduler_pod_scheduling_sli_duration_seconds will be exported as part of the the control plane metrics package instead.

Google SecOps

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • AIX system (AIX_SYSTEM)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Arista Switch (ARISTA_SWITCH)
  • Aruba (ARUBA_WIRELESS)
  • Aruba Switch (ARUBA_SWITCH)
  • Attivo Networks (ATTIVO)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS Control Tower (AWS_CONTROL_TOWER)
  • AWS Elastic Load Balancer (AWS_ELB)
  • AWS WAF (AWS_WAF)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure WAF (AZURE_WAF)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
  • BigQuery (N/A)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Brocade Switch (BROCADE_SWITCH)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco VPN (CISCO_VPN)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Claroty Enterprise Management Console (CLAROTY_EMC)
  • Cloud Audit Logs (N/A)
  • Cloud Intrusion Detection System (GCP_IDS)
  • Corelight (CORELIGHT)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk (CYBERARK)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • Cybergatekeeper NAC (CYBERGATEKEEPER_NAC)
  • Darktrace (DARKTRACE)
  • Dell ECS Enterprise Object Storage (DELL_ECS)
  • Dell Switch (DELL_SWITCH)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • ESET (ESET_EDR)
  • ESET AV (ESET_AV)
  • F5 Advanced Firewall Management (F5_AFM)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • FireEye HX (FIREEYE_HX)
  • FireEye NX Audit (FIREEYE_NX_AUDIT)
  • Firewall Rule Logging (N/A)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forescout NAC (FORESCOUT_NAC)
  • Forgerock OpenIdM (FORGEROCK_OPENIDM)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortra Powertech SIEM Agent (FORTRA_POWERTECH_SIEM_AGENT)
  • Cloud NAT (N/A)
  • GCP_SWP (GCP_SWP)
  • Gitlab (GITLAB)
  • GMAIL Logs (GMAIL_LOGS)
  • GMV Checker ATM Security (GMV_CHECKER)
  • Guardicore Centra (GUARDICORE_CENTRA)
  • HPE BladeSystem C7000 (HPE_BLADESYSTEM_C7000)
  • HYPR MFA (HYPR_MFA)
  • IBM AS/400 (IBM_AS400)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Guardium (GUARDIUM)
  • IBM Tape Storages (IBM_LTO)
  • IBM Tivoli (IBM_TIVOLI)
  • IBM-i Operating System (IBM_I)
  • Illumio Core (ILLUMIO_CORE)
  • Imperva (IMPERVA_WAF)
  • Imperva Advanced Bot Protection (IMPERVA_ABP)
  • Imperva SecureSphere Management (IMPERVA_SECURESPHERE)
  • Infoblox (INFOBLOX)
  • ION Spectrum (ION_SPECTRUM)
  • Ipswitch MOVEit Transfer (IPSWITCH_MOVEIT_TRANSFER)
  • Jamf Protect Alerts (JAMF_PROTECT)
  • Jamf Protect Telemetry (JAMF_TELEMETRY)
  • Juniper Junos (JUNIPER_JUNOS)
  • Juniper MX Router (JUNIPER_MX)
  • Kubernetes Node (KUBERNETES_NODE)
  • LastPass Password Management (LASTPASS)
  • Linux Auditing System (AuditD) (AUDITD)
  • McAfee Enterprise Security Manager (MCAFEE_ESM)
  • Medigate IoT (MEDIGATE_IOT)
  • Microsoft AD (WINDOWS_AD)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IAS Server (MICROSOFT_IAS)
  • Microsoft Intune (AZURE_MDM_INTUNE)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mongo Database (MONGO_DB)
  • Netscout Arbor Sightline (ARBOR_SIGHTLINE)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • NGFW Enterprise (GCP_NGFW_ENTERPRISE)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Opengear Remote Management (OPENGEAR)
  • Oracle (ORACLE_DB)
  • OSQuery (OSQUERY_EDR)
  • OSSEC (OSSEC)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Prisma Cloud (PAN_PRISMA_CLOUD)
  • PerimeterX Bot Protection (PERIMETERX_BOT_PROTECTION)
  • Phishlabs (PHISHLABS)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Riverbed Steelhead (STEELHEAD)
  • RSA SecurID Access Identity Router (RSA_SECURID)
  • SAP SM20 (SAP_SM20)
  • SAP SuccessFactors (SAP_SUCCESSFACTORS)
  • SAP Webdispatcher (SAP_WEBDISP)
  • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
  • Security Command Center Threat (N/A)
  • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Solaris system (SOLARIS_SYSTEM)
  • SonicWall (SONIC_FIREWALL)
  • Sonicwall Secure Mobile Access (SONICWALL_SMA)
  • Splunk Platform (SPLUNK)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • Suricata EVE (SURICATA_EVE)
  • Suricata IDS (SURICATA_IDS)
  • Swift Alliance Messaging Hub (SWIFT_AMH)
  • Symantec CloudSOC CASB (SYMANTEC_CASB)
  • Symantec DLP (SYMANTEC_DLP)
  • Tenable OT (TENABLE_OT)
  • Tetragon Ebpf Audit Logs (TETRAGON_EBPF_AUDIT_LOGS)
  • Trellix HX Event Streamer (TRELLIX_HX_ES)
  • Trend Micro (TIPPING_POINT)
  • Trend Micro Cloud one (TRENDMICRO_CLOUDONE)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • TrendMicro Web Proxy (TRENDMICRO_WEBPROXY)
  • Unifi AP (UNIFI_AP)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • VPC Flow Logs (GCP_VPC_FLOW)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Network Policy Server (WINDOWS_NET_POLICY_SERVER)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • Workspace ChromeOS Devices (WORKSPACE_CHROMEOS)
  • Workspace Groups (WORKSPACE_GROUPS)
  • Workspace Mobile Devices (WORKSPACE_MOBILE)
  • Workspace Privileges (WORKSPACE_PRIVILEGES)
  • Workspace Users (WORKSPACE_USERS)
  • YAMAHA ROUTER RTX1200 (YAMAHA_ROUTER)
  • Zeek JSON (BRO_JSON)
  • Zimperium (ZIMPERIUM)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • ZScaler NGFW (ZSCALER_FIREWALL)

The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

  • Adaxes (ADAXES)
  • Air Table (AIR_TABLE)
  • Alert Enterprise Guardian (ALERT_GUARDIAN)
  • Amavis (AMAVIS)
  • Atlassian Beacon (ATLASSIAN_BEACON)
  • Banner dd (BANNER_DD)
  • BetterStack Uptime (BETTERSTACK_UPTIME)
  • BloodHound (BLOODHOUND)
  • Core Privileged Access Manager (BoKS) (BOKS)
  • Cisco Secure Access (CISCO_SECURE_ACCESS)
  • Cleafy (CLEAFY)
  • Clear Bank Portal Audit (CLEARBANK_PORTAL)
  • CloudBees (CLOUDBEES)
  • Comforte SecurDPS (COMFORTE_SECURDPS)
  • Control Plane (CONTROL_PLANE)
  • Corrata (CORRATA)
  • Cubist Audit (CUBIST_AUDIT)
  • C Zentrix (C_ZENTRIX)
  • DefectDojo (DEFECTDOJO)
  • Dmarcian (DMARCIAN)
  • DocuSign (DOCUSIGN)
  • Duo Activity Logs (DUO_ACTIVITY)
  • E2 Guardian (E2_GUARDIAN)
  • Egress Defend (EGRESS_DEFEND)
  • Egress Prevent (EGRESS_PREVENT)
  • Emsisoft AntiVirus (EMSISOFT_ANTIVIRUS)
  • F5 System Logs (F5_SYSTEM_LOGS)
  • Fastly CDN (FASTLY_CDN)
  • FireEye CMS (FIREEYE_CMS)
  • Forcepoint Mail Relay (FORCEPOINT_MAIL_RELAY)
  • Google Ads (GOOGLE_ADS)
  • H3C Comware Platform Switch
  • Halcyon Anti Ransomware (HALCYON)
  • Halo (HALO)
  • HP Poly (HP_POLY)
  • Huawei CloudEngine (HUAWEI_CLOUDENGINE)
  • Intruder.IO (INTRUDER_IO)
  • Ivanti Connect Secure (IVANTI_CONNECT_SECURE)
  • Keyfactor (KEYFACTOR)
  • Kyverno (KYVERNO)
  • LaunchDarkly (LAUNCH_DARKLY)
  • LeanIX Enterprise (LEANIX)
  • Leanix CMDB (LEANIX_CMDB)
  • Lucid (LUCID)
  • Lumeta Spectre (LUMETA)
  • ManageEngine Asset Explorer (MANAGE_ENGINE_ASSET_EXPLR)
  • ManageEngine Endpoint Central (MANAGE_ENGINE_ENDPT_CNTRL)
  • Mandiant Digital Threat Monitoring (MANDIANT_DTM_ALERTS)
  • Manhattan Warehouse Management System (MANHATTAN_WMS)
  • Mend IO (MEND_IO)
  • Meta Marketing (META_MARKETING)
  • Miasma SecretScanner (MIASMA_SECRETSCANNER)
  • Microsoft Ads (MICROSOFT_ADS)
  • Microsoft Purview (MICROSOFT_PURVIEW)
  • ModSecurity (MODSECURITY)
  • Netapp Storagegrid (NETAPP_STORAGEGRID)
  • NetBrain (NETBRAIN)
  • Netenrich Entity Context (NETENRICH_ENTITY_CONTEXT)
  • Netwrix Activity Monitor (NETWRIX_ACTIVITY_MONITOR)
  • Netwrix Stealth Intercept (NETWRIX_STEALTH_INTERCEPT)
  • Netwrix Threat Manager (NETWRIX_THREAT_MANAGER)
  • Nexus Sonatype (NEXUS_SONATYPE)
  • Oracle Fusion (ORACLE_FUSION)
  • PAGELY (PAGELY)
  • Palantir (PALANTIR)
  • Proofpoint Meta (PROOFPOINT_META)
  • Qumulo FS (QUMULO_FS)
  • Radware Alteon (RADWARE_ALTEON)
  • SailPoint IdentityIQ (SAILPOINT_IIQ)
  • Sentinelone Activity (SENTINELONE_ACTIVITY)
  • Siga Level Zero OT Resilience (SIGA)
  • Site24x7 (SITE24X7)
  • Winevtlog Snare (SNARE_WINEVTLOG)
  • Solar System (SOLAR_SYSTEM)
  • Stealthbits DLP (STEALTHBITS_DLP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Temenos Journey Manager System Event Publisher (TEMENOS_MANAGER_SYSTEMEVENT)
  • Teradata Aster (TERADATA_ASTER)
  • Tiktok for Developers (TIKTOK)
  • Transmit BindID (TRANSMIT_BINDID)
  • Trend Micro Vision One Audit (TRENDMICRO_VISION_ONE_AUDIT)
  • Trend Micro Vision One Observerd Attack Techniques (TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES)
  • Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
  • TrueNAS (TRUENAS)
  • E-Motional Transparent Screen Lock TSL RFID (TSL_PRO)
  • UPX AntiDDoS (UPX_ANTIDDOS)
  • Verba Recording System (VERBA_REC)
  • Vercara (VERCARA)
  • Veza Access Control Platform (VEZA)
  • Web Methods Api Gateway (WEBMETHODS_API_GATEWAY)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • AIX system (AIX_SYSTEM)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Arista Switch (ARISTA_SWITCH)
  • Aruba (ARUBA_WIRELESS)
  • Aruba Switch (ARUBA_SWITCH)
  • Attivo Networks (ATTIVO)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS Control Tower (AWS_CONTROL_TOWER)
  • AWS Elastic Load Balancer (AWS_ELB)
  • AWS WAF (AWS_WAF)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure WAF (AZURE_WAF)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
  • BigQuery (N/A)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Brocade Switch (BROCADE_SWITCH)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco VPN (CISCO_VPN)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Claroty Enterprise Management Console (CLAROTY_EMC)
  • Cloud Audit Logs (N/A)
  • Cloud Intrusion Detection System (GCP_IDS)
  • Corelight (CORELIGHT)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk (CYBERARK)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • Cybergatekeeper NAC (CYBERGATEKEEPER_NAC)
  • Darktrace (DARKTRACE)
  • Dell ECS Enterprise Object Storage (DELL_ECS)
  • Dell Switch (DELL_SWITCH)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • ESET (ESET_EDR)
  • ESET AV (ESET_AV)
  • F5 Advanced Firewall Management (F5_AFM)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • FireEye HX (FIREEYE_HX)
  • FireEye NX Audit (FIREEYE_NX_AUDIT)
  • Firewall Rule Logging (N/A)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forescout NAC (FORESCOUT_NAC)
  • Forgerock OpenIdM (FORGEROCK_OPENIDM)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortra Powertech SIEM Agent (FORTRA_POWERTECH_SIEM_AGENT)
  • Cloud NAT (N/A)
  • GCP_SWP (GCP_SWP)
  • Gitlab (GITLAB)
  • GMAIL Logs (GMAIL_LOGS)
  • GMV Checker ATM Security (GMV_CHECKER)
  • Guardicore Centra (GUARDICORE_CENTRA)
  • HPE BladeSystem C7000 (HPE_BLADESYSTEM_C7000)
  • HYPR MFA (HYPR_MFA)
  • IBM AS/400 (IBM_AS400)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Guardium (GUARDIUM)
  • IBM Tape Storages (IBM_LTO)
  • IBM Tivoli (IBM_TIVOLI)
  • IBM-i Operating System (IBM_I)
  • Illumio Core (ILLUMIO_CORE)
  • Imperva (IMPERVA_WAF)
  • Imperva Advanced Bot Protection (IMPERVA_ABP)
  • Imperva SecureSphere Management (IMPERVA_SECURESPHERE)
  • Infoblox (INFOBLOX)
  • ION Spectrum (ION_SPECTRUM)
  • Ipswitch MOVEit Transfer (IPSWITCH_MOVEIT_TRANSFER)
  • Jamf Protect Alerts (JAMF_PROTECT)
  • Jamf Protect Telemetry (JAMF_TELEMETRY)
  • Juniper Junos (JUNIPER_JUNOS)
  • Juniper MX Router (JUNIPER_MX)
  • Kubernetes Node (KUBERNETES_NODE)
  • LastPass Password Management (LASTPASS)
  • Linux Auditing System (AuditD) (AUDITD)
  • McAfee Enterprise Security Manager (MCAFEE_ESM)
  • Medigate IoT (MEDIGATE_IOT)
  • Microsoft AD (WINDOWS_AD)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IAS Server (MICROSOFT_IAS)
  • Microsoft Intune (AZURE_MDM_INTUNE)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mongo Database (MONGO_DB)
  • Netscout Arbor Sightline (ARBOR_SIGHTLINE)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • NGFW Enterprise (GCP_NGFW_ENTERPRISE)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Opengear Remote Management (OPENGEAR)
  • Oracle (ORACLE_DB)
  • OSQuery (OSQUERY_EDR)
  • OSSEC (OSSEC)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Prisma Cloud (PAN_PRISMA_CLOUD)
  • PerimeterX Bot Protection (PERIMETERX_BOT_PROTECTION)
  • Phishlabs (PHISHLABS)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Riverbed Steelhead (STEELHEAD)
  • RSA SecurID Access Identity Router (RSA_SECURID)
  • SAP SM20 (SAP_SM20)
  • SAP SuccessFactors (SAP_SUCCESSFACTORS)
  • SAP Webdispatcher (SAP_WEBDISP)
  • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
  • Security Command Center Threat (N/A)
  • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Solaris system (SOLARIS_SYSTEM)
  • SonicWall (SONIC_FIREWALL)
  • Sonicwall Secure Mobile Access (SONICWALL_SMA)
  • Splunk Platform (SPLUNK)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • Suricata EVE (SURICATA_EVE)
  • Suricata IDS (SURICATA_IDS)
  • Swift Alliance Messaging Hub (SWIFT_AMH)
  • Symantec CloudSOC CASB (SYMANTEC_CASB)
  • Symantec DLP (SYMANTEC_DLP)
  • Tenable OT (TENABLE_OT)
  • Tetragon Ebpf Audit Logs (TETRAGON_EBPF_AUDIT_LOGS)
  • Trellix HX Event Streamer (TRELLIX_HX_ES)
  • Trend Micro (TIPPING_POINT)
  • Trend Micro Cloud one (TRENDMICRO_CLOUDONE)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • TrendMicro Web Proxy (TRENDMICRO_WEBPROXY)
  • Unifi AP (UNIFI_AP)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • VPC Flow Logs (GCP_VPC_FLOW)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Network Policy Server (WINDOWS_NET_POLICY_SERVER)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • Workspace ChromeOS Devices (WORKSPACE_CHROMEOS)
  • Workspace Groups (WORKSPACE_GROUPS)
  • Workspace Mobile Devices (WORKSPACE_MOBILE)
  • Workspace Privileges (WORKSPACE_PRIVILEGES)
  • Workspace Users (WORKSPACE_USERS)
  • YAMAHA ROUTER RTX1200 (YAMAHA_ROUTER)
  • Zeek JSON (BRO_JSON)
  • Zimperium (ZIMPERIUM)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • ZScaler NGFW (ZSCALER_FIREWALL)

The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

  • Adaxes (ADAXES)
  • Air Table (AIR_TABLE)
  • Alert Enterprise Guardian (ALERT_GUARDIAN)
  • Amavis (AMAVIS)
  • Atlassian Beacon (ATLASSIAN_BEACON)
  • Banner dd (BANNER_DD)
  • BetterStack Uptime (BETTERSTACK_UPTIME)
  • BloodHound (BLOODHOUND)
  • Core Privileged Access Manager (BoKS) (BOKS)
  • Cisco Secure Access (CISCO_SECURE_ACCESS)
  • Cleafy (CLEAFY)
  • Clear Bank Portal Audit (CLEARBANK_PORTAL)
  • CloudBees (CLOUDBEES)
  • Comforte SecurDPS (COMFORTE_SECURDPS)
  • Control Plane (CONTROL_PLANE)
  • Corrata (CORRATA)
  • Cubist Audit (CUBIST_AUDIT)
  • C Zentrix (C_ZENTRIX)
  • DefectDojo (DEFECTDOJO)
  • Dmarcian (DMARCIAN)
  • DocuSign (DOCUSIGN)
  • Duo Activity Logs (DUO_ACTIVITY)
  • E2 Guardian (E2_GUARDIAN)
  • Egress Defend (EGRESS_DEFEND)
  • Egress Prevent (EGRESS_PREVENT)
  • Emsisoft AntiVirus (EMSISOFT_ANTIVIRUS)
  • F5 System Logs (F5_SYSTEM_LOGS)
  • Fastly CDN (FASTLY_CDN)
  • FireEye CMS (FIREEYE_CMS)
  • Forcepoint Mail Relay (FORCEPOINT_MAIL_RELAY)
  • Google Ads (GOOGLE_ADS)
  • H3C Comware Platform Switch
  • Halcyon Anti Ransomware (HALCYON)
  • Halo (HALO)
  • HP Poly (HP_POLY)
  • Huawei CloudEngine (HUAWEI_CLOUDENGINE)
  • Intruder.IO (INTRUDER_IO)
  • Ivanti Connect Secure (IVANTI_CONNECT_SECURE)
  • Keyfactor (KEYFACTOR)
  • Kyverno (KYVERNO)
  • LaunchDarkly (LAUNCH_DARKLY)
  • LeanIX Enterprise (LEANIX)
  • Leanix CMDB (LEANIX_CMDB)
  • Lucid (LUCID)
  • Lumeta Spectre (LUMETA)
  • ManageEngine Asset Explorer (MANAGE_ENGINE_ASSET_EXPLR)
  • ManageEngine Endpoint Central (MANAGE_ENGINE_ENDPT_CNTRL)
  • Mandiant Digital Threat Monitoring (MANDIANT_DTM_ALERTS)
  • Manhattan Warehouse Management System (MANHATTAN_WMS)
  • Mend IO (MEND_IO)
  • Meta Marketing (META_MARKETING)
  • Miasma SecretScanner (MIASMA_SECRETSCANNER)
  • Microsoft Ads (MICROSOFT_ADS)
  • Microsoft Purview (MICROSOFT_PURVIEW)
  • ModSecurity (MODSECURITY)
  • Netapp Storagegrid (NETAPP_STORAGEGRID)
  • NetBrain (NETBRAIN)
  • Netenrich Entity Context (NETENRICH_ENTITY_CONTEXT)
  • Netwrix Activity Monitor (NETWRIX_ACTIVITY_MONITOR)
  • Netwrix Stealth Intercept (NETWRIX_STEALTH_INTERCEPT)
  • Netwrix Threat Manager (NETWRIX_THREAT_MANAGER)
  • Nexus Sonatype (NEXUS_SONATYPE)
  • Oracle Fusion (ORACLE_FUSION)
  • PAGELY (PAGELY)
  • Palantir (PALANTIR)
  • Proofpoint Meta (PROOFPOINT_META)
  • Qumulo FS (QUMULO_FS)
  • Radware Alteon (RADWARE_ALTEON)
  • SailPoint IdentityIQ (SAILPOINT_IIQ)
  • Sentinelone Activity (SENTINELONE_ACTIVITY)
  • Siga Level Zero OT Resilience (SIGA)
  • Site24x7 (SITE24X7)
  • Winevtlog Snare (SNARE_WINEVTLOG)
  • Solar System (SOLAR_SYSTEM)
  • Stealthbits DLP (STEALTHBITS_DLP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Temenos Journey Manager System Event Publisher (TEMENOS_MANAGER_SYSTEMEVENT)
  • Teradata Aster (TERADATA_ASTER)
  • Tiktok for Developers (TIKTOK)
  • Transmit BindID (TRANSMIT_BINDID)
  • Trend Micro Vision One Audit (TRENDMICRO_VISION_ONE_AUDIT)
  • Trend Micro Vision One Observerd Attack Techniques (TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES)
  • Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
  • TrueNAS (TRUENAS)
  • E-Motional Transparent Screen Lock TSL RFID (TSL_PRO)
  • UPX AntiDDoS (UPX_ANTIDDOS)
  • Verba Recording System (VERBA_REC)
  • Vercara (VERCARA)
  • Veza Access Control Platform (VEZA)
  • Web Methods Api Gateway (WEBMETHODS_API_GATEWAY)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SOAR

Remote Agents Release 1.6.0 is currently in Preview.

Jobs can now be run remotely over remote agents.

Looker Studio

Chart titles

You can now add a title directly to a chart in Looker Studio. You can customize the title's font, color, size, styling, and positioning within the Title section of the Style tab of the properties panel.

Learn more about adding and styling titles for charts.

Virtual Private Cloud

Service producers are no longer charged producer data processing for ingress or egress traffic through a Private Service Connect service attachment. For more information, see pricing for published services.

Private Service Connect now offers consumers volume-based discounts for consumer data processing. For more information, see Consumer data processing.

May 01, 2024

AlloyDB for PostgreSQL

You can now set maintenance windows for your AlloyDB clusters. If you do, then AlloyDB schedules non-emergency maintenance events to begin only during the weekly period that you specify. You can also opt in to receive email notifications of upcoming maintenance events.

Apigee Integrated Portal

On May 1, 2024 we released an updated version of Apigee integrated portal.

This release contains multiple security fixes.

Confidential Space

A new Confidential Space image (240402) is now available. This image provides support for automatically resizing the boot disk stateful partition. See disk and memory limits for more information.

Container Optimized OS

cos-113-18244-1-61

Kernel Docker Containerd GPU Drivers
COS-6.1.77 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated Konlet to v.0.12.0. This fixes an iptables compatibility issue.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Fixed CVE-2023-32681 in dev-python/requests.

Fixed CVE-2024-3772 in dev-python/pydantic.

Fixed CVE-2023-5388 in dev-libs/nss.

Updated net-dns/c-ares to version 1.27. This fixes CVE-2024-25629.

Updated dev-python/pyyaml to version 6.0.1. This fixes CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.

Updated dev-vcs/git to version VERSION. This fixes CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-misc/curl to version 8.7.1. This fixes CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.

Updated dev-libs/expat to version 2.6.2. This fixes CVE-2024-28757.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Fixed CVE-2024-26602 in the Linux kernel.

Fixed CVE-2024-26603 in the Linux kernel.

Fixed CVE-2024-26601 in the Linux kernel.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.60
  • 1.2.4
  • 2.0.68
  • 2.1.47
  • 2.2.4

Dataproc Serverless for Spark:

  • Upgraded Spark RAPIDS to version 24.04.0 in 1.2 and 2.2 Dataproc Serverless for Spark runtimes.

When you submit a Dataproc Serverless Batch with a CMEK key:

  • In addition to encrypting disk and Cloud Storage data, Dataproc Serverless will use your CMEK to also encrypt batch job arguments. This change will require you to do the following:
  • batches.list will return an unreachable field that lists any batches with job arguments that couldn't be decrypted. You can issue a batches.get request to obtain more information on an unreachable batch.
  • Multi-regional and cross-regional CMEKs will no longer be permitted. The key (CMEK) must be located in the same location as the encrypted resource. For example, the CMEK used to encrypt a batch that runs in the us-central1 region must also be located in the us-central1 region.
Document AI

Online processing is available for Layout Parser in Document AI. The Document AI Layout Parser transforms documents in various formats into structured representations, making content like paragraphs, tables, lists, and structural elements like headings, page headers, and footers easily accessible, and creating context-aware chunks that facilitate information retrieval in a range of generative AI and discovery applications. For more information, see Process documents with Layout Parser.

Eventarc

Eventarc support for creating triggers for direct events from Cloud Speech-to-Text is generally available (GA).

Google Kubernetes Engine

1.30 is now available in the Rapid channel

Kubernetes 1.30 is now available in the Rapid channel. For more information about the content of Kubernetes 1.30, read the Kubernetes 1.30 Release Notes.

New features in 1.30

The following features are new in Kubernetes 1.30:

New APIs in 1.30

The following APIs are new in Kubernetes 1.30:

  • admissionregistration.k8s.io/v1 ValidatingAdmissionPolicyBinding and ValidatingAdmissionPolicy

Deprecated APIs in 1.30

The following Beta versions of graduated APIs were previously deprecated in 1.29 in favor of newer versions:

  • flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration: Deprecated since 1.29, will no longer be served in 1.32. Instead, use flowcontrol.apiserver.k8s.io/v1, which is available since Kubernetes 1.29
  • The status.nodeInfo.kubeProxyVersion field in the Node API is deprecated and will not be populated starting in v1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.

Deprecated features in 1.30

The Ceph CephFS (kubernetes.io/cephfs) and RBD (kubernetes.io/rbd) volume plugins are deprecated since 1.28 and will be removed in a future release.

To determine if you have volumes/pods using RBD or Ceph volumes, run the following commands. If either of them print output, then you are using a deprecated volume type:

  • kubectl describe pv | egrep -i 'Type: *(RBD|CephFS)'
  • kubectl describe pod -A | egrep -i 'Type: *(RBD|CephFS)'

Switch to use an RBD or CephFS CSI driver (like the CSI drivers provided in the Ceph CSI driver project), or a Google Cloud-managed solution like Filestore. For more information, refer to the OSS Kubernetes announcement and to the Ceph CSI driver project.

(2024-R12) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.11-gke.1062001 is now the default version in the Stable channel.
  • Version 1.27.11-gke.1062001 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.

Regular channel

  • Version 1.27.11-gke.1062001 is now available in the Regular channel.
  • Version 1.27.11-gke.1062000 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.

Rapid channel

  • Version 1.29.3-gke.1282000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • Version 1.29.3-gke.1093000 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1191000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.0-gke.1167000 with this release.

(2024-R12) Version updates

(2024-R12) Version updates

  • Version 1.27.11-gke.1062001 is now the default version in the Stable channel.
  • Version 1.27.11-gke.1062001 is now available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.

(2024-R12) Version updates

  • Version 1.27.11-gke.1062001 is now available in the Regular channel.
  • Version 1.27.11-gke.1062000 is no longer available in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.11-gke.1062001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062001 with this release.

(2024-R12) Version updates

  • Version 1.29.3-gke.1282000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • Version 1.29.3-gke.1093000 is no longer available in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1191000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.0-gke.1167000 with this release.
Google SecOps SOAR

Release 6.3.1 is currently in Preview.

Create a new playbook using Gemini (Preview)

You can now use Gemini to create a fully structured playbook. All you need to do is write a well structured prompt and click Create.

For more information, see Create playbooks with Gemini.

Change entities to be marked as non suspicious

When an entity is marked as IsSuspicious, you can now change the value from True to False.

Two changes have been made to the sort within cases ability:

  • Option to sort cases by name has been removed.
  • Added ability to sort through all existing cases and not only across a single page.

Cannot insert images in reports (ID #00244001)

HTML templates, case sensitivity issue and generic error (ID #44058663)

Change Alert Priority action not working as expected (ID #00277602)

Clicking on events configuration takes you to the wrong mapping & modeling rules

Alert Grouping settings not displaying correctly.

Security Command Center

AI summaries of finding are disabled in Security Command Center

Effective May 1, 2024, the preview of Gemini AI-generated summaries of Security Command Center findings is discontinued. The summaries are no longer available in the Google Cloud console.

For more information, see Gemini features in Security Command Center.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.5.0-beta03 is now available for Android.

This version contains the following changes:

  • Performance and reliability improvements in getClient() and execute() .
  • Dependency from OkHttp is removed.

April 30, 2024

Anthos clusters on AWS

GKE on AWS now supports clusters in the ap-northeast-2 region. For more information, see Supported regions.

BigQuery

AWS Glue federated datasets are now generally available (GA).

An AWS Glue federated dataset is a connection at the dataset level between BigQuery and an existing database in AWS Glue.

You can now specify translation configurations in the BigQuery interactive SQL translator and use it to debug batch SQL translator jobs. This feature is generally available (GA).

The following BigQuery ML data preprocessing features are now generally available (GA):

  • The ML.TRANSFORM function, which you can use to preprocess feature data. This function processes input data by applying the data transformations captured in the TRANSFORM clause of an existing model.
  • Transform-only models, which you can use to apply preprocessing functions to input data and return the preprocessed data. Transform-only models decouple data preprocessing from model training, making it easier for you to capture and reuse a set of data preprocessing rules.

You can now reference Iceberg tables in materialized views instead of migrating that data to BigQuery-managed storage. This feature is in preview.

Compute Engine

The global serial console gateway is deprecated. For more information, see Global serial console gateway deprecation.

Container Optimized OS

cos-101-17162-463-8

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Included nvidia plugin in sosreport.

Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.

Updated docker and docker-cli to v20.10.27.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.

Updated sys-apps/shadow to v4.12.3. This resolves CVE-2013-4235.

Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.

Fixed CVE-2023-5678 in dev-libs/openssl.

Updated dev-vcs/git to v2.44.0. This fixed CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-dns/c-ares to v1.19.1. This fixed CVE-2022-4904, CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067

Updated dev-python/pyyaml to v5.4.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.

Updated app-arch/tar to v1.35. This fixed CVE-2023-39804.

Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.

Updated dev-libs/expat to v2.6.2. This fixed CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.

Updated sys-libs/zlib to v1.2.13. This fixed CVE-2018-25032, CVE-2022-37434.

Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2022-33070, CVE-2022-43995, CVE-2023-22809, CVE-2023-27320, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Fixed CVE-2024-26603 in the Linux kernel.

Fixed CVE-2024-26602 in the Linux kernel.

Fixed CVE-2024-26601 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 813030 -> 813025
  • Changed: net.ipv6.route.max_size: 4096 -> 2147483647

cos-109-17800-218-14

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated app-containers/containerd to v1.7.15.

Set serial port baudrate to 115200.

Included nvidia plugin in sosreport.

Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.

Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.

Fixed CVE-2024-3772 in dev-python/pydantic.

Updated dev-python/pyyaml to v6.0.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.

Updated dev-vcs/git to v2.44.0 This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.

Updated dev-libs/expat to v2.6.2. This fixed CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.

Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2023-42465.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Fixed CVE-2024-26808 in the Linux kernel.

Fixed CVE-2024-26642 in the Linux kernel.

Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812605 -> 812597
  • Changed: kernel.threads-max: 63520 -> 63519
  • Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94089 125455 188178
  • Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188181 250911 376362
  • Changed: user.max_cgroup_namespaces: 31760 -> 31759
  • Changed: user.max_ipc_namespaces: 31760 -> 31759
  • Changed: user.max_mnt_namespaces: 31760 -> 31759
  • Changed: user.max_net_namespaces: 31760 -> 31759
  • Changed: user.max_pid_namespaces: 31760 -> 31759
  • Changed: user.max_time_namespaces: 31760 -> 31759
  • Changed: user.max_user_namespaces: 31760 -> 31759
  • Changed: user.max_uts_namespaces: 31760 -> 31759

cos-105-17412-370-14

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Updated app-emulation/containerd to v1.7.15.

Included nvidia plugin in sosreport.

Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868, CVE-2023-7008 in sys-apps/systemd.

Fixed CVE-2023-0767, CVE-2023-5388, CVE-2023-6135, CVE-2024-0743 in dev-libs/nss.

Updated net-dns/c-ares to v1.19.1. This fixed CVE-2022-4904, CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067

Updated dev-python/pyyaml to v5.4.1. This fixed CVE-2017-18342, CVE-2019-20477, CVE-2020-14343, CVE-2020-1747.

Updated app-arch/tar to v1.35. This fixed CVE-2023-39804.

Updated dev-vcs/git to v2.44.0. This fixed CVE-2022-23521, CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2022-41903, CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-misc/curl to v8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.

Updated dev-libs/expat to v2.6.2. This fixed CVE-2022-40674, CVE-2022-43680, CVE-2023-52425, CVE-2023-52426, CVE-2024-28757.

Updated app-admin/sudo to v1.9.15_p5. This fixed CVE-2022-43995, CVE-2023-22809, CVE-2023-27320, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Fixed CVE-2024-26808 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 813029 -> 813024
  • Changed: net.ipv6.route.max_size: 4096 -> 2147483647

Dialogflow

Vertex AI Conversation has been renamed to Vertex AI Agents

Vertex AI Agents: Agent apps now support all languages supported by Vertex AI generative models.

Vertex AI Agents: Agent apps now support the eu multi-region.

Dialogflow CX: You can now access the session ID with built-in parameters.

Google Kubernetes Engine

You can now configure access to private image registries that use private certificates using a containerd configuration file. For details, see Customize containerd configuration in GKE nodes.

In GKE 1.29.2-gke.1355000 and later, GPU workloads using the Accelerator compute class in GKE Autopilot support scheduling multiple GPU pods on a single node. To schedule multiple GPU Pods on the same node, specify the gke-accelerator-count node selector with a value that's higher than the Pod GPU request. For details, see Deploy GPU workloads in GKE Autopilot.

A Quick Start Solution and Reference Architecture are now available for developing and deploying Retrieval Augmented Generation (RAG) applications on GKE. RAG improves the quality of Large Language Model (LLM) responses for a specific application. For example, RAG can enable a customer service chatbot to access help center articles, a shopping assistant to tap into product catalogs and customer reviews, or a travel booking agent to access up-to-date flight and hotel information.

(2024-R11) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are no longer available in the Stable channel:
    • 1.25.16-gke.1460000
    • 1.25.16-gke.1537000

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1537000
    • 1.25.16-gke.1570000
    • 1.26.14-gke.1006000
    • 1.27.10-gke.1055000
    • 1.28.3-gke.1286000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1044000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1711000
    • 1.25.16-gke.1759000
    • 1.26.15-gke.1090000
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1158000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1190000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1175000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.8-gke.1175000 with this release.

(2024-R11) Version updates

(2024-R11) Version updates

  • The following versions are no longer available in the Stable channel:
    • 1.25.16-gke.1460000
    • 1.25.16-gke.1537000

(2024-R11) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1537000
    • 1.25.16-gke.1570000
    • 1.26.14-gke.1006000
    • 1.27.10-gke.1055000
    • 1.28.3-gke.1286000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1044000 with this release.

(2024-R11) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1711000
    • 1.25.16-gke.1759000
    • 1.26.15-gke.1090000
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1158000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1190000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1175000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.8-gke.1175000 with this release.
Migrate to Virtual Machines

Migrate to Virtual Machines now supports importing virtual disk image files in the following formats:

  • QEMU copy-on-write (QCOW)
  • QEMU copy-on-write 2 (QCOW2)
  • QEMU enhanced disk format (QED)
  • VPC
  • Virtual disk image (VDI)
  • Virtual hard disk v2 (VHDX)
  • Virtual hard disk (VHD)

In addition to these formats, Virtual machine disk (VMDK), and raw files compressed as a .tar.gz file are also supported.

Spanner

Through self-service and with zero downtime, you can now add and remove read-only replicas in base instance configurations and move your Spanner instance to a different instance configuration. For more information, see Move an instance.

A monthly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-spanner

6.62.1 (2024-03-28)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.39.0 (#2966) (a5cb1dd)
  • Update dependency com.google.cloud:google-cloud-trace to v2.38.0 (#2967) (b2dc788)

6.63.0 (2024-03-30)

Features
  • Add support for transaction-level exclusion from change streams (#2959) (7ae376a)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.40.0 (#2987) (0a1ffcb)
  • Update dependency com.google.cloud:google-cloud-trace to v2.39.0 (#2988) (cf11641)
  • Update dependency commons-io:commons-io to v2.16.0 (#2986) (4697261)

6.64.0 (2024-04-12)

Features
Bug Fixes
  • Executor framework changes skipped in clirr checks, and added exception for partition methods in admin class (#3000) (c2d8e95)
Dependencies
  • Update actions/checkout action to v4 (#3006) (368a9f3)
  • Update actions/github-script action to v7 (#3007) (b0cfea6)
  • Update actions/setup-java action to v4 (#3008) (d337080)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.42.0 (#2997) (0615beb)
  • Update dependency com.google.cloud:google-cloud-trace to v2.41.0 (#2998) (f50cd04)
  • Update dependency commons-io:commons-io to v2.16.1 (#3020) (aafd5b9)
  • Update opentelemetry.version to v1.37.0 (#3021) (8f1ed2a)
  • Update stcarolas/setup-maven action to v5 (#3009) (541acd2)

6.65.0 (2024-04-20)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#3001) (6cec1bf)
  • NullPointerException on AbstractReadContext.span (#3036) (55732fd)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.29.0 (#3045) (67a6534)
  • Update dependency commons-cli:commons-cli to v1.7.0 (#3043) (9fea7a3)

Node.js

Changes for @google-cloud/spanner

7.6.0 (2024-03-26)

Features

7.7.0 (2024-04-17)

Features
  • OptimisticLock option for getTransaction method (#2028) (dacf869)
  • spanner: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (#2024) (5292e03)
Bug Fixes
  • deps: Update dependency google-gax to v4.3.2 (#2026) (0ee9831)

Python

Changes for google-cloud-spanner

3.45.0 (2024-04-17)

Features
  • Add support for PG.OID in parameterized queries (#1035) (ea5efe4)
Bug Fixes
Vertex AI

Vertex AI custom training supports TPU v5e. For details, see Training with TPU accelerators.

April 29, 2024

AlloyDB for PostgreSQL

AlloyDB now supports up to 64 TiB storage per cluster in all locations. For more information about available locations, see AlloyDB locations.

Application Integration BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.6.1 (2024-04-26)

Bug Fixes
  • Should not override queryParameters if params not informed (#1359) (2b66d1e)

Go

Changes for bigquery/storage/apiv1beta1

1.61.0 (2024-04-24)

Features
  • bigquery/storage/managedwriter/adapt: Add RANGE support to adapt (#9836) (ae25253)
  • bigquery: RANGE support for basic data movement (#9762) (07f0806)
  • bigquery: RANGE support when reading Arrow format (#9795) (da245fa)
  • bigquery: RANGE type StandardSQLDataType support (#9754) (33666cf)
Bug Fixes
  • bigquery/datatransfer: Mark parent/name fields with the REQUIRED field_behavior annotation (8892943)
  • bigquery: Bump x/net to v0.24.0 (ba31ed5)

Java

Changes for google-cloud-bigquery

2.39.0 (2024-04-22)

Features
Bug Fixes
  • Fix BigQuery#listDatasets to include dataset location in the response (#3238) (c50c17b)
  • Remove @InternalApi from TableResult (#3257) (19d92a1)
Dependencies
  • Update actions/checkout action (#3256) (6df3a32)
  • Update actions/upload-artifact action to v4.3.2 (#3248) (066b51f)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.40.0 (#3210) (bf7e97e)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.41.0 (#3219) (9d71b8b)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.43.0 (#3225) (a897306)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240323-2.0.0 (#3239) (2c0f48f)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.44.0 (#3211) (6993b51)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.45.0 (#3220) (21ae09c)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.47.0 (#3226) (d45d168)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#3207) (6204331)
  • Update dependency org.threeten:threeten-extra to v1.8.0 (#3242) (66d5efd)
  • Update github/codeql-action action to v2.24.9 (#3204) (7a24d3e)
  • Update github/codeql-action action to v2.25.1 (#3229) (aeedf29)

You can now let users that are in Microsoft Entra groups access BigQuery data in Power BI by using Workforce Identity Federation. This feature is generally available.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Vertex AI Workbench
    • notebooks.googleapis.com/Instance
Cloud Composer

The apache-airflow-providers-google package is upgraded to version 10.17.0. For more information about changes, see the apache-airflow-providers-google changelog from version 10.16.0 to version 10.17.0.

The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.1.0.

Cloud Composer 2.7.1 images are available:

  • composer-2.7.1-airflow-2.7.3 (default)
  • composer-2.7.1-airflow-2.6.3

Cloud Composer version 2.1.14 has reached its end of full support period.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.17.0 (2024-04-25)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#1587) (848418b)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.29.0 (#1586) (edcaf8d)
Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.10.2 (2024-04-26)

Bug Fixes
  • Use correct indices for file.from and fix tests to verify names (#2449) (d4240fa)

7.10.1 (2024-04-22)

Bug Fixes
Cloud Workstations

Cloud Workstations base images are being upgraded to Ubuntu 22.04 from Ubuntu 20.04 this week. The last images built on Ubuntu 20.04 are tagged with last-ubuntu2004 for building backwards compatible custom images.

Cloud Workstations base images now default to Python 3.10.12

Compute Engine

Starting the week of April 29, 2024, when you limit the run time of a standalone VM or a VM in a managed instance group (MIG), the following changes take effect:

  • When you stop or suspend a VM that has a time limit, the time limit will no longer be automatically removed. Whenever you start or resume the VM, its time limit is reapplied until you update or remove the time limit. If a VM's time limit is defined as a specific time and that time has passed, you can't rerun the VM until you update or remove its time limit.

  • When a VM in a MIG reaches its time limit, the MIG deletes that VM instead of repairing it.

For more information, see Limit the run time of a VM and Limit the run time of VMs in a MIG.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.99-debian10, 2.0.99-rocky8, 2.0.99-ubuntu18
  • 2.1.47-debian11, 2.1.47-rocky8, 2.1.47-ubuntu20, 2.1.47-ubuntu20-arm
  • 2.2.13-debian12, 2.2.13-rocky9, 2.2.13-ubuntu22
Firestore

Firestore now supports the us-south1 Dallas region.

For a full list of supported locations, see Locations.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.19.1 (2024-04-19)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.29.0 (#1403) (d23dc4c)

Firestore in Datastore mode now supports the us-south1 Dallas region.

For a full list of supported locations, see Locations.

Google Distributed Cloud (software only) for Bare Metal

Release 1.29.0-gke.1449

GKE on Bare Metal 1.29.0-gke.1449 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.29.0-gke.1449 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Version 1.15 end of life: In accordance with the Version Support Policy, version 1.15 (all patch releases) of GKE on Bare Metal has reached its end of life and is no longer supported.

  • Added new API and IAM role requirements for Cloud Monitoring:

    • You must enable the kubernetesmetadata.googleapis.com API for your project and grant the roles/kubernetesmetadata.publisher IAM role to the Logging and Monitoring service account (anthos-baremetal-cloud-ops, when created automatically). Clusters use this API as an endpoint to send Kubernetes metadata to Google Cloud. The metadata is vital for cluster monitoring, debugging, and recovery. If you install your clusters behind a proxy, add kubernetesmetadata.googleapis.com to the list of allowed connections.

    • Due to changes in the way service accounts are checked, you must also grant the following IAM roles to the Logging and Monitoring service account:

      • roles/monitoring.viewer

      • roles/serviceusage.serviceUsageViewer

    These API and IAM role requirements apply to both creating new 1.29 clusters and upgrading existing clusters to 1.29.

  • GA: Support GKE Identity Service v2 capability for an improved security flow when you authenticate with third-party identity solutions.

    The GA offering of GKE Identity Service v2 has the following requirements and restrictions:

    • GKE Identity Service v2 now requires ports 11001 and 11002 on the control plane load balancer nodes, instead of 8443 and 8444. Ensure these ports are open and available before you upgrade a cluster to version 1.29.0-gke.1449 and higher. If the ports aren't open, upgrade preflight checks fail.

    • GKE Identity Service v2 requires version 1.5.1 or higher of the Anthos Auth gcloud CLI component. If necessary, update the Anthos Auth component (gcloud components update anthos-auth). If you use the Google Cloud SDK, updating the SDK (gcloud components update) to version 474.0.0 or later also updates the Anthos Auth component to the required version.

    • GKE Identity Service v2 doesn't work with GKE on Bare Metal clusters with the following configurations:

      • Clusters with a single control plane node only.

      • Clusters that use control plane nodes for load balancing. That is, clusters that aren't configured with either a separate load balancing node pool or manual load balancing.

  • GA: Added support for skews of up to two minor versions for selective node pool upgrades.

  • GA: Added capability to pause and resume cluster upgrades.

  • GA: Maintenance mode now uses eviction-based draining for nodes, instead of taint-based draining. Eviction-based draining uses the Eviction API, which honors Pod Disruption Budgets (PDBs). Draining nodes this way provides better protection against workload disruptions.

  • Preview: Added support for node-level private registry configuration for workload images.

  • Preview: Added support for rolling back select node pool upgrades.

  • Preview: Added support for admin and hybrid clusters to manage multiple versions user clusters concurrently.

  • Preview: Added support for using an intermediate Certificate Authority (CA) as the cluster root CA.

  • Preview: Added support to route workload logs to a third-party custom Kafka destination. This capability isn't enabled by default. You enable this capability in the cluster stackdriver resource spec by adding the unmanagedKafkaOutputConfig section. This section lets you specify the IP addresses of Kafka message brokers (brokers), topic names (topics), and keys to map the topics to partitions (topicKeys).

  • Improved command-line interface errors and error documentation.

Functionality changes:

  • GKE Identity Service v2 now sends extra parameters (extraParams) to your OIDC provider.

  • Extra node viewing permissions are added for accounts specified with the spec.clusterSecurity.authorization.clusterViewer.gcpAccounts field in the Cluster resource.

  • Added Status.Available field to BareMetalMachine resources to indicate whether the machine is available.

  • Updated preflight checks add a check for networking kernel modules (ip_tables or np_tables) and remove the iptables package check.

  • The Google plugin for the GKE Identity Service now caches the public keys based on max-age in cache-control header.

Fixes:

  • Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.

  • Fixed a cluster upgrade issue where the lifecycle-controller-deployer Pod was unable to migrate existing GKE on Bare Metal resources to the latest API version. This issue blocked upgrades to earlier version 1.28 releases.

  • Fixed an issue with configuring a proxy for your cluster that required you to manually set HTTPS_PROXY and NO_PROXY environment variables on the admin workstation.

  • Fixed an issue where upgrades are blocked because cluster-operator can't delete stale, failing preflight check resources.

  • Fixed an issue where the network check ConfigMap wasn't updated when nodes were added or removed.

The following container image security vulnerabilities have been fixed in version 1.29.0-gke.1449:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Distributed Cloud (software only) for VMware

GKE on VMware 1.29.0-gke.1456 is now available. To upgrade, see Upgrade a cluster or a node pool. GKE on VMware 1.29.0-gke.1456 runs on Kubernetes v1.29.3-gke.600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

Server-side preflight checks are enabled by default for admin and user cluster create, update, and upgrade. Server-side preflight checks require the following additional firewall rules from your admin cluster control-plane nodes:

  • Admin cluster F5 BIG_IP API (only if using the F5 BIG-IP load balancer)
  • User cluster F5 BIG_IP API (only if using the F5 BIG-IP load balancer)
  • Admin cluster NTP servers
  • User cluster NTP servers
  • Admin cluster DNS servers
  • User cluster DNS servers
  • User cluster on-premises local Docker registry (if your user cluster is configured to use a local private Docker registry instead of gcr.io)
  • Admin cluster nodes
  • User cluster nodes
  • Admin cluster Load Balancer VIPs
  • User cluster Load Balancer VIPs
  • User cluster worker nodes

For the complete list of firewall rules required for server-side preflight checks, see Firewall rules for admin clusters and search for "Preflight checks".

Version changes in GKE on VMware 1.29.0-gke.1456:

  • Updated Dataplane V2 to use Cilium 1.13.
  • Bumped the AIS version to hybrid_identity_charon_20240331_0730_RC00.

Other changes in GKE on VMware 1.29.0-gke.1456:

  • The gkectl create cluster command prompts for confirmation if the cluster configuration file enables legacy features.
  • The gkectl prepare command always prepares cgroup v2 images.
  • Cluster configuration files are prepopulated with ubuntu_cgv2 (cgroupv2) as the osImageType.
  • The gkeadm tool isn't supported on macOS and Windows.
  • A lightweight version of gkectl diagnose snapshot is available for both admin and user clusters.
  • User cluster upgrades: the --dry-run flag for gkectl upgrade cluster runs preflight checks but doesn't doesn't start the upgrade process.
  • The --async flag for gkectl upgrade cluster to run an asynchronous upgrade is now supported for admin clusters

The following issues are fixed in 1.29.0-gke.1456:

  • Fixed the issue where the admin cluster backup did a retry on non-idempotent operations.
  • Fixed the known issue where the controlPlaneNodePort field defaults to 30968 when the manualLB spec is empty`
  • Fixed the known issue that caused the preflight check to fail when the hostname wasn't in the IP block file.
  • Fixed the known issue that caused Kubelet to be flooded with logs stating that "/etc/kubernetes/manifests" does not exist on the worker nodes.
  • Fixed the manual load balancer issue where the IngressIP is overwritten with the Spec.LoadBalancerIP even if it is empty.
  • Fixed the issue that preflight jobs might be stuck in the pending state.
  • Fixed an issue where egress NAT erroneously broke long-lived connections.
  • Fixed Seesaw crashing on duplicated service IP.
  • Fixed a warning in the storage preflight check.

Fixed the following vulnerabilities GKE on VMware 1.29.0-gke.1456:

Google Kubernetes Engine

Dual-stack LoadBalancer Services are now generally available with GKE. You can now create a dual-stack GKE cluster and expose GKE Services using either IPv4, IPv6 ,or a combination of both, depending on your ipFamilyPolicy and ipFamilies specs.

To learn more, see GKE LoadBalancer Service parameters.

Cloud DNS additive VPC scope is now available in Preview. You can now configure your GKE clusters to add GKE headless Service entries to your Cloud DNS private zone visible from your VPC networks, on top of using Cloud DNS (cluster scope) as your GKE DNS provider.

To learn more, see Cloud DNS scopes for GKE.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.129.1 (2024-04-25)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#2000) (09ee49a)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.39.0 (#2002) (88517fe)
  • Update dependency com.google.cloud:google-cloud-core to v2.37.0 (#1997) (b4573ae)
  • Update dependency com.google.cloud:google-cloud-storage to v2.37.0 (#1999) (cff6d6a)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.29.0 (#1998) (bb80924)
VPC Service Controls

General availability support for the following integration:

General availability support for the following integration:

Vertex AI Agent Builder

Vertex AI Search: Order healthcare search results (Public preview)

When you search over FHIR resource types that contain unstructured text, you can order your search results according to their relevance to your query. For more information, see Order healthcare search results.

Vertex AI Search: Boost search results (Public preview)

Boosting search results for media apps and for generic search apps that contain unstructured and website data is available in Public preview. For more information, see Boost search results.

Vertex AI Search: Add structured data for advanced website indexing (Public preview)

If advanced website indexing is enabled in your data store, you can use structured data, such as Google-inferred page dates, meta tags, and PageMap content, to enrich your indexing.

For more information, see Use structured data for advanced site indexing and Example use case using a Google-inferred page date.

Vertex AI Search: gemini-1.0-pro-002/answer_gen/v1 for answer generation

Model version gemini-1.0-pro-002/answer_gen/v1 is available for generating answers in Vertex AI Search. For more information, see Answer generation model versions and lifecycle.

Vertex AI Workbench

M120 release

The M120 release of Vertex AI Workbench managed notebooks includes the following:

  • Minor bug fixes for the libcurl package.
reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.5.0-beta04 is now available for iOS.

This version contains the workaround for the bug in Xcode 15.3 that prevents apps from being published in AppStore.

April 28, 2024

Application Integration

While configuring a Cloud Pub/Sub trigger, you can now add a config variable for your service account. Config variables let you externalize configuration for integrations.

April 26, 2024

Apigee X

On April 26, 2024, we released an updated version of Apigee.

Logging Apigee access logs

Apigee Subscription and Pay-as-you-go customers can now enable Cloud Logging ingress access logs for each Apigee instance in their organization. Once enabled, this feature allows you to view the logs generated by ingress gateways in your Apigee infrastructure, such as an external Application Load Balancer or an Anthos gateway, to assist in troubleshooting Apigee API calls.

For more information, see Logging Apigee access logs.

BigQuery

SQL code generation is now available for all BigQuery projects. This feature is available in preview. To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.

Cloud Data Fusion

The HTTP plugin (version 1.4.2) is available in Cloud Data Fusion versions 6.8.0 and later. The release fixed an issue in the HTTP source causing an error in the retrieved schema when one of the retrieved columns contained a quoted value with a delimiter, such as a comma (PLUGIN-1781).

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Monitoring

Broken-link checkers collect screenshots of failing tests in a Cloud Storage bucket. You can configure this feature to collect screenshots for all tests or disable this feature. For more information, see Create a broken-link checker.

Compute Engine

Generally available: Zonal metadata (previously known as project zonal metadata) is custom metadata that you define at a zonal scope within a project and provides information about VMs in that specific zone. Zonal metadata helps you with fault isolation and provides greater reliability. By setting custom zonal metadata, you gain more control over the metadata for VMs in your project and limit the impact of any incorrect metadata updates to VMs within a specific zone.

To get started working with zonal metadata, see Set custom zonal metadata.

Dataflow

The following Dataflow templates now support user-defined functions (UDFs) written in Python:

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.59
  • 1.2.3
  • 2.0.67
  • 2.1.46
  • 2.2.3
Google Cloud Marketplace Partners

We've added a new field, wholesale_charges, to Detailed Disbursements reports and Customer Insights reports for Cloud Marketplace.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-024 security bulletin.

Google Kubernetes Engine

You can now use the node system configuration file in GKE to enable and use Linux huge pages in your Pods. For instructions, see Linux huge page configuration options.

GKE Standard clusters now support nested virtualization. For details, including requirements and limitations, see Use nested VMs with GKE Standard clusters.

GKE Sandbox supports the use of NVIDIA GPUs (H100, A100, L4, and T4) in Public Preview in GKE version 1.29.2-gke.1108000 and later on both Standard and Autopilot clusters. GKE Sandbox provides an extra layer of security to prevent untrusted code from affecting the host kernel on your cluster nodes. For GPUs, while GKE Sandbox doesn't mitigate all NVIDIA driver vulnerabilities, it helps protect against Linux kernel vulnerabilities. For details, see GPUs in GKE Sandbox.

Google SecOps

The feed management feature is now enhanced to include the following:

  • Feed names: You can assign custom names to new and existing data feeds.
  • Troubleshooting information: You can diagnose error feeds by accessing detailed information about the cause of an issue and recommended actions.
  • Last succeeded time: Stay informed about the status of a feed, with a timestamp identifying when data was last successfully fetched by each feed.

You can now set up feeds to push logs using an HTTPS endpoint by using either the feed management user interface or the feed management API. You can use the following feed management source types to set up ingestion using an HTTPS endpoint:

  • Amazon Data Firehose
  • Google Cloud Pub/Sub
  • Webhooks

You can also generate a secret key and API key to authenticate feeds that use Amazon Data Firehose and webhooks as the feed source type.

Google SecOps SIEM

The feed management feature is now enhanced to include the following:

  • Feed names: You can assign custom names to new and existing data feeds.
  • Troubleshooting information: You can diagnose error feeds by accessing detailed information about the cause of an issue and recommended actions.
  • Last succeeded time: Stay informed about the status of a feed, with a timestamp identifying when data was last successfully fetched by each feed.

You can now set up feeds to push logs using an HTTPS endpoint by using either the feed management user interface or the feed management API. You can use the following feed management source types to set up ingestion using an HTTPS endpoint:

  • Amazon Data Firehose
  • Google Cloud Pub/Sub
  • Webhooks

You can also generate a secret key and API key to authenticate feeds that use Amazon Data Firehose and webhooks as the feed source type.

Virtual Private Cloud

Bring your own IP v2 for regional addresses is available in General Availability.

April 25, 2024

Anthos clusters on AWS

A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. For more information, see the GCP-2024-024 security bulletin.

Anthos clusters on Azure

A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes. For more information, see the GCP-2024-024 security bulletin.

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • More sensitive skew metrics for better model and data quality monitoring
  • A bugfix for risk score threshold estimation used in recall metrics in AML AI resource metadata
BigQuery

BigQuery Studio is now available in the following regions:

  • Johannesburg (africa-south1)
  • Hong Kong (asia-east2)
  • Seoul (asia-northeast3)
  • Jakarta (asia-southeast2)
  • Sydney (australia-southeast1)
  • Madrid (europe-southwest1)
  • Turin (europe-west12)
  • Doha (me-central1)
  • Dammam (me-central2)
  • Montréal (northamerica-northeast1)
  • N. Virginia (us-east4)
  • Columbus (us-east5)
  • Dallas (us-south1)
  • Los Angeles (us-west2)
  • Las Vegas (us-west4)

For more information, see BigQuery Studio locations.

The BigQuery Data Transfer Service for Google Merchant Center supports the Product Targeting report.

Config Controller

Config Controller is now supported in region us-west4, us-west3, us-west1, europe-central2, europe-west10, europe-west12, europe-west4 , europe-west9, africa-south1, asia-east1, asia-east2, asia-northeast3, asia-south1, asia-south2, me-west1, europe-southwest1, us-south1, asia-southeast2, me-central1, southamerica-west1 and southamerica-east1.

Config Controller now uses the following versions of its included products:

Dataplex

Dataplex automatic data quality supports the following capabilities:

  • The SQL assertion rule type for custom SQL rules lets you check for an invalid state of a dataset.
  • You can use the data reference parameter in a custom SQL rule to refer to a data source table and all of its precondition filters, instead of explicitly mentioning the table and its filters.
Deep Learning Containers

M120 release

  • Upgraded TensorFlow 2.15 container images to TensorFlow 2.15.1.
  • Added CUDA-specific release tags for all TensorFlow and PyTorch container images, for example, us-docker.pkg.dev/deeplearning-platform-release/gcr.io/tf-cu121.2-15.
Deep Learning VM Images

M120 release

  • Upgraded TensorFlow 2.15 images to TensorFlow 2.15.1.
  • Added Ubuntu 22.04 support for CPU images, and for GPU images using CUDA 12.1 or higher.
Google Cloud Marketplace Partners

You can now create multiple orders for the same product with flat fee pricing. This feature is available in Preview. For more information about creating multiple orders, see Create multiple orders of the same product.

Google Distributed Cloud (software only) for Bare Metal

Release 1.16.8

GKE on Bare Metal 1.16.8 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.8 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Fixes:

The following container image security vulnerabilities have been fixed in 1.16.8:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Distributed Cloud (software only) for VMware

GKE on VMware 1.16.8-gke.19 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.16.8-gke.19 runs on Kubernetes v1.27.12-gke.1000.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

Google Kubernetes Engine

A vulnerability (CVE-2024-26585) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-024 security bulletin.

Google SecOps

Chronicle Security Operations (Chronicle SecOps) has been rebranded to Google Security Operations (Google SecOps). Both the logo and the platform name have been rebranded as part of this change. This rebranding reflects our commitment to bringing you the best of Google security operations features. There is no change to functionality in the platform.

Looker Studio

Timeline chart option

The new timeline chart option lets you visualize the relationships between groups of events and compare the timespans over which these events took place.

Learn more about timeline charts in Looker Studio.

Create a Looker Studio report within Google Sheets

You can create a Looker Studio report directly within Google Sheets. To create a report from a Google Sheets worksheet or range, use the Looker Studio extension in Google Sheets.

Create a Google Cloud project while subscribing to Looker Studio Pro

You can create a new Cloud project during the Looker Studio Pro subscription process. This project is used to host your Looker Studio Pro content.

Learn more about linking Looker Studio Pro to a Google Cloud project.

Sensitive Data Protection

A new detection model is available for the STREET_ADDRESS infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version to latest when including the STREET_ADDRESS infoType in your InspectConfig.

You can still use the old model by setting InfoType.version to stable or leaving it unset when using the STREET_ADDRESS infoType. In 30 days, the new model will be promoted to stable.

Vertex AI Workbench

M120 release

The M120 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Upgraded TensorFlow 2.15 user-managed notebooks to TensorFlow 2.15.1.
  • Minor bug fixes for the libcurl package.

M120 release

The M120 release of Vertex AI Workbench instances includes the following:

  • Minor bug fixes for the libcurl package.

April 24, 2024

Application Integration

For Cloud Pub/Sub triggers, the default value of the expiration period option for subscriptions is changed from 31 days to never expire. If you want to change the value of the expiration period, then you must update the Cloud Pub/Sub subscription in the Google Cloud console.

BigQuery

User-defined aggregate functions (UDAFs) that support SQL expressions are in preview. You can create a UDAF with the CREATE AGGREGATE FUNCTION statement.

Cloud Run

Support for Direct VPC egress, which lets you send traffic directly to a VPC network with no Serverless VPC Access connector required, is now at general availability (GA).

Cloud Service Mesh

1.18.7-asm.21 is now available for in-cluster Anthos Service Mesh.

This patch release contains the fix for the security vulnerability listed in GCP-2024-023. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh. Anthos Service Mesh v1.18.7-asm.21 uses Envoy v1.26.8.

1.19.10-asm.0 is now available for in-cluster Anthos Service Mesh.

This patch release contains the fix for the security vulnerability listed in GCP-2024-023. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh. Anthos Service Mesh v1.19.10-asm.0 uses Envoy v1.27.5.

1.20.6-asm.0 is now available for in-cluster Anthos Service Mesh.

This patch release contains the fix for the security vulnerability listed in GCP-2024-022. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh. Anthos Service Mesh v1.20.6-asm.0 uses Envoy v1.28.3.

Google Kubernetes Engine

A known issue causes a subset of Pods in GKE Autopilot clusters to occasionally become stuck during termination or creation. As a result, we temporarily disabled bursting in Autopilot clusters that were created or upgraded to version 1.29.2-gke.1060000 and later on or after April 24, 2024. Clusters that enabled bursting prior to April 24, 2024 continue to support bursting. For information and troubleshooting steps, see Pods stuck during termination or creation.

Vertex AI Agent Builder

Vertex AI Agent Builder: Renamed in the console and documentation

The Google Cloud console and the documentation at cloud.google.com have been updated to show the current product name for Vertex AI Agent Builder. On the console, look for "Agent Builder".

You might see the old name (Vertex AI Search and Conversation) in some places—for example, in videos.

April 23, 2024

Cloud Interconnect

Verified Peering Provider is now generally available. Verified Peering Provider lets you reach all publicly available Google Cloud resources through an internet service provider, without the need to directly peer with Google.

Cloud Storage

Default replication monitoring for multi-region and dual-region buckets in the Google Cloud console is now available for the following graphs:

  • Percent of minutes out of RPO
  • Percent of objects out of target
  • Meeting RPO
Contact Center AI Platform

Mobile SDK 2.6 is released

For more information, see the following:

Deployment schedules

With deployment schedules, you can control the timing of Google's automatic updates to your contact center instance. For more information, see Deployment schedules.

Container Optimized OS

cos-beta-113-18244-1-44

Kernel Docker Containerd GPU Drivers
COS-6.1.77 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated app-containers/containerd to v1.7.15.

Fixed CVE-2024-26642 in the Linux kernel.

Fixed CVE-2024-26642, CVE-2024-26643 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812399 -> 812400
  • Changed: kernel.threads-max: 63503 -> 63504
  • Changed: user.max_cgroup_namespaces: 31751 -> 31752
  • Changed: user.max_ipc_namespaces: 31751 -> 31752
  • Changed: user.max_mnt_namespaces: 31751 -> 31752
  • Changed: user.max_net_namespaces: 31751 -> 31752
  • Changed: user.max_pid_namespaces: 31751 -> 31752
  • Changed: user.max_time_namespaces: 31751 -> 31752
  • Changed: user.max_user_namespaces: 31751 -> 31752
  • Changed: user.max_uts_namespaces: 31751 -> 31752

cos-105-17412-294-68

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v23.0.3 v1.7.13 v470.239.06(default),v550.54.15(latest)

Fixed a crash during CIFS volumes mount.

Fixed CVE-2024-26642 in the Linux kernel.

cos-101-17162-386-65

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v20.10.24 v1.6.28 v470.239.06(default),v550.54.15(latest)

Fixed a crash during CIFS volumes mount.

Dialogflow

Dialogflow CX: The following new region is available:

  • us: United States multi-region accessed via usa-dialogflow.googleapis.com hostname
Identity-Aware Proxy

WebSocket support for managing Compute Engine resource sessions is now available. For more information, see Managing IAP sessions .

Virtual Private Cloud

The Private Service Connect interface documentation has been updated. Google recommends avoiding multi-tenant architectures, where multiple consumers connect to the same Private Service Connect interface VM. In a multi-tenant architecture, if one consumer terminates their Private Service Connect interface connection, other consumers that are connected to the same VM also lose connectivity. For more information, see Limitations.

April 22, 2024

Backup and DR

Backup and DR Service now support viewing Backup and DR Service pre built reports in Looker Studio. Learn more.

Backup for GKE

Backup for GKE now supports Smart Scheduling, an alternative backup creation scheduling approach based on desired RPO instead of a fixed schedule. This approach is in addition to the existing cron scheduling approach. For more information, see Automatic backup creation and deletion.

Backup index is now available for viewing the resource information in backups. See details on view backup index.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.6.0 (2024-04-09)

Features
  • Integrate jobs.query and stateless query for faster queries (#1337) (74aa150)
Bug Fixes

Python

Changes for google-cloud-bigquery

3.21.0 (2024-04-18)

Features
Bug Fixes
  • Add types to DatasetReference constructor (#1601) (bf8861c)
  • Creates linting-typing.cfg in presubmit (#1881) (c852c15)
  • Remove duplicate key time_partitioning from Table._PROPERTY_TO_A… (#1898) (82ae908)
  • Retry query jobs that fail even with ambiguous jobs.getQueryResults REST errors (#1903, #1900) (1367b58)
Performance Improvements
  • Avoid unnecessary API call in QueryJob.result() when job is already finished (#1900) (1367b58)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.38.0 (2024-04-15)

Features
  • Add Data Boost configurations to admin API (f29c5bb)
  • Add feature flag for client side metrics (#2179) (f29c5bb)
  • Migrate to OTEL and enable metrics by default (#2166) (1682939)
Bug Fixes

Python

Changes for google-cloud-bigtable

2.23.1 (2024-04-15)

Bug Fixes
  • Use insecure grpc channel with emulator (#946) (aa31706)
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.16.3 (2024-04-17)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#1569) (8eb0781)
Cloud SQL for PostgreSQL

The pgvector extension is upgraded from version 0.5.1 to version 0.6.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.

To use this version of the extension, update your instance to [PostgreSQL version].R20240130.00_09. For more information, see Self-service maintenance.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.10.0 (2024-04-15)

Features
  • Add ability to create a File object from URL (#2432) (1b71fcc)
  • Allow setting contentEncoding during compose (#2431) (6e81e05)
Bug Fixes
  • Destroy pipeline streams when returned stream errors (#2437) (fe1ac65)
  • Remove extraneous mime-types package in favor of mime (#2435) (63a71f2)

Java

Changes for google-cloud-storage

2.37.0 (2024-04-19)

Features
  • Adds a ZeroCopy response marshaller for grpc ReadObject handling (#2489) (8c7404d)
  • Port BufferToDiskThenUpload to work with HttpStorageOptions (#2473) (d84e255)
  • Port DefaultBlobWriteSessionConfig to work with HttpStorageOptions (#2472) (e5772a4)
  • Port ParallelCompositeUploadBlobWriteSessionConfig to work with HttpStorageOptions (#2474) (3bf6026)
  • Transfer Manager ParallelCompositeUploads (#2494) (8b54549)
Bug Fixes
  • Ensure all BlobWriteSession types conform to the semantics specified in BlobWriteSession (#2482) (d47afcf)
  • Fix BidiBlobWriteSessionConfigs to respect preconditions (#2481) (955d78a)
  • Update ApiaryUnbufferedWritableByteChannel to be graceful of non-quantum aligned write calls (#2493) (f548335)
  • Update BidiBlobWriteSessionConfig to respect a provided bufferSize (#2471) (e1fb857)
  • Update grpc handling of IAM Policy etag to account for base64 encoding (#2499) (032f2f2)
  • Update Grpc Retry Conformance after new additions to testbench (#2309) (09043c5)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240319-2.0.0 (#2460) (9c2ee90)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#2467) (c12f329)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.29.0 (#2502) (7ed8446)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.43.0 (#2459) (2dc4748)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.44.0 (#2497) (9b0253c)
Documentation
  • Add summary and reference docs for Storage Control API to readme (#2485) (70fd088)
  • Create Samples for transfer manager (#2492) (e2030b2)
Contact Center AI Platform

Version 3.15 is released

All release notes published on this date are part of version 3.15.

Authentication context

You can select the authentication context that you want when you set up single sign-on (SSO) for CRMs that use the Security Assertion Markup Language (SAML) standard.

Glossary support in live translation

Live translation supports glossaries, helping you ensure that specific terms are translated appropriately. For more information, see Set up live translation.

Email channel endpoints in the Manager API

The Manager API has the following two new endpoints for email data management and analysis:

  • Email manager. GET /manager/api/v1/emails
  • Email session data report. GET /manager/api/v1/emails/managed

Skip CRM account and record creation

With the Salesforce CRM and custom CRMs, you can skip account creation or record creation (or both) during a session. For more information, see Skip CRM account and record creation.

Configure chat auto answer at the queue level

You can configure auto answer settings for chat at the queue level. For more information, see Auto-answer.

Chat dismissal warning for agents

Agents receive a chat dismissal warning at the same time that an end-user receives one.

New event field in session reports from the Manager API

Session reports from the Manager API now include an event field. This field indicates how sessions end—for example, finished, failed, or abandoned. For more information, see Calls Endpoints and Chats Endpoints.

On the Agents page, the All teams filter now shows all teams, regardless of whether an agent is assigned.

Fixed an issue where the Create a Record API used the user ID instead of the queue name.

Fixed a reporting error that showed Wait, Queue, and Handle times as 0 for expired or abandoned chats that were escalated from a virtual agent to a queue.

Fixed an issue where the All teams filter on the Agents page didn't display the complete team hierarchy.

Fixed an issue where a user with a custom role that included the Settings > Queue permission was not able to view the Queues page.

Fixed an issue where a user could sometimes still hear a call after ending call monitoring.

Fixed an issue with the ServiceNow CRM where selecting Skip CRM record creation disabled the contact lookup feature.

Fixed an issue with the Chat API where photos and videos sent by an end-user would sometimes not be visible to the agent in the adapter.

Fixed an issue where virtual escalations canceled by an end-user were not being logged as abandoned.

Fixed an issue where the virtual agent streaming service ended mid-session.

Google Cloud Marketplace Partners

We've made the following updates to the the provider Entitlement resource:

  • A new field called new_offer_start_time is populated with the start time of an offer that's scheduled to start in the future. This field works the same way as the field in the Pub/Sub messages.
  • The existing field named new_offer_end_time is now also populated when an offer with a specified end date activates. The field is now empty only if the offer was created with a term instead of a specified end date, or if there is no upcoming offer.
Google SecOps

The ingestion_stats table in BigQuery is deprecated and will no longer be updated after May 15, 2024. We recommend that you use the Chronicle ingestion_metrics table in BigQuery, which provides more accurate ingestion metrics.

The ingestion alerting system using Chronicle has been deprecated. This system will no longer be updated, and no alerts will be sent from this system after September 01, 2024. We recommend that you use the Cloud Monitoring integration which provides more flexibility in alert logic, alert workflow, and integration with third-party ticketing systems.

Google SecOps SIEM

The ingestion_stats table in BigQuery is deprecated and will no longer be updated after May 15, 2024. We recommend that you use the Chronicle ingestion_metrics table in BigQuery, which provides more accurate ingestion metrics.

The ingestion alerting system using Chronicle has been deprecated. This system will no longer be updated, and no alerts will be sent from this system after September 01, 2024. We recommend that you use the Cloud Monitoring integration which provides more flexibility in alert logic, alert workflow, and integration with third-party ticketing systems.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.129.0 (2024-04-17)

Features
Dependencies

Resolved an issue where Pub/Sub pull RPCs incorrectly return a "cancelled" status when the configured deadline is reached in the absence of a backlog. This fix ensures deadlines are honored.

Video Stitcher API

VOD configs are now used to create VOD sessions. When you create a VOD session, specify a VOD config in the vodConfig field to use the config's sourceUri and adTagUri fields.

Workflows

Workflows is available in the following additional region: me-central1 (Doha, Qatar).

April 21, 2024

Application Integration Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.98-debian10, 2.0.98-rocky8, 2.0.98-ubuntu18
  • 2.1.46-debian11, 2.1.46-rocky8, 2.1.46-ubuntu20, 2.1.46-ubuntu20-arm
  • 2.2.12-debian12, 2.2.12-rocky9, 2.2.12-ubuntu22

April 20, 2024

Dataproc

Announcing Dataproc Workflow Templates supports the CMEK organization policy.

April 19, 2024

Apigee X

On April 19, 2024, we released an updated version of Apigee.

With this release, Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features and expanded limits on deployments.

With this upgrade:

  • Standard and extensible API proxy calls are counted equally when calculating overall API call entitlement for Subscription 2021 contracts.
  • The maximum number of shared flow deployments is 75 per environment.
  • There are no limits on the total number of API proxy deployments per environment.
  • The maximum limit of total deployment units (API proxies or shared flows) per organization is 4250.

Note: The fleetwide upgrade is complete for the majority of Subscription 2021 contract organizations. Organization administrators for the remaining 5% of organizations have been contacted by Apigee representatives regarding timelines for the release.

To learn more about:

Subscription Apigee organizations (without hybrid entitlements) upgraded in this release will see changes to the user experience in the Classic Apigee UI. To support management of the upgraded functionality now available to these organizations, a number of feature administration pages are now only available in the Apigee UI in Cloud console.

For more information, see Apigee UI in Cloud console navigation.

Artifact Registry

Artifact Registry download file feature is Generally Available (GA) for standard repositories and remote repositories.

The download file feature allows users to download individual files without configuring authentication for format-specific tooling. For more information, see Download files.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

Cloud Database Migration Service

Database Migration Service for homogeneous migrations to Cloud SQL for MySQL and homogeneous migrations to Cloud SQL for PostgreSQL now supports migrations to existing destination instances that have read replicas enabled.

For more information, see:

Compute Engine

General purpose C3 VMs are now available in Sydney, (australia-southeast1-c).

Dataproc

Dataproc Serverless for Spark: runtime version 2.2 will become the default Dataproc Serverless for Spark runtime version on June 28, 2024 (instead of May 3, 2024, as previously announced).

Google Kubernetes Engine

A bug in the Image streaming feature might cause containers to fail because of missing files.

Containers running on a node with image streaming enabled on specific GKE versions might fail to be created with the following error:

"CreateContainer in sandbox from runtime service failed" err="rpc error: code = Unknown desc = failed to create containerd container: failed to mount [PATH]: too many levels of symbolic links"

The following GKE versions are impacted:

  • All 1.28 versions
  • All 1.29 versions

We're working on fixing this issue. In the meantime, if you're impacted by this issue, disable Image streaming.

Google SecOps SOAR

Release 6.2.54 is now in General Availability.

Text-to-Speech

Cloud Text-to-Speech now offers es-ES Studio voices: es-ES-Studio-C and es-ES-Studio-F

April 18, 2024

Artifact Registry

The immutable tags setting is generally available for Docker repositories. When tags are immutable, you can't change the image digest that a tag references in the repository. You can configure this setting when you create a repository or change the setting on an existing repository.

BigQuery

The quantified LIKE operator is generally available (GA). With this operator, you can check a search value for matches against a list of patterns or an array of patterns, using one of these conditions:

  • LIKE ANY: Checks if at least one pattern matches.
  • LIKE SOME: Synonym for LIKE ANY.
  • LIKE ALL: Checks if every pattern matches.
Cloud Composer

Python 3.11.8 is available in environments with Airflow 2.6.3 and 2.7.3:

  • Existing environments with Airflow 2.6.3 and 2.7.3 switch to Python 3.11.8 when upgraded.

  • Before upgrading, make sure that custom PyPI packages in your environment are compatible with Python 3.11.8.

Between April 16, 2024, 2:00 AM (PST) and April 17, 2024, 3:30 AM (PST), Cloud Composer service experienced problems with environment creation, upgrades, and changing the environment size. The problem is resolved and all operations are working. If you think that your environment is still impacted by this issue, please reach out to the Cloud Support team.

(New environments only) Increased the default value of the [webserver]auto_refresh_interval Airflow configuration option to 15 seconds. Pages in the Airflow UI, such as the list of DAGs, now will update every 15 seconds.

(Available without upgrading) Fixed a problem where enabling or disabling Logs in Cloud Logging Only could render the Airflow web server and workers inoperative. If your environment is affected, apply the fix by enabling or disabling this feature again.

Airflow 2.5.3 is no longer included in Cloud Composer images.

The default version of Airflow is changed to 2.7.3.

Cloud Composer 2.7.0 images are available:

  • composer-2.7.0-airflow-2.7.3 (default)
  • composer-2.7.0-airflow-2.6.3

Cloud Composer versions 2.1.13, 2.1.12 and 1.20.12 have reached their end of full support period.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.58
  • 1.2.2
  • 2.0.66
  • 2.1.45
  • 2.2.2

Set the soft delete policy of newly created Dataproc staging and temp Cloud Storage buckets to 0 days.

Updated the default autoscaling V2 cool-down time from 2m to 1m to reduce scaling latency.

Fixed a bug where Dataproc Serverless sessions that live longer than 48 hours are underbilled.

Dialogflow

Dialogflow CX: The Conversation history API is now available for public preview.

Generative AI on Vertex AI

Meta's open weight Llama 3 model is available in the Vertex AI Model Garden.

Google Kubernetes Engine

(2024-R10) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.11-gke.1062000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.25.15-gke.1115000
    • 1.25.16-gke.1041000
    • 1.26.11-gke.1055000
    • 1.27.7-gke.1121002
    • 1.28.3-gke.1203001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.

Regular channel

  • Version 1.28.7-gke.1026000 is now the default version in the Regular channel.
  • Version 1.25.16-gke.1570000 is now available in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1460000
    • 1.27.8-gke.1067004
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.16-gke.1537000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.

Rapid channel

  • Version 1.29.3-gke.1093000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1596000
    • 1.25.16-gke.1648000
    • 1.26.14-gke.1076000
    • 1.26.14-gke.1133000
    • 1.27.11-gke.1118000
    • 1.27.11-gke.1202000
    • 1.28.7-gke.1026000
    • 1.28.7-gke.1226000
    • 1.29.1-gke.1589017
    • 1.29.2-gke.1521000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1711000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1095000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1093000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1093000 with this release.

(2024-R10) Version updates

(2024-R10) Version updates

  • Version 1.27.11-gke.1062000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.25.15-gke.1115000
    • 1.25.16-gke.1041000
    • 1.26.11-gke.1055000
    • 1.27.7-gke.1121002
    • 1.28.3-gke.1203001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.

(2024-R10) Version updates

  • Version 1.28.7-gke.1026000 is now the default version in the Regular channel.
  • Version 1.25.16-gke.1570000 is now available in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1460000
    • 1.27.8-gke.1067004
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.25.16-gke.1537000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.

(2024-R10) Version updates

  • Version 1.29.3-gke.1093000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1596000
    • 1.25.16-gke.1648000
    • 1.26.14-gke.1076000
    • 1.26.14-gke.1133000
    • 1.27.11-gke.1118000
    • 1.27.11-gke.1202000
    • 1.28.7-gke.1026000
    • 1.28.7-gke.1226000
    • 1.29.1-gke.1589017
    • 1.29.2-gke.1521000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1711000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.8-gke.1095000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1093000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1093000 with this release.
Google SecOps SOAR

Release 6.3.0 is currently in Preview.

Chronicle SOAR is being rebranded to Google Security Operations (Google SecOps). Both the logo and the platform name have been rebranded as part of this change. This rebranding reflects our commitment to bringing you the best of Google security operations features. There is no change to functionality in the platform.

Context-sensitive help added to the platform When you click the documentation link at the top of the platform, you will now be directed to the exact documentation page that relates to the screen you are on.

Custom List import error not propagated to the user (ID #1032784)

Advanced Text Editor text formatting not working (ID #00274952)

Issues with Login (ID #00283928)

Parse case wall email doesn't work in playbook simulator (ID #00260679)

Unable to create advanced reports when a specific environment is selected (ID #49898167)

Playbooks not visible due to missing categoryId and categoryName values (ID #00274872)

Events tab lists all artifacts even though they are part of different events (ID #49103838)

Tagged user is not highlighted or hyperlinked on the Case Wall page & Notification popup

Looker Studio

Viewer role for team workspaces

The Viewer role can now be assigned to members of a team workspace. The Viewer role lets users view existing assets in the team workspace, view folders in the team workspace, and view the team workspace Trash.

Pro feature: New Viewer permissions to create scheduled report deliveries

When sharing a Pro report, Pro users can now grant users with a Viewer role the ability to create scheduled deliveries of the shared report.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.5.0-beta03 is now available for iOS.

This version contains the following changes:

  • Support for Apple Privacy Manifest.
  • The minimum supported version of Xcode is 15.3.
  • The minimum supported version of client's CocoaPods version is 1.12.0.

April 17, 2024

Apigee hybrid

hybrid v1.12.0

On April 17, 2024 we released an updated version of the Apigee hybrid software, v1.12.0.

For information on upgrading, see Upgrading Apigee hybrid to version v1.12.0. For information on new installations, see The big picture.

A new suite of metrics for monitoring Apigee proxies and target endpoints is now available for Hybrid 1.12.

You can now add your own contractEncryptionKey for new Apigee hybrid installations. For details, see Data encryption.

The JAR file dependencies required to create a Java callout are now hosted securely in Artifact Registry.

For more information on downloading the JAR dependencies from Artifact Regsitry, see Compile your code with Maven.

Hybrid 1.12 validates required conditions are satisfied before allowing Runtime services to be created. See Diagnosing issues with guardrails.

Apigee hybrid now supports Workload Identity Federation for component authentication on AKS and EKS installations. See Enabling Workload Identity Federation on AKS and EKS.

Hybrid v1.12 now supports storing service account keys in Hashicorp Vault. See Storing service account keys in Hashicorp Vault.

The apigeectl command-line tool is deprecated. as of April 17, 2024. The apigeectl tool is not supported for Apigee hybrid v1.12. Support for apigeectl for hybrid v1.10 and v1.11 will end on April 17, 2025. For more information, see apigeectl deprecation.

The Proxyv2 and targetv2 metrics suite is deprecated. The Apigee hybrid v1.12 release supports the new proxy and target metrics by default. Support for Proxyv2 and targetv2 metrics in hybrid v 1.10 and v1.11 will end on April 17, 2025. For more information, see ProxyV2 and TargetV2 deprecation.

Bug ID Description
284034011 Modified Apigee Watcher and Apigee Ingress to leverage a sidecar instead of pod/exec for collecting ingress routing status.
298202120 The Datastore component now uses Cassandra 4.
311705715 Use a non-default service account for the remove-dc component. (Fixed in Apigee hybrid 1.10.3-hotfix.4, 1.10.4, and 1.11.1)
306341401 Fixed regression where virtualhost cipherSuites overrides weren't being used. (Fixed in Apigee hybrid 1.10.4 and 1.11.1)
302186503 Added the missing HTTP proxy template settings to the Apigee Hybrid Helm datastore component. (Fixed in Apigee hybrid 1.10.4)
300542690 Added dedicated service accounts for Apigee Connect, Redis, and UDCA to prevent Kubernetes from automatically injecting credentials for a specified Service Account or the default Service Account. (Fixed in Apigee hybrid 1.10.4)
277353680 Fixed issue causing target server HealthMonitors to continue beyond revision or deletion of the proxy.

Target health checks are now terminated as soon as the proxy is removed from the runtime (undeployed or deleted). Note: There may be a delay between removal of the proxy and termination of the target server health checks. (Fixed in Apigee hybrid 1.10.4)

These security bugs were fixed in Apigee hybrid v1.12.0

Bug ID Description
N/A Security fixes for apigee-cassandra-backup-utility
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra-client
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter
This addresses the following vulnerability:
N/A Security fixes for apigee-udca
This addresses the following vulnerabilities:
N/A Security fixes for apigee-watcher
This addresses the following vulnerability:
N/A Security fixes for apigee-connect-agent
This addresses the following vulnerability:
N/A Security fixes for apigee-fluent-bit
This addresses the following vulnerabilities:

These security bugs were fixed in Apigee hybrid v1.10.4.

Bug ID Description
315034009 Security fixes: apigee-asm-ingress and apigee-asm-istiod (ingressgateway and ingressgateway-controller) are upgraded to Service Mesh version 1.17.8-asm.4.
This addresses the following vulnerabilities:
311167948 A security issue was addressed.
303460289 Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
303459588 Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
300319489 Security fixes for fluentd.
This addresses the following vulnerabilities:
294892189 Security fixes for apigee-diagnostics-collector.
This addresses the Guava vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility and apigee-prom-prometheus.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra and apigee-hybrid-cassandra-client.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-installer, apigee-operators, and apigee-watcher.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:

These security bugs were fixed in Apigee hybrid v1.11.1.

Bug ID Description
315034009 Security fixes: apigee-asm-ingress and apigee-asm-istiod (ingressgateway and ingressgateway-controller) are upgraded to Service Mesh version 1.17.8-asm.4.
This addresses the following vulnerabilities:
303460289 Security fixes to apigee-prometheus-adapter.
This addresses the following vulnerabilities:
303459588 Security fixes to apigee-prom-prometheus.
This addresses the following vulnerabilities:
303292806 Restrict connections from the Cassandra backup utility to Cassandra server pods in the apigee namespace.
N/A Security fixes to apigee-cassandra-backup-utility.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-hybrid-cassandra-client.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes to apigee-installer, apigee-operators, and apigee-watcher.
This addresses the following vulnerabilities:

These security bugs were fixed in Apigee hybrid v1.11.1-hotfix.1.

Bug ID Description
324460830 Security fix for apigee-ingress.
This addresses the following vulnerabilities:

These security bugs were fixed in Apigee hybrid v1.10.4-hotfix.1.

Bug ID Description
324460830 Security fix for apigee-ingress.
This addresses the following vulnerabilities:
BigQuery

More permissions are now supported by deny policies. This feature is in preview.

Cloud Data Fusion

The Salesforce Marketing Cloud plugin (version 1.3.1) is available in Cloud Data Fusion version 6.8.0 and later. The release fixed an issue in the Salesforce Marketing sink plugin causing upsert operations to fail (PLUGIN-1773).

Config Connector

Config Connector version 1.116.0 is now available.

An error treats merge as invalid value in cnrm.cloud.google.com/state-into-spec annotation in IAMPolicy, IAMPartialPolicy, IAMPolicyMember, and IAMAuditConfig resources. Upgrading Config Connector to 1.117 or newer versions can fix the issue.

This release includes enhanced support for DNSRecordSet, enabling advanced configurations such as geo-routing, primary/backup, and weighted round-robin load-balancing.

ContainerCluster

  • Added spec.nodeConfig.linuxNodeConfig.cgroupMode field.

ContainerNodePool

  • Added spec.nodeConfig.linuxNodeConfig.cgroupMode field.

DNSRecordSet

  • Added spec.routingPolicy.geo.healthCheckedTargets field.

  • Added spec.routingPolicy.primaryBackup field.

  • Added spec.routingPolicy.wrr field.

EventArcTrigger

  • Added spec.destination.httpEndpoint field.

  • Added spec.destination.networkConfig field.

LoggingLogBucket

  • Added spec.enableAnalytics field.
Contact Center AI Platform

Web SDK 2.19 is released

For more information, see Web SDK changelog.

Google Cloud Architecture Center Google Cloud Marketplace Partners

We've made the following changes to Cloud Marketplace reports:

Google Distributed Cloud (software only) for VMware

GKE on VMware 1.28.400-gke.75 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.28.400-gke.75 runs on Kubernetes v1.28.7-gke.1700.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

The following vulnerabilities are fixed in1.28.400-gke.75:

SAP on Google Cloud

BigQuery Connector for SAP version v2.7

Version 2.7 of the BigQuery Connector for SAP is generally available (GA). This version extends support for using the SAP SLT add-on DMIS 2018 SP 11.

For more information, see What's new with BigQuery Connector for SAP.

Storage Transfer Service

Storage Transfer Service has added support for Shared Keys as an authentication method when transferring from Microsoft Azure Storage.

To use an Azure Shared Key, you must store the key value in Secret Manager. See Save your Microsoft credentials in Secret Manager for details.

April 16, 2024

BigQuery

BigQuery now supports subqueries in row level access policies. This feature is now in public preview.

Bigtable

Client-side metrics are enabled by default in the Bigtable client library for Java versions 2.38.0 and later.

Cloud Load Balancing

Internal passthrough Network Load Balancer now supports load-balancing for TCP, UDP, ICMP, ICMPv6, SCTP, ESP, AH, and GRE protocols. To handle multiple protocol traffic, you set the load balancer's forwarding rule protocol to L3_DEFAULT and set the backend service protocol to UNSPECIFIED.

For details, see:

Set up an internal passthrough Network Load Balancer with VM instance group backends for multiple protocols

This feature is available in General Availability.

Compute Engine

Generally available: Z3 VMs, which offer the latest compute, networking, and storage innovations in one platform with a particular focus on high density, high performing Local SSD are now available on Compute Engine. For more information, see Storage-optimized machine family.

Generally available: Hyperdisk Balanced is available with M1 and M2 VMs. Hyperdisk Balanced is a good fit for a wide range of use cases such as LOB applications, and medium-tier databases that don't require the performance of Hyperdisk Extreme. For more information, see About Hyperdisk.

Dataproc Metastore

New Dataproc Metastore services configured with Private Service Connect can be connected from subnetworks of any region within the same VPC network.

Existing services configured with Private Service Connect do not inherit this change and continue to only support access from the VPC subnetworks that were specified during service creation.

Google Cloud Architecture Center

Disaster recovery building blocks: Added DNS policies to the DR building blocks.

Google Kubernetes Engine

The Z3 machine family is generally available in Standard clusters running for GKE 1.25 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool. The following limitations apply:

  • Node auto-provisioning for Z3 is supported in 1.29 and later.
  • GKE Autopilot is supported in 1.29 and later.
  • Z3 machines are gracefully terminated during host maintenance.
SAP on Google Cloud

New SAP HANA certification: Hyperdisk Balanced usage with M2 machine types

For use with SAP HANA on Google Cloud, SAP has certified the usage of Hyperdisk Balanced with the M2 series of memory-optimized machine types.

For more information, see:

April 15, 2024

Apigee X

On April 15, 2024, we released an updated version of Apigee (1-12-0-apigee-4).

Bug ID Description
332981542 Optimized VerifyAPI policy execution time for high count of API products.
Binary Authorization

Binary Authorization legacy continuous validation (CV) is deprecated and will no longer be available on Google Cloud after May 1, 2025. You can instead use continuous validation with check-based platform policies. To learn how to migrate to check-based platform policies, see Legacy continuous validation deprecation and shutdown.

Cloud Key Management Service

Cloud KMS now supports asymmetric signing and validation using ECDSA on the Curve25519 in PureEdDSA mode, which takes raw data as input instead of hashed data.

For more information on this and other algorithms supported by Cloud KMS, see Key purposes and algorithms.

Cloud Run

The Direct VPC egress feature of Cloud Run is now supported in all regions.

Container Optimized OS

cos-dev-117-18374-0-0

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.10 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded sys-boot/grub-lakitu to the FC 39's current version.

Updated the Linux kernel to v6.1.85.

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

cos-113-18244-1-37

Kernel Docker Containerd GPU Drivers
COS-6.1.77 v24.0.9 v1.7.10 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed integrity-fs dm-crypt creation flakiness.

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

Runtime sysctl changes:

  • Changed: fs.file-max: 812400 -> 812399
  • Changed: kernel.threads-max: 63504 -> 63503
  • Changed: user.max_cgroup_namespaces: 31752 -> 31751
  • Changed: user.max_ipc_namespaces: 31752 -> 31751
  • Changed: user.max_mnt_namespaces: 31752 -> 31751
  • Changed: user.max_net_namespaces: 31752 -> 31751
  • Changed: user.max_pid_namespaces: 31752 -> 31751
  • Changed: user.max_time_namespaces: 31752 -> 31751
  • Changed: user.max_user_namespaces: 31752 -> 31751
  • Changed: user.max_uts_namespaces: 31752 -> 31751

cos-105-17412-294-66

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v23.0.3 v1.7.13 v470.239.06(default),v550.54.15(latest)

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

Fixed CVE-2024-26642,CVE-2024-26643 in the Linux kernel.

cos-109-17800-147-60

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

cos-101-17162-386-64

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v20.10.24 v1.6.28 v470.239.06(default),v550.54.15(latest)

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

Google Cloud Architecture Center

Disaster recovery building blocks: Added information about the soft-deletion feature in Cloud Storage.

Google SecOps

The following labels fields for UDM nouns are deprecated and these fields will not appear in the search results after November 29, 2024: about.labels, intermediary.labels, observer.labels, principal.labels, src.labels, security_result.about.labels, and target.labels. For existing parsers, in addition to these UDM fields, the logs fields are also mapped to key and value additional.fields UDM fields. For new parsers, the key and value settings in additional.fields UDM fields are used instead of the deprecated labels UDM fields. We recommend that you update the existing rules to use the key and value settings in the additional.fields UDM fields instead of the deprecated labels UDM fields.

Google SecOps SIEM

The following labels fields for UDM nouns are deprecated and these fields will not appear in the search results after November 29, 2024: about.labels, intermediary.labels, observer.labels, principal.labels, src.labels, security_result.about.labels, and target.labels. For existing parsers, in addition to these UDM fields, the logs fields are also mapped to key and value additional.fields UDM fields. For new parsers, the key and value settings in additional.fields UDM fields are used instead of the deprecated labels UDM fields. We recommend that you update the existing rules to use the key and value settings in the additional.fields UDM fields instead of the deprecated labels UDM fields.

Identity Platform

Automatic, anonymous account deletion is now enforced for all projects that have autodelete_anonymous_users enabled.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

This is the second preview release of the Pub/Sub client that includes OpenTelemetry Tracing.

CHANGES

  • Fix leak of ackIDs in activeSpans map
  • Allow passing of context into user callback
  • Align attributes for batch operation spans (publish, ack, nack, modack) with that of the main message spans

Java

Changes for google-cloud-pubsub

1.128.1 (2024-04-10)

Dependencies
Security Command Center

Security Health Analytics use of security marks for asset allowlists deprecated

Starting April 15, 2025, Security Health Analytics will no longer use security marks to allowlist assets for Security Health Analytics detectors.

After that date, you can still apply security marks to assets, but they will no longer affect the way that Security Health Analytics processes assets.

For more information about security marks for assets, see Add assets to allowlists.

Historical snapshots to be disabled in Security Command Center API

Starting July 15, 2024, Security Command Center will discontinue historical snapshot capabilities in the Security Command Center API, which were used to query for findings at a particular point in time. Specifically, readTime and compareDuration will be removed from list and group API calls for findings. Also, start_time will be removed from SetFindingState, SetFindingWorkflowState and UpdateSecurityMarks.

For more information about the Security Command Center API, see Overview.

Data retention period to be reduced for Standard tier findings

For existing Standard tier users, on July 14, 2024, the data retention period for findings will be reduced from 13 months to 35 days. For new users activating the Standard tier after April 15, 2024, the data retention period for findings is 35 days.

The retention period for findings in the Premium tier and Enterprise tier remains 13 months.

For more information, see Data retention.

Vertex AI

Persistent resource for Vertex AI custom training is generally available (GA).

Vertex AI Feature Store

The following features of Vertex AI Feature Store are now generally available (GA):

  • Optimized online serving: Serve features at ultra-low latencies. For more information, see Optimized online serving.

  • Search using embeddings: Perform vector similarity searches to retrieve semantically similar or related features for real-time serving. You can search using embeddings if your online store is configured to support embeddings. For more information, see Search using embeddings.

  • Feature view sync: Refresh or synchronize the feature data in a feature view within an online store from the feature data source in BigQuery. For more information, see Sync feature data to online store.

April 12, 2024

AlloyDB for PostgreSQL

AlloyDB Omni version 15.5.2 is now available. This version fixes the issue causing AlloyDB Omni running in Kubernetes to run out of memory and crash under some heavy workloads. To apply this fix to a database cluster running in Kubernetes, update its DBCluster manifest definition so that its databaseVersion value is "15.5.2".

Google Cloud Architecture Center

Deploying the enterprise application blueprint: Added information about using a single Git repository (a monorepo) instead of a separate repository for each application.

Google Kubernetes Engine

GPUDirect-TCPX is now supported on GKE version 1.27 and later and requires the following patch versions:

  • For GKE version 1.27, use GKE patch version 1.27.7-gke.1121000 or later.
  • For GKE version 1.28, use GKE patch version 1.28.8-gke.1095000 or later.
  • For GKE version 1.29, use GKE patch version 1.29.3-gke.1093000 or later.

To use GPUDirect-TCPX, see Maximize GPU network bandwidth with GPUDirect-TCPX and multi-networking.

Google SecOps SOAR

Release 6.2.53 is now in General Availability.

Remote Agent Release 1.5.0 is now in General Availability.

April 11, 2024

Bigtable

Bigtable now integrates with LangChain, an LLM orchestration framework. For more information, see Build LLM-powered applications using LangChain. This feature is available in Preview.

Cloud Composer

Starting from June 15, 2024 it will not be possible to create Cloud Composer 1 environments in Google Cloud console. It will still be possible to create Cloud Composer 1 environments through Google Cloud SDK, Terraform, and API in allowlisted projects.

Generative AI on Vertex AI

Anthropic Claude 3.0 Opus model

The Anthropic Claude 3.0 Opus model is available in Preview. The Claude 3.0 Opus model is an Anthropic partner model that you can use with Vertex AI. It's the most capable of the Anthropic models at performing complex tasks quickly. To learn more, see its model card in Model Garden.

Google Cloud Architecture Center Google Cloud Marketplace Partners

If you've turned on Marketplace reports in Producer Portal, you now receive proactive email notifications from Google when reports are delayed, have inaccurate data, or have been regenerated. For steps to set up reports and receive these notifications, see Set up to receive reports.

Google SecOps SOAR

Release 6.2.54 is currently in Preview.

In Release 6.2.45 the option to manually enter General placeholders was added. The General Placeholders section has now been added to the platform.

Error when adding or removing a tag on a closed case (ID #50195120)

Unable to import dynamic parameters (ID #00262571)

Playbooks re-running during platform update (ID 00282275)

Playbook block input can't be used to select dynamic instance (ID #00276416)

Refreshing dashboard changes displayed data (ID #49716319)

Playbooks not saving correctly (ID #49142793)

When logging in via SAML it doesn't show up in the SOAR Audit logs.

Pub/Sub

If you use Pub/Sub metrics as a signal to autoscale your pipeline, refer to Best practices for using Pub/Sub metrics as a scaling signal.

April 10, 2024

Google Kubernetes Engine

The N4 machine family is generally available in GKE Standard clusters running on GKE 1.29 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool. The following limitations apply:

  • Confidential GKE nodes is not supported.
  • Local SSD is not supported.
  • hyperdisk-balanced is the only supported boot disk type.
Looker

Looker 24.6 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Wednesday, April 17, 2024

  • Expected Looker (original) final deployment and download available: Tuesday, April 30, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, April 15, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, April 22, 2024

The Embedded Looker Studio feature is now available to preview. This feature lets you view and edit Looker Studio reports in Looker and create ad hoc analyses in embedded Looker Studio reports with the Open in Reports feature on Looker Explores.

To participate in this closed experiment, you must meet the following requirements:

  • Your Looker instance must be running on Looker 24.6 or later.

  • Your Looker instance must be using Google OAuth authentication.

  • You must have a Looker Studio Pro license for each user who accesses embedded Looker Studio.

  • You must submit the sign-up form for the closed experiment.

More information for using the Embedded Looker Studio feature is coming soon.

The Allow Legacy Maps legacy feature is now disabled by default. When the Allow Legacy Maps legacy feature is disabled, any map visualization that uses the Map (Legacy) chart type will be converted to use the Google Maps chart type. This may be a breaking change for some customers who are still using Legacy Maps.

As part of a Looker Studio Pro subscription, Looker Studio Pro licenses are available at no cost to Looker users. Looker admins of Looker (original) instances and Looker (Google Cloud core) instances can accept these complimentary licenses and finish setting up a Looker Studio Pro subscription to get started using Looker Studio.

The Performant Field Picker is now generally available. Search modifiers in the Field Picker can no longer be used.

An issue that caused user attribute filter values to fail to load in some situations has been fixed. This feature now performs as expected.

The json_bi and json_detail_lite_stream query result formats did not respect the apply_formatting parameter in certain cases. This feature now performs as expected.

Previously, fields with full_suggestions would not show suggestions while interacting with the filter. This feature now performs as expected.

An issue has been fixed where the fiscal year was not rendering correctly in some Excel downloads. This feature now performs as expected.

A more descriptive error message is now returned when a user tries to delete a project using the API while not in dev mode.

An issue has been fixed where some projects were empty when a user first entered dev mode. This feature now performs as expected.

Previously, an issue would cause Looker to incorrectly generate derived table SQL if a derived table referenced a view that referenced another derived table that was using the SQL_TABLE_NAME syntax. This feature now performs as expected.

When New LookML Runtime is enabled, the LookML Validator will now include more descriptive error information when an aliased derived table's definition references an unqualified field name in Liquid.

Previously, comparison text on single value visualization dashboard tiles could be cut off when the tile was a specific height. This feature now performs as expected.

Performance for PDT stable view publishing has been improved.

An issue was causing the LookML Validator to incorrectly mark some fields as duplicates. This feature now performs as expected.

Previously, an unclear error message was returned when you selected a measure in an aggregate query using the SQL interface. The language of this error message has been clarified.

An intermittent issue was rendering a blank page when content was added to a board. This feature now performs as expected.

An issue was causing QR codes for mobile app authentication to be improperly generated. This feature now performs as expected.

April 09, 2024

AlloyDB for PostgreSQL

The following Gemini in Databases features are now available in Public Preview:

  • Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
  • AlloyDB Studio (GA): lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • Monitor active queries: monitor and troubleshoot the queries that are active in your database.
  • Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
  • Enhanced Query Insights: an assistive query performance diagnostics platform that lets you detect, troubleshoot, and prevent database and query performance problems in near real-time.
  • 4-week query metric retention in the Query Insights dashboard.
  • 5 new database insight recommendations.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

AlloyDB Omni version 15.5.1 has the following AlloyDB AI features available in Preview:

BigQuery

BigQuery ML now offers the following expanded embedding support features in preview:

Try the new multimodal embedding functionality:

You can now create a data canvas in BigQuery Studio. A data canvas lets you discover, transform, query, and visualize data using natural language. It provides a graphic interface for your analysis that lets you work with data sources, queries, and visualizations in a directed acyclic graph (DAG), giving you a graphical view of your analysis workflow that maps to your mental model. You can iterate on query results and work with multiple branches of inquiry in a single place. This feature is in preview and access can be requested here.

The following Gemini in BigQuery features are now available in Public Preview:

To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.

Bigtable

Bigtable Data Boost, a serverless compute service designed for high-throughput read jobs and queries, is available in Preview.

You can now build distributed counters with Bigtable with write-time aggregates. This feature is available in Preview.

You can control access to data in your Bigtable tables with authorized views. This feature is generally available (GA).

Bigtable app profiles let you configure request priorities to prioritize certain workload data requests over others. This feature is now generally available (GA).

Bigtable now lets you increase the retention period in the garbage collection policy for a column family in a replicated table. For more information, see Changing age-based garbage collection policies.

Cloud Database Migration Service

Database Migration Service support for code conversion with Gemini assistance is now available in preview. For more information, see:

Database Migration service support for homogeneous SQL Server migrations to Cloud SQL for SQL Server is now available in preview. For more information, see Database Migration Service for SQL Server.

Database Migration Service support for Oracle to AlloyDB for PostgreSQL migrations is now generally available. For more information, see Database Migration Service for Oracle to AlloyDB for PostgreSQL.

Database Migration Service conversion workspaces for heterogeneous migrations are now generally available (GA). For more information, see:

Cloud SQL for MySQL

The following Gemini in Databases features are now available in Public Preview:

  • Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
  • Cloud SQL Studio: lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • Monitor active queries: monitor and troubleshoot the queries that are active in your database.
  • Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
  • 4-week query metric retention in the Query Insights dashboard.
  • 17 new database insight recommendations.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

Cloud SQL for MySQL now supports the storage of vector embeddings in MySQL 8.0.36 and later databases. To use this feature, update your instance to MySQL 8.0.36.R20240401.03_00 or later.

After you store vector embeddings in your database, you can then perform K-nearest neighbor (KNN) searches on the dataset along with the rest of your data. Cloud SQL for MySQL also supports the creation of vector search indexes for several different index types using approximate nearest neighbor (ANN) search.

For more information, see Working with vector embeddings using Cloud SQL for MySQL. This feature is in Preview.

Cloud SQL for PostgreSQL

The following Gemini in Databases features are now available in Public Preview:

  • Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
  • Cloud SQL Studio: lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • Monitor active queries: monitor and troubleshoot the queries that are active in your database.
  • Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
  • 4-week query metric retention in the Query Insights dashboard.
  • 15 new database insight recommendations.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

Cloud SQL for SQL Server

The following Gemini in Databases features are now available in Public Preview:

  • Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
  • Cloud SQL Studio: lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • 9 new database insight recommendations.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

Compute Engine

Generally available: N4 VMs are generally available on the Intel Emerald Rapids CPU with 640 GB DDR5 memory. The N4 machine series offers predefined and custom machine types with extended memory and Hyperdisk Balanced storage.

N4 VMs are available in limited regions and zones.

See VM pricing for cost details.

Generally available: You can plan ahead for VM maintenance on M1, M2, and M3 machine types by viewing their maintenance schedule notifications. For specific machine types within these families, you can also trigger VM maintenance ahead of schedule.

Dataproc

Dataproc Serverless for Spark: The preview release of Advanced troubleshooting, including Gemini-assisted troubleshooting, is now available for Spark workloads submitted with the following or later-released runtime versions:

  • 1.1.55
  • 1.2.0-RC1
  • 2.0.63
  • 2.1.42
  • 2.2.0-RC15

Dataproc Serverless for Spark: Announcing the preview release of Autotuning Spark workloads.

Generative AI on Vertex AI

New Imagen on Vertex AI image generation model and features

The 006 version of the Imagen 2 image generation model (imagegeneration@006) is now available. This model offers the following additional features:

  • Additional aspect ratios (1:1, 3:4, 4:3, 9:16, 16:9)
  • Digital watermark (SynthID) enabled by default
  • Watermark verification*
  • New user-configurable safety features (safety setting, person/face setting)

For more information, see Model versions and Generate images using text prompts.

* The seed field can't be used while digital watermark is enabled.

New Imagen on Vertex AI image editing model and features

The 006 version of the Imagen 2 image editing model (imagegeneration@006) is now available. This model offers the following additional features:

  • Inpainting - Add or remove content from a masked area of an image
  • Outpainting - Expand a masked area of an image
  • Product image editing - Identify and maintain a primary product while changing the background or product position

For more information, see Model versions.

Change in Imagen image generation version 006 (imagegeneration@006) seed field behavior

For the new Imagen image generation model version 006 (imagegeneration@006) the seed field behavior has changed. For the v.006 model a digital watermark is enabled by default for image generation. To be able to use a seed value to get deterministic output you must disable digital watermark generation by setting the following parameter: "addWatermark": false.

For more information, see the Imagen for image generation and editing API reference.

CodeGemma model

The CodeGemma model is available. CodeGemma is a lightweight open model that's part of the Google Gemma model family. CodeGemma is the Gemma model family's code generation and code completion offering. Gemma models are based on Gemini models and intended to be extended by customers.

Grounding Gemini and Grounding with Google Search

The Gemini API now supports Grounding with Google Search in Preview. Currently available for Gemini 1.0 Pro models.

Regional APIs

  • Regional APIs are available in 11 new countries for Gemini, Imagen, and embeddings.
  • US and EU have machine-learning processing boundaries for the gemini-1.0-pro-001, gemini-1.0-pro-002, gemini-1.0-pro-vision-001, and imagegeneration@005 models.

Generative AI on Vertex AI security control update

Security controls are available for the online prediction feature for Gemini 1.0 Pro and Gemini 1.0 Pro Vision.

Gemini 1.5 Pro (Preview)

Gemini 1.5 Pro (gemini-1.5-pro-preview-0409) is available in Preview. Gemini 1.5 Pro is a multimodal model that analyzes text, code, audio, PDF, video, and video with audio.

New text embedding models

The following text embedding models are now in Preview.

  • text-embedding-preview-0409
  • text-multilingual-embedding-preview-0409

When evaluated using the MTEB benchmarks, these models produce better embeddings compared to previous versions. The new models also offer dynamic embedding sizes, which you can use to output smaller embedding dimensions, with minor performance loss, to save on computing and storage costs.

For details on how to use these models, refer to the public documentation and try out our Colab.

System instructions

System instructions are supported in Preview by the Gemini 1.0 Pro (stable version gemini-1.0-pro-002 only) and Gemini 1.5 Pro (Preview) multimodal models. Use system instructions to guide model behavior based on your specific needs and use cases. For more information, see System instructions examples.

Supervised Tuning for Gemini

Supervised tuning is available for the gemini-1.0-pro-002 model.

Online Evaluation Service

Generative AI evaluation supports online evaluation in addition to pipeline evaluation. The list of supported evaluation metrics has also expanded. See API reference and SDK reference.

Generative AI Knowledge Base

The Jump Start Solution: Generative AI Knowledge Base demonstrates how to build a simple chatbot with business- and domain-specific knowledge.

Text translation

Translate text in Vertex AI Studio is available in Preview.

Gemini 1.0 Pro stable version 002

The 002 version of the Gemini 1.0 Pro multimodal model (gemini-1.0-pro-002) is available. For more information about stable versions of Gemini models, see Gemini model versions and lifecycle.

Vertex AI Studio features and updates

  • The Vertex AI Studio supports side-by-side comparison to allow users to compare up to 3 prompts in a side-by-side view.
  • The Vertex AI Studio supports rapid evaluation in console and the ability to upload a ground truth response (or a model response to try to emulate).

To learn more, see Try your prompts in Vertex AI Studio

GitLab on Google Cloud

GitLab on Google Cloud is in Preview. The integration enables customers to deploy source from GitLab to Google Cloud run-time environments. The integration simplifies authentication and authorization to Google for GitLab piplines, and uses GitLab and Google CI/CD components. To get started, try the GitLab end-to-end tutorial.

Google Distributed Cloud (software only) for VMware

GKE on VMware 1.16.7-gke.46 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.16.7-gke.46 runs on Kubernetes v1.27.10-gke.500.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

The following issues are fixed in 1.16.7-gke.46.

  • Fixed the known issue where the controlPlaneNodePort field defaults to 30968 when the manualLB spec is empty.

The following vulnerabilities are fixed in 1.16.7-gke.46:

Google Kubernetes Engine

Cloud Tensor Processing Units (TPUs) are now available in GKE Autopilot clusters running version 1.29.2-gke.1521000 or later. To learn more, visit Deploy TPU workloads on GKE Autopilot.

Network Intelligence Center

Flow Analyzer is now available in Preview.

Flow Analyzer lets you quickly and efficiently understand your VPC traffic flows without the need to write complex SQL queries for analyzing VPC Flow Logs.

Spanner

The following Gemini in Databases features are now available in Public Preview:

  • Spanner Studio (GA): lets users interact with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • Spanner now supports the use of Gemini models with GoogleSQL and PostgreSQL machine learning prediction functions.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

Spanner now supports the ML_PREDICT_ROW() function for PostgreSQL. You can use this function to generate predictions using SQL. To learn more about this function and how to use it, see Using Spanner Vertex AI integration functions.

You can now generate ML predictions using the Spanner emulator with GoogleSQL and PostgreSQL.

Spanner GoogleSQL now supports SAFE.ML.PREDICT(), which allows you to return a null instead of an error in your predictions.

You can generate and backfill vector embeddings for textual data (STRING or JSON) stored in Spanner using GoogleSQL partitioned DML and the Vertex AI textembedding-gecko model. For more information, see Generate vector embeddings for textual data in bulk using partitioned DML.

Spanner now supports several new PostgreSQL JSONB functions:

  • spanner.jsonb_query_array()
  • jsonb_build_array()
  • jsonb_build_object()

The PostgreSQL CONCAT() function also supports more than 4 arguments.

For more information, see Supported PostgreSQL functions.

Spanner has extended the array data type with the VECTOR LENGTH parameter (in Preview). This optional parameter sets an array to a fixed size for use in a vector search. For more information, see the PostgreSQL array data type or the GoogleSQL array data type.

Spanner now supports the dot_product() function (in Preview). For more information, see Choose among vector distance functions to measure vector embeddings similarity.`

Spanner now supports the float32 (GoogleSQL) and float4/real (PostgreSQL) data type (in Preview).

Spanner now supports the use of Gemini models with GoogleSQL and PostgreSQL machine learning prediction functions (in Preview).

Spanner now supports using LangChain with the vector store, document loader, and chat message history objects. For more information, see Build LLM-powered applications using LangChain.

Vertex AI Agent Builder

Vertex AI Search: Document chunking support for more search types (Public preview)

When document chunking is turned on for an unstructured data store, search summaries and search with follow-ups are supported in Public preview.

For information, see Chunk documents for RAG.

Vertex AI Search: Document ranking API (Public preview)

The ranking API takes a list of documents and reranks those documents based on how relevant the documents are to a query. This is a stateless API that does not require you to index documents in advance.

For more information, see Rank and rerank documents.

Vertex AI Search: Check grounding (Public preview)

The check grounding API is available as a Public preview feature.

The check grounding API determines how grounded a piece of text is in a given set of facts. Perfect grounding requires that every statement in the text can be attributed to one or more of the given facts. The API returns support scores and citations.

Additionally, as an experimental feature, the API also generates contradicting citations that show which facts contradict the text and how strongly.

For more information, see Check grounding and the check API.

Vertex AI Search: Answers with summaries and follow-ups (Public preview)

The answer API improves on the search with summary and search with follow-ups features. For example, it better handles complex queries, can do multi-step retrieval, and provides customization of answer styles.

The answer API is supported in Public preview.

For more information, see Get answers and follow-ups.

Vertex AI Search: FHIR data streaming ingestion (Private preview)

Select the import frequency for your healthcare FHIR data. You can either perform a one-time batch import or set up a streaming import. Streaming import is available as a Private preview feature.

For more information, see Create a healthcare search data store.

Vertex AI Search: Autocomplete support for healthcare search (Public preview)

Autocomplete is available as a Public preview feature for healthcare data search. The autocomplete configuration uses a canonical medical data source to generate autocomplete suggestions for healthcare data stores.

For more information, see Configure autocomplete.

Vertex AI Search: Connect Google Drive to Vertex AI Search (GA)

Syncing Google Drive data to Vertex AI Search is available in GA. For more information about creating a Google Drive data store, see Sync from Google Drive.

Vertex AI Search: Connect multiple search apps to the same data store (GA)

Connecting more than one generic search app to a single data store is supported in GA. With this capability, you can create multiple apps that search across the same data without having to ingest that data multiple times.

Vertex AI Search: Blended search (GA)

Blended search, where you can search across multiple data stores using a single search app, is available in GA. For more information about blended search, see About connecting multiple data stores.

Vertex AI Search: Connect Spanner, Cloud SQL, Firestore, and Bigtable to Vertex AI Search (Public preview)

Importing data from Spanner, Cloud SQL, Firestore, and Bigtable to Vertex AI Search is available in Public preview. For more information about creating a Google Drive data store, see Create a search data store.

Vertex AI Search: Media search (GA)

Vertex AI Search for media is Generally available (GA).

You can create media search apps on media data stores. You can connect the media search app to an existing media data store or create a new one. You can also use document metadata to filter search queries of your media content.

Vertex AI Search: Additional languages supported for media search

Vertex AI Search for media is supported in nine languages: Arabic, English, French, German, Hindi, Korean, Japanese, Portuguese, and Spanish.

For more information, see Languages.

Vertex AI Search: Search-as-you-type for media apps (GA)

The search-as-you-type feature is Generally available (GA) for media search apps.

Search results are returned after each character instead of after the full query is entered. Search-as-you-type is ideal for search apps with awkward input devices such as television remotes. You can enable search-as-you-type through the widget UI as well as through the API.

For more information, see Get search-as-you-type results for a media app.

April 08, 2024

AlloyDB for PostgreSQL

You can preview a simplified installation method for AlloyDB Omni. This lets you install and run AlloyDB Omni on your environment using portable open-source tools, such as the docker command-line interface.

AlloyDB Omni version 15.5.1 is now available. This version includes the following features and changes:

The following issue was fixed on April 12, 2024.

Some heavy workloads might cause AlloyDB Omni running in Kubernetes to run out of memory and crash.

To mitigate this issue, make sure that transparent huge pages are enabled on your Kubernetes nodes:

  1. Follow the instructions on Configuring Transparent Huge Pages.

  2. On every node that you enable transparent huge pages on, run the following command:

    echo within_size > /sys/kernel/mm/transparent_hugepage/shmem_enabled

BeyondCorp Enterprise

You can now enable Chrome Security Insights to monitor insider risk and data loss with enhanced monitoring for Chrome activity if you have Chrome Enterprise Core and Workspace Enterprise Standard or Workspace Enterprise Plus with assigned licenses. For more information, see Monitoring for insider risk and data loss.

BigQuery

BigQuery Studio is generally available (GA).

BigQuery Studio lets you save, share, and manage versions of code assets such as notebooks and saved queries.

BigQuery DataFrames is generally available (GA).

BigQuery DataFrames is a set of open source Python libraries that implements the pandas and scikit-learn APIs with server-side processing. To get started, you can try BigQuery DataFrames.

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.20.1 (2024-04-01)

Bug Fixes
  • Make pyarrow an optional dependency post-3.20.0 yanked release (#1879) (21714e1)

The BigQuery materialized view recommender analyzes your past query jobs to identify opportunities to apply materialized views to your queries for potential cost savings. You can view all available materialized view recommendations through the BigQuery UI or Recommender API. This feature is in preview.

Cloud Firewall

Cloud NGFW Enterprise, including the intrusion prevention service, is available in General Availability. Use intrusion prevention service to safeguard your workload traffic from threats such as malware, spyware, and command-and-control attacks.

Starting April 9, 2024, you will be charged for the Cloud NGFW Enterprise feature—intrusion prevention service. For more information about billing, see Cloud NGFW pricing.

Cloud Firewall in Google Cloud is now Cloud Next Generation Firewall (NGFW). For more information, see Cloud NGFW.

Cloud Load Balancing

Application Load Balancers now support Certificate Manager allowlisted certificates. For more information, see Mutual TLS authentication.

This capability is in General Availability.

Cloud NAT

Hybrid NAT is now available in Preview.

Cloud SQL for MySQL

Cloud SQL Enterprise Plus edition primary instances with high availability (HA) now require less than one second of downtime for planned maintenance.

Cloud SQL for PostgreSQL

Cloud SQL Enterprise Plus edition primary instances with high availability (HA) now require less than one second of downtime for planned maintenance.

Cloud Shell

Code Transformations for Gemini Code Assist are now available for Public Preview. You can now use an inline text box directly in your code file to do the following:

  • Generate comment lines to document your code.
  • Troubleshoot code with issues.
  • Improve code readability.
  • Make code more efficient.

You can also view context sources of a generated response in the Gemini: Chat pane.

For more information, see Code with Gemini Code Assist.

Cloud Workstations

Code Transformations for Gemini Code Assist are now available for Public Preview. You can now use an inline text box directly in your code file to do the following:

  • Generate comment lines to document your code.
  • Troubleshoot code with issues.
  • Improve code readability.
  • Make code more efficient.

You can also view context sources of a generated response in the Gemini: Chat pane.

For more information, see Code with Gemini Code Assist.

Compute Engine

Pricing change: On January 26, 2024, Red Hat announced a price model update on RHEL and RHEL for SAP for all Cloud providers that scales image subscription costs according to vCPU count. The new pricing model will be reflected on Compute Engine starting July 1, 2024.

For the pricing changes, see Premium images. To learn about your options to optimize subscription costs, see the Red Hat Enterprise Linux pricing FAQs.

On January 26, 2024, Red Hat announced a price model update on RHEL and RHEL for SAP for all Cloud providers that scales image subscription costs according to vCPU count. As a result, starting July 1, 2024, any active commitments for RHEL and RHEL for SAP licenses will be canceled and will not be charged for the remainder of the commitment's term duration.

Google Cloud has notified and will issue adjustments to affected customers.

Firestore

Firestore now supports the following additional locations:

  • africa-south1 Johannesburg
  • europe-north1 Finland
  • europe-southwest1 Madrid
  • europe-west10 Berlin
  • europe-west12 Turin
  • europe-west8 Milan
  • southamerica-west1 Santiago
  • us-central1 Iowa
  • us-east5 Columbus

For a full list of supported locations, see Locations.

Firestore in Datastore mode

Firestore in Datastore mode now supports the following additional locations:

  • africa-south1 Johannesburg
  • europe-north1 Finland
  • europe-southwest1 Madrid
  • europe-west10 Berlin
  • europe-west12 Turin
  • europe-west8 Milan
  • southamerica-west1 Santiago
  • us-central1 Iowa
  • us-east5 Columbus

For a full list of supported locations, see Locations.

Google Cloud Architecture Center

Deploy an enterprise developer platform on Google Cloud: Consolidated the eab-fleet-(env) project into the eab-gke-(env) project in each environment.

Google Distributed Cloud (software only) for Bare Metal

Release 1.28.400-gke.77

GKE on Bare Metal 1.28.400-gke.77 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.400-gke.77 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Functionality changes:

  • Updated preflight checks to add a check for networking kernel modules.
  • Updated preflight checks to remove the check for iptables package availability.

Fixes:

  • Fixed a cluster upgrade issue where the lifecycle-controller-deployer Pod was unable to migrate existing GKE on Bare Metal resources to the latest API version. This issue blocked upgrades to earlier version 1.28 releases.

Fixes:

The following container image security vulnerabilities have been fixed in 1.28.400-gke.77:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Release 1.16.7

GKE on Bare Metal 1.16.7 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.7 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Fixes:

  • Fixed an issue with configuring a proxy for your cluster that required you to manually set HTTPS_PROXY and NO_PROXY environment variables on the admin workstation.

The following container image security vulnerabilities have been fixed in 1.16.7:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Kubernetes Engine

(2024-R09) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • There are no new releases in the Stable release channel.

Regular channel

  • There are no new releases in the Regular release channel.

Rapid channel

(2024-R09) Version updates

(2024-R09) Version updates

  • There are no new releases in the Stable release channel.

(2024-R09) Version updates

  • There are no new releases in the Regular release channel.

(2024-R09) Version updates

Memorystore for Redis

Vector search capabilities are now Generally Available on Memorystore for Redis.

Pub/Sub

You can now ingest streaming data from Amazon Kinesis Data Streams into Pub/Sub by using an import topic. For more information about import topics, including required roles and permissions and how to create an import topic, see Create an import topic. The change is being rolled out in a phased manner over the rest of the week.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.128.0 (2024-04-03)

Features
  • Add custom datetime format for Cloud Storage subscriptions (#1970) (7113f06)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.38.2 (#1965) (ec3b386)
  • Update dependency com.google.cloud:google-cloud-storage to v2.36.1 (#1968) (524109c)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.26.1 (#1972) (53c1120)
Documentation

Python

Changes for google-cloud-pubsub

2.21.1 (2024-04-04)

Bug Fixes
  • Set timeout to infinite for publishing with ordering keys enabled (#1134) (67daf3c)
Spanner

You can now add a time to live (TTL)-based deletes filter to your Spanner change streams using the exclude_ttl_deletes option.

You can now add a table modification type filter to your Spanner change streams to exclude INSERT, UPDATE, or DELETE table modifications.

Spanner change streams now support a new value capture type called NEW_ROW_AND_OLD_VALUES. This new type captures all new values for both modified and unmodified columns, and old values for modified columns.

April 05, 2024

Advisory Notifications

Advisory Notifications for users using Google Cloud without an organization is now in General Availability. Advisory Notifications now lets users opt in to or out of optional notification types.

AlloyDB for PostgreSQL

The following extensions are added to the extensions supported by AlloyDB.

  • autoinc
  • insert_username
  • moddatetime
  • pg_background
  • pg_squeeze
  • tcn

The extension pgvector is updated to version 0.6.0.

BigQuery

You can now use BigLake to access Delta Lake tables. For more information, see Create Delta Lake BigLake tables. This feature is available in preview.

Cloud Billing

The Cloud Billing FinOps hub is now Generally Available

Use the FinOps hub to monitor and share your current savings, explore recommended opportunities to optimize costs, and plan your optimization goals. The FinOps hub dashboard generates recommendations based on historical usage, including recent usage and current commitments, and helps you gauge how well you're using Google Cloud tools to monitor and save costs.

Learn about using FinOps hub.

Cloud Database Migration Service

Database Migration Service now supports physical backup files created by using the Percona XtraBackup utility for homogeneous MySQL to Cloud SQL for MySQL migrations. For more information, see Migrate your databases by using a Percona XtraBackup physical file.

Cloud Storage

Custom constraints for Cloud Storage are now available. You can use custom constraints to enforce policies on Cloud Storage resources, such as a policy that enforces all buckets to have Object Versioning enabled.

Contact Center AI Insights

You can now use Quality AI as a preview feature within the Insights console to evaluate contact center conversations and agent performance more efficiently. See the Overview and Basics pages for more details.

Dataflow

The following Dataflow templates are generally available (GA):

Firestore

Support for Customer-managed encryption keys (CMEK). This feature is in Preview.

Firestore in Datastore mode

Support for Customer-managed encryption keys (CMEK). This feature is in Preview.

Google Cloud Architecture Center

(New guide) Use Google Cloud Armor, load balancing, and Cloud CDN to deploy programmable global front ends: Provides an architecture that uses a global front end incorporating Google Cloud best practices to help scale, secure, and accelerate the delivery of internet-facing applications.

Google Kubernetes Engine

GPU NVIDIA Multi-Process Service (MPS) is available in version 1.27.7-gke.1088000 and later, which allows multiple workloads to share a single NVIDIA GPU hardware accelerator with NVIDIA MPS.

Memorystore for Redis Cluster

Added support for new node types, including smaller and larger nodes. For more details, see Cluster and node specification.

Added support for AOF and RDB persistence (Preview). For more details, see Persistence overview.

Added support for instance configurations (Preview). For more details, see Supported instance configurations.

SAP on Google Cloud

SAP BTP edition of the ABAP SDK for Google Cloud

Version 1.0 of the SAP BTP edition of ABAP SDK for Google Cloud is generally available (GA). With the BTP edition of the SDK, developers can create innovative solutions using Google Cloud APIs in their SAP BTP, ABAP environment.

For more information, see: