Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

July 01, 2024

API Gateway

As of July 1, 2024, API gateways located in asia-east1 are decommissioned and will no longer serve traffic.

Between October 2021 and October 2022, customers with gateways located in asia-east1 were notified of the planned decommissioning and advised to delete or relocate any gateways in this region. A final reminder was sent in May, 2024.

As of July 1, 2024, any remaining gateways located in asia-east1 are fully decommissioned.

AlloyDB for PostgreSQL

The AlloyDB free trial clusters are now generally available (GA). These clusters let you test the majority of AlloyDB features for up to 30 days through a 8 vCPU basic primary instance along with an optional 8 vCPU read pool instance, and automatically scale storage up to 1TB.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.8.0 (2024-06-19)

Features

Java

Changes for google-cloud-bigquery

2.41.0 (2024-06-25)

Features
  • Add columnNameCharacterMap to LoadJobConfiguration (#3356) (2f3cbe3)
  • Add MetadataCacheMode to ExternalTableDefinition (#3351) (2814dc4)
Bug Fixes
  • Add clustering value to ListTables result (#3359) (5d52bc9)
Dependencies
  • Update actions/checkout action to v4.1.7 (#3349) (0857234)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240602-2.0.0 (#3273) (7b7e52b)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#3360) (4420996)
  • Update github/codeql-action action to v2.25.10 (#3348) (8b6feff)

Cloud console updates: You can now drag a tab in the details pane to open a new column and compare tabs. You can also drag the tab to a new position in the current or an adjacent column. This feature is in preview.

The following Analytics Hub features are now generally available:

  • Making exchanges and listings publicly discoverable.
  • Highlighting listings in the Featured section of the Analytics Hub catalog.
  • Generating unauthenticated URLs for public listings.

Data publishers can now share Pub/Sub topics and manage subscriptions in Analytics Hub. This feature is in preview.

Capacity Planner

Preview: Capacity Planner displays GPU usage and forecasts of the GPUs in your Google Cloud project or organization. This is useful to plan and optimize your GPU consumption.

For more information, see the following pages:

Cloud Interconnect

Partner Cross-Cloud Interconnect for Oracle Cloud Infrastructure is now generally available. It lets you connect any Google Cloud and OCI resources privately with no data transfer charges.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.19.0 (2024-06-26)

Features
  • logging: OpenTelemetry trace/span ID integration for Java logging library (#1596) (67db829)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#1649) (cb428d1)
Cloud Monitoring

You can now create private uptime checks that issue TCP requests. For more information, see Create private uptime checks.

Cloud Service Mesh

New fleets that provision managed Cloud Service Mesh in organizations that have existing fleets with the managed istiod control plane implementation will receive the Traffic Director control plane implementation by default.

If you received a Service Announcement, or requested an exception from your account team, then your organization's default control plane implementation for new fleets continues to be istiod.

Compute Engine

The issue related to creating larger (>90 vCPUs) C3D standard-lssd or highmem-lssd VM instances.

Container Optimized OS

cos-113-18244-85-49

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/dmidecode to v3.6.

Upgraded dev-embedded/libftdi to v1.5-r7.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded sys-apps/hwdata to v0.383.

Upgraded net-misc/curl to v8.8.0-r1.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded sys-apps/pv to v1.8.10.

Added tcp_rto_min_us sysctl.

Upgraded dev-lang/go to v1.21.11. This fixes CVE-2024-24790 and CVE-2024-24789.

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-36901 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812039 -> 812035

Fixed CVE-2024-6387 in net-misc/openssh.

cos-109-17800-218-69

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-36901 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812261 -> 812270

Fixed CVE-2024-6387 in net-misc/openssh.

cos-105-17412-370-67

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-38662 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812707 -> 812700

Fixed CVE-2024-6387 in net-misc/openssh.

cos-101-17162-463-55

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-38662 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000

Fixed CVE-2024-6387 in net-misc/openssh.

Dataflow

Dataflow batch jobs are now cancelled after ten days. Previously, they were cancelled after 30 days. See Quotas and limits.

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.8 (2024-06-26)

Bug Fixes
  • dataflow: Enable new auth lib (b95805f)
Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26923) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-039 security bulletin.

Google Distributed Cloud (software only) for bare metal

Release 1.16.10

Google Distributed Cloud for bare metal 1.16.10 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.10 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

The following container image security vulnerabilities have been fixed in 1.16.10:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Migrate to Virtual Machines

Generally available: Migrate to Virtual Machines lets you import a virtual disk image to a Compute Engine image. If you have virtual disk images with software and configurations that you need, you can save time by importing these virtual disk images to Compute Engine images, and use this image to create virtual machine instances or persistent disks.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.40.0 (2024-06-26)

Features
  • pubsub: Add client ID to initial streaming pull request (#10436) (a3d70ed)
  • pubsub: Add use_topic_schema for Cloud Storage Subscriptions (d6c543c)

Java

Changes for google-cloud-pubsub

1.131.0 (2024-06-25)

Features
  • Add use_topic_schema for Cloud Storage Subscriptions (#2082) (11d67d4)
Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.40.0 (#2087) (26b01c9)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#2088) (aebc3ed)

Public preview: Data publishers can now share Pub/Sub topics and manage subscriptions in Analytics Hub.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.2 (2024-06-26)

Bug Fixes
  • secretmanager: Enable new auth lib (b95805f)
Sensitive Data Protection

The BELARUS_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI Agent Builder

Vertex AI Search: Filter search results by relevance (Public preview)

Each document returned by a search query is given an estimated level of relevance to the query. When you make a query through an API call, you can set a relevance threshold.

Setting a high relevance threshold can greatly reduce the number of documents returned by a query. You can experiment with low, medium, and high thresholds to find the right level for your users.

Filter by relevance is available in Public preview.

For more information, see Filter searches by document-level relevance.

Vertex AI Search: Healthcare search using natural language query with generative AI answers (GA with allowlist)

Healthcare data search using natural language query with generative AI answer is Generally available to select Google customers (GA with allowlist).

For more information, see Search using natural language query with generative AI answer.

June 28, 2024

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26923

For more information, see the GCP-2024-039 security bulletin.

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26923

For more information, see the GCP-2024-039 security bulletin.

Apigee hybrid

hybrid v1.12.1

On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.12.1.

Bug ID Description
347798999 Fixed an issue preventing configuration of forward proxies for OpenTelemetry collector pods.
345501069 Fixed issue with Hybrid Guardrails resource configuration preventing the Guardails pod from starting.
341797795 Autofill the Hybrid Guardrails checkpoint value if a checkpoint is not provided.
340248314 Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways. The default value is 75.
324779388 Improved error handling for backup and restore.
311489774 Removed inclusion of Java in Cassandra client image..
310338146 Fixed invalid download directory output from the create-service-account tool.
300135626 Removed inclusion of Java in Cassandra Backup Utility image.
239523766 Remove "Unable to evaluate jsonVariable, returning null" logging string from ExtractVariables Policy
Bug ID Description
345791712 Security fix for fluent-bit.
This addresses the following vulnerability:
335910066 Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerability:
335909737 Security fixes for apigee-asm-ingress.
This addresses the following vulnerabilities:
335909397 Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
335908990 Security fixes for apigee-asm-istiod.
This addresses the following vulnerabilities:
335908985 Security fix for apigee-prometheus-adapter.
This addresses the following vulnerabilities: .
335908657 Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
335908139 Security fix for fluent-bit.
This addresses the following vulnerability:
332821083 Security fix for apigee-operators.
This addresses the following vulnerability:
317528509 Security fixes for apigee-synchronizer.
This addresses the following vulnerabilities:
308835165 Security fix for apigee-synchronizer.
This addresses the following vulnerability:
N/A Security fixes for apigee-asm-ingress.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-asm-istiod.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-stackdriver-prometheus-sidecar.
This addresses the following vulnerabilities:

hybrid 1.11.2-hotfix.1

On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.1.

Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.11.2, Apply this hotfix with the following steps:

  1. In your overrides file, update the ao.image url and tag: 

    ao:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-operators"
    tag: "1.11.2-hotfix.1"

  2. Install the hotfix release:

    • For Helm-managed releases, update the apigee-operator with the helm upgrade command and your current overrides files: 

      helm upgrade operator apigee-operator/ \
  --namespace apigee-system \
  --atomic \
  -f overrides.yaml

    • For apigeectl-managed releases, install the hotfix release with apigeectl init using your updated overrides files: 

      ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client

      Followed by:

      ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE
Bug ID Description
347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics.

hybrid 1.10.5-hotfix.1

On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.10.5-hotfix.1.

Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.10.5, Apply this hotfix with the following steps:

  1. In your overrides file, update the ao.image url and tag: 

    ao:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-operators"
    tag: "1.10.5-hotfix.1"

  2. Install the hotfix release with apigeectl init using your updated overrides files: 

    ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client

    Followed by:

    ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE
Bug ID Description
347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics.
Cloud Functions

Cloud Functions 1st gen and 2nd gen now support custom service accounts for Cloud Build at the General Availability release level.

Cloud Storage

You can now specify the Frankfurt, Germany (europe-west3) and Paris, France (europe-west9) regions when using regional endpoints.

Firestore

Scheduled backups are now available in GA.

Firestore in Datastore mode

Scheduled backups are now available in GA.

Generative AI on Vertex AI

The following models have been added to Model Garden:

For more information, see the Hugging Face model deployment in the console.

Launched Hex-LLM for high-efficiency large language model serving. This performant TPU serving solution is based on XLA and optimized kernels to achieve high throughput and low latency.

Hex-LLM uses several parallelism strategies for multiple TPU chips, quantizations, dynamic LoRA, and more. Hex-LLM supports the following dense and sparse LLMs:

  • Gemma 2B and 7B
  • Gemma 2 9B and 27B
  • Llama 2 7B, 13B and 70B
  • Llama 3 8B and 70B
  • Mistral 7B and Mixtral 8x7B
  • Updated Docker images in Llama 3 notebooks that are more efficient at tuning.
  • A notebook-based interactive workshop UI was added in Model Garden for image generative models such as stable-diffusion-xl-base, image inpainting, controlnet. You can find these models from the Open Notebook list.
  • Colab Notebooks for frequently used models in Model Garden have been revised with no-code or low-code implementations to improve accessibility and user experience.
Google Cloud Architecture Center

(New guide) Migrate from AWS to Google Cloud: Migrate from Amazon RDS for SQL Server to Cloud SQL for SQL Server: Describes how to design, implement, and validate a plan to migrate from Amazon Relational Database Service (RDS) to Cloud SQL for SQL Server.

Google Cloud Deploy

You can now set the logging level to debug, or the equivalent, for Skaffold, gcloud, and kubectl, using the verbose flag in each target's execution environment.

Google Distributed Cloud connected

This is a minor release of Google Distributed Cloud connected (version 1.7.0).

The following new functionality has been introduced in this release of Google Distributed Cloud connected:

  • Customer-sourced hardware. You now have the option to purchase the Google Distributed Cloud connected hardware from a Google-partnered System Integrator (SI) and retain full ownership instead of leasing it from Google. For more information, contact Google Support.

  • Refreshed machine hardware. The server machines comprising Google Distributed Cloud connected racks have been updated to a more powerful hardware configuration. For more information, contact Google Support.

  • Flexible rack configuration. You can now order a Google Distributed Cloud connected rack with 3, 6, 9, or 12 server machines. For more information, contact Google Support.

  • IPv4/IPv6 dual-stack networking. Google Distributed Cloud connected now supports IPv6 networking in addition to IPv4 networking. For more information, see IPv4/IPv6 dual-stack networking.

  • Pod image caching. Google Distributed Cloud connected now supports local caching of Pod images. For more information, see Configure a Pod for image caching.

  • Kafka support. Google Distributed Cloud now supports collecting workload metrics with Apache Kafka. For more information, see Logs and metrics.

  • Cluster connection state indication. You can now check whether a cluster is connected, disconnected, or reconnected and synchronizing with Google Cloud Platform. For more information, see Survivability mode.

  • Cluster maintenance exclusion windows. You can now specify one or more maintenance exclusion windows for a cluster. This prevents Google from performing maintenance or software upgrades on the cluster during the specified times. For more information, see Understand software updates and maintenance windows.

  • GDC Hardware Management API. You can now place orders for Google Distributed Cloud connected hardware programmatically using the GDC Hardware Management API. For more information, see Google Distributed Cloud connected CLI and API reference. This is a Preview-level feature.

The following changes to existing functionality have been introduced in this release of Google Distributed Cloud connected:

  • Worker node software upgrades are now staggered. Google Distributed Cloud connected now upgrades worker node software in stages instead of all at once. This allows your workloads to continue running on some nodes, while others are upgrading. You have the option to specify the number of worker nodes that can go down for a software upgrade simultaneously. For more information, see Software update staggering.

  • GPU support is now automatically enabled. You no longer have to modify the VMRuntime resource to enable GPU support on Google Distributed Cloud connected. GPU support is now automatically enabled if a GPU is detected on a Google Distributed Cloud connected machine.

  • Google Distributed Cloud connected component updates:

    • GKE on Bare Metal. This component has been updated from version 1.1.6.1 to version 1.28.500.
    • Kubernetes control plane. This component has been updated from version 1.27.9 to version 1.28.8.
    • Symcloud Storage. This component has been updated from version 5.4.6 to version 5.4.8.

The following functionality has been deprecated in this release of Google Distributed Cloud connected:

  • Cloud control plane cluster support. As of this release, Google Distributed Cloud connected no longer supports Cloud control plane clusters. Local control plane clusters are now the only supported cluster type.

  • Raw block storage for virtual machine workloads. As of this release, you can no longer provision virtual machine workloads with raw block storage. Symcloud Storage is now the only supported storage type for virtual machine workloads.

The following issues have been resolved in this release of Google Distributed Cloud connected:

  • Symcloud Storage volume clean-up now functions correctly. Single node failures, such as power loss or network disconnection, no longer cause rescheduling failures for virtual machines that use Symcloud Storage volumes. When a node fails, virtual machines are automatically rescheduled onto another node and then scheduled back onto the original node once that node returns to operation.

  • Virtual machines no longer enter a stuck state when node network connections are intermittent. Virtual machines no longer get stuck in container creation state when their network connections repeatedly disconnect and reconnect. When all three nodes in a Google Distributed Cloud connected server group regain network connectivity, the affected virtual machines are automatically rescheduled back onto their original nodes.

  • Virtual machine restore operations now complete successfully. Problems related to taking subsequent snapshots of virtual machines after the initial ones have been resolved. These problems caused virtual machine restore operations to fail.

  • Virtual machine heartbeat has been tuned to increase failover resilience. Occasionally, when a node failed, virtual machines on other nodes in the cluster would fail multiple successive heartbeats to the Kubernetes control plane that ran on the failed node. The heartbeat configuration has been tuned to mitigate this and increase failover resilience.

  • Intermittent SR-IOV device availability on large deployments has been resolved. SR-IOV devices are no longer intermittently unavailable on large, long-uptime deployments of Google Distributed Cloud connected after creating SR-IOV network node policies.

This release of Google Distributed Cloud connected contains the following known issues:

  • Refreshed Google Distributed Cloud connected hardware requires Google Distributed Cloud connected software version 1.7.0 or later. The refreshed Google Distributed Cloud connected hardware does not support versions of Google Distributed Cloud connected prior to release 1.7.0.

  • Virtual machine workloads might temporarily go down when upgrading Google Distributed Cloud connected software to release 1.7.0. The virtual machine workloads will go back up and be healthy once the Google Distributed Cloud software upgrade completes.

  • **Cluster upgrades to software release 1.7.0 might fail with an ABM upgrade timed out error. Under certain conditions, if the GKE token expires while a cluster upgrade is in progress, the upgrade fails with an ABM upgrade timed out error and a missing gkehub.memberships.update permission is recorded in the logs. If you encounter this issue, contact Google Support.

  • Storage operations hang when volume replicas are deleted from a cluster without removing the corresponding Symcloud Storage persistent volume intent. If you delete the volume replicas for a Symcloud Storage persistent volume but do not remove the corresponding intent, TCMU devices on the worker node hang, causing storage operations to stall indefinitely. This can affect both your workload data availability as well core system functionality of Google Distributed Cloud connected. To prevent this, you must always remove a Symcloud Storage persistent volume before deleting its associated volume replicas.

  • Virtual machines might not get scheduled onto nodes after their network has been partitioned. When you partition a network, some virtual machines using that network might not get scheduled back onto their node after the node reconnects to the network. To work around this issue, restart the affected virtual machines or contact Google Support.

  • Cluster deletion can fail due to stale Symcloud Storage data. When attempting to delete a cluster during disaster recovery or cluster reset, the deletion might fail due to the corresponding Symcloud Storage volumes not having been cleaned up. To remedy this issue, contact Google Support.

  • Virtual machine management can fail after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you might not be able to manage the virtual machines scheduled on the corresponding nodes after you power the machines back up, even though those virtual machine workloads continue to run. To remedy this issue, contact Google Support.

  • Nodes can get stuck in Ready,SchedulingDisabled state after applying configuration changes. Applying or deleting the NodeSystemConfigUpdate or SriovNetworkNodePolicy resources can result in a node that's stuck in the Ready, Scheduling Disabled state after it reboots. To resolve this issue, see Troubleshoot Google Distributed Cloud connected.

  • The Kubernetes API server might return 404 errors when attempting to access virt-api endpoints. To work around this issue, contact Google Support.

  • Changes required to VMRuntime resource before upgrading to Google Distributed Cloud connected version 1.7.0. To ensure your existing virtual machine workloads successfully upgrade to Google Distributed Cloud connected version 1.7.0, you must modify the VMRuntime resource before upgrading the cluster as described in Upgrade existing virtual machines to Google Distributed Cloud connected version 1.7.0.

Google Kubernetes Engine

Resource requests for anetd Pods have been increased from 200mil CPU and 110m memory to 205mil CPU and 230m memory. In some cases, if the CPU and memory budgets on the nodes are limited, GKE might evict workloads to facilitate anetd during control plane upgrades. This can occur if your clusters are being upgraded from earlier versions to one of the following versions:

  • 1.28.5-gke.1217000 and later
  • 1.29 and later
  • 1.30 and later

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26923

For more information, see the GCP-2024-039 security bulletin.

Google SecOps SOAR

Release 6.3.8 is now in General Availability.

Remote Agents Release 2.0.1 is now in General Availability. Note that the version number has changed from 2.0.0 to 2.0.1

Sensitive Data Protection

Terraform support

You can now use Terraform to create and manage scan configurations. Terraform management of discovery scan configurations is supported for BigQuery data, Cloud SQL data, and secrets in Cloud Functions environment variables. For a detailed reference document about Terraform resources, see data_loss_prevention_discovery_config in the Terraform documentation.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-spanner

6.68.0 (2024-05-27)

Features
  • Allow passing libraries_bom_version from env (#1967) (#3112) (7d5a52c)
  • Allow DML batches in transactions to execute analyzeUpdate (#3114) (dee7cda)
  • spanner: Add support for Proto Columns in Connection API (#3123) (7e7c814)
Bug Fixes
  • Allow getMetadata() calls before calling next() (#3111) (39902c3)
Dependencies
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#3117) (ddebbbb)

6.69.0 (2024-06-12)

Features
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#3159) (1ee19d1)

Python

Changes for google-cloud-spanner

3.47.0 (2024-05-22)

Features
Virtual Private Cloud

Bring your own IP does not support creating BYOIP addresses in Shared VPC service projects. This limitation is documented, but was previously not enforced. Enforcement has been added to prevent the creation of BYOIP addresses in service projects. If you're using bring your own IP with Shared VPC, use the project architecture described in BYOIP addresses administration with Shared VPC.

June 27, 2024

Anthos Config Management

Reverted an undocumented change to a metric name. The Cloud Monitoring metric current_declared_resources (introduced in version 1.16.1) has been renamed to its original name, declared_resources. For reference see Monitor Config Sync with Cloud Monitoring.

Upgraded the Open Telemetry image from v0.99.0 to v0.102.0 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.

Resolved an issue that prevented the declared_resources metric from decrementing when an object became unmanaged by Config Sync.

Apigee Advanced API Security

On June 27, 2024 we released a new version of Advanced API Security

Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You might not be able to use the functionality until the rollout is complete.

Preview release of generative AI incident report summaries

This release introduces the preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents. The new generative AI features are available for all Advanced API Security-enabled projects and do not require the Gemini Code Assist add-on.

For usage information, see the Abuse Detection customer documentation.

Apigee X

On June 27, 2024, we released an updated version of Apigee.

Apigee is now available in new regions:

  • Europe - Berlin (europe-west10)
  • Africa - Johannesburg (africa-south1)

See Apigee locations for more information about available regions.

Backup for GKE

Backup for GKE now supports creating a backup plan when creating a cluster.

BigQuery

You can now use tags on BigQuery tables to conditionally grant or deny access with Identity and Access Management (IAM) policies. This feature is generally available (GA). You can also attach tags to BigQuery datasets during dataset creation to conditionally grant or deny access with IAM policies.

Cloud Functions

To simplify searches and improve your documentation experience, we have split the 1st generation and 2nd generation documentation into separate documentation sets.

Cloud Run

The following IAM roles are now available in preview:

Cloud Service Mesh

1.21.4-asm.0 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for a security vulnerability where the Datadog tracer does not handle trace headers with unicode characters. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.4-asm.0 uses Envoy v1.29.6.

Dialogflow

Dialogflow ES: As of May 27 2024, Twilio no longer supports integrations with Dialogflow ES. For more details and information about migrating to Dialogflow CX, see the Twilio documentation.

Dialogflow CX: The gemini-1.5-flash generative model is now available for the generators feature.

Generative AI on Vertex AI

Context caching is available for Gemini 1.5 Pro. Use context caching to reduce the cost of requests that contain repeat content with high input token counts. For more information, see Context caching overview.

Google Cloud Armor

Cloud Armor supports IP address groups in Preview.

Google Cloud Deploy

Cloud Deploy now supports deploying using a proxy for Google Kubernetes Engine targets. Learn more.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.200-gke.242 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.200-gke.242 runs on Kubernetes v1.29.5-gke.800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following issues are fixed in 1.29.200-gke.242:

  • Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes.
  • Fixed the known issue where the Binary Authorization webook blocked the CNI plugin, which caused user cluster creation to stall.
  • Fixed the known issue that caused the Connect Agent to lose connection to Google Cloud after a non-HA to HA admin cluster migration.
  • Fixed the known issue that caused an admin cluster upgrade to fail for clusters created on versions 1.10 or earlier.
  • Added back the CNI binaries to the OS image so that multiple network interfaces with standard CNI will work (see this known issue).

The following vulnerabilities are fixed in 1.29.200-gke.242:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.29.200-gke.243

Google Distributed Cloud for bare metal 1.29.200-gke.243 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.200-gke.243 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated registry mirror support to allow you to specify a port for host addresses.

  • Updated the networking preflight check to verify that either the ip_tables or the nf_tables kernel module is available for loading, instead of being explicitly loaded.

Fixes:

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

  • Fixed an issue where service accounts created by using the --create-service-accounts flag with the bmctl create config command don't have enough permissions.

The following container image security vulnerabilities have been fixed in 1.29.200-gke.243

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26924

For more information, see the GCP-2024-038 security bulletin.

Google SecOps SOAR

Release 6.3.9 is currently in Preview.

Case List preferences are now saved permanently per user. This includes column selection, order of columns, and sorting within columns.

Environment table column width display issue when using dynamic parameters with many characters (ID #51611835)

Editing or saving any step in the playbook resets the view to zoom out (ID #00162859, #48257046)

Network Connectivity Center

Route exchange with VPC spokes is now available in public preview.

This feature lets you lets you connect VPC spokes and hybrid spokes, such as Cloud Interconnect VLAN attachments, HA VPN tunnels, and Router appliance VMs on the same hub.

SAP on Google Cloud

New SAP certification: 16 TB X4 bare metal machine type

The Compute Engine memory-optimized bare metal machine type x4-megamem-960-metal is generally available (GA) and certified by SAP for use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads.

For more information, see:

Google Cloud's Agent for SAP version 3.4

Version 3.4 of Google Cloud's Agent for SAP is generally available (GA). This version introduces a workload performance diagnostic tool, and enhancements to the Backint and disk snapshot features.

For more information, see What's new with Google Cloud's Agent for SAP.

Sensitive Data Protection

The INDIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

If you set InfoType.version to latest when including the PHONE_NUMBER infoType in your InspectConfig, Sensitive Data Protection will now include US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results.

You can still use the old functionality by setting InfoType.version to stable or leaving it unset when using the PHONE_NUMBER infoType. In 30 days, the new functionality will be promoted to stable.

VPC Service Controls

VPC Service Controls feature: Support for using an internal IP address to allow access to protected resources is generally available.

For more information, see Allow access to protected resources from an internal IP address. Make sure that you read the updated Limitations section before using this feature.

Vertex AI Agent Builder

Vertex AI Search: Connect BigQuery datasets to Vertex AI Search (Public preview)

You can create Vertex AI Search data stores that periodically sync with data in BigQuery datasets. You can choose how often you want to update your data stores: every day, every 3 days, or every 5 days.

Synchronizing BigQuery data to Vertex AI Search is available in Public preview.

For more information, see Import from BigQuery.

June 26, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26924

For more information, see the GCP-2024-038 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26924

For more information, see the GCP-2024-038 security bulletin.

Apigee X

On June 26, 2024, we released an updated version of Apigee (1-12-0-apigee-7).

Bug ID Description
N/A Upgraded infrastructure and libraries.

These issues were fixed in 1-12-0-apigee-4-hotfix and are included in this release:

Bug ID Description
337876238, 330314128, 333762214 Resolved issues resulting in an increase in 404/503 responses.

Upgraded storage for the Apigee router to the latest version to resolve 404 responses.

Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any 5xx responses.
335832119 Fixed 404 errors caused during Apigee instance update/rollback.
255772956 Turned off asynchronous services callout when the <Response> element is not present due to inconsistent scaling of runtime pods.
338717278 Reverted problematic commit to address thread pool exhaustion.
App Hub

App Hub support is available in the asia-east2 (Hong Kong) and europe-west3 (Frankfurt, Germany) regions.

Cloud Logging

You can now analyze your billable log volume when using Log Analytics. This feature is in Public Preview. For more information, see Analyze log volume with Log Analytics.

Cloud Monitoring

You can now configure your dashboards to show disruptions in Google Cloud Services. This feature is GA. For more information, see the following pages:

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.67
  • 1.2.11
  • 2.0.75
  • 2.2.11

Dataproc Serverless for Spark: To fix compatibility with open table formats (Apache Iceberg, Apache Hudi and Delta Lake), the ANTLR version downgraded from 4.13.1 to 4.9.3 in Dataproc Serverless for Spark runtime versions 1.2 and 2.2.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26924) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-038 security bulletin.

Google Kubernetes Engine

(2024-R21) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.13-gke.1070000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062004
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069000 with this release.

Regular channel

Rapid channel

  • Version 1.30.1-gke.1329000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1436000
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1093000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1141000
    • 1.29.5-gke.1121000
    • 1.29.5-gke.1192000
    • 1.30.1-gke.1156000
    • 1.30.1-gke.1500000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329000 with this release.

(2024-R21) Version updates

  • Version 1.30.1-gke.1329000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1436000
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1093000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1141000
    • 1.29.5-gke.1121000
    • 1.29.5-gke.1192000
    • 1.30.1-gke.1156000
    • 1.30.1-gke.1500000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329000 with this release.

(2024-R21) Version updates

(2024-R21) Version updates

  • Version 1.27.13-gke.1070000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062004
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069000 with this release.

(2024-R21) Version updates

Google SecOps

You can use the BindPlane agent to collect Windows event logs, query SQL databases, read logs from files, and receive logs using syslog. The agent sends data directly to the Google Security Operations ingestion API or to a Google SecOps forwarder. For more information, see Use the BindPlane agent.

Google SecOps SIEM

You can use the BindPlane agent to collect Windows event logs, query SQL databases, read logs from files, and receive logs using syslog. The agent sends data directly to the Google Security Operations ingestion API or to a Google SecOps forwarder. For more information, see Use the BindPlane agent.

June 25, 2024

AlloyDB for PostgreSQL

AlloyDB Omni version 15.5.4 is generally available (GA). This version includes the following features and changes:

  • The simplified installation method for AlloyDB Omni is now generally available (GA). You can install and manage your AlloyDB Omni installation using common container-management tools such as Docker. For information on upgrading an existing AlloyDB Omni installation, see Migrate from an earlier version of AlloyDB Omni to the latest version.
  • AlloyDB Omni supports the Podman container tool on Red Hat Enterprise Linux (RHEL).
  • Support for Arm-based architectures is now available in Preview.
  • Various bug fixes and performance improvements.
BigQuery

You can now use the BigQuery JupyterLab plugin to explore your data, use BigQuery DataFrames in a Jupyter notebook, and deploy a BigQuery DataFrames notebook to Cloud Composer. This feature is in preview.

Cloud Build

Cloud Build support for Supply-chain Levels for Software Artifacts (SLSA) version 1.0 compliant provenance is now generally available to help you safeguard your automated build pipelines.

Build provenance is verifiable metadata that you can use to audit builds. Cloud Build can generate provenance aligned with the SLSA v1.0 spec when you use the option requestedVerifyOption with triggered builds.

Learn how to use build provenance in Cloud Build.

Cloud Composer

Cloud Composer is now available in Johannesburg (africa-south1).

Cloud Logging

Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). For more information, see Operating systems.

Cloud Monitoring

Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). For more information, see Operating systems.

Config Controller

Config Controller is now supported in regions europe-west8, us-central2 and us-east7.

Config Controller now uses the following versions of its included products:

Generative AI on Vertex AI

Controlled generation is available on Gemini 1.5 Pro and supports the JSON schema. For more information, see Control generated output.

Google Cloud Armor

Cloud Armor support for Layer 7 filtering in globally scoped edge security policies for Media CDN is now Generally Available.

Media CDN

Globally scoped Cloud Armor edge security policies for Layer 7 filtering are now Generally Available. For an example, see Example: Deny requests for cached content with specific headers.

NetApp Volumes

NetApp Volumes now supports committed use discounts (CUDs). For more information, see NetApp Volumes committed use discounts.

Security Command Center

Introducing the Security Command Center Risk Engine

Security Command Center introduces Risk Engine as the name of the functionality that provides attack path simulations, attack exposure scores, attack path visualizations, and toxic combination findings.

For more information, see Assess risk with Risk Engine.

Toxic combination findings release to Preview

In the Enterprise tier of Security Command Center, the Risk Engine generates a finding when it detects a toxic combination during attack path simulations. A toxic combination is a group of security issues that, when they occur together in a particular pattern, create a path to one or more of your high-value resources.

The toxic combinations features introduces a new finding class, Toxic combination, and adds new fields in the Finding object to hold information about toxic combinations.

For more information, see Overview of toxic combinations.

UPDATE: The Preview release of the toxic combination feature is being rolled out to customers in stages. You might not receive toxic combination findings or see the new features in the Security Operations console for up to two weeks.

The release note for the toxic combination feature published on June 25, 2024 was updated to explain the staged release of the feature.

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date, June 25, 2024, introduces new widgets, new playbooks, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, June 2024.

June 24, 2024

Access Approval

Access Approval supports Apigee in the GA stage.

Access Transparency

Access Transparency supports Apigee in the GA stage.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.25.0 (2024-06-17)

Features
  • Add prefer_bqstorage_client option for Connection (#1945) (bfdeb3f)
  • Support load job option ColumnNameCharacterMap (#1952) (7e522ee)
Bug Fixes
  • Do not overwrite page_size with max_results when start_index is set (#1956) (7d0fcee)
Certificate Authority Service

Certificate Authority Service is now available in the following region:

  • africa-south1

For more information, see Certificate Authority Service locations.

Cloud Billing

Avoid getting charged for idle Compute Engine reservations in the FinOps hub

You can now get recommendations to modify or delete your idle, on-demand reservations for Compute Engine resources when you haven't consumed any resources for at least 7 days.

Learn about idle reservation recommendations.

Cloud Functions

Cloud Functions (2nd gen) now supports fully automatic security updates. For details, see the document Execution environment security.

Cloud Logging

Gauges and scorecards are now available to visualize the results of your SQL queries. For more information, see Chart query results with Log Analytics.

Cloud Monitoring

You can now configure your dashboards to show when incidents were opened. For more information, see Alert events.

Cloud SQL for MySQL

You can now upgrade the network architecture of Cloud SQL for MySQL instances that store transaction logs used for point-in-time recovery (PITR) in Cloud Storage. The previous limitation on upgrade of such instances is removed. To check where your MySQL instance stores its PITR logs, see Check the storage location of transaction logs used for PITR.

For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.

Container Optimized OS

cos-dev-117-18514-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.34 v24.0.9 v2.0.0rc2 v535.183.01(default),v550.90.07(latest)

Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".

Updated R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.

Updated R535, default driver to v535.183.01.This fixes CVE‑2024‑0090 and CVE‑2024‑0092.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_backlog_ack_defer: 1
  • Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
  • Changed: fs.fanotify.max_user_marks: 67560 -> 67544
  • Changed: fs.file-max: 811880 -> 811785
  • Changed: fs.inotify.max_user_watches: 63441 -> 63425
  • Changed: kernel.threads-max: 63503 -> 63487
  • Changed: net.core.optmem_max: 20480 -> 131072
  • Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
  • Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
  • Changed: user.max_cgroup_namespaces: 31751 -> 31743
  • Changed: user.max_fanotify_marks: 67560 -> 67544
  • Changed: user.max_inotify_watches: 63441 -> 63425
  • Changed: user.max_ipc_namespaces: 31751 -> 31743
  • Changed: user.max_mnt_namespaces: 31751 -> 31743
  • Changed: user.max_net_namespaces: 31751 -> 31743
  • Changed: user.max_pid_namespaces: 31751 -> 31743
  • Changed: user.max_time_namespaces: 31751 -> 31743
  • Changed: user.max_user_namespaces: 31751 -> 31743
  • Changed: user.max_uts_namespaces: 31751 -> 31743
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0

cos-105-17412-370-61

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-26584 in the Linux kernel.

Fixed CVE-2024-26583 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812704 -> 812707

Fixed a crash in the Linux kernel.

cos-113-18244-85-39

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Added support for TPU v6 devices.

Runtime sysctl changes:

  • Changed: fs.file-max: 812036 -> 812039

Fixed a crash in the Linux kernel.

cos-109-17800-218-62

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812261

Fixed a crash in the Linux kernel.

cos-101-17162-463-51

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Fixed upload throughput in gVisor container in gVNIC.

Fixed a crash in the Linux kernel.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.107-debian10, 2.0.107-rocky8, 2.0.107-ubuntu18
  • 2.1.55-debian11, 2.1.55-rocky8, 2.1.55-ubuntu20, 2.1.55-ubuntu20-arm
  • 2.2.21-debian12, 2.2.21-rocky9, 2.2.21-ubuntu22
Google SecOps

You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. For more information about onboarding, see Onboarding or migrating a Google Security Operations instance.

During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features. For more information, see Link Google SecOps to Google Cloud services.

Google SecOps SIEM

You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. For more information about onboarding, see Onboarding or migrating a Google Security Operations instance.

During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features. For more information, see Link Google SecOps to Google Cloud services.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.39.0 (2024-06-18)

Features
  • pubsub/pstest: Add support to register other servers into grpc.Server (#9722) (db8216e)
  • pubsub: Add service_account_email for export subscriptions (92dc381)
  • pubsub: Batch receipt modacks (#10234) (4c2cd10)
  • pubsub: Make lease management RPCs concurrent (#10238) (426a8c2)
Bug Fixes

Python

Changes for google-cloud-pubsub

2.21.5 (2024-06-20)

Bug Fixes

2.21.4 (2024-06-18)

Documentation
  • samples: Add code sample for optimistic subscribe (#1182) (d8e8aa5)
Sensitive Data Protection

The RELIGIOUS_TERM infoType detector is available in Preview in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

A new detection model is available for the ORGANIZATION_NAME infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version to latest when including the ORGANIZATION_NAME infoType in your InspectConfig.

You can still use the old model by setting InfoType.version to stable or leaving it unset when using the ORGANIZATION_NAME infoType. In 30 days, the new model will be promoted to stable.

Vertex AI Agent Builder

Vertex AI Search: Check ingested data quality for media recommendations (Public preview)

You can check the quality of your ingested data for media recommendations.

By running the Public preview requirements:checkRequirement method, you find out if your data store meets the minimum quality requirements for your recommendations app. If your data doesn't meet the minimum threshold for the key metrics for your model and objective, you receive a warning about the issues. Address the issues and rerun the check.

For more information, see Check data quality for media recommendations.

June 21, 2024

Cloud SQL for PostgreSQL

You can now use the in-place major version upgrade feature to upgrade your Cloud SQL for PostgreSQL instance to PostgreSQL 16.

Dataflow

Dataflow SQL is deprecated. As of July 31, 2024, you can't access Dataflow SQL in the Google Cloud console. As of January 31, 2025, you can't use Dataflow SQL in the Google Cloud CLI. As a replacement, use Beam SQL.

Dataform

The 3.0.0 version of the open-source Dataform framework is available.

The workflow_settings.yaml file, which was introduced in Dataform Core 3.0.0-beta.0, replaces dataform.json.

You can specify the Dataform Core version directly in the workflow_settings.yaml file, which removes the need for package.json for most repositories. To have package dependencies other than @dataform/core, the package.json file is still required.

No immediate action to convert existing Dataform code is required. You can continue to use dataform.json and package.json in existing repositories.

You can convert your dataform.json file into workflow_settings.yaml by following the instructions in the 3.0.0 GitHub release.

New repositories use workflow_settings.yaml by default. You can replace the workflow_settings.yaml file with dataform.json to continue using the JSON format. If you remove workflow_settings.yaml, you need to add a package.json file to your repository to install @dataform/core.

For more information, see the 3.0.0 release on GitHub.

Dataproc

Dataproc Serverless for Spark: To fix compatibility with open table formats (Apache Iceberg, Apache Hudi and Delta Lake), the ANTLR version will be downgraded from 4.13.1 to 4.9.3 in Dataproc Serverless for Spark runtime versions 1.2 and 2.2 on June 26, 2024.

Datastream

Datastream now supports the change tables CDC method for SQL Server sources. For more information, see the Source SQL Server database page.

Deep Learning Containers

M122 release

  • TensorFlow 2.16 container images are now available.
  • PyTorch Inference 2.2 GPU container images are now available.
  • PyTorch Inference 2.2 CPU container images are now available.
Deep Learning VM Images

M122 release

  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.
Google SecOps SOAR

Release 6.3.7 is now in General Availability.

Sensitive Data Protection

The discovery service of Sensitive Data Protection now supports Cloud Storage. You can run discovery at the organization, folder, or project level to generate data profiles of your Cloud Storage buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.

To get started on profiling Cloud Storage data, see the following:

For more information about sensitive data discovery, see Data profiles.

Vertex AI Agent Builder

Vertex AI Search: Answers with summaries and follow-ups (GA)

The answer API improves on the search with summary and search with follow-ups features. For example, it better handles complex queries and provides customization of answer styles.

The answer API is Generally available (GA). However, the multi-step retrieval functionality remains in Public preview.

For more information, see Get answers and follow-ups.

Vertex AI Search: The answer method can skip irrelevant answers

The answer method can be set to generate an answer only if at least one of the results is deemed relevant.

If you choose to ignore low relevant content and if all the results are deemed irrelevant or almost irrelevant, then the answer method doesn't generate an answer. Instead, a fallback message replaces the answer.

For more information, see Show only relevant answers.

Vertex AI Search: Add structured data for advanced website indexing (Public preview)

If advanced website indexing is enabled in your data store, you can use structured data, such as schema.org data, to enrich your indexing.

For more information, see Use structured data for advanced site indexing.

Vertex AI Search: Generate grounded answers (GA with allowlist)

You can add system instructions as preambles to your prompts. System instructions govern the behavior of the model and modify the output accordingly. For example, you can add a persona to the generated answer or instruct the model to format the output text a certain way.

For more information, see Generate grounded answers.

Vertex AI Search: The generated answer message doesn't contain the name field for synchronous and sessionless queries

The name field is only included in the answer response for session queries and for asynchronous queries. These are stateful and context-aware queries.

If a query is a synchronous and stateless query, the name field is no longer included in the generated answer message.

For more information about the answer method, see Get answers and follow-ups.

Vertex AI Search: Choose when to enable autocomplete

You can choose to enable autocomplete as soon as possible instead of waiting a couple of days for sufficiently good autocomplete data. If you choose to make autocomplete available sooner, at first, you won't get suggestions for all queries and some suggestions might be of poor quality.

For more information, see Enable autocomplete in Update autocomplete settings.

Vertex AI Workbench

M122 release

The M122 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.

M122 release

The M122 release of Vertex AI Workbench instances includes the following:

  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.

June 20, 2024

Apigee X

On June 20, 2024, we released an updated version of Apigee.

This release includes a change in the user experience of selecting a physical location for control plane hosting when provisioning a Subscription or Pay-as-you-go Apigee organization with data regionalization enabled.

The new provisioning experience provides the opportunity to select a control plane hosting jurisdiction that refers to a location within a geopolitical boundary that may span more than one region. For more information, see Select an Apigee API control plane hosting jurisdiction.

Assured Workloads

During the Regional Controls Public Preview, the ComplianceRegime enum value has changed from FREE_REGIONS to REGIONAL_CONTROLS. When using the REST API, Terraform, or gcloud, ensure that you use the new REGIONAL_CONTROLS value. This change does not impact existing Assured Workloads folders that were created using the old value. However, areas with potential impact include the following:

Cloud Composer

​​We are thrilled to announce the Public Preview launch of the new generation of Cloud Composer, Cloud Composer 3. The new version is now publicly available in all regions supported by Cloud Composer. It comes with a number of new features and characteristics:

  • All infrastructure hidden in a tenant project
  • Evergreen versioning
  • Simplified networking configuration
  • Improved performance
  • More reliable DAG parsing and scheduling as DAG Processor and Schedulers are now separate components
  • 10 times bigger storage for Airflow workers

As well as most functionalities already known from the previous Composer versions. To see the list of features already supported by Composer 3, see Comparison of Cloud Composer versions.

(Airflow 2.7.3) New operators for executing jobs in Google Kubernetes Engine and Kubernetes are available. For example, you can use these operators with Kueue.

Operators for Google Kubernetes Engine:

  • GKEStartJobOperator
  • GKEStartKueueInsideClusterOperator
  • GKEDescribeJobOperator
  • GKEListJobsOperator
  • GKECreateCustomResourceOperator
  • GKEDeleteCustomResourceOperator
  • GKEStartKueueJobOperator
  • GKEDeleteJobOperator
  • GKESuspendJobOperator
  • GKEResumeJobOperator

Operators for Kubernetes:

  • KubernetesJobOperator
  • KubernetesPatchJobOperator
  • KubernetesDeleteJobOperator

(Airflow 2.7.3) The apache-airflow-providers-google package was upgraded to version 10.18.0. For more information about changes, see the apache-airflow-providers-google changelog from version 10.17.0 to version 10.18.0.

(Airflow 2.7.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.3.1.

(Airflow 2.7.3) The apache-beam package was upgraded to version 2.56.0.

A new Airflow build is available in Cloud Composer 3:

  • composer-3-airflow-2.7.3-build.6

Cloud Composer 2.8.3 images are available:

  • composer-2.8.3-airflow-2.7.3 (default)
  • composer-2.8.3-airflow-2.6.3

Cloud Composer versions 2.3.2, 2.3.1, and 2.3.0 have reached their end of full support period.

Cloud Composer 2.8.3 is a version with an extended upgrade timeline.

Cloud Data Fusion

The Oracle sink plugin version 1.10.7 is available in Cloud Data Fusion version 6.9. The release fixes an issue in the Oracle sink causing null values to be assigned to fields in the input schema that have lowercase letters in the field name (PLUGIN-1793).

Cloud Domains

You can migrate your Google Domains DNS settings and export your domain and email forwarding configurations if you use Google Domains as your DNS provider. For more information, see Migrate Google Domains DNS settings.

Cloud SQL for MySQL

You can now use the gcloud sql instances describe command or the SQL Admin API to retrieve a list of database versions that are available to your MySQL instance for upgrade. For more information, see Plan a major version upgrade and Upgrade the database minor version.

Cloud SQL for PostgreSQL

You can now use the gcloud sql instances describe command or the SQL Admin API to retrieve a list of database versions that are available to your PostgreSQL instance for upgrade. For more information, see Plan a major version upgrade.

Cloud SQL for SQL Server

You can now use the gcloud sql instances describe command or the SQL Admin API to retrieve a list of database versions that are available to your SQL Server instance for upgrade. For more information, see Plan a major version upgrade.

Dataproc

Dataproc Serverless for Spark: Spark runtime version 2.2 will become the default Dataproc Serverless for Spark runtime version on August 1, 2024.

New Dataproc Serverless for Spark runtime versions:

  • 1.1.66
  • 1.2.10
  • 2.0.74
  • 2.2.10
Generative AI on Vertex AI

The Anthropic Claude Sonnet 3.5 is Generally Available. To learn more, view the Claude Sonnet 3.5 model card in Model Garden.

Google SecOps SOAR

Release 6.3.8 is currently in Preview.

When running an imported playbook with an assigned user that doesn't exist, the playbook stops working when it gets to manual actions. (ID #00290960)

Entity properties not showing in the platform if the key name contains the time string (ID #51599403)

Network Connectivity Center

Include export filters is now available in public preview.

This feature lets you limit connectivity by specifying a list of permitted CIDR ranges, thereby blocking all but the permitted IP address ranges.

Spanner

Named schemas is now generally available. With named schemas, you can group database objects in a namespace to avoid naming conflicts and collectively manage their FGAC permissions, see Named schemas.

June 19, 2024

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud VPN

Cloud VPN lets you connect two VPC networks in different regions by using HA VPN gateways.

For more information, see HA VPN topologies.

Datastream

Datastream now supports the append-only write mode when ingesting data to BigQuery. For more information, see Configure write mode.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.6.0-beta01 is now available for Android.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.

June 18, 2024

App Engine flexible environment Ruby

Ruby 3.3 is now available in preview.

App Engine standard environment Ruby

Ruby 3.3 is now available in preview.

BigQuery

Additional collation support for the NULLIF conditional expression has been added. The NULLIF conditional expression is now affected by collation and can be used in collation-supported comparisons with the STRUCT data type. This feature is generally available (GA).

Cloud Functions

Cloud Functions has added support for a new runtime, Ruby 3.3, at the Preview release level.

You can now enable execution ID in the logs for 2nd gen Python functions that use functions-framework >= 3.7.0 and 2nd gen Node.js functions that use functions-framework >= 3.4.0 by setting the runtime environment variable LOG_EXECUTION_ID to true.

Cloud Storage

Hierarchical namespace for Cloud Storage buckets is now available in Preview. With hierarchical namespace, you can store your data in a logical file system structure.

Renaming a folder in a bucket with hierarchical namespace enabled using command line is not supported.

Cloud Storage FUSE now offers list caching, which is a cache for directory and file list, or ls, responses that improves list operation speeds. To learn more about list caching and how to enable it, see the Cloud Storage FUSE caching overview page.

Compute Engine

Preemptible allocation quotas also apply to some temporary GPU VMs. This behavior can help you improve quota obtainability for temporary GPU VMs while maintaining the benefits of uninterrupted run time of the standard provisioning model. For more information, see GPU VMs and preemptible allocation quotas.

The issue related to creating C2 sole tenant nodes with more than 60 CPUs.

Confidential VM

Support for AMD SEV-SNP on Confidential VM instances is now generally available. AMD SEV-SNP is supported on N2D machine types with AMD EPYC Milan CPU platforms.

Config Connector

Config Connector version 1.119.0 is now available.

Added options to customize resource reconciliation for ConfigConnector

  • Added a new ControllerReconciler CRD (v1alpha1). See example.
  • This feature lets you customize the client-side kube-apiserver request rate limit.

The Direct Controller is now the default reconciler

  • Initialize the Direct Controller registration
  • Set the default reconciler to Direct Controller if the ConfigConnector CRD does not have cnrm.cloud.google.com/tf2crd: "true" or cnrm.cloud.google.com/dcl2crd: "true" label.

Added CloudBuildWorkerPool (v1alpha1) resource for service cloudbuild

Added MonitoringDashboard (v1beta1) resource for service monitoring

Added ComputeServiceAttachment (v1beta1) resource for service compute

  • Added ComputeServiceAttachment as dependency of ComputeForwardingRule through spec.target.serviceAttachmentRef.

Added three output-only fields for ContainerCluster

  • Added status.observedState.masterAuth.clusterCaCertificate
  • Added status.observedState.privateClusterConfig.privateEndpoint
  • Added status.observedState.privateClusterConfig.publicEndpoint
Container Optimized OS

cos-dev-117-18508-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.33 v24.0.9 v2.0.0rc2 v535.161.08(default),v550.54.15(latest)

Upgraded containerd to 2.0.0-rc.2

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-admin/google-guest-agent to v20240528.00.

Upgraded app-containers/cni-plugins to v1.5.0.

Upgraded app-admin/google-guest-configs to v20240514.00.

Updated cos-gpu-installer to v2.3.1. This switches the default location of GPU drivers sourced from gs://nvidia-drivers-{region}-public to gs://cos-nvidia-gpu-drivers.

Upgraded app-admin/google-osconfig-agent to v20240501.00.

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/sosreport to v4.7.1.

Upgraded app-admin/node-problem-detector to v0.8.18.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2430.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2784.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r627.

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.

Upgraded chromeos-base/minijail to v18-r141.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2928.

Upgraded chromeos-base/debugd-client to v0.0.1-r2693.

Upgraded sys-apps/rootdev to v0.0.1-r50.

Upgraded chromeos-base/shill-client to v0.0.1-r4515.

Upgraded dev-util/puffin to v1.0.0-r451.

Upgraded net-dns/c-ares to v1.29.0.

Upgraded dev-libs/double-conversion to v3.3.0.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded sys-process/procps to v4.0.4-r1.

Upgraded dev-libs/nss to v3.100.

Upgraded sys-fs/e2fsprogs to v1.47.0-r3.

Upgraded sys-libs/libcap to v2.70.

Upgraded dev-python/jinja to v3.1.4.

Upgraded sys-apps/pv to v1.8.9.

Upgraded net-libs/gnutls to v3.8.5-r1.

Upgraded sys-apps/hwdata to v0.382.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded sys-apps/less to v643-r2.

Upgraded sys-apps/acl to v2.3.2-r1.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded net-misc/curl to v8.8.0.

Upgraded net-libs/libtirpc to v1.3.4-r2.

Upgraded sys-apps/gentoo-functions to v1.6.

Upgraded net-misc/wget to v1.24.5.

Upgraded dev-embedded/libftdi to v1.5-r6.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-libs/timezone-data to v2024a-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Updated the Linux kernel to v6.6.33.

Mount efivarfs fs by default on EFI-enabled systems.

Added igzip CLI tool.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Updated cos-gpu-installer to v2.2.3. New changes in cos-gpu-installer:v2.2.3: 1. Introduced --gcs-download-bucket-nvidia and --gcs-download-prefix-nvidia flags for customizing NVIDIA installer runfile downloads from Google Cloud Storage (GCS). 2. Introduced the --target-gpu flag to facilitate precise GPU driver installations when no GPU is attached. 3. Replaced the HTTP client with a GCS client to improve the reliability of NVIDIA OSS installer runfiles downloads. 4. Implemented the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type. (Currently disabled) 5. Fixed an issue in the GCS Object download functionality to automatically remove the empty target file if a download fails. 6. Internal Cleanup: Migrated GPU device-related information to the deviceInfo package. Created a feature flags module in the features package. Added a config reader in the utils module to parse the cos-gpu-config.json.

Removed support for NVIDIA 470 drivers.

Removed net-libs/grpc.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Fix bug that cause constant restarts in fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.3 - Resolved potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Updated cos-gpu-installer to v2.3.2. Added a validation check to ensure the '--no-verify' flag is specified when the '--target-gpu' flag is used in 'install' command.

Installed the google_optimize_local_ssd script.

Updated Konlet to v.0.12.0. This fixes an iptables compatibility issue.

Upgraded go to version 1.22.3.

Updated dev-go/pprof to v0.0.0_p20230811.

Updated dev-go/go-tools to v0.16.2_p20231218.

Updated dev-go/term to v0.15.0.

Updated dev-go/go-sys to v0.15.0.

Updated dev-go/sync to v0.5.0.

Updated dev-go/mod to v0.14.0.

Updated dev-go/demangle to v0.0.0_p20230524.

Updated dev-go/go-arch to v0.6.0.

Uprev GPU driver version to v470.239.06.

Updated cos-gpu-installer to v2.3.3 - Fix CVEs for cos-gpu-installer: Upgraded golang from 1.16 to 1.22.3, Upgraded google.golang.org/protobuf from v1.28.0 to v1.33.0, Upgraded google.golang.org/grpc from v1.48.0 to v1.56.3.

Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Fixed CVE-2024-34459 in the libxml2 package.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.

Fixed CVE-2023-32681 in dev-python/requests.

Fixed CVE-2024-3772 in dev-python/pydantic.

Fixed CVE-2023-5388 in dev-libs/nss.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Updated net-dns/c-ares to version 1.27. This fixed CVE-2024-25629.

Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.

Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-misc/curl to version 8.7.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466.

Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Runtime sysctl changes:

  • Added: dev.tty.legacy_tiocsti: 1
  • Added: kernel.io_uring_group: -1
  • Added: kernel.kexec_load_limit_panic: -1
  • Added: kernel.kexec_load_limit_reboot: -1
  • Added: kernel.loadpin.enforce: 1
  • Added: net.core.mem_pcpu_rsv: 256
  • Added: net.core.rps_default_mask: 00
  • Added: net.ipv4.tcp_plb_cong_thresh: 128
  • Added: net.ipv4.tcp_plb_enabled: 0
  • Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
  • Added: net.ipv4.tcp_plb_rehash_rounds: 12
  • Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
  • Added: net.ipv4.tcp_syn_linear_timeouts: 4
  • Added: net.ipv4.udp_child_hash_entries: 0
  • Added: net.ipv4.udp_hash_entries: 4096
  • Added: net.ipv6.icmp.error_anycast_as_unicast: 0
  • Added: vm.memfd_noexec: 0
  • Changed: fs.file-max: 812391 -> 811880
  • Changed: net.core.optmem_max: 131072 -> 20480
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
  • Deleted: net.ipv4.tcp_backlog_ack_defer: 1

cos-113-18244-85-36

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Mount efivarfs fs by default on EFI-enabled systems.

Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535, default driver to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470 to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Fixes CVE-2024-36902 in the Linux kernel.

Fixes CVE-2024-36938 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812002 -> 812036

cos-101-17162-463-48

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535 to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470, default driver to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Fixed CVE-2024-26584 in the Linux kernel.

Fixed CVE-2024-26583 in the Linux kernel.

Fixes CVE-2024-36902 in the Linux kernel.

Fixes CVE-2024-36938 in the Linux kernel.

cos-105-17412-370-58

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535 to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470, default driver to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Fixes CVE-2024-36902 in the Linux kernel.

Fixes CVE-2024-36938 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812695 -> 812704

cos-109-17800-218-61

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Update R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091, CVE‑2024‑0092 Update R535, default driver to v535.183.01.This fixes CVE‑2024‑0090, CVE‑2024‑0092 Update R470 to v470.256.02.This fixes CVE‑2024‑0090, CVE‑2024‑0092

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Fixes CVE-2024-36902 in the Linux kernel.

Fixes CVE-2024-36938 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812271 -> 812259

Google Distributed Cloud (software only) for VMware

A vulnerability, CVE-2024-26584, was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes.

For more information, see the GCP-2024-036 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2024-26584

For more information, see the GCP-2024-036 security bulletin.

(2024-R20) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1090000
    • 1.27.13-gke.1166000
    • 1.28.9-gke.1209000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1381000
    • 1.27.14-gke.1022000
    • 1.28.10-gke.1058000
    • 1.29.5-gke.1060000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1042000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1075000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091000 with this release.

(2024-R20) Version updates

(2024-R20) Version updates

(2024-R20) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1090000
    • 1.27.13-gke.1166000
    • 1.28.9-gke.1209000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289000 with this release.

(2024-R20) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1381000
    • 1.27.14-gke.1022000
    • 1.28.10-gke.1058000
    • 1.29.5-gke.1060000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1042000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1075000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091000 with this release.
Google SecOps

Google SecOps now integrates with Access Transparency.

If you enabled Access Transparency in your organization, Google SecOps writes Access Transparency logs when any Google personnel accesses customer content that supports SIEM features.

For more information, see enabling Access Transparency and viewing Access Transparency logs.

Google SecOps now supports data RBAC. This feature enables you to control user access to data within your Google SecOps environment based on their assigned roles.

lastAlertStatusChangeTime is added to the response of the GetRule Detection Engine API. This indicates when alertingEnabled was last updated from true to false or from false to true.

The field is also added to RuleDeployment of Chronicle API v1 alpha.

Google SecOps SIEM

Google SecOps now integrates with Access Transparency.

If you enabled Access Transparency in your organization, Google SecOps writes Access Transparency logs when any Google personnel accesses customer content that supports SIEM features.

For more information, see enabling Access Transparency and viewing Access Transparency logs.

Google SecOps now supports data RBAC. This feature enables you to control user access to data within your Google SecOps environment based on their assigned roles.

lastAlertStatusChangeTime is added to the response of the GetRule Detection Engine API. This indicates when alertingEnabled was last updated from true to false or from false to true.

The field is also added to RuleDeployment of Chronicle API v1 alpha.

Vertex AI

Starting on September 15, 2024, you can only customize classification, entity extraction, and sentiment analysis objectives by moving to Vertex AI Gemini prompts and tuning. Training or updating models for Vertex AI AutoML for Text classification, entity extraction, and sentiment analysis objectives will no longer be available. You can continue using existing Vertex AI AutoML Text models until June 15, 2025. For more information about how Gemini offers enhanced user experience through improved prompting capabilities, see Overview of model tuning for Gemini.

June 17, 2024

Apigee Advanced API Security

On June 17, 2024 we released an updated version of Advanced API Security.

Shadow API Discovery, which is in preview, no longer requires separate creation of P4SA permissions in order to enable the functionality.

For usage information, see the Shadow API Discovery documentation.

Apigee X

On June 17, 2024, we released an updated version of Apigee.

Update Pay-as-you-go environment types using the Apigee UI in the Google Cloud console

Apigee Pay-as-you-go customers can modify the type of an existing environment using the Apigee UI in the Cloud console. This feature allows you to add or remove feature capabilities for your environments from the UI.

For more information, see Update your environment type. To learn more about environment types, see Apigee Pay-as-you-go environment types.

Apigee hybrid

hybrid v1.10.5

On June 17, 2024 we released an updated version of the Apigee hybrid software, 1.10.5.

Bug ID Description
329540114 Security fix for apigee-installer.
This addresses the following vulnerability:
317528509 Security fix for apigee-synchronizer.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-synchronizer.
This addresses the following vulnerability:
N/A Security fixes for apigee-asm-ingress and apigee-asm-istiod.
This addresses the following vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-connect-agent.
This addresses the following vulnerability:
N/A Security fixes for apigee-diagnostics-collector.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra-client.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mart-server.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-runtime.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-udca.
This addresses the following vulnerabilities:
Batch

Documentation has been added to explain how to view resource metrics for your jobs in Cloud Monitoring. The metrics provide resource utilization and performance information, which you can use to help optimize the performance and costs of future jobs. For more information, see Monitor and optimize job resources by viewing metrics.

You can configure a job to automatically install the Ops Agent, which provides additional resource metrics in Cloud Monitoring. For more information, see Collect additional resource metrics using the Ops Agent.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.40.3 (2024-06-12)

Dependencies
  • Update actions/checkout action to v4.1.6 (#3309) (c7d6362)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.46.0 (#3328) (a6661ad)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.47.0 (#3342) (79e34c2)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.50.0 (#3330) (cabb0ab)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.51.0 (#3343) (e3b934f)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#3335) (0623455)
  • Update dependency com.google.oauth-client:google-oauth-client-java6 to v1.36.0 (#3305) (d05e554)
  • Update dependency com.google.oauth-client:google-oauth-client-jetty to v1.36.0 (#3306) (0eeed66)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.2 (#3311) (3912a92)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#3312) (9737a5d)
  • Update github/codeql-action action to v2.25.6 (#3307) (8999d33)
  • Update github/codeql-action action to v2.25.7 (#3334) (768342d)
  • Update github/codeql-action action to v2.25.8 (#3338) (8673fe5)

You can now perform supervised tuning on a BigQuery ML remote model based on a gemini-1.0-pro-002 model. This feature is in preview. To try this feature, see Tune a model using your data.

You can also perform supervised tuning by using the BigQuery DataFrames Python API. Use the fit() and score() methods in the bigframes.ml.llm.GeminiTextGenerator model class to perform supervised tuning.

Global rate limits on BigQuery Omni connection creation and use have replaced the regional limits on AWS and Azure connections.

Bigtable

The Python client library for Bigtable now offers an asynchronous API for use with asynchronous applications. The async API is generally available (GA). To get started, see the Python hello world.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.5 (2024-06-10)

Bug Fixes
  • Make change stream unknown mod error more actionable (#1938) (e7ba045)
  • Rate limiting should be ineffective when RateLimitInfo is not present (#2243) (a0ec901)
Dependencies

Python

Changes for google-cloud-bigtable

2.24.0 (2024-06-11)

Features
  • Add String type with Utf8Raw encoding to Bigtable API (#968) (2a2bbfd)
  • Improve async sharding (#977) (fd1f7da)
Bug Fixes
Cloud Database Migration Service

In Database Migration Service for heterogeneous Oracle migrations, you can now use the Promote action directly on the migration job details page to finalize your migration process. For more information, see Finalize a migration in Oracle to AlloyDB and Finalize a migration in Oracle to Cloud SQL for PostgreSQL.

Cloud Monitoring

In the Monitoring API, you can now configure documentation links for your notifications. For more information, see Links.

Cloud Source Repositories

Effective June 17, 2024, Cloud Source Repositories isn't available to new customers. If your organization hasn't previously used Cloud Source Repositories, you can't enable the API or use Cloud Source Repositories. New projects not connected to an organization can't enable the Cloud Source Repositories API. Organizations that have used Cloud Source Repositories prior to June 17, 2024 are not affected by this change.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.42.0 (2024-06-10)

Features
  • storage: Add new package transfermanager. This package is intended for parallel uploads and downloads, and is in preview. It is not stable, and is likely to change. (#10045) (cde5cbb)
  • storage: Add bucket HierarchicalNamespace (#10315) (b92406c), refs #10146
  • storage: Add BucketName to BucketHandle (#10127) (203cc59)
Bug Fixes
  • storage: Set invocation headers on xml reads (#10250) (c87e1ab)
Documentation

Python

Changes for google-cloud-storage

2.17.0 (2024-05-22)

Features
Bug Fixes
  • Remove deprecated methods in samples and tests (#1274) (4db96c9)
Documentation
  • Reference Storage Control in readme (#1254) (3d6d369)
  • Update DEFAULT_RETRY_IF_GENERATION_SPECIFIED docstrings (#1234) (bdd426a)
Cloud Workstations

Cloud Workstations is available in the australia-southeast2 region (Melbourne, Australia). For more information, see Locations.

Colab Enterprise

You can now use customer-managed encryption keys (CMEK) to protect runtimes in Colab Enterprise. Using CMEK for notebook files isn't currently supported.

For more information, see Use customer-managed encryption keys for runtimes.

Compute Engine

Generally available: You can now use the Require OS Config organization policy constraint to automatically enable VM Manager for all new VMs in your organization, folder, or project. For more information, see Enable VM Manager using an organization policy.

Contact Center AI Platform

Web SDK 2.21 is released

For more information, see Web SDK changelog.

Dataform

You can now inspect past manual compilation results of a selected release configuration. For more information, see View details of a release configuration.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for datastore/admin/apiv1

1.17.1 (2024-06-10)

Bug Fixes
  • datastore: Regenerate protos in new namespace (#10158) (8875511), refs #10155
  • datastore: Update retry transaction logic to be inline with Spanner (#10349) (5929a6e)
Generative AI on Vertex AI

Increased the input token limit for Gemini 1.5 Pro from 1M to 2M. For more information, see Google models.

Google Cloud Marketplace Partners

You can now create custom private offers with flexible payment options, including a duration of up to 5 years, with an annual ratable commit drawdown schedule, if applicable. For more information about creating custom private offers, see Set up your offer's pricing.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.5.0 (2024-06-11)

Features
  • Add service_account_email for export subscriptions (#1927) (c532854)

Java

Changes for google-cloud-pubsub

1.130.1 (2024-06-13)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.40.3 (#2071) (0844bfb)
  • Update dependency com.google.cloud:google-cloud-storage to v2.40.0 (#2066) (dfcaeb5)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.1 (#2065) (6baf69a)

Python

Changes for google-cloud-pubsub

2.21.3 (2024-06-10)

Bug Fixes
  • Race condition where future callbacks invoked before client is in paused state (#1145) (d12bac6)
  • Suppress warnings caused during pytest runs (#1189) (cd51149)
  • Typecheck errors in samples/snippets/subscriber.py (#1186) (3698450)
Pub/Sub Lite

Pub/Sub Lite is deprecated. Effective March 18, 2026, Pub/Sub Lite will be turned down.

  • Current customers: Pub/Sub Lite remains functional until March 18, 2026. If you have not used Pub/Sub Lite within the 90-day period preceding September 24, 2024 (June 26, 2024 - September 24, 2024), you won't be able to access Pub/Sub Lite starting on September 24, 2024.

  • New customers: Pub/Sub Lite is no longer available for new customers after September 18, 2024

You can migrate your Pub/Sub Lite service to Apache Kafka for BigQuery or Pub/Sub.

Security Command Center

The Security Command Center Assets page will require new permissions

On or after July 11, 2024, a new Identity and Access Management (IAM) permission will be required to view the Assets page in Google Cloud console. If you use custom roles to control access to Google Cloud resources, you will need to add this new permission to your custom roles before that date to continue using the Assets page.

For more information, see Assets page.

Spanner

Generated columns no longer require the STORED attribute. Without this, the generated column is evaluated at query or index time and doesn't require additional storage or write overhead. For more information, see Create and manage generated columns.

Virtual Private Cloud Workflows

Support for a Vertex AI API connector is available in Preview. Learn how to access Vertex AI models from a workflow.

June 14, 2024

Agent Assist

Proactive generative knowledge assist is now launched to GA. See the documentation for details.

AlloyDB for PostgreSQL

The maintenance downtime for a basic instance has been improved to match that of an HA primary instance, ensuring both instance types experience minimal downtime of less than a second.

Cloud Composer

Environment upgrading is now generally available (GA)

Cloud Key Management Service

As previously announced, Cloud KMS has changed the default duration of the scheduled for destruction period from 24 hours to 30 days.

As of February 1, 2024, newly created CryptoKeys use the new default duration of 30 days, unless a different duration is specified during key creation. For more information about key destruction, see Destroy and restore key versions.

Owners of existing CryptoKeys that had used the default duration were given until May 1, 2024 to opt out from automatically updating those keys to use the new default duration. Existing CryptoKeys that were not opted out have been updated to use the new default duration of 30 days. No further action is required from you.

Cloud Load Balancing

You can now access backend services residing in different projects than the external or internal Application Load Balancers with cross-project service referencing.

For details, see:

This feature is available in General Availability.

Compute Engine

Spot VMs are now available for the H3 machine series.

Google Kubernetes Engine

For GKE clusters running versions later than 1.28.10-gke.1141000, the NEG, Ingress, L4 internal load balancer, and L4 RBS controllers skip processing nodes that are missing the thetopology.kubernetes.io/zone label until the zone information is ready. The load balancer controllers no longer block sync operations when a node is introduced without the label.

Google SecOps SOAR

Remote Agents Release 2.0.0 is currently in Preview.

Support added for Python 3.11

The following articles have been updated as a result:

Create Agent with Installer for RHEL

Create Agent with Installer for CentOS

Perform a major upgrade using installer for CentOS

Perform a major upgrade using installer for RHEL

Release 6.3.6 is now in General Availability.

NetApp Volumes

You can now use Active Directory policies to manage the BUILTIN\Administrators group. For more information, see Create an Active Directory Policy.

Network Connectivity Center

Private Service Connect connection propagation is now available in public preview.

The propagation of Private Service Connect services through the Network Connectivity Center hub enables VPC-hosted services in private VPC networks to be reachable across VPC networks.

Sensitive Data Protection

The AZERBAIJAN_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI Agent Builder

Vertex AI Search: Boost search results

Boosting search results for media apps and for generic search apps that contain unstructured and website data is Generally available.

For more information, see Boost search results.

Vertex AI Search: Set language codes for data stores (Public preview)

Setting a language code for a data store can improve the quality of the extractive segments and extractive answers returned in search results. Language codes for data stores are supported in public preview.

For information about the language code field for data stores, see the DataStore resource.

Vertex AI Search: Specify a language code in search request (Public preview)

Setting a language code in a search query can improve the quality of the search results. Language codes in search queries are supported in public preview.

For information about the language code field in search, see the servingConfigs.search method.

Virtual Private Cloud

Private Service Connect port mapping is available in Preview. Port mapping lets consumer virtual machine (VM) instances privately communicate with specific service ports on specific producer VMs through a single Private Service Connect endpoint.

Private Service Connect propagated connections are available in Preview. With propagated connections, services that are accessible in one consumer VPC spoke through Private Service Connect endpoints can be privately accessed by other consumer VPC spokes that are connected to the same Network Connectivity Center hub.

June 13, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26584

For more information, see the GCP-2024-035 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26584

For more information, see the GCP-2024-035 security bulletin.

BigQuery

You can now schedule notebooks. This feature is available in preview.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.18.0 (2024-06-04)

Features
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#1625) (9db8f3b)

You can now use Terraform commands to attach an IAM role binding to a log view that grants a principal access to the log view. For more information about log views and about controlling access to log views, see Configure log views on a log bucket.

Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.37. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Cloud VPN

Cloud VPN support for IPv6-only HA VPN gateways is available in General Availability. For more information, see IPv6 support.

Cloud Workstations

Cloud Workstations is available in the asia-northeast3 region (Seoul, South Korea). For more information, see Locations.

Compute Engine

Preview: C3 bare metal machine types are available in Preview in the C3 machine series. Bare metal instances let you create an instance with direct access to the machine's CPU and memory, without a virtualization layer in the middle. With bare metal instances, you can access all the raw compute resources of the server. For more information, see the C3 machine series.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.106-debian10, 2.0.106-rocky8, 2.0.106-ubuntu18
  • 2.1.54-debian11, 2.1.54-rocky8, 2.1.54-ubuntu20, 2.1.54-ubuntu20-arm
  • 2.2.20-debian12, 2.2.20-rocky9, 2.2.20-ubuntu22

New Dataproc Serverless for Spark runtime versions:

  • 1.1.65
  • 1.2.9
  • 2.0.73
  • 2.2.9

Dataproc Serverless for Spark: Upgraded Spark BigQuery connector to version 0.36.3 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions.

Support configuration to prevent HiveMetaStore metrics expensive database queries. To prevent expensive queries during HiveMetaStore startup, set Hive property metastore.initial.metadata.count.enabled to false.

Dialogflow

Vertex AI Agents: The following new regions are supported by agent apps:

  • europe-west1
  • europe-west2
  • europe-west3
  • northamerica-northeast1
  • us-west1
Google SecOps SOAR

Release Notes 6.3.7 is currently in Preview.

Case filters are removed when refreshing the browser (ID #50834432)

Custom Actions, and the parameter types multi-select and password cause errors when trying to save a playbook (ID #51582854)

Looker Studio

Group Others available in more chart types

The Group Others chart setting lets you aggregate results that are outside of specified limits into a category labeled Others. This checkbox lets you compare data against the context of the remaining results.

Group Others is supported for the following chart types:

Expanded data label customization options

The Data label section in the Style tab of the Properties panel provides expanded customization options, including font type, font color, font size, and font styling, as well as background color, opacity, and border radius settings. These options are supported for the following chart types:

New Bin calculated field type

The Bin calculated field type lets you create ad hoc numeric tiers for numeric dimensions without needing to develop CASE WHEN expressions in calculated fields or logic in SQL.

New Color by tooltip option for Timeline charts

You can use the Color by tooltip style option to color timeline charts by tooltip dimension values.

Security Command Center

Preview of Cloud Infrastructure Entitlement Management capabilities

Cloud Infrastructure Entitlement Management (CIEM) for Amazon Web Services (AWS) and other identity providers on Google Cloud, such as Entra ID (Azure AD) and Okta, is now in preview.

CIEM helps you adhere to the principle of least privilege by providing a comprehensive look at the security of your identity and access configuration. CIEM provides insight into details such as what permissions are associated with a given identity, what roles are not optimal (highly permissive), and what steps you can take to remediate potential misconfigurations.

For more information, see Overview of Cloud Infrastructure Entitlement Management.

June 12, 2024

Agent Assist

The Agent Assist integration backend's public github repository now includes a mechanism for authentication customization and support for authenticating agents with the following providers: Twilio, Genesys Cloud, and Salesforce. See the documentation for more details.

Apigee X

On June 12, 2024, we released an updated version of Apigee

Feature: Preview release of Google Cloud-based mock servers for API Management features in Gemini Code Assist.

This release introduces the ability to easily deploy a Google Cloud-based remote mock server for Gemini Code Assist API management, which allows interaction with the designed API by anyone with access to the mock server, helping with testing and validating the APIs.

For more information and usage instructions, see Use Gemini Code Assist.

Cloud Domains

If your domain expired within the past 30 days, you can renew it using the Google Cloud CLI or the Cloud Domains API. For more information, see Renew a recently expired domain.

For domains such as .uk or .co.uk that don't support authorization codes, you can now use the Google Cloud CLI or the Cloud Domains API to initiate a push transfer to another registrar. For more information see, Transfer a .uk or .co.uk domain.

Compute Engine

Expanded Hyperdisk Balanced support for M3 and C3 machine types: The maximum number of Hyperdisk Balanced volumes that you can use with C3 and M3 virtual machines has been increased, as follows:

  • C3 VMs with 4 or 8 vCPUs now support attaching up to 16 Hyperdisk Balanced volumes.
  • C3 VMs with 16 or more vCPUs support 32 Hyperdisk Balanced volumes.
  • M3 virtual machines support up to 32 Hyperdisk Balanced volumes, up from 2.

For more information, see the documentation for M3 and C3 VMs.

Preview: General Purpose C4 VM instances are now available in Public Preview on the Intel Emerald Rapids CPU. The C4 machine series offers consistently high performance with up to 192 vCPUs and 1.5 TB of DDR5 memory, and support for Hyperdisk storage.

Google Distributed Cloud (software only) for VMware

A vulnerability, CVE-2022-23222, was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes.

For more information, see the GCP-2024-033 security bulletin.

A vulnerability, CVE-2024-26584, was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-035 security bulletin.

Google Distributed Cloud on VMware 1.28.600-gke.154 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.600-gke.154 runs on Kubernetes v1.28.9-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following issues are fixed in 1.28.600-gke.154:

  • Fixed the known issue that caused admin cluster upgrades to fail for clusters created on versions 1.10 or earlier.
  • Fixed the known issue where the Docker bridge IP uses 172.17.0.1/16 for COS cluster control plane nodes.

The following vulnerabilities are fixed in 1.28.600-gke.154:

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26584

For more information, see the GCP-2024-035 security bulletin.

(2024-R19) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

  • The following versions are no longer available in the Regular channel:
    • 1.27.13-gke.1070000
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1166000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1209000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1209000 with this release.

Rapid channel

  • Version 1.30.1-gke.1156000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1320000
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1670000
    • 1.30.0-gke.1167000
    • 1.30.1-gke.1261000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1381000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1381000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1022000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1058000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1060000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1060000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1156000 with this release.

(2024-R19) Version updates

  • Version 1.30.1-gke.1156000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1320000
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1670000
    • 1.30.0-gke.1167000
    • 1.30.1-gke.1261000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1381000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1381000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1022000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1058000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1060000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1060000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1156000 with this release.

(2024-R19) Version updates

  • The following versions are no longer available in the Regular channel:
    • 1.27.13-gke.1070000
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1166000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1209000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1209000 with this release.

(2024-R19) Version updates

(2024-R19) Version updates

Looker

Looker 24.10 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, June 17, 2024

  • Expected Looker (original) final deployment and download available: Thursday, June 27, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, June 17, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, July 1, 2024

When an admin edits a user's email address, Looker will now log out that user and send an email verification link to the user's new email address. Looker will prevent the user from logging in again until the user clicks the email verification link.

The ability to change your Development Mode folder from the Account page has been removed. To view LookML in another user's dev mode folder, switch to their branch instead.

If your LookML project includes duplicate datagroup names, the LookML validator will return this error message during model compilation: A datagroup named "xxxx" has been defined multiple times. Each datagroup in a model must have a unique name.

If you receive this message, you will need to change your datagroup names so that each one in your project is unique. The error message text will include the duplicate datagroup names.

The listen property on a merge query dashboard element can now be defined on a source query directly, rather than on the element as a whole. Extending this parameter is also supported.

A loading indicator will show up on the IDE modal when you're creating, renaming, or deleting a file or folder.

You can now create treemap charts using the Chart Config Editor.

The lightweight drill links Labs feature is now GA.

The SingleStore7+ derived table strategy has been updated to use Common Table Expressions.

OAuth 2.0 support has been added for Trino connections.

OAuth 2.0 support has been added for Databricks connections.

An issue with git initialization that could potentially have caused Looker to fail when starting up has been fixed. This feature now performs as expected.

An issue in map visualizations where null values caused the map to disappear has been resolved. This feature now performs as expected.

An issue has been fixed where text visualizations were causing errors on other dashboard tiles immediately after the dashboard was saved. This feature now performs as expected.

Generation of a signed embed URL now requires the manage_embed_settings permission.

A startup issue related to database connection pooling has been fixed. This feature now performs as expected.

An issue where some Liquid number comparisons were returning incorrect results has been fixed. This feature now performs as expected.

The User Activity dashboard has been updated with new Looks.

A curated sidebar title was not being localized properly. This issue has been resolved, and this feature now performs as expected.

An issue where parameter filters of type: number were not showing the filter label has been fixed. This feature now performs as expected.

An issue where BOOL_OR and BOOL_AND functions on Snowflake were generating incorrect SQL has been fixed. This feature now performs as expected.

Previously, when users searched for fields in the field picker, some special characters were not being properly escaped. This issue has been fixed, and this feature now performs as expected.

Content validator queries have been optimized. This may improve content validator performance for instances that have many dashboards with merged query tiles.

LookML model loading time has been optimized by reducing unnecessary filesystem interactions.

In the Open SQL Interface, user errors and internal server errors are now more clearly differentiated.

An issue in table visualizations has been fixed where column widths were not always respected when subtotals were enabled. This feature now performs as expected.

An issue where users were unable to drill on pivot tables that were transposed has been fixed. This feature now performs as expected.

Referencing another view by using Liquid in the sql_table_name parameter will no longer cause suggestions on fields that are defined with full_suggestions: no to be forced to full_suggestions: yes.

An issue has been fixed where downloading all results with subtotals enabled from a BigQuery database with BI Engine enabled would sometimes produce no results. This feature now performs as expected.

Previously, dashboard tiles that were based on map visualizations with no data would display an error rather than report an absence of data. This issue has been resolved, and this feature now performs as expected.

The timeline visualization has been updated to better enable integration with annotations using the Chart Config Editor.

Timeline visualizations can now have the same start and end time.

An issue where the "is in the month" filter was displaying the incorrect month has been fixed. This feature now performs as expected.

An issue where suggest_explore failed to link to filter suggestion results has been fixed. This feature now performs as expected.

An issue has been fixed where refreshing the page could cause unexpected behavior with "is not between" filters. This feature now performs as expected.

The LookML validator will now return an error if the url parameter of a link parameter uses http instead of https.

An issue has been fixed where merged results filters did not retain certain settings after a dashboard was saved. This feature now performs as expected.

SQL generation measures of type: min and type: max for Firebolt connections have been updated.

Default permissions of OAuth authentication to BigQuery connections are limited to read-only.

An issue has been fixed where attributes in the Attribute Pairing section of the SAML, LDAP, and OIDC settings could not be deleted. This feature now performs as expected.

The performance of the folder copying and moving actions has been improved.

Performance improvements have been implemented for the loading time of Explores for projects that use local import.

An issue has been fixed where, previously, dates were not accepted when a "before absolute" filter was used in Explores.

The account setup URL field and the password reset URL field have been removed from both the Edit User page UI and from the Update User API response to ensure that the URLs aren't misused.

The Disallow Numeric Query IDs Legacy feature is now deprecated.

Admins can now update a user email address through IAM or IdP.

CloudSQL dialects on Looker (Google Cloud core) can connect using application default credentials and service account impersonation.

Secret Manager

Delayed destruction of secret versions is now generally available (GA). You can set up a duration for delayed destruction at the time of creating or updating a secret. When a destruction delay duration is configured for a secret, destroying a version of that secret will disable the version and prevent its use. However, it won't be immediately destroyed. Instead, it will remain scheduled for destruction for the specified delay duration. After that duration expires, the version will be permanently destroyed. Secret Manager administrators can restore a secret version that is scheduled for destruction by either enabling or disabling it during the delay period.

June 11, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2024-26583

For more information, see the GCP-2024-034 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2024-26583

For more information, see the GCP-2024-034 security bulletin.

Apigee API hub

Vertex AI extensions

You can create Vertex AI extensions for the APIs registered in API hub. These extensions can be integrated with Large Language Models (LLMs) to process real-time data. For more information, see Create a Vertex AI extension.

Eventarc triggers

API hub is integrated with Google Cloud's Eventarc. You can now create Eventarc triggers to listen for specific events in API hub, and then trigger custom workflows based on the event. For more information, see Create an Eventarc trigger.

Multi-level delete

By default, you can delete an API only if all underlying versions are deleted. Starting with this release, you can use the force option to delete an API and its child resources in a single step. For more information, see Delete an API resource.

Backup and DR

Backup and DR Service added support to view storage resource usage logs in Cloud Logging.

Backup and DR Service added support to view storage resource utilization reports in BigQuery.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

Generally available: The A3 Mega accelerator-optimized machine type is now available. The A3 Mega machine type has NVIDIA® H100 80GB GPUs attached and provides twice the network bandwidth speed when compared to A3 Standard. A3 Mega VMs can be used to support your large artificial intelligence (AI) models, machine learning (ML), and high performance computing (HPC) workloads. The A3 machine type is available in the following regions and zones:

  • APAC
    • Singapore: asia-southeast1-b
  • Europe
    • Netherlands: europe-west4-b,c
  • North America
    • Iowa: us-central1-a,c
    • Virginia: us-east4-a,b
    • Ohio:us-east5-a
    • Oregon: us-west1-a,b
    • Nevada: us-west4-a

To get started with A3 Mega VMs, see Run large-scale model training and fine-tuning.

C3 and C3D VMs are available in the following regions and zones:

C3:

  • asia-northeast1-b Tokyo, Japan
  • europe-west3-b,c Frankfurt, Germany
  • us-west1-a,b The Dalles, OR
  • us-west2-a Los Angeles, CA
  • us-south1-a Dallas, TX

C3D:

  • australia-southeast1-c Sydney, Australia
  • europe-west3-c Frankfurt, Germany
  • us-west4-a Las Vegas, NV
Container Optimized OS

cos-109-17800-218-52

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed a performance issue observed in some Postgres databases.

Updated cos-gpu-installer to v2.3.4 - This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812271

Dataproc

The Apache Spark in BigQuery feature is available in Private Preview. This feature lets you create a Spark session in a BigQuery notebook that you can use to develop and submit PySpark code from BigQuery. To access this feature, fill in and submit the Dataproc Preview access request form.

Dialogflow

The following was incorrectly announced: Dialogflow CX: The gemini-1.5-flash generative model is now available for the generators feature.

Generative AI on Vertex AI

Upload media from Google Drive

You can upload media, such as PDF, MP4, WAV, and JPG files from Google Drive, when you send image, video, audio, and document prompt requests.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2024-26583

For more information, see the GCP-2024-034 security bulletin.

Memorystore for Redis Cluster

Added support for single-zone instances (Preview). Also removed network billing charge for Consumer Data Processing for same-zone traffic. For more details about same-zone (intra-zone) traffic billing, see Network pricing. For more information about single-zone instances, see Single-zone instances.

June 10, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2022-23222

For more information, see the GCP-2024-033 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2022-23222

For more information, see the GCP-2024-033 security bulletin.

Apigee hybrid

hybrid v1.11.2

On June 10, 2024 we released an updated version of the Apigee hybrid software, 1.11.2.

Bug ID Description
340248314 Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways for hybrid installations managed with Helm. The default value is 75.
Note: targetCPUUtilizationPercentage is not supported for apigeectl.
324779388 Improved error handling for backup and restore.
311489774 Removed inclusion of Java and Python installations in Cassandra client image.
300135626 Removed inclusion of Java and Python installations in Cassandra Backup Utility image.
181569113 Fixed an issue in new debug session creation.
Bug ID Description
345520525 Security fixes for apigee-asm-ingress. and apigee-asm-istiod.
This addresses the following vulnerabilities:
335908139 Security fixes for apigee-fluent-bit.
This addresses the following vulnerability:
333121802 Security fixes for apigee-cassandra-backup-utility. and apigee-hybrid-cassandra.
This addresses the following vulnerability:
317528509 Security fix for apigee-synchronizer.
This addresses the following vulnerabilities:
317447390 Security fix for apigee-operators.
This addresses the following vulnerability:
329762216 Security fix for apigee-installer.
This addresses the following vulnerability:
308835165 Security fixes for apigee-synchronizer.
This addresses the following vulnerability:
308926079 Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
300091388 Security fixes for Apigee Connect Agent.
This addresses the following vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerability:
N/A Security fixes for apigee-diagnostics-collector.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra-client.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mart-server.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-runtime.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-synchronizer.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-udca.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-watcher.
This addresses the following vulnerabilities:
Bare Metal Solution

Support for BIOS_PUR043.37.14.021 (TS24.02) and BIOS_PUR043.37.16.023 (TS24.05) firmware on Bare Metal Solution is now deprecated. For information, see Available firmware.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.24.0 (2024-06-04)

Features
  • Add default timeout for Client.get_job() (#1935) (9fbad76)
  • Add support for map target type in Parquet options (#1919) (c3f7b23)
Bug Fixes
  • Create query job in job.result() if doesn't exist (#1944) (8f5b4b7)
  • Retry is_job_done on ConnectionError (#1930) (4f72723)
Performance Improvements
  • If page_size or max_results is set on QueryJob.result(), use to download first page of results (#1942) (3e7a48d)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

5.1.0 (2024-05-28)

Features
  • Add feature for copying backups (#1153) (91f85b5)
  • Add String type with Utf8Raw encoding to Bigtable API (#1419) (724b711)
  • Publish Automated Backups protos (#1391) (17838ed)
  • Trusted Private Cloud support, use the universeDomain parameter (#1386) (c0c287e)
Bug Fixes
  • deps: Update dependency @google-cloud/precise-date to v4 (#1318) (9dcef90)
  • Extend timeouts for deleting snapshots, backups and tables (#1387) (1a6f59a)
  • Fix flaky test by extending timeout (#1350) (906ac79)
  • Improve retry logic for streaming API calls (#1372) (e8083a4)
  • Remove the watermarks (#1313) (0126a0e)
Cloud Database Migration Service

Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL for PostgreSQL now supports PostgreSQL version 16. See Supported source and destination databases in Cloud SQL for PostgreSQL migrations.

Cloud SQL for MySQL

You can now choose to receive a maintenance notification 5 weeks before the maintenance update of your Cloud SQL instance is scheduled to occur. This option is named Week 5.

In addition, some labels in the Google Cloud Console have been renamed to align with this new option:

  • Order of update is renamed to Maintenance timing
  • Earlier is renamed to Week 1
  • Later is renamed to Week 2

For more information, see Maintenance settings and Find and set maintenance windows.

Cloud SQL for PostgreSQL

The temporal_tables extension, version 1.2.2 is generally available. This extension provides support for temporal tables. A temporal table records the period of time when a row is valid from a database perspective. For more information, see Configure PostgreSQL extensions.

You can now perform CREATE CAST and DROP CAST statements as a database user with the cloudsqlsuperuser role. For more information, see About PostgreSQL users and roles.

The rollout of the following minor versions, extension versions, and plugin versions is underway:

Minor versions

  • 12.17 is upgraded to 12.19.
  • 13.13 is upgraded to 13.15.
  • 14.10 is upgraded to 14.12.
  • 15.5 is upgraded to 15.7.

Extension and plugin versions

  • google_ml_integration is upgraded from 1.2 to 1.3.
  • pg_partman is upgraded from 4.7.4 to 5.0.1 (for PostgreSQL versions 14 and later).
  • pgvector is upgraded from 0.6.0 to 0.7.0.
  • Plv8 is upgraded from 3.2.0 to 3.2.2.
  • PostGIS is upgraded from 3.2.5 to 3.4.0 (for PostgreSQL versions 12 and later).

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20240514.00_04. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

You can now choose to receive a maintenance notification 5 weeks before the maintenance update of your Cloud SQL instance is scheduled to occur. This option is named Week 5.

In addition, some labels in the Google Cloud Console have been renamed to align with this new option:

  • Order of update is renamed to Maintenance timing
  • Earlier is renamed to Week 1
  • Later is renamed to Week 2

For more information, see Maintenance settings and Find and set maintenance windows.

Cloud SQL for SQL Server

You can now choose to receive a maintenance notification 5 weeks before the maintenance update of your Cloud SQL instance is scheduled to occur. This option is named Week 5.

In addition, some labels in the Google Cloud Console have been renamed to align with this new option:

  • Order of update is renamed to Maintenance timing
  • Earlier is renamed to Week 1
  • Later is renamed to Week 2

For more information, see Maintenance settings and Find and set maintenance windows.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.11.2 (2024-06-07)

Bug Fixes

Java

Changes for google-cloud-storage

2.40.0 (2024-06-06)

Features
  • Promote google-cloud-storage-control to GA (#2575) (129f188)
Bug Fixes
  • Reduce Java 21 Virtual Thread Pinning in IO operations (#2553) (498fd0b)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#2571) (67ce3d6)
  • Update dependency net.jqwik:jqwik to v1.8.5 (#2563) (88f7d86)
Documentation
Cloud Workstations

Workstations that enable nested virtualization are hosted on VMs running Container-Optimized OS (COS) instead of Ubuntu.

Colab Enterprise

Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, is available in Preview. Gemini in Colab Enterprise helps you write code by suggesting code as you type. You can also use the Help me code tool to generate code from a description of what you want.

To learn how to enable and activate Gemini in Colab Enterprise features, see Set up Gemini in Colab Enterprise.

The notebook scheduler is now available in Preview. You can schedule a notebook to run immediately one time, or on a recurring schedule.

For more information, see Schedule a notebook run.

Contact Center AI Platform

New critical deployment schedule

We've added a new critical deployment schedule, which lets you get updates outside of peak business hours. We update instances set for the critical deployment schedule within one week after all regular deployment schedule instances are updated. We recommend the critical deployment schedule for instances that are in production environments. For more information, see Deployment schedules.

Container Optimized OS

cos-105-17412-370-54

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Fixed frequent restarts in fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Updated cos-gpu-installer to v2.3.4. This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Fixed CVE-2024-27020, CVE-2024-27015, CVE-2024-27016, CVE-2024-27013, CVE-2024-27018, CVE-2024-36008, CVE-2024-27019 and CVE-2024-27020 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812695

cos-101-17162-463-42

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Fixed frequent restarts in the fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.4. This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Updated dev-vcs/git to v2.45.1. This fixes CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.

Fixed CVE-2024-27018 and CVE-2024-36008 in the linux kernel.

cos-beta-113-18244-85-29

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed frequent restarts in fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Updated cos-gpu-installer to v2.3.4. This fixes CVEs: CVE-2023-29402, CVE-2023-29405, CVE-2023-29404, CVE-2023-24540, CVE-2023-24538, CVE-2022-41721, GHSA-m425-mq94-257g, CVE-2022-41715, CVE-2022-30633, CVE-2022-41724, CVE-2022-2880, CVE-2022-30631, CVE-2021-29923, CVE-2022-24675, CVE-2022-30580, CVE-2022-41723, CVE-2023-24534, CVE-2022-41725, CVE-2022-2879, CVE-2023-24539, CVE-2022-30635, CVE-2023-45285, CVE-2022-32149, CVE-2023-24537, CVE-2022-32189, CVE-2022-28131, CVE-2023-39323, CVE-2022-28327, CVE-2022-30630, CVE-2023-44487, CVE-2023-39325, CVE-2022-27664, CVE-2023-45287, CVE-2023-29400, CVE-2023-24536, CVE-2023-29403, CVE-2022-30632, CVE-2023-39318, CVE-2020-29511, CVE-2024-24786, CVE-2023-3978, CVE-2022-41717, CVE-2022-32148, CVE-2023-39326, CVE-2023-45288, CVE-2022-1962, CVE-2023-24532, CVE-2023-39319, CVE-2022-1705, CVE-2020-29509, CVE-2023-29406, CVE-2023-29409, CVE-2022-30629

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812002

cos-109-17800-218-50

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed frequent restarts in fluent-bit stackdriver plugin.

Updated cos-gpu-installer to v2.3.3. This resolves potential synchronization issues and ensures proper cleanup of mounts in GPU driver installation directory configuration.

Fixed CVE-2024-26987, CVE-2024-27020, CVE-2024-27014, CVE-2024-27022, CVE-2024-27019 ,CVE-2024-27013, CVE-2024-36008, CVE-2024-27018 ,CVE-2024-27016 and CVE-2024-27015 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812253

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.20.1 (2024-06-04)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#1471) (42c643d)
  • Update dependency com.google.errorprone:error_prone_core to v2.28.0 (#1469) (e3fac2b)
  • Update dependency com.google.guava:guava-testlib to v33.2.1-jre (#1470) (614e930)
Generative AI on Vertex AI

Experiment in the Vertex AI Studio login-free

The Vertex AI Studio multi-model prompt designer can be accessed login-free. With this feature, prospective customers can use the Vertex AI Studio to test queries before deciding to sign up and create an account. To learn more about this experience, see Vertex AI Studio console experiences or to access the console directly go to Vertex AI Studio.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2022-23222) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

For more information, see the GCP-2024-033 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS nodes:

  • CVE-2022-23222

For more information, see the GCP-2024-033 security bulletin.

Identity and Access Management

You can use principal access boundary policies to limit the resources that a principal is eligible to access. This feature is available in Preview.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.130.0 (2024-06-03)

Features
  • [java] allow passing libraries_bom_version from env (#1967) (#2033) (825c5f8)
  • Add service_account_email for export subscriptions (#2054) (670db3e)
Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.39.0 (#2057) (43446d2)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#2058) (a998ef5)
Sensitive Data Protection

A new detection model is available for the DATE_OF_BIRTH infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version to latest when including the DATE_OF_BIRTH infoType in your InspectConfig.

You can still use the old model by setting InfoType.version to stable or leaving it unset when using the DATE_OF_BIRTH infoType. In 30 days, the new model will be promoted to stable.

Virtual Private Cloud

The following features of policy-based routes are available in Preview:

  • Applying policy-based routes to IPv6 traffic
  • Using a next hop that is in a peered VPC network

For more information, see Create policy-based routes.

VPC Flow Logs includes internet routing details for egress flows. For more information, see InternetRoutingDetails field format. This field is available in General Availability.

June 07, 2024

Cloud SQL for PostgreSQL

PostgreSQL version 16 is now generally available.

When you use gcloud or the API to create an instance or replica, the following conditions now apply:

  • If the database version for the instance or replica that you're creating is PostgreSQL 16, then the default Cloud SQL edition is Enterprise Plus.
  • If you either don't specify a database version or you specify a version other than PostgreSQL 16, then the default Cloud SQL edition is Enterprise.

You can't use the in place major version upgrade feature to upgrade your Cloud SQL for PostgreSQL instance to PostgreSQL 16.

To start using PostgreSQL 16, see Create instances.

Dialogflow

Dialogflow CX now offers custom webhook templates for integration with Salesforce. See the webhooks documentation for details.

Data store agents: You can now run self-service evaluation which will assess the quality of your data store agent and recommend changes.

All generative features: It was announced previously that the text-bison@001 model will be deprecated. In addition, the code-bison@001 model and fine-tuned text-bison@001 options will be deprecated. This deprecation will happen mid June. The deprecated models will be updated to gemini-1.0-pro-001, as previously announced. For more information, see the email announcement.

Data store agents: The gemini-1.5-flash generative model is now available for selection in the console.

Google Cloud Architecture Center

Infrastructure for a RAG-capable generative AI application using Vertex AI: Added a design alternative that uses Vertex AI Vector Search for the vector store and semantic search components in the architecture.

Google Kubernetes Engine

Fully managed cAdvisor/Kubelet metrics are now available on GKE clusters running version 1.29.3-gke.1093000 or later.

Updated 2024-R13 release notes to indicate that control planes and nodes with auto-upgrade enabled in the Regular channel were not upgraded from version 1.28 to version 1.29.1-gke.1589018. That release note was published by mistake.

Google SecOps

The syntax for placeholders in UDM saved searches is updated. See Save a search for the new syntax.

Google SecOps SIEM

The syntax for placeholders in UDM saved searches is updated. See Save a search for the new syntax.

Sensitive Data Protection

From May 27 through June 7, 2024, a bug caused Sensitive Data Protection to sometimes inaccurately populate integer fields as null instead of zero for findings written to BigQuery. This bug is now resolved.

For more information about sensitive data inspection, see Inspect Google Cloud storage and databases for sensitive data.

Vertex AI Workbench

You can now create a Vertex AI Workbench instance based on a custom container. This feature is available in Preview. Only custom containers derived from the Google-provided base container are supported. For more information, see Create an instance using a custom container.

June 06, 2024

Access Approval

Access Approval supports Cloud Service Mesh in the GA stage.

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Cloud Database Migration Service

Database Migration Service for heterogeneous Oracle migrations now features additional logging information that can help you better monitor the health and progress of your migration jobs. For more information, see Logging for Oracle to AlloyDB, and Logging for Oracle to Cloud SQL for PostgreSQL.

Database Migration Service for heterogeneous Oracle migrations can now skip foreign keys and triggers, so dropping them from the destination database is no longer required. For more information, see Considerations for foreign keys and triggers for Oracle to AlloyDB and Considerations for foreign keys and triggers for Oracle to Cloud SQL for PostgreSQL.

Cloud Monitoring

You can now pin your event type selections for custom dashboards. Pinning saves your selections to the dashboard configuration, so they are applied when you reopen the dashboard. For more information, see Show events on a dashboard.

Cloud Storage

Cloud Storage now offers a new pre-defined dual region, EUROPE-WEST2 (London) and EUROPE-WEST1 (Belgium). To learn more about Cloud Storage pre-defined dual regions, see the Bucket locations page.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.105-debian10, 2.0.105-rocky8, 2.0.105-ubuntu18
  • 2.1.53-debian11, 2.1.53-rocky8, 2.1.53-ubuntu20, 2.1.53-ubuntu20-arm
  • 2.2.19-debian12, 2.2.19-rocky9, 2.2.19-ubuntu22

Dataproc on Compute Engine: When creating a cluster with the latest Dataproc on Compute Engine image versions, the secondary worker boot disk type now defaults to the primary worker boot disk type, which is pd-standard if the primary worker boot disk type is not specified.

Google Distributed Cloud (software only) for bare metal

Release 1.28.600-gke.163

Google Distributed Cloud for bare metal 1.28.600-gke.163 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.600-gke.163 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the Ready storage partners page to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated preflight checks add a check for networking kernel modules (ip_tables or np_tables) and remove the iptables package check.

  • Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.

  • Added support for Red Hat Enterprise Linux 8.10 for Google Distributed Cloud software version 1.28.600-gke.163 and higher.

Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.

The following container image security vulnerabilities have been fixed in 1.28.600-gke.163:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

(2024-R18) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.11-gke.1062004 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062003
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062004 with this release.

Regular channel

  • Version 1.29.4-gke.1043002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1300000
    • 1.27.13-gke.1000000
    • 1.29.1-gke.1589020
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043002 with this release.

Rapid channel

(2024-R18) Version updates

(2024-R18) Version updates

  • Version 1.29.4-gke.1043002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1300000
    • 1.27.13-gke.1000000
    • 1.29.1-gke.1589020
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043002 with this release.

(2024-R18) Version updates

  • Version 1.27.11-gke.1062004 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062003
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062004 with this release.

(2024-R18) Version updates

Google SecOps SOAR

Release 6.3.5 is now in General Availability.

Looker Studio

Create totals that ignore canvas filters

You can configure totals and comparison metrics to ignore any viewer-applied filters.

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Report Gallery:

Sensitive Data Protection

The KAZAKHSTAN_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

June 05, 2024

BigQuery

The BigQuery ML ML.GENERATE_EMBEDDING function now supports the output_dimensionality argument for text-embedding and text-multilingual-embedding models. The output_dimensionality argument lets you specify the number of dimensions to use when generating embeddings.

Analytics Hub data egress controls are now generally available (GA). Publishers can now enforce egress restrictions on Analytics Hub listings to prevent subscribers from copying or exporting the shared data.

The slot recommender for editions analyzes historical usage data to recommend optimal capacity purchasing for edition and on-demand workloads. This feature is generally available (GA).

Cloud Composer

The google-cloud-bigquery package version was downgraded from 3.23.1 to 3.20.1 because of the #39541 issue in the public version of Airflow.

The dbt-core and dbt-bigquery packages were upgraded to version 1.8.1.

Cloud Composer 2.8.2 images are available:

  • composer-2.8.2-airflow-2.7.3 (default)
  • composer-2.8.2-airflow-2.6.3

Cloud Composer versions 2.2.1, 2.2.0, and 2.1.15 have reached their end of full support period.

Cloud Data Fusion

The Google Sheets plugin version 1.4.3, which is bundled with the Google Drive plugins, is available in the Cloud Data Fusion Hub. The release includes the following changes:

  • Fixed an issue causing the Google Sheets plugin to incorrectly parse column names that have special characters (PLUGIN-1785).

  • Fixed an issue causing pipelines to fail when the Google Sheets plugin is used with Wrangler and any of the fields required to fetch schema was a macro (PLUGIN-1791).

Compute Engine

You can't provision C2 sole tenant nodes with 60 vCPUs. For details, see Known issues.

Contact Center AI Platform

Mobile SDK 2.7 is released

For more information, see the following:

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.64
  • 1.2.8
  • 2.0.72
  • 2.2.8
Google Cloud Architecture Center

(New guide: 1 of 4) Cross-Cloud Network for distributed applications: Provides an overview about how you can design Cross-Cloud Network for distributed applications.

(New guide 2 of 4) Network segmentation and connectivity for distributed applications in Cross-Cloud Network: Describes how to design the network segmentation structure and connectivity of Cross-Cloud Network for distributed applications.

(New guide 3 of 4) Service networking for distributed applications in Cross-Cloud Network: Describes how to design Cross-Cloud Network service networking for distributed applications.

(New guide 4 of 4) Network security for distributed applications in Cross-Cloud Network: Describes how to design Cross-Cloud Network security for distributed applications.

Google Kubernetes Engine

Updated 2024-R03 release notes to indicate that control planes and nodes with auto-upgrade enabled in the Stable channel were upgraded from version 1.27 to version 1.27.7-gke.1121002, not 1.28.3-gke.1203001 as previously stated.

Google SecOps SOAR

Release 6.3.6 is currently in Preview.

Change Alert Priority action does not update the case priority (ID #00277602)

Vertex AI Agent Builder

Vertex AI Search: Generate grounded answers (GA with allowlist)

Generating grounded answers is Generally available to select Google Cloud customers (GA with allowlist).

As part of your Retrieval Augmented Generation (RAG) experience, generate grounded answers based on Google Search, inline text, or the content in your Vertex AI Search data store. You can generate answers in a single turn or over multiple turns. For more information, see Generate grounded answers.

When you use Google Search as a grounding source, you connect your Gemini large language model (LLM) to the most up-to-date information on the internet. You must display a Google Search entry point when grounding with Google Search. For more information, see Use Google Search entry point.

June 04, 2024

Cloud Billing

You can now view granular cost data for more Google Cloud services

  • You can now view granular Cloud Logging log bucket cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your detailed log bucket usage.
  • You can now view granular Managed Microsoft Active Directory cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed domain usage.
  • You can now view granular Dataproc Metastore cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed service usage.
  • You can now view granular Cloud Deploy cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed delivery pipeline usage.
  • You can now view granular Cloud Data Fusion cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed instance usage.

Review the schema of the Detailed cost data export.

Cloud Data Fusion

Cloud Data Fusion supports annotating resources with tags in Preview. For more information, see the Tags overview and Control access with tags.

Cloud Service Mesh

1.21.3-asm.3 is now available for in-cluster Cloud Service Mesh.

You can now download 1.21.3-asm.3 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.3 subject to the list of supported features. Cloud Service Mesh 1.21.3-asm.3 uses Envoy v1.29.5.

This release contains the fixes for the security vulnerabilities listed in GCP-2024-032.

1.21 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout.

The following 3 changes break backwards compatibility in 1.21.

  1. The default value of the feature flag ENABLE_AUTO_SNI has changed from false to true. To opt out, set the environment variable to ENABLE_AUTO_SNI=false.

  2. The default value of the feature flag VERIFY_CERT_AT_CLIENT changed from false to true. To opt out, set the environment variable to VERIFY_CERT_AT_CLIENT=false.

  3. There are additional changes in external name support. To opt out, set the environment variable ENABLE_EXTERNAL_NAME_ALIAS=false.

Note that opting out is only possible for in-cluster installations. If you do opt out, you must restore the default values before upgrading to 1.22.

1.18.7-asm.26 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for the security vulnerability listed in GCP-2024-032. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.18.7-asm.26 uses Envoy v1.26.8.

1.19.10-asm.6 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for the security vulnerability listed in GCP-2024-032. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.19.10-asm.6 uses Envoy v1.27.6.

1.20.7-asm.2 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for the security vulnerability listed in GCP-2024-032. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.20.7-asm.2 uses Envoy v1.28.4.

Compute Engine

You can now order and request quota for X4 bare metal instances. You create bare metal instances using a new predefined machine type for the X4 memory-optimized machine series. X4 instances can be used to host the largest production SAP HANA databases. For more information, see the X4 machine series.

Config Connector

Config Connector version 1.118.2 is now available.

LoggingLogMetric

  • Change .spec.projectRef.kind from required to be optional.
  • If this field is given, it has to be .spec.projectRef.kind: Project.
Dataflow

Iceberg read/write support is available through the new Managed I/O Java API. For more information, see Dataflow managed I/O.

Document AI

Layout Parser in Document AI is generally available. The Document AI Layout Parser transforms documents in various formats into structured representations. It makes content like paragraphs, tables, lists, and structural elements like headings, page headers, and footers easily accessible. It also creates context-aware chunks that facilitate information retrieval in a range of generative AI and discovery applications.

For more information, see Process documents with Layout Parser.

Filestore

Filestore instances no longer require reserved capacity for certain internal operations. For more information, see Monitoring instances.

Media CDN

By default, Media CDN proxies only GET, HEAD, and OPTIONS methods to your origin and filters out the methods that can modify your origin. In Preview, you can override this default behavior for a specific route rule by specifying other supported methods that you would like proxied to your origin.

Resource Manager

Cloud Data Fusion supports annotating resources with tags in Preview. For more information, see the Services that support tags.

June 03, 2024

Agent Assist

Agent Assist now offers a native UI Connector with Genesys Cloud to integrate with Chat conversations. See the documentation for details.

Agent Assist now offers a native UI Connector with Twilio Flex to integrate with chat conversations. See the documentation for details.

Backup for GKE

Backup for GKE introduces new policies for handling namespaced resources conflict during restoration that are compatible with GitOps tools. For more information, see Handle resource conflicts during restore.

Backup for GKE now supports specifying the restore order when you create or update a restore plan. For more information, see Specify resource restore ordering during restoration.

Backup for GKE now allows configuration of volume data restore policies bound to specific volume types and overridden for specific volumes. This gives you more flexibility when restoring volumes. For more information, see Define volume data restore behavior.

Starting June 24, 2024, Backup for GKE will gradually roll out the Backup-Side Restore Validation feature to help ensure that backups are restorable. This change applies to backups under backup plans created from June 24, 2024 onwards. For more information, see Enable permissive mode on a backup plan.

Backup for GKE now provides enhanced granularity in resource selection during the restore creation process. For more information, see Enable fine-grained restore.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.7.1 (2024-05-31)

Bug Fixes

Java

Changes for google-cloud-bigquery

2.40.2 (2024-05-26)

Bug Fixes
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.45.0 (#3295) (c659523)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.49.0 (#3296) (7d148d5)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#3310) (641f1a8)
  • Update github/codeql-action action to v2.25.4 (#3291) (13bb5aa)
  • Update ossf/scorecard-action action to v2.3.3 (#3304) (d096082)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.4 (2024-05-28)

Dependencies
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.2 (#2236) (2609103)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#2237) (6728931)
  • Update shared dependencies (#2235) (8d38150)
Cloud Load Balancing

Bring your own IP lets you bring your own public IPv6 addresses to Google Cloud. IPv6 BYOIP addresses can be used with external passthrough Network Load Balancers. Bring your own IP for IPv6 addresses is available in General Availability.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

11.1.0 (2024-05-29)

Features
  • Add several fields to manage state of database encryption update (#1495) (4137f7b)
  • Update Nodejs generator to send API versions in headers for GAPICs (#1502) (346e646)
Bug Fixes
  • Correct long audio synthesis HTTP binding (#1479) (1f94504)
  • Improve retry logic for streaming API calls (#1484) (7e11e11)
Container Optimized OS

cos-101-17162-463-37

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.2.

Fixed CVE-2024-34459 in the libxml2 package.

Fixed CVE-2024-27013 in the linux kernel.

Fixed a bug in auto update engine when confidential VMs are enabled.

cos-113-18244-85-24

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.2.

Fixed CVE-2024-34459 in the libxml2 package.

Fixed a bug in auto update engine when confidential VMs are enabled.

cos-109-17800-218-44

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.2.

Fixed CVE-2024-34459 in the libxml2 package.

Fixed a bug in auto update engine when confidential VMs are enabled.

cos-105-17412-370-44

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.2.

Fixed CVE-2024-34459 in the libxml2 package.

Fixed a bug in auto update engine when confidential VMs are enabled.

Dataproc

Dataproc on Compute Engine: Update restartable job error messages to include job IDs.

Dataproc Serverless for Spark: Automatically apply goog-dataproc-session-id, goog-dataproc-session-uuid and goog-dataproc-location labels for a session resource.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/datastore

9.0.0 (2024-05-09)

⚠ BREAKING CHANGES
  • An existing method UpdateVehicleLocation is removed from service VehicleService (#1248)
Features
Bug Fixes
  • An existing method UpdateVehicleLocation is removed from service VehicleService (#1248) (ba79118)
  • Read time should be used for transaction reads (#1171) (73a0a39)

Java

Changes for google-cloud-datastore

2.20.0 (2024-05-27)

Features
  • New PropertyMask field which allows partial commits, lookups, and query results (#1455) (ff5e397)
Bug Fixes
  • Migrate off TextPrinter's deprecated methods (#1452) (c3c1317)
  • Set the correct database id on the key parent when calling Key#getParent (#1457) (992815d)
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.16.9-gke.40 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.9-gke.40 runs on Kubernetes v1.27.13-gke.500.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed in 1.16.9-gke.40:

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.4.1 (2024-05-30)

Bug Fixes
  • An existing message UpdateVehicleLocationRequest is removed (5451d15)
  • An existing method SearchFuzzedVehicles is removed from service VehicleService (5451d15)
  • An existing method UpdateVehicleLocation is removed from service VehicleService (5451d15)
  • deps: Update dependency protobufjs to ~7.3.0 (#1921) (c5afd34)
  • Pull in new gax for protobufjs vuln fix (#1925) (8024c6d)

Java

Changes for google-cloud-pubsub

1.129.7 (2024-05-29)

Dependencies
  • Change scope of grpc-inprocess dependency from runtime to test (#2038) (1ab45c9)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.40.2 (#2046) (f81c5e1)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.0 (#2044) (37e94ce)

Python

Changes for google-cloud-pubsub

2.21.2 (2024-05-30)

Bug Fixes
SAP on Google Cloud

New SAP certifications: X4 series of memory-optimized bare metal machine types

For use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads, SAP has certified the following Compute Engine memory-optimized bare metal machine types: x4-megamem-1440-metal and x4-megamem-1920-metal.

For more information, see:

Security Command Center

Vulnerability Assessment for AWS service released to General Availability

The Vulnerability Assessment for AWS service, a built-in service of the Enterprise tier of Security Command Center, is released to General Availability.

The Vulnerability Assessment for AWS service creates a disk snapshot to assess Amazon Web Service EC2 machines for software vulnerabilities.

For more information, see Overview of Vulnerability Assessment for AWS.

Spanner

Query Optimizer version 7 is generally available. Version 6 remains the default optimizer version.

Vertex AI Workbench

You can now use Workforce Identity Federation with Vertex AI Workbench instances in Preview. Workforce Identity Federation lets you create and manage Vertex AI Workbench instances with credentials provided by an external identity provider (IdP). For more information, see Create an instance with third party credentials.

Virtual Private Cloud

Support for IPv6 static routes with a next hop instance identified by address (next-hop-address) is available in Preview.

Bring your own IP lets you bring your own public IPv6 addresses to Google Cloud. IPv6 BYOIP addresses can be used with external passthrough Network Load Balancers. Bring your own IP for IPv6 addresses is available in General Availability.

June 01, 2024

reCAPTCHA Enterprise

reCAPTCHA launches three usage-based tiers: Enterprise, Standard, and Essentials. For more information about these tiers, see Compare features between reCAPTCHA tiers.

May 31, 2024

Access Approval

Access Approval supports Cloud Service Mesh in the Preview stage.

Access Approval supports Apigee in the Preview stage.

Access Approval supports Resource Manager in the GA stage.

Apigee Integrated Portal

On May 31, 2024 we released an updated version of Apigee integrated portal.

This release includes the general availability (GA) of integrated portal APIs which allow you to manage your integrated portal APIs and reference documentation using API calls. The available functionality has not changed since the public preview release.

The catalog items list view now uses pagination when making requests to the portals service, examples have been added to Publishing your APIs, and new reference documentation is available:

BigQuery

You can now use IAM conditions to control access to BigQuery resources. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the Analyze IAM Policies APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Cloud Config Manager API
    • config.googleapis.com/Deployment
  • Cloud Monitoring
    • monitoring.googleapis.com/NotificationChannel
    • monitoring.googleapis.com/Snooze
Cloud SQL for SQL Server

Cloud SQL for SQL Server now supports storage of point-in-time recovery (PITR) transaction logs in Cloud Storage.

Compute Engine

Creating a larger (>90 vCPUs) C3D standard-lssd or highmem-lssd VM results in an error message. See Known issues for the workaround. Larger C3D VMs that don't require -lssd are not impacted.

Dataflow

You can now use Metrics Explorer to find individual DoFns that cause latencies in streaming jobs. These metrics are available in streaming pipelines that use Apache Beam 2.53.0 and later versions. The following new metrics are available:

  • Average message processing time per DoFn (job/dofn_latency_average)
  • Maximum message processing time per DoFn (job/dofn_latency_max)
  • Minimum message processing time per DoFn (job/dofn_latency_min)
  • Number of messages processed per DoFn (job/dofn_latency_num_messages)
  • Oldest active message processing time per DoFn (job/oldest_active_message_age)
  • Total message processing time per DoFn (job/dofn_latency_total)

For more information about Dataflow metrics, see Google Cloud metrics.

Generative AI on Vertex AI

Anthropic Claude 3.0 Opus model

The Anthropic Claude 3.0 Opus model is Generally Available. To learn more, see its model card in Model Garden.

Generative AI on Vertex AI Regional APIs

Generative AI on Vertex AI regional APIs are available in the following three regions:

  • us-east5
  • me-central1
  • me-central2

Policy Intelligence

Activity Analyzer checks service activation and quota for the project that you're using to analyze access (the client project) instead of the projects whose resources you're analyzing (the resource projects). As a result, you only need to enable the Policy Analyzer API in your client project, not in your resource projects.

Security Command Center

VM Threat Detection's malware detector released to General Availability

Virtual Machine Threat Detection, a built-in service of Security Command Center, launched the Malware: Malicious file on disk (YARA) detector to GA. This detector generates a finding if an executable file in a virtual machine matches known malware signatures.

Spanner

Spanner now supports the protocol buffer data type in GoogleSQL. For more information, see Work with protocol buffers in GoogleSQL.

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.61.0 (2024-04-30)

Features
  • spanner/admin/instance: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity... (#9693) (aa93790)
  • spanner/executor: Add SessionPoolOptions, SpannerOptions protos in executor protos (2cdc40a)
  • spanner: Add support for change streams transaction exclusion option (#9779) (979ce94)
  • spanner: Support MultiEndpoint (#9565) (0ac0d26)
Bug Fixes
  • spanner/test/opentelemetry/test: Bump x/net to v0.24.0 (ba31ed5)
  • spanner: Bump x/net to v0.24.0 (ba31ed5)
  • spanner: Fix uint8 conversion (9221c7f)

1.62.0 (2024-05-15)

Features
  • spanner/admin/database: Add support for multi region encryption config (3e25053)
  • spanner/executor: Add QueryCancellationAction message in executor protos (292e812)
  • spanner: Add RESOURCE_EXHAUSTED to the list of retryable error codes (1d757c6)
  • spanner: Add support for Proto Columns (#9315) (3ffbbbe)
Bug Fixes

1.63.0 (2024-05-24)

Features

Java

Changes for google-cloud-spanner

6.65.1 (2024-04-30)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.43.0 (#3066) (97b0a93)
Documentation

6.66.0 (2024-05-03)

Features
  • Allow DDL with autocommit=false (#3057) (22833ac)
  • Include stack trace of checked out sessions in exception (#3092) (ba6a0f6)
Bug Fixes
  • Multiplexed session metrics were not included in refactor move (#3088) (f3589c4)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#3082) (ddfc98e)

6.67.0 (2024-05-22)

Features
  • Add tracing for batchUpdate, executeUpdate, and connections (#3097) (45cdcfc)
Performance Improvements
  • Minor optimizations to the standard query path (#3101) (ec820a1)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.44.0 (#3099) (da44e93)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#3116) (d205a73) (d205a73)

Node.js

Changes for @google-cloud/spanner

7.8.0 (2024-05-24)

Features
  • Add RESOURCE_EXHAUSTED to the list of retryable error codes (#2032) (a4623c5)
  • Add support for multi region encryption config (81fa610)
  • Add support for Proto columns (#1991) (ae59c7f)
  • spanner: Add support for change streams transaction exclusion option (#2049) (d95cab5)
Bug Fixes

Python

Changes for google-cloud-spanner

3.46.0 (2024-05-02)

Features
  • spanner: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (293ecda)
Documentation
Vertex AI

Model Monitoring v2 is in Preview, which centralizes model monitoring configuration and visualization on a model version and enables monitoring models being served outside of Vertex AI. For more information, see Vertex AI Model Monitoring overview.

Vertex AI Regional APIs

Vertex AI regional APIs are available in the following seven regions:

  • us-east5
  • us-south1
  • africa-south1
  • europe-southwest1
  • europe-west12
  • me-central1
  • me-central2

Vertex AI Agent Builder

Vertex AI Search: Document ranking API (GA)

The ranking API takes a list of documents and reranks those documents based on how relevant the documents are to a query. This is a stateless API that does not require you to index documents in advance.

The ranking API is Generally available (GA).

For more information, see Rank and rerank documents.

Workflows

May 30, 2024

Agent Assist

Agent Assist now offers Summarization with custom sections as a GA feature. See the Summarization documentation for details.

Anthos Config Management

Upgraded bundled Helm version from v3.14.3 to v3.14.4 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

Upgraded the Open Telemetry image from v0.91.0-gke.9 to v0.99.0-gke.1 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.

Fixed an issue where Config Sync installation would fail when using a private registry with a specified port in the image URL.

BigQuery

You can now define a _CHANGE_SEQUENCE_NUMBER for BigQuery change data capture (CDC) to manage streaming UPSERT ordering for BigQuery. This feature is in preview.

Confidential Space

A new Confidential Space image (240500) is now available. This image provides the following fixes:

  • Fixed an issue where default service account credentials would expire after 1 hour, causing Failed to fetch signatures from the target repo errors.
  • Fixed a concurrent TPM access issue.
Contact Center AI Platform

Web SDK 2.20 is released

For more information, see Web SDK changelog.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.104-debian10, 2.0.104-rocky8, 2.0.104-ubuntu18
  • 2.1.52-debian11, 2.1.52-rocky8, 2.1.52-ubuntu20, 2.1.52-ubuntu20-arm
  • 2.2.18-debian12, 2.2.18-rocky9, 2.2.18-ubuntu22

New Dataproc Serverless for Spark runtime versions:

  • 1.1.63
  • 1.2.7
  • 2.0.71
  • 2.1.50
  • 2.2.7

Dataproc Serverless for Spark: Subminor version 2.1.50 is the last release of runtime version 2.1, which will no longer be supported and will not receive new releases.

Dataproc Serverless for Spark: Removed Spark data lineage support for runtime version 1.2.

Dataproc Serverless for Spark: Enabled Spark checkpoint (spark.checkpoint.compress) and RDD (spark.rdd.compress) compression in the latest 1.2 and 2.2 runtime versions.

Google SecOps

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Akamai WAF (AKAMAI_WAF)
  • Apigee (GCP_APIGEE_X)
  • Array Networks SSL VPN (ARRAYNETWORKS_VPN)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Barracuda Email (BARRACUDA_EMAIL)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • BMC AMI Defender (BMC_AMI_DEFENDER)
  • Carbon Black (CB_EDR)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Sandblast (CHECKPOINT_EDR)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco AMP (CISCO_AMP)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco ISE (CISCO_ISE)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco VPN (CISCO_VPN)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloud Storage Context (N/A)
  • Cohesity (COHESITY)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • ESET AV (ESET_AV)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 VPN (F5_VPN)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • FortiGate (FORTINET_FIREWALL)
  • GMAIL Logs (GMAIL_LOGS)
  • HID DigitalPersona (HID_DIGITALPERSONA)
  • Honeyd (HONEYD)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM AS/400 (IBM_AS400)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Security Verify (IBM_SECURITY_VERIFY)
  • Infoblox (INFOBLOX)
  • Island Browser logs (ISLAND_BROWSER)
  • JAMF CMDB (JAMF)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper Mist (JUNIPER_MIST)
  • Kubernetes Node (KUBERNETES_NODE)
  • Linux Auditing System (AuditD) (AUDITD)
  • ManageEngine ADAudit Plus (ADAUDIT_PLUS)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • NetDocuments Solutions (NETDOCUMENTS)
  • Netwrix (NETWRIX)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta (OKTA)
  • OneLogin (ONELOGIN_SSO)
  • Opengear Remote Management (OPENGEAR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • pfSense (PFSENSE)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Qumulo FS (QUMULO_FS)
  • Rapid7 (RAPID7_NEXPOSE)
  • Rapid7 Insight (RAPID7_INSIGHT)
  • Rubrik Polaris (RUBRIK_POLARIS)
  • SailPoint IAM (SAILPOINT_IAM)
  • SAP SuccessFactors (SAP_SUCCESSFACTORS)
  • Semperis DSP (SEMPERIS_DSP)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • Signal Sciences WAF (SIGNAL_SCIENCES_WAF)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • SonicWall (SONIC_FIREWALL)
  • Sophos Central (SOPHOS_CENTRAL)
  • Sophos UTM (SOPHOS_UTM)
  • Spur data feeds (SPUR_FEEDS)
  • Suricata EVE (SURICATA_EVE)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Tanium Audit (TANIUM_AUDIT)
  • Thinkst Canary (THINKST_CANARY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Twingate (TWINGATE)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Veeam (VEEAM)
  • Verba Recording System (VERBA_REC)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • VMware ESXi (VMWARE_ESX)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Winscp (WINSCP)
  • WordPress (WORDPRESS_CMS)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zeek TSV (BRO_TSV)
  • Zix Email Encryption (ZIX_EMAIL_ENCRYPTION)
  • Zscaler (ZSCALER_WEBPROXY)
  • ZScaler DNS (ZSCALER_DNS)
  • Zscaler Private Access (ZSCALER_ZPA)

The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

  • Akamai Log Delivery Service (AKAMAI_LDS)
  • AudioCodes Voice DNA (AUDIOCODES)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Axway (AXWAY)
  • Biztalk (BIZTALK)
  • Check Point FDE (CHECKPOINT_FDE)
  • Cimcor | File Integrity Monitoring (CIMCOR)
  • CS Alerts (CS_ALERTS)
  • Custom CSV Log (CUSTOM_CSV_LOG)
  • Cyral (CYRAL)
  • Druva (DRUVA)
  • Entrust DataControl Audit (ENTR_DATACTRL_AUDIT)
  • Ergon Informatik Airlock IAM (ERGON_INFORMATIK_AIRLOCK_IAM)
  • Eset Protect Platform (ESET_PROTECT_PLATFORM)
  • Exim Internet Mailer (EXIM_INTERNET_MAILER)
  • FM Systems Workplace Management (FM_SYSTEMS)
  • GluWare Network Automation (GLUWARE_NETWORK_AUTOMATION)
  • Guidewire Billing Center (GUIDEWIRE_BILLING_CENTER)
  • Guidewire Claim Center (GUIDEWIRE_CLAIM_CENTER)
  • Guidewire Policy Center (GUIDEWIRE_POLICY_CENTER)
  • HAVI Connect (HAVI_CONNECT)
  • IBM OpenPages (IBM_OPENPAGES)
  • Ingrian Networks DataSecure Appliance (INGRIAN_NETWORKS_DATASECURE_APPLIANCE)
  • iSecurity | Security Services and Remediation (ISECURITY)
  • iTop (ITOP)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Graph Risky Users (MICROSOFT_GRAPH_RISKY_USERS)
  • NetApp BlueXP (NETAPP_BLUEXP)
  • Netgate Firewall (NETGATE_FIREWALL)
  • 1KOSMOS | Identity and Authentication (ONEKOSMOS)
  • Palo Alto Global Protect SVC (PAN_GPSVC)
  • Palo Alto SSLVPN Access (PAN_SSLVPN_ACCESS)
  • Palo Alto Telemetry (PAN_TELEMETRY)
  • Proofpoint Endpoint Data Loss Prevention (PROOFPOINT_ENDPOINT_DLP)
  • SAP ERP (SAP_ERP)
  • Ubika WAAP (UBIKA_WAAP)
  • Webroot Endpoint Protection (WEBROOT)
  • Wolters Kluwer Teammate (WOLTERS_KLUWER_TEAMMATE)
  • Xirrus Wireless Controller (XIRRUS)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Akamai WAF (AKAMAI_WAF)
  • Apigee (GCP_APIGEE_X)
  • Array Networks SSL VPN (ARRAYNETWORKS_VPN)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Barracuda Email (BARRACUDA_EMAIL)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • BMC AMI Defender (BMC_AMI_DEFENDER)
  • Carbon Black (CB_EDR)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Sandblast (CHECKPOINT_EDR)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco AMP (CISCO_AMP)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco ISE (CISCO_ISE)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco VPN (CISCO_VPN)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloud Storage Context (N/A)
  • Cohesity (COHESITY)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • ESET AV (ESET_AV)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 VPN (F5_VPN)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • FortiGate (FORTINET_FIREWALL)
  • GMAIL Logs (GMAIL_LOGS)
  • HID DigitalPersona (HID_DIGITALPERSONA)
  • Honeyd (HONEYD)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM AS/400 (IBM_AS400)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Security Verify (IBM_SECURITY_VERIFY)
  • Infoblox (INFOBLOX)
  • Island Browser logs (ISLAND_BROWSER)
  • JAMF CMDB (JAMF)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper Mist (JUNIPER_MIST)
  • Kubernetes Node (KUBERNETES_NODE)
  • Linux Auditing System (AuditD) (AUDITD)
  • ManageEngine ADAudit Plus (ADAUDIT_PLUS)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • NetDocuments Solutions (NETDOCUMENTS)
  • Netwrix (NETWRIX)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta (OKTA)
  • OneLogin (ONELOGIN_SSO)
  • Opengear Remote Management (OPENGEAR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • pfSense (PFSENSE)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Qumulo FS (QUMULO_FS)
  • Rapid7 (RAPID7_NEXPOSE)
  • Rapid7 Insight (RAPID7_INSIGHT)
  • Rubrik Polaris (RUBRIK_POLARIS)
  • SailPoint IAM (SAILPOINT_IAM)
  • SAP SuccessFactors (SAP_SUCCESSFACTORS)
  • Semperis DSP (SEMPERIS_DSP)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • Signal Sciences WAF (SIGNAL_SCIENCES_WAF)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • SonicWall (SONIC_FIREWALL)
  • Sophos Central (SOPHOS_CENTRAL)
  • Sophos UTM (SOPHOS_UTM)
  • Spur data feeds (SPUR_FEEDS)
  • Suricata EVE (SURICATA_EVE)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Tanium Audit (TANIUM_AUDIT)
  • Thinkst Canary (THINKST_CANARY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Twingate (TWINGATE)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Veeam (VEEAM)
  • Verba Recording System (VERBA_REC)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • VMware ESXi (VMWARE_ESX)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Winscp (WINSCP)
  • WordPress (WORDPRESS_CMS)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zeek TSV (BRO_TSV)
  • Zix Email Encryption (ZIX_EMAIL_ENCRYPTION)
  • Zscaler (ZSCALER_WEBPROXY)
  • ZScaler DNS (ZSCALER_DNS)
  • Zscaler Private Access (ZSCALER_ZPA)

The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

  • Akamai Log Delivery Service (AKAMAI_LDS)
  • AudioCodes Voice DNA (AUDIOCODES)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Axway (AXWAY)
  • Biztalk (BIZTALK)
  • Check Point FDE (CHECKPOINT_FDE)
  • Cimcor | File Integrity Monitoring (CIMCOR)
  • CS Alerts (CS_ALERTS)
  • Custom CSV Log (CUSTOM_CSV_LOG)
  • Cyral (CYRAL)
  • Druva (DRUVA)
  • Entrust DataControl Audit (ENTR_DATACTRL_AUDIT)
  • Ergon Informatik Airlock IAM (ERGON_INFORMATIK_AIRLOCK_IAM)
  • Eset Protect Platform (ESET_PROTECT_PLATFORM)
  • Exim Internet Mailer (EXIM_INTERNET_MAILER)
  • FM Systems Workplace Management (FM_SYSTEMS)
  • GluWare Network Automation (GLUWARE_NETWORK_AUTOMATION)
  • Guidewire Billing Center (GUIDEWIRE_BILLING_CENTER)
  • Guidewire Claim Center (GUIDEWIRE_CLAIM_CENTER)
  • Guidewire Policy Center (GUIDEWIRE_POLICY_CENTER)
  • HAVI Connect (HAVI_CONNECT)
  • IBM OpenPages (IBM_OPENPAGES)
  • Ingrian Networks DataSecure Appliance (INGRIAN_NETWORKS_DATASECURE_APPLIANCE)
  • iSecurity | Security Services and Remediation (ISECURITY)
  • iTop (ITOP)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Graph Risky Users (MICROSOFT_GRAPH_RISKY_USERS)
  • NetApp BlueXP (NETAPP_BLUEXP)
  • Netgate Firewall (NETGATE_FIREWALL)
  • 1KOSMOS | Identity and Authentication (ONEKOSMOS)
  • Palo Alto Global Protect SVC (PAN_GPSVC)
  • Palo Alto SSLVPN Access (PAN_SSLVPN_ACCESS)
  • Palo Alto Telemetry (PAN_TELEMETRY)
  • Proofpoint Endpoint Data Loss Prevention (PROOFPOINT_ENDPOINT_DLP)
  • SAP ERP (SAP_ERP)
  • Ubika WAAP (UBIKA_WAAP)
  • Webroot Endpoint Protection (WEBROOT)
  • Wolters Kluwer Teammate (WOLTERS_KLUWER_TEAMMATE)
  • Xirrus Wireless Controller (XIRRUS)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SOAR

Release 6.3.4 is now in General Availability.

Looker Studio

Looker connector support for filter-only fields

Filters that are defined in LookML models with the parameter and filter LookML parameters are now displayed as filter-only fields in Looker Studio charts that use a Looker data source.

Learn more about LookML filters for Looker data sources.

NetApp Volumes

The Standard in Preview service level is now called Flex and is generally available. You can now use the Flex service level in additional regions. For more information, see NetApp Volumes key features.

The volume replication feature for the Flex service level is now generally available. For more information, see Considerations for volume replication.

The Flex service level now supports zone-redundant storage pools (in Preview). For more information, see Switch active and replica zones.

NetApp Volumes now supports auto-tiering (in Preview). For more information, see Auto-tiering.

Policy Controller

Policy Controller bundles have been updated to use cis-gke-v1.5.0: 202405.0. For reference, see Policy Controller bundles overview.

Security Command Center

Mute state of findings display in alerts, cases, and tickets

The mute state of a finding is now reflected in its corresponding alert, case, and tickets in the Security Operations console of Security Command Center Enterprise. Previously, muted findings displayed only their Active status. For more information, see Finding status in Cases overview.

Finding severities update in cases automatically

In the Security Operations console of Security Command Center Enterprise, the severity of each finding is displayed in its corresponding case in the Finding summary widget. If the severity of a finding changes, the case is updated automatically. For more information, see Finding severity versus case priority.

Workflows

The maximum number of concurrent workflow executions has increased from 5,000 to 7,500.

May 29, 2024

Apigee Advanced API Security

On May 29, 2024 we released a new version of Advanced API Security

NOTE: Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You might not be able to use the functionality until the rollout is complete.

Preview release of Shadow API Discovery

This release introduces Shadow API Discovery in preview. Shadow API Discovery finds shadow APIs (also known as undocumented or unmanaged APIs) in your existing cloud infrastructure. Shadow APIs pose a security risk to your system, since they might be unsecured, unmonitored, and unmaintained.

For a feature overview and usage information, see Shadow API Discovery.

Apigee X

On May 29, 2024 we released an updated version of Apigee

Preview release of API Management features in Gemini Code Assist: generative AI API spec creation with enterprise context and Apigee policy code explanation. This release also includes the preview release of enhanced API hub interaction in Cloud Code.

This release introduces features for Gemini Code Assist API management:

  • Use Gemini Code Assist to facilitate API design including OpenAPI spec generation with enterprise context from natural language prompts and built in visual API designer to further refine the specification.
  • Code explain for Apigee policies: When adding or editing a proxy policy, highlight part of the policy XML code, such as an element or attribute, to see Gemini Assist-generated information and guidance about the selection.

For more information and usage instructions, see Use Gemini Code Assist.

This release also includes updates to API hub interaction from Cloud Code: An update to the Cloud Code extension enables you to interact with any API in your API hub using a mock server in Cloud Code, make changes to the API, and publish it back to API hub. For information and usage instructions, see Edit APIs.

BigQuery

The maximum number of partitions per partitioned table limit has changed from 4,000 to 10,000.

Cloud Logging

Ops Agent version 2.47.0 introduces support for Compute Engine VMs that are running Ubuntu 24.04 LTS (Noble Numbat). For more information, see Operating systems.

Cloud Monitoring

Ops Agent version 2.47.0 introduces support for Compute Engine VMs that are running Ubuntu 24.04 LTS (Noble Numbat). For more information, see Operating systems.

Cloud SQL for MySQL

Cloud SQL for MySQL major versions that have reached community end-of-life (EOL) will receive extended support starting on February 1, 2025. For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL major versions that have reached community end-of-life (EOL) will receive extended support starting on February 1, 2025. For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

Dataform

Dataform Core includeDependentAssertions and dependOnDependencyAssertions parameters for adding assertions as dependencies are available.

You can set the includeDependentAssertions parameter in a selected action to automatically add assertions of a selected dependency action as dependencies of the edited action.

You can set dependOnDependencyAssertions the parameter in a selected action to automatically add assertions of all dependency actions as dependencies of the edited action.

For more information, see Set assertions as dependencies.

Dialogflow

Dialogflow CX: You can now integrate with Soul Machines to create 3-D avatars.

Gemini Code Assist in Apigee

On May 29, 2024 we released an updated version of Gemini Code Assist features for use with Apigee

Preview release of API Management features in Gemini Code Assist: generative AI API spec creation with enterprise context and Apigee policy code explanation.

This release introduces features for Gemini Code Assist API management:

  • Use Gemini Code Assist to facilitate API design including OpenAPI spec generation with enterprise context from natural language prompts and built in visual API designer to further refine the specification.
  • Code explain for Apigee policies: When adding or editing a proxy policy, highlight part of the policy XML code, such as an element or attribute, to see Gemini Assist-generated information and guidance about the selection.

For more information and usage instructions, see Use Gemini Code Assist.

Google Cloud Architecture Center

Design an optimal storage strategy for your cloud workload: Added information about the Regional service tier of Filestore.

Google SecOps SOAR

Release 6.3.5 is currently in Preview.

Trying to set an SLA definition that is too similar to an existing one results in an incorrect error message (ID #00289305)

Tags not showing as expected in the Search page (ID #50691614)

All Environments is not supported when importing networks from CSV (ID #00276371)

Action All CVE Entity filter is not working (ID #51310124)

Subject Entity Search Filters are not working properly (ID #50841312)

Case actions - generate report has missing content (ID #50620576)

Live Stream API Network Connectivity Center

Preset topologies are now available in public preview. Network Connectivity Center lets you specify connectivity configuration across all VPC spokes.

Spanner

Spanner now supports the following new columns in the SPANNER_SYS query statistics table:

  • AVG_MEMORY_PEAK_USAGE_BYTES
  • AVG_MEMORY_USAGE_PERCENTAGE
  • AVG_QUERY_PLAN_CREATION_TIME_SECS
  • AVG_FILESYSTEM_DELAY_SECS
  • AVG_REMOTE_SERVER_CALLS
  • AVG_ROWS_SPOOLED
VPC Service Controls

Preview stage support for the following integration:

  • Kubernetes Metadata API

For more information, see Anthos On-Prem API, Google Kubernetes Engine, and GKE Multi-Cloud.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.5.1 is now available for iOS.

This version contains improvement in the detection of network errors.

reCAPTCHA Enterprise Mobile SDK v18.5.1 is now available for Android.

This version contains improvement in the detection of network errors.

reCAPTCHA SMS toll fraud protection is now available in Preview. For more information, see Detect and prevent SMS fraud.

May 28, 2024

Apigee hybrid

ANNOUNCEMENT

hybrid 1.12.0-hotfix.1

On May 28, 2024 we released an updated version of the Apigee hybrid software, 1.12.0-hotfix.1.

Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.12.0, you can install this hotfix release by downloading the charts with the version tag 1.12.0-hotfix.1 and updating the apigee-operator and apigee-datastore charts with the helm upgrade command and your current overrides files.

For example: 

export CHART_REPO=oci://us-docker.pkg.dev/apigee-release/apigee-hybrid-helm-charts
export CHART_VERSION=1.12.0-hotfix.1
helm pull $CHART_REPO/apigee-operator --version $CHART_VERSION --untar
helm pull $CHART_REPO/apigee-datastore --version $CHART_VERSION --untar

helm upgrade operator apigee-operator/ \
  --namespace apigee-system \
  --atomic \
  -f overrides.yaml 
helm upgrade datastore apigee-datastore/ \
  --namespace apigee \
  --atomic \
  -f overrides.yaml
Bug ID Description
340889560 Added csi to the apigee-logger SCC.
339849002 Hashicorp Vault integration issues fixed for Google Service Account for Cassandra Backup/Restore.
Bare Metal Solution

You can now order Bare Metal Solution storage and Partner Interconnect resources on a 1 month commitment term. This feature is generally available (GA).

BigQuery

The following Generative AI features are now in preview:

Try these features with the Generate text by using the ML.GENERATE_TEXT function how-to topic.

Cloud Monitoring

Announcing new Open Telemetry samples that show how to instrument your Python and Node.js applications to collect metrics, logs, and traces:

For general instrumentation information and recommendations, and for links to other samples, see:

Cloud Trace

You can now search a trace for keywords. For more information, see Search a trace.

Announcing new Open Telemetry samples that show how to instrument your Python and Node.js applications to collect metrics, logs, and traces:

For general instrumentation information and recommendations, and for links to other samples, see:

Cloud Translation

For adaptive translations, when you use the API, you can include up to five reference sentence pairs in a request instead of specifying a dataset.

Cloud Workstations

The Code-OSS preconfigured base image uses version 1.89.1.

Contact Center AI Platform

Version 3.16 is released

All release notes published on this date are part of version 3.16.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

End co-browse sessions using the Apps API

The Apps API has the following new endpoint that lets you end a co-browse session using an external session ID: POST /apps/api/v1/cobrowse_sessions/{external_session_id}/end. For more information, see Co-browse.

The agent adapter generates co-browse events

The agent adapter generates events during co-browse sessions. You can use these events to get insights into co-browse session details, such as start and end times and the modes that are requested or accepted by the end-user. For more information, see Event types.

The Next UI is supported in the ServiceNow integration

The Next UI experience is supported in the ServiceNow CRM integration.

Fixed an issue that prevented agents from selecting their next status to exit a campaign when the current call is concluded.

Fixed the problem of the created_at field being missing from add_started_activity.

Container Optimized OS

cos-105-17412-370-39

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Improved boot time on A3 machines by around 5 seconds.

Fixed system-accounts-secured benchmark by changing the system account range used in the benchmark.

Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.

Runtime sysctl changes:

  • Changed: fs.file-max: 813024 -> 812685

cos-113-18244-85-17

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Improved boot time on A3 machines by around 5 seconds.

Fixed CVE-2024-21626 in runc in kubelet.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.

Runtime sysctl changes:

  • Changed: fs.file-max: 812391 -> 812030

cos-109-17800-218-37

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Improved boot time on A3 machines by around 5 seconds.

Fixed CVE-2024-21626 in runc in kubelet.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002, CVE-2024-32020, CVE-2024-32465, CVE-2024-32004, CVE-2024-32021.

Runtime sysctl changes:

  • Changed: fs.file-max: 812597 -> 812196

cos-101-17162-463-29

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Fixed system-accounts-secured benchmark by changing the system account range used in the benchmark.

Updated sys-apps/apparmor to v2.13.11. This resolves CVE-2016-1585.

Updated net-libs/gnutls to v3.8.5. This fixes CVE-2024-28834.

Dataplex

Dataplex automatic data quality supports the following capabilities:

  • Email notifications to alert people about the status and results of a data quality job
  • Data quality scores that indicate the percentage of rules that passed
  • API support for rule recommendations based on data profiling scans

For more information, see Use auto data quality and Auto data quality overview.

Document AI

Model pretrained-foundation-model-v1.2-2024-05-10 is available for custom extractor. For more information about available models, see Custom extractor model versions.

Generative AI on Vertex AI

Gemini models support the frequencyPenalty and presencePenalty parameters. Use frequencyPenalty to control the probability of repeated text in a response. Use presencePenalty to control the probability of generating more diverse content. For more information, see Gemini model parameters.

Google Cloud Architecture Center

(New guide) Build an ML vision analytics solution with Dataflow and Cloud Vision API: Deploy a Dataflow pipeline to process large-scale image files with Cloud Vision. Dataflow stores the results in BigQuery so that you can use them to train BigQuery ML pre-built models. This architecture is accompanied by a reference architecture and a deployment guide.

Google Distributed Cloud (software only) for VMware

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

Google Distributed Cloud doesn't use a vulnerable version of Fluent Bit and is unaffected.

Google Distributed Cloud (software only) for bare metal

Release 1.16.9

Google Distributed Cloud for bare metal 1.16.9 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.9 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud software.

Fixes:

The following container image security vulnerabilities have been fixed in 1.16.9:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Security bulletin (all minor versions)

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

Google Distributed Cloud software doesn't use a vulnerable version of Fluent Bit and is unaffected.

For more information, see the GCP-2024-031 security bulletin.

Google Kubernetes Engine

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.26.14-gke.1044001 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.

Regular channel

  • Version 1.28.9-gke.1000000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1243000
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
    • 1.28.9-gke.1069000
    • 1.29.4-gke.1043001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1000000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1360000
    • 1.27.13-gke.1166000
    • 1.27.14-gke.1011000
    • 1.28.9-gke.1209000
    • 1.28.10-gke.1012000
    • 1.29.4-gke.1165000
    • 1.29.5-gke.1010000
    • 1.30.1-gke.1015000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1201000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1670000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1670000 with this release.

(2024-R17) Version updates

(2024-R17) Version updates

  • Version 1.26.14-gke.1044001 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090000 with this release.

(2024-R17) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1360000
    • 1.27.13-gke.1166000
    • 1.27.14-gke.1011000
    • 1.28.9-gke.1209000
    • 1.28.10-gke.1012000
    • 1.29.4-gke.1165000
    • 1.29.5-gke.1010000
    • 1.30.1-gke.1015000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1320000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.13-gke.1201000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.9-gke.1289000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1670000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1670000 with this release.

(2024-R17) Version updates

  • Version 1.28.9-gke.1000000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1243000
    • 1.27.12-gke.1115000
    • 1.28.8-gke.1095000
    • 1.28.9-gke.1069000
    • 1.29.4-gke.1043001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1000000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1000000 with this release.
Memorystore for Redis Cluster

Added support for Deletion protection for Memorystore for Redis Cluster.

Vertex AI

Vector Search sparse embeddings and hybrid search in Public preview

Vector Search supports sparse embeddings and hybrid search in Public preview. Hybrid search uses both dense and sparse embeddings, which lets you search based on a combination of keyword search and semantic search. For how to format dense, sparse, and hybrid embeddings, see Input data and structure.

May 27, 2024

Anthos clusters on AWS

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

GKE on AWS doesn't use a vulnerable version of Fluent Bit and is unaffected.

For more information, see the GCP-2024-031 security bulletin.

Anthos clusters on Azure

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

GKE on Azure doesn't use a vulnerable version of Fluent Bit and is unaffected.

For more information, see the GCP-2024-031 security bulletin.

BigQuery

A weekly digest of client library updates from across the Google Cloud SDK.

Python

Changes for google-cloud-bigquery

3.23.1 (2024-05-21)

Performance Improvements
  • Decrease the threshold in which we use the BigQuery Storage Read API (#1925) (eaa1a52)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.3 (2024-05-21)

Bug Fixes
Cloud Composer

Cloud Composer 2 now supports data lineage for environments that have CMEK enabled.

Cloud Composer 2.8.1 images are available:

  • composer-2.8.1-airflow-2.7.3 (default)
  • composer-2.8.1-airflow-2.6.3
Cloud Data Fusion

The Decompress plugin version 1.2.1 is available in the Hub in Cloud Data Fusion version 6.10.1 and later. The release fixes an issue in the Decompress plugin causing concatenated GZIP files (.gz) to not decompress as intended. In version 1.2.1, decompression occurs until EOF is reached (PLUGIN-1743).

The Cloud Storage Multi File sink plugin version 0.22.8 is available in Cloud Data Fusion version 6.9.2. The release fixes an issue in the Cloud Storage Multi File sink causing pipelines to fail when a Flexible schema was set to true (PLUGIN-1780).

Cloud Storage

Cloud Storage FUSE now offers the following features:

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.11.1 (2024-05-21)

Bug Fixes
  • Add missing projectIdentifier to GetServiceAccountOptions (#2468) (d49e9d2)
  • Allow files in directories to be downloaded onto local machine (#2199) (9f62429)
  • Do not set customEndpoint if apiEndpoint === default (#2460) (b4dbd73)
  • Improve GetFilesResponse interface (#2466) (918db28)

Java

Changes for google-cloud-storage

2.39.0 (2024-05-22)

Features
  • Plumb PartNamingStrategy for Parallel Composite Uploads in Transfer Manager (#2547) (79d721d)
Bug Fixes
  • Update GapicUnbufferedChunkedResumableWritableByteChannel to be tolerant of non-quantum writes (#2537) (1701fde)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#2550) (e9807ec)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#2552) (a207829)
Cloud Workstations

Cloud Workstations is available in the southamerica-east1 region (Osasco, São Paulo, Brazil, South America). For more information, see Locations.

Cloud Workstations is available in the us-east5 region (Columbus, Ohio, North America). For more information, see Locations.

Dataproc Metastore

Dataproc Metastore services can now enable deletion-protection to prevent the accidental removal of new or existing services.

Google Cloud Marketplace Partners

We've added a new field, cancellation_reason, on the Entitlement resource that provides context around why an entitlement was cancelled.

Google Kubernetes Engine

A new vulnerability (CVE-2024-4323) has been discovered in Fluent Bit that could result in remote code execution. Fluent Bit versions 2.0.7 through 3.0.3 are affected.

GKE doesn't use a vulnerable version of Fluent Bit and is unaffected.

For more information, see the GCP-2024-031 security bulletin.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.129.6 (2024-05-23)

Dependencies
  • Update dependency com.google.cloud:google-cloud-storage to v2.39.0 (#2040) (eb6bd9c)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#2035) (40fdd7a)
SAP on Google Cloud

ABAP SDK for Google Cloud version v1.7

Version 1.7 of the ABAP SDK for Google Cloud is generally available (GA). This version brings in expanded support for more Google Cloud APIs, authentication improvements for Cloud Functions, SDK feature enhancements, and bug fixes.

For more information, see What's new with the ABAP SDK for Google Cloud.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.1 (2024-05-22)

Bug Fixes
  • secretmanager: Enable cloud.google.com/go/auth (#10248) (532d8fb)

May 26, 2024

Application Integration

The TIBCO EMS trigger is now available in preview.

May 24, 2024

Artifact Registry

Cleanup policies for Artifact Registry are Generally Available (GA).

Cleanup policies help you manage artifacts by automatically deleting artifacts that you no longer need, while keeping artifacts that you want to store.

Deletions requested by Cleanup policies count against Artifact Registry delete request quota and limits.

Generative AI on Vertex AI

The Gemini 1.5 Pro (gemini-1.5-pro-001) and Gemini 1.5 Flash (gemini-1.5-flash-001) models are Generally Available. For more information, see Google models, Overview of the Gemini API, and Send multimodal prompt requests.

Google Cloud Armor

Cloud Armor supports Layer 7 filtering in globally scoped edge security policies for Media CDN in Preview.

Google Cloud VMware Engine

When you initiate deletion of a private cloud, billing now stops immediately, but the deletion might take up to 24 hours to complete.

This lets you contact support if you need to stop the deletion. During the deletion of the private cloud, it is still visible in the console, and your VMs continue to run.

If necessary, disable or reconfigure networking components.

Google Kubernetes Engine

GKE now provides insights and recommendations to create a backup plan for unprotected clusters that have existed for more than 7 days. These insights and recommendations are currently available in us-central1-a. See Backup for GKE and protect clusters with Backup for GKE documents for details.

Google SecOps SOAR Media CDN

Dual-token authentication is Generally Available. You can now enable this feature by using the Google Cloud Console in addition to the gcloud SDK and REST API. When this feature is enabled, Media CDN uses a short-duration token and a long-duration token to authenticate requests.

You can use the globally scoped edge security policies of Cloud Armor for Layer 7 filtering. This feature is in Preview. For an example, see Example: Deny requests for cached content with specific headers.

May 23, 2024

BigQuery

In BigQuery ML univariate time series models, the FORECAST_LIMIT_LOWER_BOUND and FORECAST_LIMIT_UPPER_BOUND parameters now work with the TIME_SERIES_ID_COL parameter. The FORECAST_LIMIT_LOWER_BOUND and FORECAST_LIMIT_UPPER_BOUND arguments let you set the lower and upper bounds of the forecasted values returned by the model. Try this feature with the Limit forecasted values for a time series model tutorial.

BigQuery ML now offers the following Generative AI features:

Cloud SQL for PostgreSQL

Monitoring active queries in Cloud SQL for PostgreSQL, which is part of the Gemini in Databases Preview, is temporarily unavailable. You can still monitor completed queries. For more information about monitoring queries, see Use Query Insights to improve query performance.

Cloud Service Mesh

Anthos Service Mesh and Traffic Director have converged into a single, unified product: Cloud Service Mesh. Cloud Service Mesh brings together features from both products:

  • A fully managed, global, multi-tenant control plane
  • Managed data plane and telemetry for Google Cloud
  • A choice of APIs
    • Open APIs, Istio & Gateway for Kubernetes Engine
    • Service Routing APIs for Compute Engine and Kubernetes Engine
  • Support for Kubernetes clusters on-prem and on other public clouds

For more information see the Cloud Service Mesh overview.

If you're using the Istio APIs with the Traffic Director control plane implementation, disabling multi-cluster load balancing is not supported.

Dataproc

Blocklisted the following Dataproc on Compute Engine subminor image versions:

  • 2.0.103-debian10, 2.0.103-rocky8, 2.0.103-ubuntu18
  • 2.1.51-debian11, 2.1.51-rocky8, 2.1.51-ubuntu20, 2.1.51-ubuntu20-arm
  • 2.2.17-debian12, 2.2.17-rocky9, 2.2.17-ubuntu22
Filestore Google SecOps SOAR

Release 6.3.4 is currently in Preview.

Unable to edit case comments via API (ID #49966652)

Unable to create or import advanced reports for certain Looker users (ID #00265303)

Error when trying to add a user to Google SecOps SOAR

Event details search option in alert tab stops working (ID #00287518)

SOAR filtering not working due to unsupported commas in names

Unable to re-run the playbooks (ID #00282282)

Google SecOps SOAR fails to return API keys (ID #50630848)

Looker Studio

Looker Studio forum moved to Google Cloud

The Looker Studio Community on Google Cloud is open to all Looker Studio and Looker Studio Pro users to ask questions and interact with fellow Looker Studio customers.

Looker drill fields now available in Looker Studio

Drill fields and links that are defined with the drill_fields and link LookML parameters in Looker are now available to Looker Studio report viewers in the Drill Actions menu on Looker Studio table charts.

Learn more about drill fields in the Looker connector.

New partner connectors

The following partner connectors have been added to the Looker Studio Report Gallery:

SAP on Google Cloud

Google Cloud's Agent for SAP version 3.3

Version 3.3 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements to back up SAP HANA while using the agent's Backint and disk snapshot features. It also introduces support for using hdbuserstore keys to authenticate SAP HANA users.

For more information, see What's new with Google Cloud's Agent for SAP.

Sensitive Data Protection

The TRADE_UNION infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Sovereign Controls by Partners

The Sovereign Controls by SIA/Minsait partner offering is now generally available.

VPC Service Controls

Preview stage support for the following integration:

May 22, 2024

AlloyDB for PostgreSQL

Query federation between BigQuery and AlloyDB is now available in Preview. This feature lets you use BigQuery to query data stored in AlloyDB databases.

BigQuery

The interactive SQL translator, the translation API, and the batch SQL translator features let you translate the following SQL dialects into GoogleSQL:

  • IBM DB2 SQL
  • Greenplum SQL
  • SQLite

These features are in preview.

You can now query data in AlloyDB using a federated query. This feature is in preview.

Cloud Database Migration Service

Database Migration Service now supports migrations to MySQL minor version 8.0.36. See Supported source and destination databases in Cloud SQL for MySQL migrations.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.62
  • 1.2.6
  • 2.0.70
  • 2.1.49
  • 2.2.6

Upgraded Spark BigQuery connector to version 0.36.2 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions.

Google Kubernetes Engine

The C4 machine family is available in Public Preview for Standard clusters running GKE version 1.29.2-gke.1521000 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool. The following limitations apply:

  • GKE versions prior to 1.29.2-gke.1521000 might encounter a volume device path mounting error which can cause Pods to be stuck in a Pending state. If you encounter this issue, try deleting and re-creating the Pod, to trigger re-processing of the volume mount.
  • Confidential GKE nodes are not supported in Public Preview.
  • Local SSD is not supported.
  • Nested virtualization is not supported in Public Preview.

The GKE Container Security API is now enabled automatically when GKE Enterprise is enabled on a project. This change ensures the security and compliance features are ready for use as part of GKE Enterprise activation.

Google SecOps

Enhanced the existing curated detections for AWS rule sets in the Cloud Threats category to add 40 new detections. These new rules, added to existing rule sets, expand the coverage and are designed to identify tactics and techniques commonly employed by malicious actors that use popular open source offensive security tools against AWS resources.

Google SecOps SIEM

Enhanced the existing curated detections for AWS rule sets in the Cloud Threats category to add 40 new detections. These new rules, added to existing rule sets, expand the coverage and are designed to identify tactics and techniques commonly employed by malicious actors that use popular open source offensive security tools against AWS resources.

Security Command Center

New curated detections for existing AWS rule sets

Enhanced the existing curated detections for AWS rule sets in the Cloud Threats category to add 40 new detections. These new rules, added to existing rule sets, expand the coverage and are designed to identify tactics and techniques commonly employed by malicious actors that use popular open source offensive security tools against AWS resources.

For more information, see curated detections for AWS rule sets in the Google Security Operations documentation.

May 21, 2024

Application Integration

Application Integration is now available in Milan (europe-west8). For a list of supported regions, see Application Integration locations.

Backup and DR

Backup and DR Service 11.0.11.323 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.

Backup and DR Service supports migrating from manual protection to the new dynamic protection using tags. It is now also supported on all types of backup/recovery appliances. Learn more.

Backup and DR Service now supports auto patch updates. Learn more.

If the management console and backup/recovery appliance connectivity is not established for more than 6 hours, contact customer support to resolve the issue. This is particularly relevant to the appliance running on version 11.0.11.323 or later. You can check the connection status from the Connectivity column in the Manage > Appliances page.

Bare Metal Solution

You can now order Performance SSD storage for your Bare Metal Solution. For more information and availability in your region, see Performance SSD storage. This feature is generally available (GA). To learn how to order Performance SSD storage, see Order Bare Metal Solution resources.

BigQuery

The following Generative AI features are now in preview:

Try these features with the Generate text by using the ML.GENERATE_TEXT function how-to topic.

Cloud Data Fusion

Cloud Data Fusion version 6.10.1 is generally available (GA). This release is in parallel with the CDAP 6.10.1 release.

Creating a private instance with Private Service Connect is GA in Cloud Data Fusion version 6.10.1.

Per Namespace Service Accounts are GA in Cloud Data Fusion version 6.10.1. For more information, see Access control with namespace service accounts.

Syncing multiple pipelines from a namespace is GA in Cloud Data Fusion version 6.10.1, For more information, see Sync Cloud Data Fusion pipelines with a remote repository.

Changed in Cloud Data Fusion 6.10.1:

  • Source Control Management supports Bitbucket and Gitlab.
  • Cloud Data Fusion uses the subnet used by the shared VPC network attachment in the default compute profile.
  • Added support for option string field (keep-strings) in parse-xml-to-json Wrangler directive (CDAP-20934).
  • The BigQuery sink plugin doesn't provide the Dedupe By option while in insert mode (PLUGIN-900).
  • The BigQuery plugin supports the JSON type (PLUGIN-1563).
  • Improved error messages in the Spanner source (PLUGIN-1748).
  • Improved retries in Pub/Sub plugin (PLUGIN-1769).

Fixed in Cloud Data Fusion 6.10.1:

  • Fixed an issue causing runtime arguments of pipeline triggers to not propagate to downstream pipelines (CDAP-20947).
  • Fixed an issue in Wrangler causing the send-to-error-and-continue directive to not initialize dq_failure when the condition is false (PLUGIN-1736).
  • Fixed an issue that occurs if running a replication pipeline when task workers are enabled (CDAP-20951).
  • Improved error reporting in the BigQuery Sink. Fixed an issue in BigQuery Argument Setter where validation error wasn't displayed correctly (PLUGIN-788, PLUGIN-781, PLUGIN-782, PLUGIN-1318).
  • Improved retries in BigQuery plugin (PLUGIN-1715).
  • Fixed an issue with the Python plugin, where running in native mode doesn't work as intended (PLUGIN-1617).
  • Fixed an issue causing certain connection parameters to not propagate in a MySQL connection (PLUGIN-1728).
  • Fixed an issue causing the Cloud Storage Copy action to timeout while working with large files (PLUGIN-1735).
  • Fixed an issue causing Copy and Move plugins to not create buckets at the destination path as expected, resulting in a runtime error (PLUGIN-1738).
  • Fixed an issue causing empty source input to fail in multiple plugins (PLUGIN-1742).
  • Fixed an issue with remote execution of Wrangler directives causing type information to not be emitted (PLUGIN-1778).
  • Fixed an issue causing a No record field providederror (CDAP-21024).
  • Streaming pipelines in Cloud Data Fusion support the Excel source. Batch pipelines with an Excel source can consume high memory and fail in large pipelines (PLUGIN-1771).
  • Fixed an issue with using the Conditional plugin as a source for Wrangler, causing CDAP not to fetch the necessary schema (CDAP-20890).
  • Fixed an issue with instance upgrades causing existing schedule names to be improperly encoded in the URL, resulting in pre-upgrade failure (CDAP-20999).
  • Fixed an issue with schedules causing the maximum concurrent run property to not work as intended (CDAP-20988).
  • Fixed an issue causing committed ID to incorrectly propagate when pushing pipeline configurations to Git (CDAP-20932).

Cloud Data Fusion version 6.10.1 has a known issue in the Cloud Storage plugin causing pipelines to intermittently fail if the plugin contains a * regex pattern and uses Dataproc 2.0. To mitigate this issue:

The SAP SuccessFactors batch source version 1.2.3 is available in the Enterprise edition of Cloud Data Fusion 6.7.0 and later. This release lets you configure a proxy URL and SuccessFactors authentication properties.

Cloud Interconnect

Partner Interconnect support for dual-stack IPv4 and IPv6 is now generally available. For more information, see IPv6 support.

Cloud Load Balancing

Global external Application Load Balancers and global external proxy Network Load Balancers can now load balance IPv6 traffic. The following backends support dual stack:

  • VM instance group
  • Zonal NEGs (GCE_VM_IP_PORT)

You can now migrate the load balancer from IPv4 based deployments to dual stack (IPv4 and IPv6) deployments.

For details, see:

This feature is available in Preview.

Cloud Router

Cloud Router supports BGP route policies in Public Preview. For more information, see BGP route policies overview.

Cloud Router support for IPv6 BGP sessions is generally available. For more information, see BGP peering IP addresses.

Container Optimized OS

cos-101-17162-463-26

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.1.

Add IPv6 support for endor boards.

Fixed CVE-2024-26900 in the Linux kernel.

Dialogflow

Vertex AI Agents: OpenAPI tools now support private network access

Vertex AI Agents: OpenAPI tool authentication now supports Bearer Token.

Dialogflow CX: VPC Service Controls now support Cloud Functions and Cloud Run.

Google Cloud VMware Engine

All new VMware Engine private clouds now deploy with the following:

  • VMware vSphere version 7.0 Update 3
  • NSX-T version 3.2.3.1

Existing private clouds will be upgraded in May and June 2024.

For more details on the contents of this upgrade, see Service announcements.

Google Kubernetes Engine

(2024-R16) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.11-gke.1062004 is now available in the Stable channel.
  • Version 1.28.7-gke.1026000 is no longer available in the Stable channel.

Regular channel

Rapid channel

  • Version 1.30.0-gke.1167000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.9-gke.1250000
    • 1.29.3-gke.1282000
    • 1.29.3-gke.1282001
    • 1.29.3-gke.1282005
    • 1.29.4-gke.1447001
    • 1.29.4-gke.1542000
    • 1.30.0-gke.1457000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1165000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1165000 with this release.

(2024-R16) Version updates

  • Version 1.27.11-gke.1062004 is now available in the Stable channel.
  • Version 1.28.7-gke.1026000 is no longer available in the Stable channel.

(2024-R16) Version updates

(2024-R16) Version updates

  • Version 1.30.0-gke.1167000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.9-gke.1250000
    • 1.29.3-gke.1282000
    • 1.29.3-gke.1282001
    • 1.29.3-gke.1282005
    • 1.29.4-gke.1447001
    • 1.29.4-gke.1542000
    • 1.30.0-gke.1457000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.4-gke.1165000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.4-gke.1165000 with this release.

(2024-R16) Version updates

May 20, 2024

Application Integration

Terraform support

You can now use Terraform to provision new regions and create authentication profiles. For a detailed reference document about terraform resources, see google_integrations_client and google_integrations_auth_config.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.23.0 (2024-05-16)

Features
Bug Fixes
  • Add pyarrow version check for range support (#1914) (a86d7b9)
  • Edit presubmit for to simplify configuration (#1915) (b739596)

You can now use a search index to optimize lookups on the INT64 and TIMESTAMP data types. The feature is in preview.

You can use DLP functions to support encryption and decryption between BigQuery and Sensitive Data Protection, using AES-SIV. This feature is now generally available (GA).

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for logging/apiv2

1.10.0 (2024-05-15)

Features
  • logging/logadmin: Allow logging PageSize to override (#9409) (5ca0271)
Bug Fixes
  • logging: Bump x/net to v0.24.0 (ba31ed5)
  • logging: Enable universe domain resolution options (fd1d569)
  • logging: Set default value for BundleByteLimit to 9.5 MiB to avoid payload size limits. (#9662) (d5815da)
  • logging: Update protobuf dep to v1.33.0 (30b038d)

Java

Changes for google-cloud-logging

3.17.2 (2024-05-16)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#1611) (e7a0904)
Cloud Run

Uptime checks can now be configured and viewed directly within the Cloud Run "metrics" page.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.41.0 (2024-05-13)

Features
  • storage/control: Make Managed Folders operations public (264a6dc)
  • storage: Support for soft delete policies and restore (#9520) (985deb2)
Bug Fixes
  • storage/control: An existing resource pattern value projects/{project}/buckets/{bucket}/managedFolders/{managedFolder=**} to resource definition storage.googleapis.com/ManagedFolder is removed (3e25053)
  • storage: Add internaloption.WithDefaultEndpointTemplate (3b41408)
  • storage: Bump x/net to v0.24.0 (ba31ed5)
  • storage: Disable gax retries for gRPC (#9747) (bbfc0ac)
  • storage: More strongly match regex (#9706) (3cfc8eb), refs #9705
  • storage: Retry net.OpError on connection reset (#10154) (54fab10), refs #9478
  • storage: Wrap error when MaxAttempts is hit (#9767) (9cb262b), refs #9720
Documentation
  • storage/control: Update storage control documentation and add PHP for publishing (1d757c6)
Container Optimized OS

cos-109-17800-218-32

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.1.

Upgraded sys-apps/less to v643-r2.

Upgraded app-eselect/eselect-iptables to v20220320.

Upgraded sys-libs/timezone-data to v2024a-r1.

Upgraded app-editors/vim to v9.1.0366, Upgraded app-editors/vim-core to v9.1.0366.

cos-113-18244-85-14

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.1.

Upgraded sys-apps/less to v643-r2.

Upgraded sys-libs/timezone-data to v2024a-r1.

Added support for nft_fib family of modules in the Linux kernel.

cos-105-17412-370-34

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Updated cos-gpu-installer to v2.3.1.

Upgraded app-eselect/eselect-iptables to v20220320.

Upgraded sys-libs/timezone-data to v2024a-r1.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.19.3 (2024-05-16)

Dependencies
  • Update actions/checkout action to v4 (#1390) (80dbca1)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#1443) (79f6c46)
Generative AI on Vertex AI

The following models have been added to Model Garden:

  • E5: A text embedding model series that can be served with a GPU or CPU.
  • Instant ID: An identity preserving text-to-image generation model.
  • Stable Diffusion XL lightning: A text-to-image generation model that is based on SDXL but requires fewer inference iterations.

To see a list of all available models, see Explore models in Model Garden.

Google Cloud Armor

Cloud Armor now supports regional internal Application Load Balancers in public preview. You can use the regional backend security policy type with this load balancer. For more information, see types of security policies.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.129.5 (2024-05-16)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.38.1 (#2027) (535edf6)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.1 (#2028) (aedcffd)
Workload Manager

Preview: You can now define organizational best practices for your workloads using custom rules written in the Rego policy language. Workload Manager evaluates your workloads against these rules and creates reports for any violation and helps you prioritize remediation. This helps you continuously improve the quality, reliability, and performance of your workloads. For more information, see Implementing best practices using custom rules.

May 17, 2024

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Apigee X

On May 17, 2024, we released an updated version of Apigee (1-12-0-apigee-4-hotfix, 1-12-0-apigee-5).

Bug ID Description
337876238, 330314128, 333762214 Resolved issues resulting in an increase in 404/503 responses.

Upgraded storage for the Apigee router to the latest version to resolve 404 responses.

Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any 5xx responses.
335832119 Fixed 404 errors caused during Apigee instance update/rollback.
255772956 Turned off asynchronous services callout when the <Response> element is not present due to inconsistent scaling of runtime pods.
338717278 Reverted problematic commit to address thread pool exhaustion.

Navigation menus in the Classic Apigee UI have been restored to support the transition from the Classic console to Apigee in the Google Cloud console.

Each menu item in the Classic console now directs you to the corresponding feature location in the Cloud console where you can carry out your task. Please see Apigee UI in Cloud console navigation for more details.

Correction: Apigee hybrid entitlements are available in Apigee Subscription 2024 plans. For more information, see Apigee Subscription 2024 entitlements.

App Engine flexible environment Node.js

Node.js .22 is now available in preview.

App Engine standard environment Node.js

Node.js 22 is now available in preview.

Cloud Billing

The Cost Estimation API is deprecated

To get estimates for your planned Google Cloud workloads, use the Google Cloud pricing calculator.

Cloud Functions

Cloud Functions (2nd gen) now supports the Node.js 22 runtime at the Preview release level.

Cloud Run

Cloud Run is now covered by FedRAMP High.

Config Controller

Config Controller now uses the following versions of its included products:

Dataflow

Dataflow no longer supports the NVIDIA Tesla K80 GPU type. For a list of supported GPU types, see Dataflow support for GPUs.

Deep Learning Containers

M121 release

  • Updated the R CPU container image from R 4.3 to R 4.4. The R 4.3 container image is deprecated. There will be no further updates to this image in future releases.
Deep Learning VM Images

M121 release

  • CUDA 12.2 images are now available.
  • Updated TensorFlow 2.15 images from CUDA 12.1 to CUDA 12.2.
  • Re-enabled common-gpu Deep Learning VM releases that were erroneously deactivated in M117.
  • Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to linux-image-5.10.0-29-cloud-amd64.
  • The linux-headers-cloud-amd64 metapackage is now installed for faster driver recompiling on kernel upgrades.
  • TensorFlow 2.6 CPU and GPU images are deprecated. There will be no further updates to these images in future releases.
Google Kubernetes Engine

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.11-gke.1062003 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.8-gke.200
    • 1.26.14-gke.1044000
    • 1.27.11-gke.1062001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026001 with this release.

Regular channel

  • Version 1.28.8-gke.1095000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.8-gke.200
    • 1.27.11-gke.1062001
    • 1.27.11-gke.1062003
    • 1.28.7-gke.1026001
    • 1.29.1-gke.1589018
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.

Rapid channel

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

  • Version 1.28.8-gke.1095000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.8-gke.200
    • 1.27.11-gke.1062001
    • 1.27.11-gke.1062003
    • 1.28.7-gke.1026001
    • 1.29.1-gke.1589018
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.12-gke.1115000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.8-gke.1095000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589020 with this release.

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

  • Version 1.27.11-gke.1062003 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.8-gke.200
    • 1.26.14-gke.1044000
    • 1.27.11-gke.1062001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.14-gke.1044001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.11-gke.1062003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.11-gke.1062003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.7-gke.1026001 with this release.

(2024-R14) Version updates

There are no version updates for 2024-R14.

(2024-R15) Version updates

Google SecOps SOAR

Release 6.3.2 is now in General Availability.

NetApp Volumes

NetApp Volumes now supports large capacity volumes (in Preview). For more information, see Large capacity volumes.

Policy Intelligence

The IAM recommender generates policy insights and role recommendations for identities in Workload Identity Federation pools. To learn more, see Availability. This feature is available in Preview.

During Preview, the actual observation period might be shorter than the observation period listed in recommendations for these principals.

Sensitive Data Protection

The LOCATION infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

Storage Transfer Service

Storage Transfer Service now supports transfers from Amazon S3 over a Google-managed private network. Transfer jobs that select this option pay no AWS egress fees; instead, a flat per-GiB rate is charged by Google Cloud. This allows you to transfer data at a potentially lower overall cost.

Learn more about egress options for S3 transfers, including the managed private network.

Cloud Logging for Storage Transfer Service now supports transfers involving POSIX file systems.

See Cloud Logging for Storage Transfer Service for more details.

Vertex AI Workbench

M121 release

The M121 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to linux-image-5.10.0-29-cloud-amd64.
  • The linux-headers-cloud-amd64 metapackage is now installed for faster driver recompiling on kernel upgrades.
  • TensorFlow 2.6 CPU and GPU images are deprecated. There will be no further updates to these images in future releases.

The M121 release of Vertex AI Workbench managed notebooks includes the following:

  • Updated the R CPU kernel from R 4.3 to R 4.4.

M121 release

The M121 release of Vertex AI Workbench instances includes the following:

  • Updated Nvidia drivers to 550.54.15 to fix an issue where Nvidia drivers failed to install on startup after Debian 11 images upgraded kernel to linux-image-5.10.0-29-cloud-amd64.
  • The linux-headers-cloud-amd64 metapackage is now installed for faster driver recompiling on kernel upgrades.

May 16, 2024

Apigee Integrated Portal

On May 16, 2024 we released a new version of the Apigee integrated portal.

This release includes general improvements to performance and availability.

Cloud Billing

Generate a SQL query to BigQuery from your Cloud Billing Reports (in preview)

In the cloud console, on the Billing Reports page, you use the report settings and filters to refine the data returned to your report. If you have enabled Cloud Billing data export to BigQuery, you can analyze your exported billing data using SQL queries. In Billing Reports, you can now click a button to generate a SQL query in BigQuery that is configured to use the equivalent Billing Report settings and filters to query your exported billing data. When run against your exported billing data, the generated query returns the equivalent results in BigQuery as the results in the Billing Report.

Cloud Healthcare API

The fhir_read_ops, fhir_write_ops, and fhir_search_ops quota metrics are generally available (GA) and have replaced the legacy fhir_ops quota metric. For more information, see FHIR quotas.

Cloud Key Management Service

Cloud KMS with Autokey is now in Preview for Cloud Storage, Compute Engine, BigQuery, and Secret Manager.

Autokey simplifies creating and using customer-managed encryption keys (CMEKs) by automating provisioning and assignment. With Autokey, key rings, keys, and service accounts don't need to be planned and provisioned before they're needed. Instead, Autokey generates keys on demand as resources are created.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Autokey overview.

Cloud KMS has two new organization policy constraints that you can use to control key version destruction. These constraints became available on November 1, 2023.

For more information, see Control key version destruction.

Config Connector

Config Connector version 1.118.1 is now available.

This release introduces the direct-reconciliation mechanism to reconcile Config Connector resources. The reconciliation makes API calls directly instead of going through a third-party library. Currently it only applies to LoggingLogMetric.

LoggingLogMetric now uses direct reconciliation.

Added support for ComputeNetworkFirewallPolicyRule resource (v1alpha1).

LoggingLogMetric

  • Added spec.loggingLogBucketRef field to support bucket reference.

SQLInstance avoids a bug causing repeated reconciliation when spec.settings.edition was configured with a non-empty value.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.102-debian10, 2.0.102-rocky8, 2.0.102-ubuntu18

  • 2.1.50-debian11, 2.1.50-rocky8, 2.1.50-ubuntu20, 2.1.50-ubuntu20-arm

  • 2.2.16-debian12, 2.2.16-rocky9, 2.2.16-ubuntu22

Dataproc on Compute Engine latest 2.x image versions:

  • Removed repo.anaconda.com channel from Dataproc on Compute Engine 2.x image version clusters for installation of packages.

  • Blast radius: Packages installed by conda.

  • Possible symptoms: Packages installed via default channel is not possible now.

  • Mitigation: Rollback.

Google Cloud Architecture Center

Infrastructure for a RAG-capable generative AI application using Vertex AI: Added information about getting started with deploying the reference architecture by using a Jump Start Solution.

Google Distributed Cloud (software only) for VMware

Release 1.29.100-gke.248

Google Distributed Cloud on VMware 1.29.100-gke.248 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.100-gke.248 runs on Kubernetes v1.29.4-gke.200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Updated Dataplane V2 to use Cilium 1.13.

Google SecOps SOAR

Release 6.3.3 is currently in Preview.

Search results distorting the screen (ID #00273643)

Inline CSS removed in Insights (ID #00273271)

SAML login page showing blank (ID #00279230)

Gitsync power up push content not triggering automatically (ID #00283331)

Job page loading slowly and needs to be refreshed many times (ID #50253417)

Alert Type is empty when trying to add alert grouping rules (ID # 00275434)

Identity-Aware Proxy

Generally Available: Service accounts can now use JSON Web Tokens (JWTs) to programmatically access resources protected by Identity-Aware Proxy (IAP). This provides a streamlined authentication process for workloads accessing IAP-protected applications and services. For more information, see Programmatic authentication.

Looker Studio

New Looker Studio log event attributes

New event logging attributes are now available for the Looker Studio log event data source. These attributes let Looker Studio administrators audit and monitor how Looker Studio users in their organization interact with schedules and alerts.

Learn more about audit log events in Looker Studio.

Looker data sources now display LookML filters

Filters that are defined in LookML models with the conditionally_filter and always_filter LookML parameters are now displayed in Looker Studio charts with a Looker data source.

Learn more about LookML filters for Looker data sources.

NetApp Volumes

NetApp Volumes now supports Google Cloud VMware Engine Peering Automation. For more information, see Google Cloud VMware Engine storage.

May 15, 2024

Anthos clusters on AWS

A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-030 security bulletin.

Anthos clusters on Azure

A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-030 security bulletin.

Cloud Billing

Commitment recommendations in the FinOps hub now include a Recommended quantity column, so you can see more information about recommendations at a glance.

Learn more about using the FinOps hub to optimize your costs.

Cloud Logging

You can now attach an IAM role binding to a log view that grants a principal access to the log view. For more information about log views and about controlling access to log views, see Configure log views on a log bucket.

Cloud Run

Cloud Run has been added to Google Cloud's Pricing Calculator.

Cloud Source Repositories

Cloud Source Repositories is scheduled for end of sale on June 17, 2024. Starting June 17, 2024, if your organization hasn't previously used Cloud Source Repositories, you cannot enable the API or use Cloud Source Repositories. New projects not connected to an organization can't enable the Cloud Source Repositories API after June 17, 2024. Customers who have already enabled the API prior to this date will not be affected and can continue to use Cloud Source Repositories.

Compute Engine

Generally Available: Advanced maintenance control for sole-tenancy lets you control planned maintenance events for sole-tenant node groups and minimize maintenance-related disruptions. This feature is available only for sole-tenant node groups. To use this feature with your existing virtual machines, you must first move your VMs to sole-tenant node groups that have advanced maintenance control enabled.

The advanced maintenance control for sole-tenancy feature lets you:

  • Check for maintenance events scheduled for a sole-tenant node 28 days in advance.
  • Trigger maintenance immediately or schedule it for later. Note that if you trigger maintenance immediately, the maintenance takes place within 6 hours from the time you trigger the request.

For more information, see Advanced maintenance control for sole-tenancy.

Container Registry

Effective May 15, 2024, Artifact Registry hosts all images for the gcr.io domain in projects without previous Container Registry usage.

If you use Container Registry, learn about the deprecation. To get started with managing containers on Google Cloud, use Artifact Registry.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-030 security bulletin.

Google Distributed Cloud (software only) for bare metal

Release 1.29.100-gke.251

GKE on Bare Metal 1.29.100-gke.251 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.29.100-gke.251 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

  • Added new API and IAM role requirements for Cloud Monitoring:

    • You must enable the kubernetesmetadata.googleapis.com API for your project and grant the roles/kubernetesmetadata.publisher IAM role to the Logging and Monitoring service account (anthos-baremetal-cloud-ops, when created automatically). Clusters use this API as an endpoint to send Kubernetes metadata to Google Cloud. The metadata is vital for cluster monitoring, debugging, and recovery. If you install your clusters behind a proxy, add kubernetesmetadata.googleapis.com to the list of allowed connections.

    • Due to changes in the way service accounts are checked, you must also grant the following IAM roles to the Logging and Monitoring service account:

      • roles/monitoring.viewer

      • roles/serviceusage.serviceUsageViewer

    These API and IAM role requirements apply to both creating new 1.29 clusters and upgrading existing clusters to 1.29.

Functionality changes:

  • Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.

  • Deprecated the spec.gkeVersion field in Machine and BareMetalMachine custom resources. After GKE on Bare Metal release 1.30, the value of gkeVersion isn't guaranteed to be reliable.

  • Added preflight checks for available disk space in specific directories:

    • During cluster creation, the following directories are checked:

      • / (the root directory) has at least 4 GiB of free space

      • /var/log/fluent-bit-buffers has at least 12 GiB of free space

      • /var/opt/buffered-metrics has at least 10016 MiB of free space

    • During a cluster upgrade, the following directory is checked:

      • / (the root directory) has at least 2 GiB of free space

Fixes:

  • Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.

The following container image security vulnerabilities have been fixed in 1.29.100-gke.251:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Kubernetes Engine

A vulnerability (CVE-2023-52620) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-030 security bulletin.

Added a release note to May 16, 2023 for 1.27 available in the Rapid channel. This release note was previously only added to the Release notes (Rapid channel only) page by mistake.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for iOS.

This version contains the following changes:

  • Performance and reliability improvements in getClient() and execute().
  • Support for Apple Privacy Manifest.
  • The minimum iOS version is now iOS 12 to align with Xcode 15 dropping support for iOS 11.
  • New exception type is added for devices without a network connection.

reCAPTCHA Enterprise Mobile SDK v18.5.0 is now available for Android.

This version contains the following changes:

  • Performance and reliability improvements in getClient() and execute().
  • Support for Android API 19 is dropped.
  • New exception type is added for devices without a network connection.

May 14, 2024

Anthos clusters on AWS

A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-028 security bulletin.

A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-029 security bulletin.

Anthos clusters on Azure

A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-028 security bulletin.

A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-029 security bulletin.

Apigee Advanced API Security

On May 14, 2024 we released an updated version of Advanced API Security.

NOTE: Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You may not be able to use the functionality until the rollout is complete.

Addition of autonomous system numbers (ASN), HTTP methods, and region codes as supported security action rule condition types.

This new functionality is not available with Apigee hybrid at this time.

See Create a security action to learn more.

Bare Metal Solution

You can now view information about upcoming maintenance events for Bare Metal Solution on Upcoming maintenance events page.

BigQuery

You can now create Gemini-enhanced translation rules to use with the interactive SQL translator. Translation rules let you customize and adjust the results of the interactive translator according to your SQL migration needs. This feature is in preview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Monitoring
    • monitoring.googleapis.com/Dashboard
  • Discovery Engine
    • discoveryengine.googleapis.com/Engine
Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Importing and exporting FHIR resources, including their historical versions, as history bundles using Cloud Storage is available in Preview.

Developer Connect

Developer Connect, Google Cloud's tool for connectivity to third-party source code management platforms, is now available in Preview. To get started, see Quickstart.

Generative AI on Vertex AI

Gemini 1.5 Flash (Preview)

Gemini 1.5 Flash (gemini-1.5-flash-preview-0514) is available in Preview. Gemini 1.5 Flash is a multimodal model designed for fast, high volume, cost-effective text generation and chat applications. It can analyze text, code, audio, PDF, video, and video with audio.

Grounding Gemini with Google Search is GA

The Gemini API Grounding with Google Search feature is available in GA. This is available for Gemini 1.0 Pro models. To learn more about model grounding, see Grounding with Google Search.

Batch prediction support for Gemini

Batch prediction is available for Gemini in preview. Available Gemini models include Gemini 1.0 Pro, Gemini 1.5 Pro, and Gemini 1.5 Flash. To get started with batch prediction, see Get batch predictions for Gemini.

PaliGemma model

The PaliGemma model is available. PaliGemma is a lightweight open model that's part of the Google Gemma model family. It's the Gemma model family's best model option for image captioning tasks and visual question and answering tasks. Gemma models are based on Gemini models and intended to be extended by customers.

New stable text embedding models

The following text embedding models are available GA:

  • text-embedding-004
  • text-multilingual-embedding-002

For details on how to use these models, see Get text embeddings.

Google Cloud Architecture Center

(New guide) Global deployment with Compute Engine and Spanner: Learn how to architect a multi-tier application that runs on Compute Engine VMs and Spanner in a global topology on Google Cloud.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-029 security bulletin.

Google Kubernetes Engine

A vulnerability (CVE-2024-26642) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-029 security bulletin.

Google SecOps

Google SecOps now supports the following functions in Detection Engine rules:

  • fingerprint
  • sample_rate

For more information about these functions, see YARA-L 2.0 language syntax.

Google SecOps SIEM

Google SecOps now supports the following functions in Detection Engine rules:

  • fingerprint
  • sample_rate

For more information about these functions, see YARA-L 2.0 language syntax.

Security Command Center

Rapid Vulnerability Detection preview shuts down on July 14, 2024

The Preview release of the Rapid Vulnerability Detection service is discontinued and the service will be shut down on July 14, 2024.

No action is required.

On July 14, 2024, the status of any findings produced by the Rapid Vulnerability Detection service will be automatically set to Inactive and will be retained for a period defined by the Security Command Center data retention policy.

Text-to-Speech

Cloud Text-to-Speech now offers updated Journey voices with an additional speaker, en-us-Journey-O.

Vertex AI

Ray on Vertex AI is now Generally Available and includes the following updates:

  • Ray version 2.9.3 and Python 3.10 are supported. For information about Ray image support policies, see Supported versions.
  • VPC peering connection is no longer required if you use public endpoints.
  • Custom images are supported with Ray on Vertex AI.
  • You can use custom service accounts with Ray on Vertex AI.
  • A Colab template is not automatically created when you create a Ray Cluster. Instead, you can connect directly to Ray on Vertex AI clusters from Colab Enterprise's side panel.

For Ray on Vertex AI, Ray version 2.4 is no longer supported. Migrate your code to support Ray 2.9.3 or later and then delete Ray clusters that are running 2.4.

Vertex AI Agent Builder

Vertex AI Search: Check grounding (GA)

The check grounding API is Generally available (GA).

The check grounding API determines how grounded a piece of text is in a given set of facts. The API returns support scores and citations.

Filler and introductory statements can be deemed as not requiring attribution. No scores or citations are provided for those statements.

Additionally, as an experimental feature, the API also generates contradicting citations that show which facts contradict the text and how strongly.

For more information, see Check grounding and the check API.

May 13, 2024

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.40.1 (2024-05-06)

Dependencies

2.40.0 (2024-05-06)

Features
  • Add getStringOrDefault method to FieldValue (#3255) (8bac33a)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#3279) (67f2ea4)

Python

Changes for google-cloud-bigquery

3.22.0 (2024-04-19)

Features

Phrase support for the SEARCH function is in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.2 (2024-05-09)

Dependencies

2.39.1 (2024-05-08)

Bug Fixes
  • Batch time series data when exporting client-side metric (#2222) (1f9f169)
  • Remove stale module from bom (#2218) (7145864)
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.17.1 (2024-05-06)

Dependencies
  • Update actions/checkout action to v4 (#1570) (ea0db35)
  • Update actions/github-script action to v7 (#1571) (16d6192)
  • Update actions/setup-java action to v4 (#1572) (9eb8834)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#1603) (16967e5)
Cloud Monitoring

You can now configure dashboards to display events by using the Monitoring API.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.11.0 (2024-05-03)

Features
  • Add ability to enable hierarchical namespace on buckets (#2453) (4e5726f)

Java

Changes for google-cloud-storage

2.38.0 (2024-05-09)

Features
  • Promoted google-cloud-storage-control to beta (#2531) (09f7191)
Bug Fixes
  • Add strict client side response validation for gRPC chunked resumable uploads (#2527) (c1d1f4a)
  • An existing resource pattern value projects/{project}/buckets/{bucket}/managedFolders/{managedFolder=**} to resource definition storage.googleapis.com/ManagedFolder is removed (#2524) (7d7f526)
  • deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#2501) (518d4be)
  • ParallelCompositeUpload in Transfer Manager hangs when encountering OOM (#2526) (67a7c6b)
  • Update grpc WriteObject response handling to provide context when a failure happens (#2532) (170a3f5)
  • Update GzipReadableByteChannel to be tolerant of one byte reads (#2512) (87b63f4)
  • Update StorageOptions to carry forward fields that aren't part of ServiceOptions (#2521) (b84654e)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#2523) (3e573f7)
  • Update dependency info.picocli:picocli to v4.7.6 (#2535) (f26888a)
Documentation
  • Add in Transfer Manager chunked upload/download samples (#2518) (d1f6bcc)
  • Update readme to include gradle instructions for storage control (#2503) (50ac93b)
  • Update TransportCompatibility annotation for Storage#blobWriteSession (#2520) (b7d673c)
Config Connector

Config Connector version 1.117.0 is now available.

This release improves our support for VertexAI.

VertexAIDataSet is promoted from alpha to beta.

  • Output fields are now in status.observedState.

  • The KMS key is now specified using a reference: spec.encryptionSpec.kmsKeyNameRef

VertexAIIndex is promoted from alpha to beta.

  • Output fields are now in status.observedState.

  • Note that isCompleteOverwrite is currently not supported: it is not obviously compatible with declarative operation.

VertexAIEndpoint is promoted from alpha to beta.

  • Output fields are now in status.observedState.

  • The KMS key is now specified using a reference: spec.encryptionSpec.kmsKeyNameRef

  • The network is now specified using a reference: spec.networkRef

ComputeNetwork

  • The spec.enableUlaInternalIpv6 field is no longer immutable - it can now be changed without recreating the network.
Container Optimized OS

cos-113-18244-85-5

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded app-admin/node-problem-detector to v0.8.18.

Upgraded app-admin/google-osconfig-agent to v20240501.00.

Upgraded app-admin/google-guest-agent to v20240314.00.

Upgraded app-containers/docker and app-containers/docker-cli to v24.0.9.

Upgraded app-admin/google-guest-configs to v20240307.00.

Upgraded sys-boot/grub-lakitu to the FC 39's current version.

Upgraded app-emulation/cloud-init to v23.4.4.

Added support for i6300 watchdog timer device.

Uprev GPU driver version to v470.239.06.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Fixed CVE-2024-26900 in the Linux kernel.

Fixed CVE-2024-26809 in the Linux kernel.

Fixed CVE-2024-26882 in the Linux kernel.

Fixed CVE-2024-26884 in the Linux kernel.

Fixed CVE-2024-26885 in the Linux kernel.

Fixed CVE-2024-26883 in the Linux kernel.

Fixed CVE-2024-26907 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.core.mem_pcpu_rsv: 256
  • Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
  • Changed: fs.file-max: 812400 -> 812391
  • Changed: kernel.threads-max: 63504 -> 63503
  • Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
  • Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
  • Changed: user.max_cgroup_namespaces: 31752 -> 31751
  • Changed: user.max_ipc_namespaces: 31752 -> 31751
  • Changed: user.max_mnt_namespaces: 31752 -> 31751
  • Changed: user.max_net_namespaces: 31752 -> 31751
  • Changed: user.max_pid_namespaces: 31752 -> 31751
  • Changed: user.max_time_namespaces: 31752 -> 31751
  • Changed: user.max_user_namespaces: 31752 -> 31751
  • Changed: user.max_uts_namespaces: 31752 -> 31751

cos-109-17800-218-26

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Uprev GPU driver version to v470.239.06.

Fixed CVE-2024-26900 in the Linux kernel.

cos-105-17412-370-29

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Fixed CVE-2024-26900 in the Linux kernel.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for datastore/admin/apiv1

1.17.0 (2024-05-08)

Features

Java

Changes for google-cloud-datastore

2.19.2 (2024-05-03)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.39.0 (#1406) (b265fb3)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#1426) (ac3a1c1)
  • Update dependency com.google.errorprone:error_prone_core to v2.27.0 (#1411) (a3f5a2c)
  • Update dependency com.google.errorprone:error_prone_core to v2.27.1 (#1421) (48d7daf)
  • Update dependency com.google.guava:guava-testlib to v33.2.0-jre (#1422) (5a5dfdf)
Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-028 security bulletin.

Google Kubernetes Engine

A vulnerability (CVE-2024-26581) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-028 security bulletin.

Media CDN

Media CDN supports content targeting, which helps you cache and deliver assets that are customized for your end-user contexts. It enables device characterization and geo-targeting, which are useful for implementing responsive websites, language customization, and currency settings.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.4.0 (2024-05-03)

Features
  • Add several fields to manage state of database encryption update (#1904) (aba9aee)
Bug Fixes
  • deps: Update dependency @types/long to v5 (#1901) (d13d395)

Go

Changes for pubsub/apiv1

1.38.0 (2024-05-06)

Features
  • pubsub: Add custom datetime format for Cloud Storage subscriptions (4834425)
  • pubsub: Support publisher compression (#9711) (4940c3c)
  • pubsub: Use Streaming Pull response for ordering check (#9682) (7bf4904)
Bug Fixes
  • pubsub: Bump x/net to v0.24.0 (ba31ed5)
  • pubsub: Respect gRPC dial option when PUBSUB_EMULATOR_HOST is set (#10040) (95bf6b2)
  • pubsub: Update protobuf dep to v1.33.0 (30b038d)

Java

Changes for google-cloud-pubsub

1.129.4 (2024-05-10)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.40.0 (#2016) (beee523)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.40.1 (#2021) (0873594)
  • Update dependency com.google.cloud:google-cloud-storage to v2.38.0 (#2019) (ba3dffc)

1.129.3 (2024-05-06)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.38.0 (#2011) (4a547d0)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.30.0 (#2012) (811d0e6)
Sensitive Data Protection

The IMMIGRATION_STATUS infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The RUSSIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The UKRAINE_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The UZBEKISTAN_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

Spanner now supports a new metric in the monitoring console called read_request_latencies_by_change_stream. Use this metric to view all read latencies and filter latencies by change stream or non-change stream reads. For more information, see Available charts and metrics.

Vector length annotation is now generally available. For more information, see the PostgreSQL vector length parameter or the GoogleSQL vector_length parameter.

May 11, 2024

Cloud Composer

Starting from GKE version 1.27.5, Cloud Composer environment clusters will start using SSD disks as persistent disks. The disk quota will change from Persistent disk standard (GB) to Persistent disk SSD (GB). Please check the Persistent disk SSD (GB) quota in your project and request an increase if this quota approaches its limit.

A single environment created using a Small environment preset requires at least 600 GB SSD disk space and the SSD quota must be able to accommodate it.

Being close to the limit of the SSD quota might impact the autoscaling capabilities of Cloud Composer environments or make impossible to create new environments.

The Logs in Cloud Logging Only feature is enabled by default in new environments:

  • New Cloud Composer environments now save Airflow task logs only in Cloud Logging by default.
  • Existing environments are not changed. If you upgrade an existing environment to Cloud Composer 2.8.0, it keeps saving logs to the environment's bucket.
  • You can enable and disable saving logs to the environment's bucket for an existing environment.

Fixed a problem where some Airflow tasks were failing because the task could not write logs to the environment's bucket.

Cloud Composer 2.8.0 images are available:

  • composer-2.8.0-airflow-2.7.3 (default)
  • composer-2.8.0-airflow-2.6.3

May 10, 2024

AlloyDB for PostgreSQL

Model endpoint management is now available in Preview for both AlloyDB and AlloyDB Omni. For more information, see Register and call remote AI models in AlloyDB or Register and call remote AI models in AlloyDB Omni.

Version 15.5.3 of the simplified installation method for AlloyDB Omni is now available in Preview. Updates include the following:

Artifact Registry

Artifact Registry generic repositories are available in Preview.

Generic repositories store versioned, immutable artifacts that don't have to adhere to any specific package format in Artifact Registry. You can store and manage arbitrary files such as archives, binaries, and media files with no package specifications or management clients.

To get started with generic repositories, see the quickstart.

Dataform

Gemini, an AI-powered collaborator in Google Cloud, can help you generate code in Dataform. This feature is in preview. For more information, see Write queries with Gemini assistance.

Google Kubernetes Engine

In new Standard clusters running GKE version 1.29 and later, GKE assigns IP addresses for GKE Services from a Google-managed range: 34.118.224.0/20 by default. With this feature, you don't need to specify your own IP address range for Services. For more information, see Subnet secondary IP address range for Services.

Container Threat Detection (KTD) fails to deploy on Autopilot clusters running the following GKE versions:

  • 1.28.6-gke.1095000 to 1.28.7-gke.1025000
  • 1.29.1-gke.1016000 to 1.29.1-gke.1781000

To mitigate this issue, upgrade the cluster to version 1.28.7-gke.1026000 or later, or to 1.29.2-gke.1060000 or later.

SAP on Google Cloud

New SAP HANA certification: Hyperdisk Balanced usage with M1 machine types

For use with SAP HANA on Google Cloud, SAP has certified the usage of Hyperdisk Balanced with the M1 series of memory-optimized machine types.

For more information, see:

May 09, 2024

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

GKE on AWS now supports clusters in the ap-northeast-2 region. For more information, see Supported regions.

Apigee Advanced API Security

On May 9, 2024 we released an updated version of Advanced API Security.

Addition of CIDR range support when specifying IPv4 addresses for security action rules.

Apigee Advanced API Security now includes support for CIDR range specification when creating security action rules that restrict access based on IP addresses.

This new functionality is not available with Apigee hybrid at this time.

See Create a security action to learn more.

Apigee X

Limit on number of basepaths per environment

Apigee is enforcing a temporary limit of 500 basepaths per environment to avoid potential failures when deploying API proxy revisions.

While this limit is in place, you can deploy up to 500 API proxy revisions (each containing a single basepath) per environment. If your API proxies or revisions contain more than one basepath, the total number of basepaths per environment must not exceed 500.

To track the status of this issue, see Apigee Known Issues.

Cloud Monitoring

You can now configure a logs panel widget to display log entries by log view. For more information, see Display logs and errors on a custom dashboard.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.101-debian10, 2.0.101-rocky8, 2.0.101-ubuntu18

  • 2.1.49-debian11, 2.1.49-rocky8, 2.1.49-ubuntu20, 2.1.49-ubuntu20-arm

  • 2.2.15-debian12, 2.2.15-rocky9, 2.2.15-ubuntu22

Google Distributed Cloud (software only) for VMware

GKE on VMware 1.28.500-gke.121 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.28.500-gke.121 runs on Kubernetes v1.28.8-gke.2000.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

Google Kubernetes Engine

A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-027 security bulletin.

Google SecOps SOAR

Release 6.3.1 is now in General Availability.

Remote Agents Release 1.6.0 is now in General Availability.

May 08, 2024

Anthos clusters on AWS

A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-027 security bulletin.

Anthos clusters on Azure

A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-027 security bulletin.

Apigee X

On May 8, 2024, we released an updated version of Apigee X.

This release contains the General Availability (GA) release of AppGroups for Apigee and Apigee hybrid (version 1.10.0 and later).

AppGroups represent a relationship between one or more apps that are managed by the same set of people. For information, see Using AppGroups to organize app ownership. Client support for AppGroups is available with the latest Drupal Teams module.

Cloud Life Sciences

The migration documentation has been updated to explain how to use workflow services that you have configured for Cloud Life Sciences with Batch instead. Specifically, the documentation mentions Workflows from Google Cloud, Cromwell, dsub, Nextflow, and Snakemake. For more information, see Workflow services in the Batch migration documentation.

Compute Engine

Preview: You can now use the Require OS Config organization policy constraint to automatically enable VM Manager for all new VMs in your organization, folder, or project. For more information, see Enable VM Manager using an organization policy.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.61
  • 1.2.5
  • 2.0.69
  • 2.1.48
  • 2.2.5
Dialogflow

Dialogflow ES and Dialogflow CX: The us-dialogflow.googleapis.com endpoint and locations/us resource location, which served as aliases for global resources, will be discontinued starting May 21, 2024. We have changed the date to update resource locations and endpoints from April 16, 2024 to May 21, 2024 to provide you with additional time. For more information, see the email announcement.

Note

  • This change affects only the agents created in the global region (ES, CX) and only if you use the us alias in the API requests to these global-region agents. If you created agents in us-central1, us-east1, us-west1, and us (multi-region) regions, no action is required.
  • The discontinued endpoint is different than the us multi-region endpoint that was announced recently.

Dialogflow CX and Vertex AI Agents: Effective June 15, 2024, the following generative features will be upgraded from text-bison-001 and fine-tuned text-bison@001 options to gemini-1.0-pro-001:

  • Vertex AI agent apps
  • Data store agents (aka Chat agents)
  • Generators
  • Generative fallback

For more information, see the email announcement

Google Cloud Architecture Center

(New guide) C3 AI architecture on Google Cloud: Develop applications using C3 AI and Google Cloud.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-026 security bulletin.

A vulnerability (CVE-2024-26808) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-027 security bulletin.

Google Kubernetes Engine

(2024-R13) Version updates

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.13-gke.1144000
    • 1.27.8-gke.1067004
    • 1.27.11-gke.1062000
    • 1.28.3-gke.1118000
    • 1.28.3-gke.1286000

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.14-gke.1044000
    • 1.29.1-gke.1589017
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.1-gke.1589018 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.

Rapid channel

  • Version 1.29.3-gke.1282001 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1158000
    • 1.26.15-gke.1243000
    • 1.27.12-gke.1190000
    • 1.27.13-gke.1070000
    • 1.28.8-gke.1175000
    • 1.28.9-gke.1069000
    • 1.29.3-gke.1093006
    • 1.29.3-gke.1282000
    • 1.29.4-gke.1165000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282001 with this release.

A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-026 security bulletin.

The 2024-R13 release notes were updated on June 7th, 2024 with the following:

Regular channel

Control planes and nodes with auto-upgrade enabled in the Regular channel were not upgraded from version 1.28 to version 1.29.1-gke.1589018. That release note was published by mistake

The 2024-R13 release notes were updated on June 7th, 2024 with the following:

Regular channel

Control planes and nodes with auto-upgrade enabled in the Regular channel were not upgraded from version 1.28 to version 1.29.1-gke.1589018. That release note was published by mistake

(2024-R13) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.14-gke.1044000
    • 1.29.1-gke.1589017
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.1-gke.1589018 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589018 with this release.

(2024-R13) Version updates

(2024-R13) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.13-gke.1144000
    • 1.27.8-gke.1067004
    • 1.27.11-gke.1062000
    • 1.28.3-gke.1118000
    • 1.28.3-gke.1286000

(2024-R13) Version updates

  • Version 1.29.3-gke.1282001 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1158000
    • 1.26.15-gke.1243000
    • 1.27.12-gke.1190000
    • 1.27.13-gke.1070000
    • 1.28.8-gke.1175000
    • 1.28.9-gke.1069000
    • 1.29.3-gke.1093006
    • 1.29.3-gke.1282000
    • 1.29.4-gke.1165000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.3-gke.1282001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.3-gke.1282001 with this release.
Google SecOps

When Applied Threat Intelligence is enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an alert when a match is found.

Google SecOps SIEM

When Applied Threat Intelligence is enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an alert when a match is found.

Google SecOps SOAR

Release 6.3.2 is currently in Preview.

Issues when Siemplify > Set Case SLA actions run at the exact same time (ID #49397338)

Wrong error message displays when you to try add a custom list with a name that already exists (ID #50610331)

User mentioned in case not receiving an email notification (ID #00274991)

Widgets not fully aligned on Case view page (ID #49711925)

Number increased for integer type integration parameters (ID #00287205)

Identity and Access Management

Privileged Access Manager (PAM) lets you manage just-in-time temporary privilege elevation for select principals, and to view audit logs afterwards to find out who had access to what and when. This feature is in Preview.

Looker

Looker 24.8 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, May 13, 2024

  • Expected Looker (original) final deployment and download available: Thursday, May 23, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, May 13, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, May 20, 2024

Database connection pooling is becoming generally available. For Looker (original) instances, the feature is moved out of Looker Labs. For dialects that support database connection pooling, the Connection settings page will include a Database Connection Pooling option. As part of this update, the Database Connection Pooling Labs setting for your instance has been applied to the Database Connection Pooling setting for the applicable database connections on your instance. If you very recently changed the Database Connection Pooling Labs setting, please check your connection settings to verify that the migration has applied the Database Connection Pooling setting that you want for each database connection.

The last_logged_in_at time is now captured when a URL that is created by the create_embed_url is used to log in to the Looker instance. This feature now performs as expected.

Previously, queries for totals would not run when a derived table referenced an ephemeral derived table using the SQL_TABLE_NAME syntax. This feature now performs as expected.

An issue has been fixed with the scrollbar appearing in text tiles. This feature now performs as expected.

An issue has been fixed where embed download filter parameters for cookieless embed were incorrectly escaped (space mapped to x2B [+] rather than x20). This feature now performs as expected.

An issue has been fixed where ↙ ↘ characters were being reversed in single value visualizations. This feature now performs as expected.

Text is now properly truncated in table visualizations even when the underlying field has defined html and link parameters.

Previously, an issue could cause Look titles to be cut off. This feature now performs as expected.

Previously, an issue caused filters to be incorrectly restored in the dashboard edit filter dialog. This feature now performs as expected.

Previously, if Looker encountered an invalid visualization type on a tile, the dashboard would not load. This feature now performs as expected.

Previously, queries that were defined with the API occasionally could not be downloaded as PNGs or JPGs. This feature now performs as expected.

Quick start queries with missing identifiers will no longer cause validation to fail.

Referencing the ALL_FIELDS set in a join or view will no longer cause validation to fail.

You can now see longer embedded Look titles without needing to scroll.

For LookML projects with a large number of files, IDE folders were slow to respond when you were navigating and creating, editing, or deleting LookML files. A performance issue has been identified and fixed.

When you search for a user or group, strings with commas now work as expected.

An issue where paper size did not change correctly when Fit to Dashboard was used has been fixed. This feature now performs as expected.

Previously, when embedded Explores were rendered in an iframe, a screen jump might have occurred. This feature now performs as expected.

Previously, query downloads of type json_bi could have failed if they included fields that were hidden from the visualization. This feature now performs as expected.

Looker now initializes Development Mode projects for Looker projects that are in Production Mode.

Text in the project IDE will now be line wrapped.

When a Git project becomes corrupted, Looker now proactively converts it to a clone to prevent further issues.

When a LookML project fails to load, a log message will now be generated.

The log error about getting an access token from the Google OAuth library has been reclassified as a warning.

When a custom filter is too large for the JSON parser to handle, Looker now returns a more descriptive error.

HSQLDB has been updated to version 2.7.2 to comply with GHSA-77xx-rxvh-q682.

On the Looker Labs page, links to documentation will now open in a new browser tab instead of navigating away from the Looker UI.

May 07, 2024

AlloyDB for PostgreSQL

Private Service Connect is now generally available (GA). Private Service Connect lets you connect to an AlloyDB for PostgreSQL instance from multiple VPC networks belonging to different groups, teams, projects, or organizations.

AlloyDB Omni version 15.5.1 and later lets you add sidecar containers to your database cluster when you use the AlloyDB Omni Kubernetes Operator.

Anthos clusters on AWS

A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-026 security bulletin.

Anthos clusters on Azure

A vulnerability (CVE-2024-26643) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-026 security bulletin.

Apigee X

On May 7, 2024, we released an updated version of Apigee.

Target server SSL enforcement

With this release, Apigee customers can specify strict SSL southbound enforcement in TargetServer configurations using the object's enforce key. If set to true, SSL enforcement is applied to service callouts.

The option to specify this behavior is analogous to usage of the <Enforce> tag in the <SSLInfo> block of the TargetEndpoint configuration.

For more information, see Configure strict SSL enforcement .

Environment-level flag for SSL enforcement

Apigee customers can specify strict SSL southbound enforcement across an Apigee environment, using the SSLInfo.Enforce flag.

If SSLInfo.Enforce is set to true or false, the value specified overrides any granular enforcement options specified in <SSLInfo> blocks in TargetEndpoint or TargetServer configurations.

If SSLInfo.Enforce is unset, SSL enforcement is determined by any values specified using the <Enforce> element within individual <SSLInfo> blocks. For more information, see TLS/SSL TargetEndpoint configuration.

Two-way HTTPS health monitor support

Apigee health monitors using <HTTPMonitor> can now use all SSL parameters available in the <SSLInfo> block of their TargetServer configurations when performing health checks.

To enable access, set <UseTargetServerSSLInfo> to true in the <Request> block of the HTTPMonitor configuration.

For more information, see Health monitor using HTTP monitor .

BigQuery

JavaScript user-defined aggregate functions (UDAFs) are in preview. You can create a JavaScript UDAF with the CREATE AGGREGATE FUNCTION statement.

You can now store columns in your vector indexes and pre-filter data in your vector searches to improve query efficiency. This feature is in preview.

Cloud Healthcare API

Using a filter when exporting HL7v2 messages to Cloud Storage is generally available (GA) and available in Preview.

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

May 06, 2024

AlloyDB for PostgreSQL Apigee API hub

Apigee API hub is available in preview.

With Apigee API hub, you can consolidate and organize critical information about your APIs in one place. Use API hub to accelerate the consistency, use, reuse, and governance of your API portfolio.

Use API hub to:

  • Create and manage a complete catalog of your APIs and API resources.
  • Add rich attributes to your APIs for tracking, organizing, and filtering.
  • Link to one or more Apigee projects to automatically fetch and store Apigee API proxy information.
  • Find APIs with powerful free-form semantic search capabilities.
  • Track compliance for your API specification files using Linting functionality.

To learn more about the features and functionality available, see What is Apigee API hub?

NOTE: Rollouts of this feature will begin on May 6, 2024, and may take four or more business days to be completed across all Google Cloud zones. You may not be able to provision API hub until the rollout is complete.

AutoML Natural Language

This legacy version of AutoML Natural Language is deprecated and new models can no longer be trained nor deployed on the legacy platform. Already deployed models will stop working on May 30, 2024. All the functionality of legacy AutoML Natural Language and new features are available on the Vertex AI platform. See Migrate to Vertex AI to learn how to migrate your resources.

Backup and DR

Backup and DR Service 11.0.10.425 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance. This release includes fixes for the following security vulnerabilities:

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.7.0 (2024-05-03)

Features

Java

Changes for google-cloud-bigquery

2.39.1 (2024-04-29)

Bug Fixes
  • @Nullable annotations on builder methods (#3222) (0c5eed1)
Dependencies
  • Update actions/checkout action (#3267) (c297ed2)
  • Update actions/upload-artifact action to v4.3.3 (#3258) (5215235)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.44.0 (#3270) (ee09ab6)
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.5.0 (e7c6201)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.48.0 (#3271) (3b6e0d5)
  • Update github/codeql-action action to v2.25.2 (#3260) (3302dc4)
  • Update github/codeql-action action to v2.25.3 (#3268) (1cf2377)

BigQuery Managed Disaster Recovery provides managed failover and redundant compute capacity for business critical workloads. It is intended for use in the case of a total region outage and is supported with the BigQuery Enterprise Plus edition only. This feature is now available in preview.

You can now create AWS Glue federated datasets using the the Google Cloud console. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.39.0 (2024-04-29)

Features
Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.36.0 (#2215) (5a9259e)
  • Update shared dependencies (#2190) (3f37d8d)
Certificate Authority Service

Implement fine-grained policy controls over your certificate issuance using certificate templates. Certificate templates can be used in conjunction with IAM conditions to effectively create different policy controls for different users on the same CA pool. You can test certificate issuance in a validation mode and proactively identify conflicts between the CA pool's issuance policies and the certificate template's policies. For information, see Request a certificate using a certificate template. The feature is in General Availability (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Compute Engine
    • compute.googleapis.com/StoragePool
Cloud Billing

Download committed use discount data as a CSV file

You can now download data about all your committed use discounts (CUD) as a flat comma-separated value (CSV) file. The CSV file includes the subscription ID for each commitment, which you can use join your CUDs data to your usage data in the BigQuery export.

Learn about downloading your CUDs data.

Cloud Monitoring

Synthetic monitors no longer require that the ingress rule be set to allow all traffic. For more information, see Cloud Function configuration.

A Selenium WebDriver sample is now available for synthetic monitors. For more information, see Selenium WebDriver template.

Container Optimized OS

cos-101-17162-463-16

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.239.06(default),v550.54.15(latest)

Fixed CVE-2017-18207 in dev-lang/python.

Fixed CVE-2023-32681 in dev-python/requests.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2022-2806 in app-admin/sosreport.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.

Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.

Fixed CVE-2024-26921 in the Linux kernel.

cos-105-17412-370-23

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.239.06(default),v550.54.15(latest)

Upgraded sys-apps/makedumpfile to v1.7.5.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Fixed CVE-2021-37600, CVE-2021-3995, CVE-2021-3996 in sys-apps/util-linux.

Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.

Fixed CVE-2023-32681 in dev-python/requests.

Fixed CVE-2024-26921 in the Linux kernel.

cos-109-17800-218-20

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/node-problem-detector to v0.8.18.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Updated net-dns/c-ares to v1.27. This fixed CVE-2024-25629.

Fixed CVE-2023-32681 in dev-python/requests.

cos-113-18244-1-65

Kernel Docker Containerd GPU Drivers
COS-6.1.77 v24.0.9 v1.7.15 v535.161.08(default),v550.54.15(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/sosreport to v4.7.1.

Updated cos-gpu-installer to v2.3.0.

Fixed CVE-2023-52620 in Linux kernel.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.7 (2024-05-01)

Bug Fixes
  • dataflow: Bump x/net to v0.24.0 (ba31ed5)
Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.100-debian10, 2.0.100-rocky8, 2.0.100-ubuntu18
  • 2.1.48-debian11, 2.1.48-rocky8, 2.1.48-ubuntu20, 2.1.48-ubuntu20-arm
  • 2.2.14-debian12, 2.2.14-rocky9, 2.2.14-ubuntu22

Dataproc on Compute Engine:

Dialogflow

Data store agents: The default generative model has been changed to gemini-1.0-pro-001.

Document AI

Batch processing with Layout Parser is available. For more about Layout Parser, see Process documents with Layout Parser.

Model pretrained-foundation-model-v1.1-2024-03-12 is available for custom extractor. For more information about available models, see Custom extractor model versions.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for datastore/admin/apiv1

1.16.0 (2024-04-29)

Features
  • datastore: Adding BeginLater and transaction state (#8984) (5f8e21f)
  • datastore: Adding BeginLater transaction option (#8972) (4067f4e)
  • datastore: Adding reserve IDs support (#9027) (2d66de0)
  • datastore: Configure both mTLS and TLS endpoints for Datastore client (#9653) (38bd793)
  • datastore: Respect DATASTORE_EMULATOR_HOST setting (#9789) (7259373)
Bug Fixes
  • datastore: Add explicit sleep before read time use (#9080) (0538be4)
  • datastore: Adding tracing to run method (#9602) (a5e197c)
  • datastore: Bump x/net to v0.24.0 (ba31ed5)
  • datastore: Enable universe domain resolution options (fd1d569)
  • datastore: Prevent panic on GetMulti failure (#9656) (55845ad)
  • datastore: Update protobuf dep to v1.33.0 (30b038d)
Google Cloud Deploy

Cloud Deploy now uses Skaffold 2.11 as the default Skaffold version for all target types.

Google SecOps

Gemini for investigation assistance

Gemini for investigation assistance can now support you with the following:

  • Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.
  • Search summaries: Gemini can automatically summarize search results after every search and subsequent filter action. Gemini can also answer contextual follow-up questions about the summaries it provides.
  • Rule generation: Gemini can create new YARA-L rules from the UDM search queries it generates.
  • Security questions and threat intelligence analysis: Gemini can answer general security domain questions and specific threat intelligence questions. Gemini can provide summaries about threat actors, IOCs, and other threat intelligence topics.
  • Incident remediation: Based on the event information returned, Gemini can suggest follow-on steps.

For more information, see Use Gemini to investigate security issues.

Google SecOps SIEM

Gemini for investigation assistance

Gemini for investigation assistance can now support you with the following:

  • Search: Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts.
  • Search summaries: Gemini can automatically summarize search results after every search and subsequent filter action. Gemini can also answer contextual follow-up questions about the summaries it provides.
  • Rule generation: Gemini can create new YARA-L rules from the UDM search queries it generates.
  • Security questions and threat intelligence analysis: Gemini can answer general security domain questions and specific threat intelligence questions. Gemini can provide summaries about threat actors, IOCs, and other threat intelligence topics.
  • Incident remediation: Based on the event information returned, Gemini can suggest follow-on steps.

For more information, see Use Gemini to investigate security issues.

Identity-Aware Proxy

Identity-Aware Proxy (IAP) now supports Workforce Identity Federation for application access. You can now use your extended workforce identities to access IAP-protected applications without having to sync your identities into Cloud Identity. For more information, see Configure IAP with Workforce Identity Federation.

Migrate to Containers

The Migrate to Containers UI in the Google Cloud console, migctl, and CRDs that used processing clusters to migrate workloads to Google Cloud are no longer available.

To perform migrations, use the Migrate to Containers CLI on your local machine. For more information, see Migrate to Containers overview.

If you have any questions or require additional support, then reach out to m2c-external-feedback@google.com.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.129.2 (2024-04-30)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.39.1 (#2006) (a7f4afb)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.0 (2024-05-01)

Features
  • secretmanager: Add Secret Version Delayed Destroy changes for client libraries (1d757c6)
Bug Fixes
  • secretmanager: Bump x/net to v0.24.0 (ba31ed5)
Security Command Center

Assign high-value resources based on Sensitive Data Protection insights for Cloud SQL

The attack path simulations feature can now automatically set the resource value of a Cloud SQL resource based on the sensitivity of the data that the instance contains.

For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.

For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.