The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml
March 28, 2024
Capacity PlannerPreview: Capacity planner supports the following for data aggregated by organization ID:
View and export the actual and forecasted usage data of the VMs and persistent disks in your organization.
Generate gcloud CLI commands to create future reservation requests based on the actual or forecasted usage data of your VMs by organization.
For more information, see the following pages:
March 27, 2024
BigQueryAn updated version of JDBC driver for BigQuery is now available.
A new migration job status called Running with errors is available for heterogeneous Oracle migrations in Database Migration Service. This status represents migration jobs that encounter errors, but continue replicating data for unaffected objects and attempt to retry faulty operations.
For more information, see Migration job statuses for Oracle to AlloyDB for PostgreSQL and Migration job statuses for Oracle to Cloud SQL for PostgreSQL.
Database Migration Service now supports faster migrations of large PostgreSQL databases to Cloud SQL for PostgreSQL.
For information about creating migration jobs using the high-performance parallelism settings, see Create a migration job to a new destination instance and Create a migration job to an existing destination instance.
Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS).
With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.
For details, see the following:
- Mutual TLS authentication
- Set up mutual TLS for a regional external Application Load Balancer
- Set up mutual TLS for a regional internal Application Load Balancer
- Set up mutual TLS for a cross-region internal Application Load Balancer
This capability is in Preview.
Global external Application Load Balancer and global external Application Load Balancer (classic) already support frontend mTLS(General Availability).
The pgvector
extension is upgraded from version 0.5.1 to version 0.6.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.
To use this version of the extension, update your instance to [PostgreSQL version].R20240130.00_07
. For more information, see Self-service maintenance.
The rollout of the following items in the February 7 release note is now complete:
- Extensions
- Flags
- Minor versions
- Extension versions
- Plugin versions
Data insights in Dataplex is now available in Preview. Data insights offers an automated and intuitive way to explore and understand your data. It uses Gemini large language models to generate queries based on the metadata of a table, and lets you uncover patterns, assess data quality, and perform statistical analysis.
New Dataproc Serverless for Spark runtime versions:
- 1.1.56
- 1.2.0
- 2.0.64
- 2.1.43
- 2.2.0
Announcing the General Availability (GA) release of Dataproc Serverless for Spark runtime versions 1.2 and 2.2, which include the following components:
- Spark 3.5.1
- BigQuery Spark Connector 0.36.1
- Cloud Storage Connector 3.0.0
- Conda 24.1
- Java 17
- Python 3.12
- R 4.3
- Scala 2.12 (1.2 runtime) and Scala 2.13 (2.2 runtime)
Dataproc Serverless for Spark:
Firestore now supports using range and inequality filters on multiple fields in a single query. This feature is in Preview.
Support for Query Explain. This feature is in Preview.
Query Explain lets you submit queries and receive detailed query plan, billing and performance statistics on query execution in return. It helps you understand how your queries are executed, showing you inefficiencies.
It functions like the EXPLAIN [ANALYZE]
operation in many relational database systems.
For more information, see the guide for Query Explain.
Datastore now supports using range and inequality filters on multiple fields in a single query. This feature is in Preview.
Support for Query Explain. This feature is in Preview.
Query Explain lets you submit queries and receive detailed query plan, billing and performance statistics on query execution in return. It helps you understand how your queries are executed, showing you inefficiencies.
It functions like the EXPLAIN [ANALYZE]
operation in many relational database systems.
For more information, see the guide for Query Explain.
GKE on VMware 1.15.10-gke.32 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.15.10-gke.32 runs on Kubernetes v1.26.13-gke.1100.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following issue is fixed in 1.15.10-gke.32:
- Fixed the
known issue where the
controlPlaneNodePort
field defaults to 30968 when themanualLB
spec is empty.
The following vulnerabilities are fixed in 1.15.10-gke.32:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
March 26, 2024
Apigee XOn March 26, 2024, we released an updated version of Apigee (1-12-0-apigee-1).
New Apigee API Monitoring Metrics
An new suite of metrics for monitoring Apigee proxies and target endpoints is now available. With improved scalability and accuracy, the new suite can support large workloads and withstand underlying infrastructure changes.
Apigee's API Monitoring tables and dashboards have been updated to include the following new metrics, which can be used to configure alerts and create custom dashboards:
proxy/request_count
proxy/response_count
proxy/latencies
target/request_count
target/response_count
target/latencies
Bug ID | Description |
---|---|
322843888 | Fixed issue with incorrect proxy routing when using base paths in proxy chaining. |
293933387 | KVM list operation now permits entries with null or empty values. |
239523766 | Removed Unable to evaluate jsonVariable, returning null error string from ExtractVariable Policy logging. |
285592278 | Fixed issue with deduction of recurring fees from prepaid balances. |
237656263 | Resolved issue with async mode in the ServiceCallout policy when the <Response> element is removed. |
321744310 | Added support for caching JSON results retrieved from the ExtractVariables policy. |
295341973 | Resolved issue causing delay in updating southbound SSL certificates in truststore and keystore references. |
Go 1.22 is now generally available.
Starting in Go version 1.22 and later:
- You can't use
go get
outside of a module in the legacyGOPATH
mode (GO111MODULE=off
). - Go recommends that you use a
go.mod
file for managing dependencies.
For more information, see Specify dependencies.
Go 1.22 is now generally available.
Starting in Go version 1.22 and later:
- You can't use
go get
outside of a module in the legacyGOPATH
mode (GO111MODULE=off
). - Go recommends that you use a
go.mod
file for managing dependencies.
For more information, see Specify dependencies.
The Help me code tool lets you use natural language to generate a SQL query that can then be run in BigQuery. This feature is now in preview.
The following Generative AI features are now in preview:
- Creating a remote model based on a Vertex AI gemini-pro-vision large vision model (VLM).
- Using the
ML.GENERATE_TEXT
function with this remote model to perform Vision Generative AI tasks, such as image or video captioning and visual Q&A, for visual content stored in BigQuery object tables.
Try these features with the Generate text that describes visual content how-to topic.
Duet AI in BigQuery is now Gemini for BigQuery. See our blog post for more information.
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
Cloud Composer 2.6.6 release started on March 26, 2024. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
The Logs in Cloud Logging only feature is available in all regions.
In new environments with Airflow 2.6.3 and 2.7.3 the default values of the following Airflow configuration options are changed to provide more optimized Cloud Composer environments:
[scheduler]job_heartbeat_sec
to 30[scheduler]scheduler_health_check_threshold
to 60[scheduler]scheduler_heartbeat_sec
to 15
If you want to override the [scheduler]scheduler_heartbeat_sec
option's value, then also adjust the [scheduler]scheduler_health_check_threshold
option, as described in Cloud Composer documentation.
Cloud Composer 2.6.6 images are available:
- composer-2.6.6-airflow-2.7.3
- composer-2.6.6-airflow-2.6.3 (default)
- composer-2.6.6-airflow-2.5.3
Cloud Composer versions 2.1.11 and 1.20.11 have reached their end of full support period.
The Amazon Redshift batch source connector version 1.11.1 is available in Preview in Cloud Data Fusion 6.10.0 and later. This source lets you load batch data from your Redshift dataset to a destination, such as BigQuery.
The Amazon Redshift batch source connector version 1.10.6 is available in Preview in Cloud Data Fusion 6.9 versions. This source lets you load batch data from your Redshift dataset to a destination, such as BigQuery.
Cloud Data Fusion is available in the following regions:
asia-south2
me-central2
For more information, see Pricing.
Cloud Functions (2nd gen) now supports the Go 1.22 runtime at the General Availability release level.
You can now configure your aggregated sink to be intercepting, which prevents logs from being passed through the Log Router of child resources. For more information, see Collate and route organization-level logs to supported destinations.
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
You can now integrate Cloud SQL and Vertex AI. This integration lets you apply large language models (LLMs), which are hosted in Vertex AI, to a Cloud SQL for PostgreSQL database, version 12 and later. For more information, see Integrate Cloud SQL with Vertex AI.
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
Version 3.13 is released
All release notes published on this date are part of version 3.13.
Agent alias
Agents can use aliases instead of their real names when communicating with end-users. Admins can configure agent aliases manually or with a bulk upload. Agents can also configure their own aliases. The agent alias feature is available when using the mobile and web SDKs. For more information, see Agent alias.
Country code of the outbound phone number is included with the added party's phone number
When an agent adds a party to a call, the country code from the outbound phone number is automatically included with the added party's phone number.
Calls waiting indicator
The call adapter includes a calls waiting indicator that indicates the number of calls in the queue waiting to be answered. You can find the calls waiting indicator in the Calls tab of the call adaptor.
Time stamp in the chat adapter displays seconds
The message time stamp in the chat adapter displays seconds.
Virtual task assistant for chats
The virtual task assistant is available for chats. Configuration and use are similar to that of the virtual task assistant for calls. Available for the web SDK only. For more information, see Virtual task assistants.
Configure SSO for your email channel using OAuth credentials from Google Cloud
You can configure single sign-on (SSO) for your Contact Center AI Platform email channel using OAuth 2.0 credentials from Google Cloud. For more information, see Configure your email channel for OAuth with Google Cloud.
Deflections are available for agent-to-agent calls
You can configure agent-to-agent calls to deflect to voicemail after a period of time that you set. You can also include these "voice internal" calls in your call reports. For more information, see Turn on deflections.
Support phone number is included for incoming calls
The incoming call screen shows the support phone number that the end-user used to call your support center. For more information, see Receive an inbound call.
Support for multiple data parameters in API requests to the DAPs for your IVR queues
You can capture data in the headers of incoming Session Initiation Protocol (SIP) calls and pass them in API requests to the Direct Access Points (DAPs) for your Interactive Voice Response (IVR) queues. For more information, see API DAPs.
Fixed an issue that resulted in an error being returned whenever an agent tried to send a blended SMS message, despite preset SMS being disabled.
Fixed an issue where the queue-level call music section was not displayed to users with a custom role.
Fixed an issue where calls sometimes got stuck in a queued state when an agent had a poor network connection.
Fixed an issue where the Copy CRM Link button in the call adapter sometimes copied the CRM ID instead of the URL.
Fixed an issue where the Assign Agents button wasn't working on top-level queues.
Fixed an issue where using keyboard shortcuts or arrow keys to scroll in a window did not allow scrolling beyond a single screen of text.
Fixed an issue where a CRM page did not load in the Call Center AI Platform portal.
(New guide) Cross-silo and cross-device federated learning on Google Cloud: Provides guidance to help you create a federated learning platform that supports either a cross-silo or cross-device architecture.
Preview: Migrate to Virtual Machines supports the ARM64 migration journey. This feature lets you migrate ARM virtual machine (VM) instances from AWS and Azure cloud services to ARM VM instances on Compute Engine, and is supported for the following operating systems:
- Debian 11 and 12
- RHEL 9
- Rocky Linux 8 and 9
- SLES 15 SP5
- Ubuntu 20.04 and 22.04
Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.
You can now optimize your writes by setting the maximum delay time of your Spanner write requests between 0 and 500 milliseconds. For more information, see Throughput optimized writes.
March 25, 2024
AlloyDB for PostgreSQLAlloyDB clusters created using the Google Cloud CLI, the AlloyDB Admin API, or Terraform have PostgreSQL 14 compatibility by default, instead of PostgreSQL 15 compatibility.
To mitigate this issue, take either one of the following steps:
- Specify PostgreSQL version 15 when creating a cluster, instead of relying on the default value.
- Use the Google Cloud console to create the cluster.
The software bill of materials (SBOM) feature is now Generally Available (GA). To learn more, see SBOM overview.
Artifact Analysis support for Vulnerability Exploitability eXchange (VEX) statements now includes the capability to upload VEX statements for multiple versions of an image. You can specify whether to associate a VEX statement with one image digest, or all versions of an image. This feature is in Preview. To learn more, see Upload VEX statements.
Backup and DR Service added support to view daily scheduled compliance logs in Cloud Logging.
Backup and DR Service added support to view daily scheduled compliance reports in BigQuery.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.38.2 (2024-03-21)
Dependencies
- Update actions/checkout action (#3190) (940e4f6)
- Update arrow.version to v15.0.1 (#3189) (fb6284e)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.39.0 (#3186) (9e705a1)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240229-2.0.0 (#3188) (a018424)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.43.0 (#3187) (497ff29)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#3196) (61f23a3)
- Update github/codeql-action action to v2.24.6 (#3178) (8843cae)
- Update github/codeql-action action to v2.24.7 (#3194) (2e2d730)
- Update github/codeql-action action to v2.24.8 (#3198) (bd81a56)
Chronicle Applied Threat Intelligence helps you identify and respond to threats. When enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an error when a match is found. The following are some of the features of Applied Threat Intelligence.
Event-level enrichment: All telemetry in Chronicle is enriched with Google Threat Intelligence which is a combination of Mandiant and Virus Total, including all threat intelligence associations like campaigns and actors.
Sophisticated indicator matching: Curated out-of-the-box detections that deliver sophisticated indicator matching using augmented prioritization logic, noise reduction based on customer environment context, and other correlation techniques to maximize signal to noise.
Active breach alerting: Uses Mandiant's incident response intelligence to alert on potential active breaches delivering on our no patient 1 vision.
Curated behavioral detections for emerging threats: To protect against newly emerging risks and tactics, techniques, and procedures (TTPs), Applied Threat Intelligence uses real-time insights.
DIY detection engineering and response automation: Access to Fusion intelligence (formerly known as Mandiant Fusion) for the following.
- Customer authoring of rules
- Customer development of response playbooks
Curated views for Investigation and triage Insights: Applied Threat Intelligence provides curated views that show valuable associations between an indicator and threat actor, threat campaign, or malware, statistics about a threat observed in customer environments. These views are invaluable for all security operations workflows.
For more information about Applied Threat Intelligence, see Applied Threat Intelligence overview.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Compute Engine
compute.googleapis.com/NetworkEdgeSecurityService
- Database Migration
datamigration.googleapis.com/ConversionWorkspace
- Redis
redis.googleapis.com/Cluster
In Cloud Composer versions from 2.1.0 to 2.6.4, task instances that succeeded in the past can be marked as FAILED in some cases. We recommend to upgrade to Cloud Composer version 2.6.5 or later where this issue is fixed. For more information, see the related known issue.
A weekly digest of client library updates from across the Cloud SDK.
Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in GA.
Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in GA.
You can now use Private Service Connect to connect to a Cloud SQL for SQL Server instance. This solution allows you to connect to the instance from multiple VPC networks that belong to different groups, teams, projects, or organizations.
Private Service Connect includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances.
All features are in GA.
Dialogflow CX: The Override request-level speech model has been added to advanced speech settings. This can be used to override the speech model provided in a runtime API request.
Vertex AI Conversation data stores: Gemini-pro 1.0 is now officially in General Availability. The model includes optimized prompting, delivering enhanced results with minimal latency impact. Please note: prompt optimization is currently focused on English, with other languages to follow.
Vertex AI Conversation data stores: The text-bison-001 model and fine-tuned text-bison@001 options will be deprecated by Vertex AI on July 6th. Please transition as soon as possible to the default option or another model available in the settings.
Dialogflow CX: DTMF for telephony integrations is now available for preview.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-ndb
2.3.1 (2024-03-16)
Bug Fixes
- grpc: Fix large payload handling when using the emulator. (#975) (d9162ae)
- Remove uses of six. #913 (#958) (e17129a)
- Show a non-None error for core_exception.Unknown errors. (#968) (66e61cc)
Documentation
Java
Changes for google-cloud-datastore
2.18.6 (2024-03-18)
Bug Fixes
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.0 (#1372) (09db2a7)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#1373) (c6e63e5)
- Update dependency com.google.errorprone:error_prone_core to v2.26.0 (#1361) (9442766)
- Update dependency com.google.errorprone:error_prone_core to v2.26.1 (#1363) (05fe5bc)
- Update dependency com.google.guava:guava-testlib to v33.1.0-jre (#1368) (0195345)
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.12.0 (2024-03-19)
Features
From February 12 through 27, 2024, a bug caused Sensitive Data Protection to inaccurately set the free-text scores of certain data profiles to 0, where they should have been higher. This bug is now resolved. All affected data profiles have been reprofiled.
For more information about the discovery service, see Data profiles.
March 22, 2024
Artifact RegistryEffective March 22, 2024, Artifact Registry npm repositories enforce not including uppercase letters in package names in order to match npmjs naming rules. Packages with uppercase letters in their names pushed to Artifact Registry prior to this date aren't affected by this change unless you want to push them to a new repository.
The March 20, 2024 release notes announced the preview for user-defined aggregate functions, but user-defined aggregate functions are not yet supported.
Chronicle has added a new rule set to Cloud Threat Detections , called Serverless Threats, that detects activity associated with potential compromise or abuse of server-less resources in Google Cloud, such as Cloud Run and Cloud Functions.
Chronicle now supports direct ingestion and parsing of reCAPTCHA Enterprise logs from Google Cloud.
Direct VPC egress (Preview) is now available in the following additional regions:
africa-south1
asia-south1
asia-southeast2
australia-southeast2
europe-central2
europe-west2
europe-west6
europe-west8
europe-west9
europe-west10
me-central1
me-central2
southamerica-west1
us-east5
us-west2
us-west3
us-west8
Cloud Run services can now connect to a Firestore database using integrations (Preview).
Cloud Run services can now connect to Vertex AI to access generative AI models using integrations (Preview).
Support for GPUs is generally available (GA). For more information, see Available GPUs.
Cloud Workstations supports the following machine type:
- a2-megagpu-16g
For more information, see Available machine types, REST workstationConfigs, or RPC google.cloud.workstations.v1beta GceInstance.
Generally available: Disaster recovery with Persistent Disk Async Replication has been expanded to allow you to replicate data on a disk in one region to any other region within the same continent.
Also, the following performance and capacity enhancements are available:
- Data replication change rate increased to 2 GiB/min from 250 MB/min.
- Maximum provisioned disk size increased to 32 TB from 5 TB per disk.
- The number of disks per project increased to 1000 from 100.
- The number of disks per consistency group increased to 128 from 64.
The discovery and inspection services, which support BigQuery, now support tables that contain columns with INTERVAL
, RANGE<DATE>
, RANGE<DATETIME>
, and RANGE<TIMESTAMP>
data types.
For more information about sensitive data discovery, see Data profiles.
For more information about sensitive data inspection for BigQuery, see Inspect a BigQuery table.
March 21, 2024
Anthos Config ManagementThe constraint template library includes a new template: K8sPSSRunAsNonRoot
. For reference, see the Constraint template library.
Policy Controller bundles have been updated to the following versions: cis-gke-v1.4.0
: 202402.0-preview
, nist-sp-800-190
: 202402.0
, nist-sp-800-53-r5
: 202402.0
, pci-dss-v3.2.1
: 202402.0
, pss-baseline-v2022
: 202402.0
, pss-restricted-v2022
: 202402.0
. For reference, see Policy Controller bundles overview.
Fixed a regression introduced in 1.16.0 that limits the length of the Secret name referenced in the spec.git.secretRef.name
field of the RootSync object.
Fixed a regression introduced in 1.17.0 that caused Config Sync to sometimes fail to pull the latest commit from a Git branch by upgrading git-sync (Config Sync dependency for pulling from git) from v4.1.0 to v4.2.1.
Backup and DR Service 11.0.10.417 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.
Backup and DR Service 11.0.10 includes an operating system upgrade from CentOS 7 to Rocky Linux 8. As CentOS 7 will reach its End of Life (EOL) on June 24, 2024, you must upgrade to 11.0.10 before the EOL date to continue receiving security updates.
To upgrade to 11.0.10, you should take a snapshot of the appliance's boot disk. If your backup/recovery appliance is on 11.0.5 or below, then you need to upgrade to 11.0.9 before successfully upgrading to 11.0.10. See 11.0.9 release notes to know how to back up the boot disk.
Backup and DR Service added support to access historical reports. Learn more.
You can now add Salesforce Data Cloud data to BigQuery. This feature is generally available (GA).
Incremental materialized views now support LEFT OUTER JOIN
and UNION ALL
. This feature is in preview.
You can now view Bigtable cost data with instance granularity in the Google Cloud Billing detailed export to BigQuery. For more information, see Structure of detailed cost data export.
Generally available: In a managed instance group (MIG), you can set metadata and labels for all VMs in the group without the need to create a new instance template. For more information, see Override instance template properties with an all-instances configuration.
Generally available: In a managed instance group (MIG), you can turn off repairs to inspect failed and unhealthy VMs, to implement your own repair logic, or to monitor the application health without triggering repairs by MIG. For more information, see Turn off repairs in a MIG.
New Dataproc on Compute Engine subminor image versions:
- 2.0.96-debian10, 2.0.96-rocky8, 2.0.96-ubuntu18
- 2.1.44-debian11, 2.1.44-rocky8, 2.1.44-ubuntu20, 2.1.44-ubuntu20-arm
- 2.2.10-debian12, 2.2.10-rocky9, 2.2.10-ubuntu22
Release 1.28.300-gke.131
GKE on Bare Metal 1.28.300-gke.131 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.300-gke.131 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Functionality changes:
Updated preflight checks to add a check for networking kernel modules.
Updated preflight checks to remove the check for
iptables
package availability.Increased the default memory limit for
node-exporter
.
Fixes:
- Fixed an issue with configuring a proxy for your cluster that required you to manually set
HTTPS_PROXY
andNO_PROXY
environment variables on the admin workstation.
The following container image security vulnerabilities have been fixed in 1.28.300-gke.131:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
Release 1.15.11
GKE on Bare Metal 1.15.11 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.15.11 runs on Kubernetes 1.26.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
The following container image security vulnerabilities have been fixed in 1.15.11:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
GKE on VMware 1.28.300-gke.123 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.28.300-gke.123 runs on Kubernetes v1.28.4-gke.1400.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
- Increased the default memory limit for node-exporter.
- Updated the AIS version to hybrid_identity_charon_20240228_0730_RC00.
The following issues are fixed in 1.28.300-gke.123:
- Fixed the issue where the admin cluster backup did a retry on non-idempotent operations.
- Fixed the
known issue
where the
controlPlaneNodePort
field defaulted to 30968 when the manualLB spec was empty. - Fixed the known issue that caused the preflight check to fail when the hostname wasn't in the IP block file.
- Fixed the known issue that caused Kubelet to be flooded with logs stating that "/etc/kubernetes/manifests" does not exist on the worker nodes.
The following vulnerabilities are fixed in 1.28.300-gke.123:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Security Command Center detectors are now mapped to the following additional compliance frameworks:
- CIS Critical Security Controls v8
- Cloud Controls Matrix v 4
- HIPAA
- ISO 27001 (2022)
- NIST 800-53 (rev 5)
- NIST Cybersecurity Framework (v 1.0)
- PCI-DSS 4.0
- SOC 2 (2017)
reCAPTCHA Enterprise platform logs are now available in Chronicle. Users can now view their reCAPTCHA assessment and annotation data in a structured and searchable data format in Chronicle. For more information, see Collect reCAPTCHA Enterprise logs.
March 20, 2024
AlloyDB for PostgreSQLUpdated the default major version of PostgreSQL compatibility for new AlloyDB clusters to PostgreSQL 15.
You can now create and manage VRFs for the networks in your Bare Metal Solution environment. This feature is generally available (GA).
The maximum notebook size has been increased from 10 MB to 20 MB. Notebooks are available in preview.
You can now view lists of all saved queries and all notebooks in your project. These features are available in preview.
There is no longer a limit on the number of feeds you can create for the same log type in Feed Management.
Release 6.2.52 is currently in Preview.
Case filter and URL now in a reciprocal relationship
In the Cases page, the filter and the URL now directly affect each other. Changing the filter changes the URL, and conversely, changing the URL changes the filter. You can take advantage of this feature by setting a filter for cases and putting the newly created URL in an external dashboard. Clicking on this link would then take you directly to the filtered case queue.
Incident Manager appearing in navigation even though user doesn"t have license (ID #49062139)
lastLoginTime returns wrong date for SAML users (ID #00278010)
Wrong error message returned for environment alias duplicates (ID #00271405)
Playbooks with async actions longer than 7 days can't be saved even though time set to 14 days in IDE (ID #00269032)
Clicking on events configuration opens the wrong mapping & modeling rules
The Logs in Cloud Logging only feature is gradually rolled out to all regions:
- New Cloud Composer environments now save Airflow task logs only in Cloud Logging by default.
- Existing environments are not changed. If you upgrade an existing environment, it keeps saving logs to the environment's bucket.
- You can enable and disable saving logs to the environment's bucket for an existing environment.
Currently the feature is rolled out to the following regions: africa-south1, asia-east1, asia-east2, asia-northeast2, asia-south2, asia-southeast2, australia-southeast2, europe-central2, europe-southwest1, europe-west10, europe-west12, europe-west2, europe-west3, europe-west4, europe-west6, europe-west8, me-central1, me-central2, me-west1, northamerica-northeast2, southamerica-west1, us-east5, us-east7, us-south1, and us-west4.
The Healthcare Natural Language API supports the following entity mention types in Preview:
- Oncology
- Social determinants of health (SDOH)
- Protected health information (PHI)
Explaining data access using FHIR is available in Preview.
Certificate bundles for verifying attestations for Cloud HSM keys are deprecated. You can no longer download certificate bundles as of March 20, 2024.
Certificate bundles have been replaced by certificate chains. To learn how to use certificate chains to verify attestations for Cloud HSM keys, see Verifying the attestation manually.
The Google Cloud Console has launched a new wizard experience to walk you through the process of selecting a new load balancer. The new wizard walks you through all the available options (internal or internet-facing, proxy or passthrough, global or regional) and guides you to the appropriate load balancer for your use-case.
Try out the new wizard in the Google Cloud Console at Create a load balancer.
cos-105-17412-294-46
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.239.06(default),v535.161.07(latest) |
Upgraded app-editors/vim to v9.0.2167, Upgraded app-editors/vim-core to v9.0.2167.
Fixed CVE-2024-0727 in dev-libs/openssl.
Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.
Fixed CVE-2023-52447 in the Linux kernel.
cos-101-17162-386-47
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v535.161.07(latest) |
Fixed CVE-2024-0727 in dev-libs/openssl.
Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.
Fixed CVE-2023-52447 in the Linux kernel.
cos-97-16919-450-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.208 | v20.10.24 | v1.6.21 | v470.239.06(default),v535.161.07(latest) |
Fixed CVE-2024-0727 in dev-libs/openssl.
Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.
Fixed CVE-2023-52447 in the Linux kernel.
cos-109-17800-147-38
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.9 | v1.7.13 | v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Added support for iSCSI targets and RAM block devices.
Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.
Announcing the Preview release of Dataproc Serverless for Spark 1.2 runtime:
- Spark 3.5.0
- BigQuery Spark Connector 0.35.1
- Cloud Storage Connector 3.0.0
- Conda 23.11
- Java 17
- Python 3.12
- R 4.3
- Scala 2.12
New Dataproc Serverless for Spark runtime versions:
- 1.1.55
- 1.2.0-RC1
- 2.0.63
- 2.1.42
- 2.2.0-RC15
Dataproc Serverless for Spark:
(New guide) Design storage for AI and ML workloads in Google Cloud: Select the recommended storage options for your AI and ML workloads.
(2024-R08) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following cluster and node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1570000
- 1.26.10-gke.1101000
- 1.27.9-gke.1092000
- 1.28.7-gke.1100000
- 1.29.2-gke.1217000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.10-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.10-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.5-gke.1217000 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- Version 1.26.10-gke.1101000 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1041000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.16-gke.1041000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.13-gke.1144000
- 1.27.9-gke.1092000
- 1.28.5-gke.1217000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1006000 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1570000
- 1.26.14-gke.1044000
- 1.27.11-gke.1062000
- 1.28.3-gke.1286000
- 1.28.7-gke.1100000
- 1.29.2-gke.1217000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1596000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1076000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1118000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.7-gke.1026000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
(2024-R08) Version updates
- The following cluster and node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1570000
- 1.26.10-gke.1101000
- 1.27.9-gke.1092000
- 1.28.7-gke.1100000
- 1.29.2-gke.1217000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.10-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.10-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.5-gke.1217000 with this release.
(2024-R08) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.13-gke.1144000
- 1.27.9-gke.1092000
- 1.28.5-gke.1217000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1006000 with this release.
(2024-R08) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1570000
- 1.26.14-gke.1044000
- 1.27.11-gke.1062000
- 1.28.3-gke.1286000
- 1.28.7-gke.1100000
- 1.29.2-gke.1217000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1596000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1076000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1118000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.7-gke.1026000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.
(2024-R08) Version updates
- The following versions are now available in the Stable channel:
- Version 1.26.10-gke.1101000 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1041000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.16-gke.1041000 with this release.
New misconfiguration detectors for AlloyDB for PostgreSQL clusters released to General Availability.
Security Health Analytics, a built-in service of Security Command Center, released new detectors to General Availability. The following detectors, which are available only with the Premium tier of Security Command Center, detect misconfigurations in AlloyDB for PostgreSQL clusters and instances:
- ALLOYDB_AUTO_BACKUP_DISABLED: Automated backups are not enabled in AlloyDB for PostgreSQL cluster.
- ALLOYDB_LOG_ERROR_VERBOSITY: Instance database flag
log_error_verbosity
for AlloyDB for PostgreSQL instance is not set todefault
or another less restrictive value. - ALLOYDB_LOG_MIN_ERROR_STATEMENT_SEVERITY: Instance database flag
log_min_error_statement
for AlloyDB for PostgreSQL instance is not set to ERROR or lower. - ALLOYDB_LOG_MIN_MESSAGES: Instance database flag
log_min_messages
for AlloyDB for PostgreSQL instance is not set to at minimumwarning
.
For more information, see SQL vulnerability findings.
Leader-aware routing now dynamically routes read-write transactions to the leader region in Spanner multi-region instances, reducing latency and improving performance. For more information, see Leader-aware routing.
reCAPTCHA Enterprise Mobile SDK v18.5.0-beta02 is now available for Android and iOS.
This version contains changes to improve the performance and reliability of getClient()
and execute()
.
March 19, 2024
AlloyDB for PostgreSQLThe Quotas documentation is updated to include additional guidance on setting the maximum number of concurrent connections for your database instance size.
App Hub is generally available (GA).
Fixed the issue causing images copied to Artifact Registry from Container Registry with the automatic migration tool to fail to propagate their creation time to Artifact Registry. Artifact Registry creation time is set to the time the image was uploaded to Container Registry, and update time is set to the time the image is copied to Artifact Registry.
You can now create and run Spark stored procedures that are written in Python, Java, and Scala. You can also use the PySpark editor in BigQuery to create stored Python procedures for Apache Spark. This feature is now generally available (GA).
The minimum duration between scheduled queries has been reduced from 15 minutes to 5 minutes. This feature is generally available.
You can now create daily backups of your Bigtable table by enabling automated backup. This feature is available in Preview. For details, see Automated backup.
On March 19, 2024, Blockchain Node Engine upgraded all mainnet Polygon nodes in preparation for the Napoli (PIP-33) Hardfork.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- NetApp
netapp.googleapis.com/Backup
netapp.googleapis.com/BackupPolicy
netapp.googleapis.com/BackupVault
Airflow 2.7.3 is available in Cloud Composer images.
Fixed an issue where past Airflow task instances could be marked as failed in some cases.
Fixed an issue where Airflow task logs for the first try of a task might not be visible in Airflow UI.
BigQueryInsertJobOperator now correctly handles ephemeral tables created with tableDefinitions
.
In BigQueryInsertJobOperator, fixed the handling of parsing errors during Lineage emission when the query is too long or deeply nested.
The apache-airflow-providers-google
package is upgraded to version 10.16.0 in images with Airflow 2.6.3, and images with Airflow 2.7.3 have this version. For more information about changes, see the apache-airflow-providers-google changelog from version 10.15.0 to version 10.16.0.
The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 8.0.1 in images with Airflow 2.6.3, and images with Airflow 2.7.3 have this version.
Cloud Composer 2.6.5 images are available:
- composer-2.6.5-airflow-2.7.3
- composer-2.6.5-airflow-2.6.3 (default)
- composer-2.6.5-airflow-2.5.3
Cloud Composer versions 2.1.10, 2.1.9, 1.20.10, and 1.20.9 have reached their end of full support period.
Cloud SQL Enterprise Plus edition now supports the me-central2 (Dammam) region.
Cloud SQL Enterprise Plus edition now supports the me-central2 (Dammam) region.
Dialogflow CX now provides the offers and deals prebuilt component.
Vertex AI Conversation data store tools now support filter
and userMetadata
example parameters.
Dialogflow CX request-scoped parameters now supports the $request.user-utterance
parameter to reference the end-user utterance.
Eventarc support for creating triggers for direct events from Network Services is generally available (GA).
Cilium cluster-wide network policies are now generally available with the following GKE versions:
- 1.28.6-gke.1095000 or later
- 1.29.1-gke.1016000 or later
You can now control your GKE workloads' ingress and egress traffic cluster-wide, without being bound to a namespace for your network policies. This new capability is intended to streamline network policies for GKE platform administrators looking for a uniform way to apply policies across namespaces or application teams.
Cilium cluster-wide network policy is available in all GKE editions.
To learn more, read Control cluster-wide communication using network policies.
Workloads running on GKE clusters with COS-based nodes may experience DNS resolution issues. The likelihood of impact is low and not all clusters are impacted. The issue is resolved on the following minimal GKE node versions:
- For 1.27: 1.27.11-gke.1118000
- For 1.28: 1.28.7-gke.1100000
- For 1.29: 1.29.2-gke.1217000
Clusters with a node version that is lower than 1.27.3-gke.1200 are not affected.
Statistics for active partitioned data manipulation language (DML) queries are now generally available. You can get insights on active partitioned DMLs queries and their progress from statistics tables in your Spanner database. For more information, see Active partitioned DMLs statistics.
Beta stage support for the following integration:
March 18, 2024
BigQueryA weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.5.1 (2024-03-14)
Bug Fixes
- Add better documentation around usage of BigQueryTimestamp class and .timestamp method. (2b2c3e0)
- BigQueryTimestamp should keep accepting floats #1339 (2b2c3e0)
- Restores BigQueryTimestamp behavior to accept a numeric value in the constructor representing epoch-seconds. The affected 7.5.0 version would parse a numeric value as epoch-microseconds. (2b2c3e0)
Python
Changes for google-cloud-bigquery
3.19.0 (2024-03-11)
Features
Bug Fixes
You can now undelete a dataset that is within your time travel window to recover it to the state that it was in when it was deleted. This feature is in preview.
These BigQuery features are now generally available (GA):
Text analysis configuration options for the following:
CREATE SEARCH INDEX
DDL- Existing
LOG_ANALYZER
and newPATTERN_ANALYZER
analyzers, which are used in various functions, includingSEARCH
- The
TEXT_ANALYZE
function
The following advanced processing functions:
You can now perform hierarchical forecasts in BigQuery ML time series models, which let you aggregate and roll up values for all time series in the model. This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-logging
3.10.0 (2024-03-13)
Features
Bug Fixes
- Added placeholder kwargs to StructuredLogHandler (#845) (9bc0a37)
- Allowed for a partial override of loggers that get excluded from setup_client (#831) (870c940)
- Remove usage in including_default_value_fields to prepare for protobuf 5.x (#866) (66a534d)
- Use value of cluster-location in GKE for tagging location (#830) (c15847c)
Documentation
You can now use Duet AI for Developers to help you create a synthetic monitor. This feature is in Public Preview. For more information, see Create a synthetic monitor.
You can now use the GCS FUSE file cache feature, a client-based read cache that lets repeat file reads to be served from a faster cache storage of your choice. To learn more about caching, see GCS FUSE caching documentation.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for storage/internal/apiv2
1.39.1 (2024-03-11)
Bug Fixes
Java
Changes for google-cloud-storage
2.36.0 (2024-03-15)
Features
- Add Custom Part Metadata Decorator to ParallelCompositeUploadConfig (#2434) (43b8006)
- Add hierarchical namespace and folders features (#2445) (8074fff)
- Add soft delete feature (#2403) (989f36f)
Bug Fixes
- Fix name digest for noprefix (#2448) (12c9db8)
- Missing serialVersionUID of serializable classes (#2344) (736865b)
Dependencies
The BufferTask
method for creating tasks is now at General Availability (GA).
For tasks that have HTTP targets (as opposed to App Engine targets), the option to set routing for tasks at the queue level is now at General Availability (GA). If you set routing at the queue level, you do not have to set routing for each individual task. To learn more, see Configure routing.
Generally available: The organization-wide patch status dashboard and organization-wide OS policy compliance reports in VM Manager are now generally available.
Config Controller now uses the following versions of its included products:
- Config Connector v1.113.0, release notes
- Anthos Config Management v1.17.2, release notes
Container Registry is scheduled to be shut down and superseded by Artifact Registry on March 18, 2025. For more information and transition options, see Deprecations.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.6 (2024-03-14)
Bug Fixes
- dataflow: Update protobuf dep to v1.33.0 (30b038d)
M118 release
- Pytorch 2.1.0 with CUDA 12.1 and Python 3.10 container images are now available.
- Pytorch 2.2.0 with CUDA 12.1 and Python 3.10 container images are now available.
M118 release
- Restored legacy gpu image families for TensorFlow 2.12 through 2.14, and for PyTorch 2.0.
- Pytorch 2.1.0 with CUDA 12.1 and Python 3.10 VM images are now available.
- Pytorch 2.2.0 with CUDA 12.1 and Python 3.10 VM images are now available.
- R images (Experimental) updated to R 4.3.3.
- Updated Nvidia drivers of older Deep Learning VM images to R535.
The Dialogflow ES and Dialogflow CX us-dialogflow.googleapis.com
endpoint and locations/us
resource location,
which served as aliases for global resources, will be discontinued on April 16, 2024. For more information, see the email announcement.
The following prebuilt components have been added to Dialogflow CX:
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.11.6 (2024-03-14)
Bug Fixes
- secretmanager: Update protobuf dep to v1.33.0 (30b038d)
Vector Search heuristics-based compaction
Vector Search uses heuristics-based metrics assess whether to trigger compaction. This prevents unnecessary compaction, and thus reduces cost. For general information about compaction, see Compaction.
M118 release
The M118 release of Vertex AI Workbench user-managed notebooks includes the following:
- Pytorch 2.1.0 with CUDA 12.1 and Python 3.10 user-managed notebooks instances are now available.
- Pytorch 2.2.0 with CUDA 12.1 and Python 3.10 user-managed notebooks instances are now available.
- Updated Nvidia drivers of older user-managed notebooks images to R535.
The M118 release of Vertex AI Workbench managed notebooks includes the following:
- Updated Nvidia drivers to R535, which fixed a bug where the latest PyTorch 2.0 kernel didn't work due to outdated drivers.
M118 release
The M118 release of Vertex AI Workbench instances includes the following:
- Updated Nvidia drivers to R535.
March 15, 2024
Access ApprovalAccess Approval supports Google Distributed Cloud Edge in the GA stage.
Access Transparency supports the following services in the GA stage:
- Google Distributed Cloud Edge
- IAM workforce identity pools
The Back up and restore AlloyDB Omni documentation is updated to include pgBackRest, an open-source solution included with the AlloyDB Omni Docker container.
The rollout of managed Anthos Service Mesh version 1.17 to the stable channel has completed.
Improved the party de-registration process. You can now remove parties without prediction intent (that is, those parties not included in a create prediction results request) within a 45-day window following registration.
Artifact Registry remote repositories support basic authentication to user-defined and preset upstream sources for Docker, Maven, npm, and Python formats.
To create a remote repository using a preset or user-defined upstream source, see Create remote repositories. For more information on remote repository authentication, see Configure authentication to remote repositories.
Images copied to Artifact Registry from Container Registry with the automatic migration tool are failing to propagate their upload time to Artifact Registry, and instead have their upload time value set to zero, resulting in an upload time of early 1970. If you have cleanup policies that delete images based on upload time, this might mean all your copied images are deleted. We are actively working on a fix for this issue.
Emissions reported for Google Kubernetes Engine (GKE) declined starting in February 2024. This change is a result of an update to Google's internal cost allocation, which determines how shared infrastructure costs are attributed to individual services. According to our methodology (Technical details - Electricity use), these internal costs are used to apportion electricity consumption and carbon emissions to services, so changes in cost apportionment result in corresponding changes to carbon apportionment and reporting for that service.
Chronicle has expanded Cloud Threat Detections to create a detection when findings from Security Command Center Event Threat Detections, Cloud Armor, Sensitive Actions Service, and Custom modules for Event Threat Detection are identified. These detections are available through the following rule sets: CDIR SCC Cloud IDS, CDIR SCC Cloud Armor, CDIR SCC Impact, CDIR SCC Enhanced Persistence, CDIR SCC Enhanced Defense Evasion, and CDIR SCC Custom Module.
Release 6.2.5.0 is now in General Availability.
You can now use worker utilization hints to tune horizontal autoscaling for streaming pipelines.
Added new autoscaling metrics:
- Autoscaling rationale chart: explains the factors driving autoscaling decisions
- Worker CPU utilization chart: shows current user worker CPU utilization and customer autoscaling hint value
- Timer backlog per stage: shows an estimate of time needed to materialize the output for windows whose timer has expired
- Parallel processing: the number of keys available for parallel processing
Datastream now supports SQL Server as a source. The feature is in Preview. For more information, see Streamlining data integration with SQL Server source support in Datastream and the Datastream documentation.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-1085
For more information, see the GCP-2024-018 security bulletin.
You can use the iam.serviceAccountKeyExposure
organization policy
constraint to help manage leaked service account credentials.
Vertex AI Search: Sync from Google Drive (Preview with allowlist)
Connecting to Google Drive as a data source for Vertex AI Search is available as a Preview with allowlist feature. For more information, see Sync from Google Drive.
March 14, 2024
Apigee UIOn March 14, 2024 we released an updated version of the Apigee UI.
Bug ID | Description |
---|---|
320739232 | An issue was fixed where an incorrect error message was displayed after an API proxy or shared flow was undeployed. |
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- Akamai WAF (
AKAMAI_WAF
) - Alcatel Switch (
ALCATEL_SWITCH
) - Arcsight CEF (
ARCSIGHT_CEF
) - Auth0 (
AUTH_ZERO
) - AWS Cloudtrail (
AWS_CLOUDTRAIL
) - AWS Config (
AWS_CONFIG
) - AWS GuardDuty (
GUARDDUTY
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure App Service (
AZURE_APP_SERVICE
) - Azure Key Vault logging (
AZURE_KEYVAULT_AUDIT
) - BIND (
BIND_DNS
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Box (
BOX
) - Chrome Management (
N/A
) - Cisco AMP (
CISCO_AMP
) - Cisco Umbrella DNS (
UMBRELLA_DNS
) - Cisco VPN (
CISCO_VPN
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Cloud Audit Logs (
N/A
) - Cloudflare (
CLOUDFLARE
) - Cofense (
COFENSE_TRIAGE
) - Corelight (
CORELIGHT
) - CrowdStrike Falcon (
CS_EDR
) - CSV Custom IOC (
CSV_CUSTOM_IOC
) - Custom Application Access Logs (
CUSTOM_APPLICATION_ACCESS
) - Cybergatekeeper NAC (
CYBERGATEKEEPER_NAC
) - Extreme Wireless (
EXTREME_WIRELESS
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - Falco IDS (
FALCO_IDS
) - FireEye (
FIREEYE_ALERT
) - FireEye ETP (
FIREEYE_ETP
) - ForgeRock Identity Cloud (
FORGEROCK_IDENTITY_CLOUD
) - FortiGate (
FORTINET_FIREWALL
) - GCP_APP_ENGINE (
GCP_APP_ENGINE
) - HP Procurve Switch (
HP_PROCURVE
) - IAM Context (
N/A
) - IBM DB2 (
DB2_DB
) - IBM Mainframe Storage (
IBM_MAINFRAME_STORAGE
) - IBM Security Access Manager (
IBM_SAM
) - Illumio Core (
ILLUMIO_CORE
) - Imperva (
IMPERVA_WAF
) - Infoblox (
INFOBLOX
) - JAMF CMDB (
JAMF
) - KerioControl Firewall (
KERIOCONTROL
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Azure Resource (
AZURE_RESOURCE_LOGS
) - Microsoft Defender For Cloud (
MICROSOFT_DEFENDER_CLOUD_ALERTS
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Exchange (
EXCHANGE_MAIL
) - Microsoft Graph Activity Logs (
MICROSOFT_GRAPH_ACTIVITY_LOGS
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Microsoft IIS (
IIS
) - Microsoft System Center Endpoint Protection (
MICROSOFT_SCEP
) - Mobile Endpoint Security (
LOOKOUT_MOBILE_ENDPOINT_SECURITY
) - Mongo Database (
MONGO_DB
) - Netscout OCI (
NETSCOUT_OCI
) - Netskope (
NETSKOPE_ALERT
) - Netskope Web Proxy (
NETSKOPE_WEBPROXY
) - Network Policy Server (
MICROSOFT_NPS
) - Nutanix Prism (
NUTANIX_PRISM
) - Office 365 (
OFFICE_365
) - Okta (
OKTA
) - OpenCanary (
OPENCANARY
) - Ordr IoT (
ORDR_IOT
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Prisma Cloud (
PAN_PRISMA_CLOUD
) - PerimeterX Bot Protection (
PERIMETERX_BOT_PROTECTION
) - Phishlabs (
PHISHLABS
) - Proofpoint Sendmail Sentrion (
PROOFPOINT_SENDMAIL_SENTRION
) - Pulse Secure (
PULSE_SECURE_VPN
) - RH-ISAC (
RH_ISAC_IOC
) - SailPoint IAM (
SAILPOINT_IAM
) - Salesforce (
SALESFORCE
) - Sap Business Technology Platform (
SAP_BTP
) - Security Command Center Threat (
N/A
) - Sentinelone Alerts (
SENTINELONE_ALERT
) - Shibboleth IDP (
SHIBBOLETH_IDP
) - Sourcefire (
SOURCEFIRE_IDS
) - Splunk Attack Analyzer (
SPLUNK_ATTACK_ANALYZER
) - STIX Threat Intelligence (
STIX
) - Symantec CloudSOC CASB (
SYMANTEC_CASB
) - Symantec DLP (
SYMANTEC_DLP
) - Tanium Asset (
TANIUM_ASSET
) - Thinkst Canary (
THINKST_CANARY
) - Trend Micro Deep Security (
TRENDMICRO_DEEP_SECURITY
) - Vectra Detect (
VECTRA_DETECT
) - Vectra Stream (
VECTRA_STREAM
) - VeridiumID by Veridium (
VERIDIUM_ID
) - Wazuh (
WAZUH
) - Windows Defender ATP (
WINDOWS_DEFENDER_ATP
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Local Administrator Password Solution (
MICROSOFT_LAPS
) - wiz.io (
WIZ_IO
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - XAMS by Xiting (
XITING_XAMS
) - Zscaler CASB (
ZSCALER_CASB
) - Zscaler DLP (
ZSCALER_DLP
) - Zscaler Internet Access Audit Logs (
ZSCALER_INTERNET_ACCESS
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- Aruba Switch (
ARUBA_SWITCH
) - Azure AD Password Protection (
AZURE_AD_PASSWORD_PROTECTION
) - Azure Front Door (
AZURE_FRONT_DOOR
) - Babelforce (
BABELFORCE
) - Cloudaware (
CLOUDAWARE
) - Coalition Control API (
COALITION
) - Crowdstrike Identity Protection Services (
CS_IDP
) - Cymulate (
CYMULATE
) - Dell ECS Enterprise Object Storage (
DELL_ECS
) - Google Cloud NGFW Enterprise (
GCP_NGFW_ENTERPRISE
) - Google Cloud Secure Web Proxy (
GCP_SWP
) - HaveIBeenPwned (
HIBP
) - HPE BladeSystem C7000 (
HPE_BLADESYSTEM_C7000
) - HP OpenView (
HP_OPENVIEW
) - IBM DS8000 Storage (
IBM_DS8000
) - IBM-i Operating System (
IBM_I
) - Multicom Switch (
MULTICOM_SWITCH
) - Nextthink Finder (
NEXTTHINK_FINDER
) - Palo Alto Cortex XDR Management Audit (
PAN_XDR_MGMT_AUDIT
) - PingIdentity Directory Server Logs (
PING_DIRECTORY
) - Prisma SD-WAN (
PRISMA_SD_WAN
) - Redhat Jboss (
REDHAT_JBOSS
) - SafeBreach (
SAFEBREACH
) - Scality Ring Audit (
SCALITY_RING_AUDIT
) - Sendsafely (
SENDSAFELY
) - Solace Pub Sub Cloud (
SOLACE_AUDIT
) - Sonicwall Secure Mobile Access (
SONICWALL_SMA
) - Sonrai Enterprise Cloud Security Solution (
SONRAI
) - Tenemos Journey Manager System Event Publisher (
TENEMOS_MANAGER_SYSTEMEVENT
) - TrueFort Platform (
TRUEFORT
) - Ubiquiti Accesspoint (
UBIQUITI_ACCESSPOINT
) - WithSecure Cloud Protection (
WITHSECURE_CLOUD
) - WithSecure Elements Connector (
WITHSECURE_ELEMENTS
) - YAMAHA ROUTER RTX1200 (
YAMAHA_ROUTER
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
In Airflow 2.6.3 offered in Cloud Composer versions earlier than 2.6.2, task statuses can be deleted as a result of the #31179 Airflow issue. If you use Airflow 2.6.3, we recommend to upgrade to Cloud Composer version 2.6.2 or later where this issue is fixed.
Salesforce plugin version 1.6.3 is available in Cloud Data Fusion versions 6.8.0 and later. The release includes the following changes:
- Fixed an issue in the Salesforce sink plugin causing an unsupported type
datetime
error for DateTime type fields in the input schema. In this version, the Salesforce sink plugin supports datetime and decimal logical types (PLUGIN-1749). - Fixed an issue in all Salesforce plugins causing a pipeline to fail when using an OAuth macro because the oAuth macro value didn't get passed to the plugin as intended. In this version, all Salesforce plugins support an OAuth macro (PLUGIN-1767).
- At the time of failure on the Salesforce sink side, if the Error handling property is set to the Fail on error option, the Salesforce job is aborted, which stops newer batches from being added to the job due to spark retry settings in CDAP (PLUGIN-1768).
- To make debugging easier, additional debug logs and batch results in logs are available.
Direct VPC egress now supports Cloud NAT with Public NAT IP addresses (in Preview).
A new maintenance version rollout is currently underway for all supported SQL Server versions.
If you have configured a maintenance window for your instance, then the updates will occur according to the timeframe that you set in the window. Otherwise, the updates will occur within the next few weeks. The new maintenance version is [SQL Server version].R20240216.01_RC00.
To learn how to check your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.
New Dataproc on Compute Engine subminor image versions:
- 2.0.95-debian10, 2.0.95-rocky8, 2.0.95-ubuntu18
- 2.1.43-debian11, 2.1.43-rocky8, 2.1.43-ubuntu20, 2.1.43-ubuntu20-arm
- 2.2.9-debian12, 2.2.9-rocky9, 2.2.9-ubuntu22
New Dataproc Serverless for Spark runtime versions:
- 1.1.54
- 2.0.62
- 2.1.41
- 2.2.0-RC14
Added the bigframes
(BigQuery DataFrames) Python package in the Dataproc Serverless for Spark 2.1 runtime.
Design an optimal storage strategy for your cloud workload: Added guidance about data transfer options.
This is a patch release of Google Distributed Cloud Edge (version 1.6.1).
The following new features have been introduced in this release of Distributed Cloud Edge:
Multi-rack deployments. Distributed Cloud Edge now supports aggregating the resources of multiple Distributed Cloud Edge Racks into a single zone. You can now create clusters that span nodes across multiple Distributed Cloud Edge Racks. A single multi-rack deployment supports one Distributed Cloud Edge Base Rack and up to 10 Distributed Cloud Edge Standalone Racks. For more information, see How Distributed Cloud Edge works.
Distributed Cloud Edge Base Rack. We are now shipping a new form factor of Distributed Cloud Edge Rack hardware, the Distributed Cloud Edge Base Rack. This form factor is a pair of existing Distributed Cloud Edge Standalone Rack hardware with the addition of four network switches that aggregate network traffic from up to 10 Distributed Cloud Edge Standalone Racks.
Prometheus integration. You can now use the Prometheus metrics solution to collect Distributed Cloud Edge metrics and workload metrics on local control plane clusters running in survivability mode. For more information, see Collect metrics with Prometheus.
Node labels. You can now assign unique labels to individual nodes when creating a node pool. For more information, see Create a node pool.
The following changes have been introduced in this release of Distributed Cloud Edge:
Cloud control plane clusters can no longer be created in subsequent releases of Distributed Cloud Edge. Distributed Cloud Edge version 1.6.1 is the last release of Distributed Cloud Edge in which you can create Cloud control plane clusters. Creation of cloud control plane clusters will be disabled in the next minor release of Distributed Cloud Edge. Existing cloud control plane clusters will continue to run workloads.
Release channel requirement for specifying cluster software versions. If you want to specify a Distributed Cloud Edge software version when creating a cluster, you must now set the cluster's release channel to
NONE
. If you do not specify a release channel or explicitly set it toREGULAR
, the cluster automatically upgrades to the latest version of Distributed Cloud Edge software and specifying a software version is not possible.
This release of Distributed Cloud Edge contains the following known issues:
Nodes can get stuck in
Ready,SchedulingDisabled
state after applying configuration changes. Applying or deleting theNodeSystemConfigUpdate
orSriovNetworkNodePolicy
resources can result in a node that's stuck in theReady, Scheduling Disabled
state after it reboots. To resolve this issue, see Troubleshoot Distributed Cloud Edge.Deleting clusters and node pools fails when a node is not ready. If a node in a cluster or node pool that you want to delete is in the
NotReady
state, the deletion can fail. Contact Google Support to remedy this condition.Nodes using Symcloud Storage report the file system as read-only after reboot. When multiple nodes that use Symcloud Storage reboot at once in a cluster, they can incorrectly mark the file system as read-only. Contact Google Support to remedy this condition.
Google Distributed Cloud Edge management software has been updated.
A previous version of the GKE logging agent that rolled out in GKE version 1.28.7-gke.1100000 contained a security vulnerability. This version has been immediately removed.
Preview stage support for the following integration:
March 13, 2024
AlloyDB for PostgreSQLAlloyDB now supports continuous backup and recovery, and scheduled backups on secondary clusters. When you create a secondary cluster, any backup plans on the primary cluster are automatically copied to the new secondary cluster. For more information, see About cross-region replication.
Released a new v4 engine versions for the commercial line of business, with more reliable tuning performance, in particular for small datasets.
As of March 13, 2024, the conversion of Apigee API Management organizations with Pay-as-you-go pricing provisioned before October 1, 2023, to Pay-as-you-go organizations that use updated attributes for pricing is complete, with the exception of one organization that requires customer action.
The Apigee API Analytics add-on is enabled in converted organizations.The Analytics add-on can be disabled if it is not required. In addition, you can update your Pay-as-you-go environment types using the API.
For more information on the updated pricing and enhanced features now available for these organizations, see Pay-as-you-go (updated attributes) overview.
Updated pricing attributes will be reflected in March invoices. For billing questions related to this change, contact Google Cloud Billing support.
Release 6.2.51 is currently in Preview.
Jobs Enhancement
When updating an integration, the jobs will now be updated automatically. This does not apply to any legacy jobs that were created before October 2023.
The Marketplace integration will clearly identify the legacy jobs that are affected and provide instructions on how to proceed.
In addition, legacy jobs are now marked as such in the Jobs Scheduler page so that you can take action and resolve issues beforehand.
APIs now documented
The following APIs are not new, but with this Release are now formally documented in Swagger:
AddOrUpdateEnvironmentRecords
RemoveEnvironmentRecords
Searching for cases from the last week doesn't produce results (ID #00269819)
Email HTML Templates > Show Email Template not rendering styles (ID #00249556)
SDK call for create entity failure displays the wrong error message (ID #48950075)
You can now view granular Bigtable usage in the Cloud Billing Detailed export to BigQuery
You can now view granular Bigtable instance cost data in the Google Cloud Billing detailed export. Use the resource.global_name
field in the export to view and filter your detailed Bigtable instance usage.
You can now view granular Memorystore for Redis usage in the Cloud Billing Detailed export to BigQuery
You can now view granular Memorystore for Redis cost data in the Google Cloud Billing detailed export. Use the resource.global_name
and resource.name
fields in the export to view and filter your detailed Memorystore for Redis usage.
All preview versions of Cloud Composer 2 are past their security notifications end date and are not supported. If your environment uses a preview version of Cloud Composer 2, then please upgrade this environment to a supported version or re-create it using the latest version of Cloud Composer 2.
If you see frequent scheduler restarts in your Airflow 2.6.3 environment and the [scheduler]job_heartbeat_sec
Airflow configuration option is set to a non-default value, you can fix this issue either by upgrading to Cloud Composer version 2.6.4 or by removing this option's override, so that it uses the default value.
Cloud SQL now supports SQL Server Reporting Services (SSRS) on your instances. For more information, see Use SSRS for creating reports.
Generally available: You can use SSH-in-browser to connect to TPU VMs. For more information, see Connecting to a Cloud TPU.
The 3.0.0-beta.0 version of the open-source Dataform framework is available. This update introduces significant changes, including, but not limited to, the following:
- Deprecation of
dataform.json
in favor ofworkflow_settings.yaml
- Stateless package installation by
@dataform/cli
- Warehouse-agnostic compilation output
You don't need to take immediate action to update your Dataform code.
For more information, see the 3.0.0-beta.0 release on GitHub.
Looker 24.4 includes the following changes, features, and fixes.
Expected Looker (original) deployment start: Monday, March 18, 2024
Expected Looker (original) final deployment and download available: Thursday, March 28, 2024
Expected Looker (Google Cloud core) deployment start: Monday, March 18, 2024
Expected Looker (Google Cloud core) final deployment: Monday, April 1, 2024
Query IDs can no longer be used to fetch queries or create render tasks through the API. The Get All Running Queries API endpoint is now restricted to admins only. Query slugs that are generated by Looker will be 32 characters instead of 7.
Chrome is starting to deprecate third-party cookies as of January 2024. Because of Looker's dependency on third-party cookies to establish embed user sessions, this may impact your embed use case. For more information, see the Chrome is deprecating third-party cookies notice.
Previously, custom visualizations would not call the updateAsync
function after the vis config is updated via the custom visualization API. Now, the function will be called. If a custom visualization is set up to update the vis config every time updateAsync
is called, it could cause excessive refreshes.
If your custom visualization is fails to load after this update, double check your custom visualization code for unnecessary vis config updates. If you have a Looker (original) instance, you can also enable the Custom Vis Reliable Render Labs feature which causes Looker to suppress excess refresh behavior in custom visualizations.
The Performant Field Picker feature is now generally available.
When an instance has no projects, Looker will more prominently prompt users to create a model.
In the Create a model wizard, your selections are now saved even if you close steps without having completed the model creation process.
Adding a query slug to source queries in the merge query API response GET merge_queries/<merge_query_id>
returns the query slug in addition to the ID.
The save_content
permission now has two child permissions, save_dashboards and save_looks. These permissions let Looker admins exert finer control over the kinds of content that users can save.
Only users who have access to dashboard extensions will be shown the Add Extension tile.
Subtotals have been fixed for queries with order_by_field
references in query streaming pathways. This feature now performs as expected.
An issue where embed secrets might have been visible to non-admin users has been fixed. This feature now performs as expected.
Looker now ignores all blank filter strings, including IS NOT
.
An issue has been fixed that caused small decimals to be displayed in scientific notation even when formatting was disabled. This feature now performs as expected.
An issue has been fixed where the PDT Context Override toggle was improperly reflecting the ON state when it had been cleared prior. This feature now performs as expected.
Performant field picker sorting behavior has been fixed. This feature now performs as expected.
Downloading results from SQL Runner now only downloads the file and does not open the file in a new browser tab.
Filter expressions including user attributes and OR logical conditions were being incorrectly populated when generating SQL. This feature now performs as expected.
A change in the Snowflake dialect was ported to Kotlin to maintain parity. Snowflake column names with mixed cases are now properly quoted.
Filter suggestion requests have been reduced while the user is typing. Because normal typing will invoke fewer requests, the load on the server will be reduced.
An issue that caused single value change indicators to not render in Safari when dashboards scrolled has been fixed. This feature now performs as expected.
The LookML Validator no longer hangs on a connection that references a deleted or malformed user attribute. The Validator also surfaces a detailed error when the user tests the connection.
An issue has been fixed where extension documents would appear when hiding Looker document links was disabled. This feature now performs as expected.
Content Validator has added support for field replacement within custom measure filters (across Looks, dashboard elements, and merge queries).
Queries with order_by_field
references and subtotals should render correctly in downloads / run_query
APIs.
Looker should now correctly handle cases where the sorts query had an empty string or was entirely empty.
Previously, the All Results option was unavailable for schedules on Looks. This feature now performs as expected.
On the new Admin - Users page, Looker Support users were shown as having never logged in even for currently logged-in users. This issue has been fixed and this feature now performs as expected.
LookML-defined fields that are used in field filters will not be rejected from a set when the field requiring them is rejected from that set. This feature now performs as expected.
Previously, the Errors and Broken Content dashboard appeared twice in the admin panel. This feature now performs as expected.
A data validation message is now returned for waterfall charts when there are multiple measures and a hidden dimension.
Looker now shows a clearer warning message when a user attempts to download a query with dimension fill and All Results enabled.
Looker no longer imposes the Explore row limit of 5,000 on queries that are run using the run inline query API endpoint.
Previously, the lookml_model_explore API endpoint would return a 500 error in certain cases. This feature now performs as expected.
Errors about UI downloads are now more descriptive, similar to descriptive API error messages.
Internal encryption has been migrated from AES-128 to AES-GCM-256 encryption.
The Disallow Numeric Query IDs legacy feature has been added to let users opt in to or out of query API changes.
The Advanced Features for New Schedules Page Labs feature is now available. This lets you sort and filter the list of scheduled plans on the Admin - Schedules page.
Previously, when a dashboard was scheduled using PNG format and one of the tiles contained an empty note, the schedule would fail. This feature now works as expected.
The Export function has been re-enabled, which lets Looker admins export data from a Looker (original) instance for import into a Looker (Google Cloud core) instance.
Incorrect quoting in Snowflake views has been fixed.
IAM checks for ephemeral users were disabled as a result of rendering issues for users who were logged in with SAML in Looker (Google Cloud core).
You can add tags at the time of creating folders and projects. These tags can be added as key-value pairs. For more information, see Add tags during folder creation and Add tags during project creation. This feature is currently in preview.
Support for transfers from cloud and on-premises Hadoop Distributed File System (HDFS) sources is now generally available (GA).
HDFS support allows for use cases such as migrating from on-premises storage to Cloud Storage, archiving data to free up on-premises storage space, replicating data to Google Cloud for business continuity, or transferring data to Google Cloud for analysis and processing.
See Transfer from HDFS to Cloud Storage for details.
March 12, 2024
AlloyDB for PostgreSQLAlloyDB Language Connectors are now generally available (GA). These language connectors are libraries that provide automated mutual TLS connections, IAM-based authorization, and Automated IAM Authentication when connecting to an AlloyDB instance. For more information about language connectors, see AlloyDB Language Connectors overview.
Added a new metric to AML AI, providing insight into the importance of each feature family to an AML AI Model. This metric is available in new v4 engine versions. It allows you to:
- Act on model monitoring outputs in the context of their importance to a model
- Check the contribution of your Party Supplementary Data to a model
You can't use the latest version of dev_appserver.py
to locally run your
applications for runtimes that reached end of support.
To continue using an archived version of dev_appserver.py
, see
Use the local development server after runtimes reach the end of support.
You can't use the latest version of dev_appserver.py
to locally run your
applications for runtimes that reached end of support.
To continue using an archived version of dev_appserver.py
, see
Use the local development server after runtimes reach the end of support.
You can't use the latest version of dev_appserver.py
to locally run your
applications for runtimes that reached end of support.
To continue using an archived version of dev_appserver.py
, see
Use the local development server after runtimes reach the end of support.
You can't use the latest version of dev_appserver.py
to locally run your
applications for runtimes that reached end of support.
To continue using an archived version of dev_appserver.py
, see
Use the local development server after runtimes reach the end of support.
On March 12, 2024, Blockchain Node Engine upgraded all mainnet Ethereum nodes in preparation for the Dencun Hardfork.
Certificate Manager supports integration with regional external Application Load Balancers and regional internal Application Load Balancers. This feature is generally available (GA). For more information, see Certificate Manager overview.
Forwarder troubleshooting guide is now available to help you diagnose and resolve common issues that may arise while using the Chronicle Linux forwarder.
Fixed creation and upgrades in environments that have environment variables with special symbols.
Cloud Composer 2.6.4 images are available:
- composer-2.6.4-airflow-2.6.3 (default)
- composer-2.6.4-airflow-2.5.3
Cloud Composer versions 2.1.8 and 1.20.8 have reached their end of full support period.
The Cloud Data Fusion version 6.9.2.3 patch revision is generally available (GA). 6.9.2.3 includes the following fixes:
Skipped running
MetadataConsumerSubscriberService
when Dataplex Data Lineage Integration is disabled (CDAP-20947).Fixed an issue causing runtime arguments of pipeline triggers to not propagate to downstream pipelines (CDAP-20943).
Fixed an issue causing pipelines to fail in starting state when the system worker service is intermittently unavailable (CDAP-20956).
Fixed an issue causing pipelines to fail in starting state when the Compute Engine metadata server is intermittently unavailable (CDAP-20955).
The global external Proxy Network Load Balancer is implemented on globally distributed GFEs and supports advanced traffic management capabilities. This load balancer can be configured to handle either TCP or SSL traffic by using either a target TCP proxy or a target SSL proxy respectively. Global external proxy Network Load Balancers support backends such as instance groups, hybrid NEGs, and Private Service Connect NEGs. For details, see the External proxy Network Load Balancer overview.
To set up a global external Proxy Network Load Balancer, see the following pages:
This capability is in General Availability.
Regional external Application Load Balancers and regional internal Application Load Balancers now support Certificate Manager certificates. For more information, see Certificates and Google Cloud load balancers.
This capability is in General Availability.
You can now view granular bucket-level cost data in the Cloud Billing Detailed data export.
For AutoML datasets, you can tag segment pairs when importing them through the Google Cloud console.
You can request document translations with multi-regional endpoints.
Generally available: You can scale a single VM into a managed instance group (MIG), which is a group of VMs that you can manage as a single entity. A MIG can make your workload scalable and highly available using features like autoscaling, autohealing, regional (multiple zones) deployment, and automatic updating.
For more information, see Create a MIG from an existing VM.
New tooling is available to upgrade from Container Registry to Artifact Registry. For more information on the available tools, see Automate migration to Artifact Registry.
Granting repository access to all authenticated users is available. For more information, see Grant public access to a repository.
Vertex AI Search for retail: Renamed in the console and documentation
The Google Cloud console has been updated to show the current product name for Vertex AI Search for retail.
You might see the old names (Retail or Retail API) in some places—for example, in the documentation. Google is in the process of updating content to reflect the new branding.
Vertex AI Search: Vertex AI Search for healthcare (GA)
Vertex AI Search for healthcare is Generally available (GA). Healthcare search lets you query healthcare records stored in FHIR data stores. For more information, see Vertex AI Search. With healthcare search, you can:
Vertex AI Search: Specify a parser for unstructured content (Public preview)
You can control how documents are parsed when they are uploaded to Vertex AI Search. Parser specification is available in Public preview.
Vertex AI Search provides a digital parser (GA), an OCR parser for PDFs (Public preview), and a layout parser (Public Preview). During data store creation for generic search apps with unstructured data, you can set a default parser for the data store and an override parser for specific file types.
For more information, see Parse documents.
Vertex AI Search: Turn on document chunking (Public preview)
To use Vertex AI Search for retrieval-augmented generation (RAG) for LLMs, you can turn on document chunking when creating a data store. Document chunking is available in Public preview.
When document chunking is turned on, your documents are split into chunks when you ingest documents into your data store, and your search app can return chunks of data in search results instead of full documents. Using chunked data for RAG increases relevance for LLM answers and reduces computational load for LLMs. Document chunking is in Public preview. For more information, see Chunk documents for RAG.
Vertex AI Search: Connect ServiceNow as a data source (Private preview)
You can connect ServiceNow as a third-party data source for Vertex AI Search. For more information, see Connect a third-party data source.
March 11, 2024
Anthos Service Mesh1.20.4-asm.0 is now available for in-cluster Anthos Service Mesh.
You can now download 1.20.4-asm.0 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.20.4 subject to the list of supported features. Anthos Service Mesh 1.20.4-asm.0 uses Envoy v1.28.1.
1.19.8-asm.2 is now available for in-cluster Anthos Service Mesh.
You can now download 1.19.8-asm.2 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.19.8 subject to the list of supported features. Anthos Service Mesh 1.19.8-asm.2 uses Envoy v1.27.3.
1.18.7-asm.11 is now available for in-cluster Anthos Service Mesh.
You can now download 1.18.7-asm.11 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.18.7-asm.11 subject to the list of supported features. Anthos Service Mesh 1.18.7-asm.11 uses Envoy v1.26.7.
There is a known issue where new installations of Managed Anthos Service Mesh in the rapid channel on GKE Autopilot clusters may fail. For affected versions and mitigation, see the GKE release note.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.38.1 (2024-03-07)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.38.0 (#3159) (d6c65ab)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.42.0 (#3160) (e31b5b7)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.27.0 (#3176) (b93e62e)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.1 (#3153) (436f58c)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#3154) (b68ab42)
- Update github/codeql-action action to v2.24.5 (#3165) (8ac7722)
Python
Changes for google-cloud-bigquery
3.18.0 (2024-02-29)
Features
- Support nullable boolean and Int64 dtypes in
insert_rows_from_dataframe
(#1816) (ab0cf4c) - Support slot_ms in QueryPlanEntry (#1831) (d62cabb)
Bug Fixes
Documentation
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.35.1 (2024-03-07)
Dependencies
2.35.0 (2024-03-05)
Features
Bug Fixes
Tags data for Google Cloud Storage buckets is available in both the Standard usage cost export and the Detailed usage cost export.
To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see more about tags and query examples with tags.
You can now use SQL JOIN
and UNION
operators on the Log Analytics page to combine tables in multiple Google Cloud projects.
A weekly digest of client library updates from across the Cloud SDK.
Cloud TPU now supports TensorFlow 2.16.1. For more information see the TensorFlow 2.16.1 release notes.
Generally available: Hyperdisk Balanced is available with C3 and H3 VMs. Hyperdisk Balanced is a good fit for a wide range of use cases such as LOB applications, web applications, and medium-tier databases that don't require the performance of Hyperdisk Extreme. For more information, see About Hyperdisk.
cos-109-17800-147-33
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.9 | v1.7.13 | v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs) |
Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm
Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.
cos-105-17412-294-40
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.239.06(default),v535.161.07(latest) |
Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm
Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.
cos-101-17162-386-43
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.239.06(default),v535.161.07(latest) |
Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm
Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.
cos-97-16919-450-30
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.208 | v20.10.24 | v1.6.21 | v470.239.06(default),v535.161.07(latest) |
Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm
Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.
You can now use committed use discounts (CUDs) with Dataflow streaming jobs. Committed use discounts provide discounted prices in exchange for your commitment to continuously use a certain amount of Dataflow compute resources for a year or longer.
Dataform is available in the africa-south1 region. For more information, see Locations.
From March 18 to April 15, 2024 (new dates for the same migration announced earlier), for certain language tag and speech setting combinations, the Dialogflow CX and Dialogflow ES traffic with audio will gradually route away from the classic Speech-to-Text models behind the command_and_search
, default
, phone_call
, and video
model identifiers to the new conformer-based speech models.
If your Dialogflow agents have audio traffic and use one of the following language tags: en
, en-us
, en-au
, en-gb
, en-in
, de
, es
, es-es
, es-us
, fr
, fr-ca
, fr-fr
, it
, ja
, nl
, pt-br
, read more about Dialogflow CX speech model migration and Dialogflow ES speech model migration.
Error Reporting can now analyze logs routed by project sinks to different projects than the source project. For more information, see Route logs to supported destinations.
Cloud Deploy support for deploy automation is now generally available.
Google Cloud VMware Engine now leverages Cloud Logging to provide status updates about hardware health and VMware management components. The logs are available in Logs Explorer with the following log name:
projects/PROJECT_ID/logs/vmwareengine.googleapis.com%2Falerts
These logs are also available in the Google Cloud VMware Engine UI on the Dashboard in Logs.
Private clusters created on GKE versions 1.29.0-gke.1384000 and later use Private Service Connect (PSC) for nodes to privately communicate with the control plane. There is no price increase for using GKE private clusters running on PSC.
For private clusters created with a different GKE version, the clusters continue to use VPC Peering for node-to-control plane communication.
Secret Manager add-on for GKE is now available. With the add-on, you can access the secrets stored in Secret Manager as volumes mounted in Kubernetes Pods. The add-on is supported on Standard and Autopilot clusters versioned 1.29 and later. For more info, see Use Secret Manager add-on with GKE.
Opportunistic bursting and lower Pod minimums are now available on newly created GKE Autopilot clusters at version 1.29.2-gke.1060000 or later, and on existing clusters created at 1.26 or later that have been fully upgraded (including all nodes) to 1.29.2-gke.1060000 or later. To learn more, see Configure Pod bursting on GKE.
Table renaming is now generally available. This feature lets you rename tables in place or safely swap names using synonyms. For more information, see Manage table names.
March 08, 2024
Chronicle SOARRelease 6.2.49 is now in General Availability.
Streaming jobs created after March 7, 2024 automatically encrypt all user data with customer-managed encryption keys (CMEK). To enable this encryption for jobs created before March 7, 2024, drain or cancel the job, and then restart it.
Dataproc Metastore now supports scheduled backups. Backups can be scheduled to run at user-specified cron job intervals, including running daily, weekly, or monthly.
For GKE versions later than 1.29.1-gke.1760000, the NEG, Ingress, L4 internal load balancer with subsetting, and L4 RBS controllers will skip processing the nodes missing the topology.kubernetes.io/zone
label until the zone information is ready. The load balancer controllers will no longer block sync operations when a node is introduced without the label.
Managed ASM installation and node scaling fails on GKE Autopilot clusters on versions between 1.28.6-gke.1095000 and 1.28.7-gke.1025000 and on versions between 1.29.1-gke.1016000 and 1.29.1-gke.1781000. To mitigate this issue, upgrade the cluster to version 1.28.7-gke.1026000 or later, or 1.29.2-gke.1060000 or later.
With 2024-R07, clusters created in the Rapid channel are defaulting to an affected version. To avoid creating a cluster on an affected version, manually specify version 1.28.7-gke.1026000 or later, or 1.29.2-gke.1060000 or later when creating clusters in the Rapid channel.
Recommendation Hub is a centralized page on Google Cloud that helps you view all of your recommendations in one place. We recently made improvements to the page, including enabling organization and folder-view of recommendations, custom sorting and filtering of recommendations, and more. For more information, see documentation
Vertex AI Feature Store
The following features of Vertex AI Feature Store are now available in Preview:
Integration of Vertex AI Feature Store with Dataplex: Online store instances, feature views, and feature groups are now automatically registered as data assets in Data Catalog, a Dataplex feature that catalogs metadata from these resources. You can use the metadata search capability of Dataplex to search for and view the metadata of these resources. For more information, see Search for resource metadata in Data Catalog.
**Service account configuration for feature views: **You can configure a feature view to use a dedicated service account. By default, every feature view uses the service account configured for your project. For more information, see Configure the service account for a feature view.
Multiple entity IDs for a feature view: While creating or updating a feature view, you can specify multiple entity ID columns. For more information, see Create a feature view.
March 07, 2024
Chronicle SOARRelease 6.2.50 is currently in Preview.
In the Entity Explorer page, Case Distribution has been renamed to Alert Distribution.
This change makes the information easier to understand. (ID #48941723)
Docker hub login is not needed and as such this instruction has been removed from the platform. (ID #49611790)
Users with a single character in their last name are unable to login (ID #49008785)
Alerts are being grouped into cases after the time specified in the platform.
Inline CSS with styles and classes are not supported in Insights. Note that Scripts are not supported for security reasons. (ID #00273271)
Custom integration settings: existing script dependencies don't show up (ID #49703871)
Unable to create new playbook blocks (ID #00275270)
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Cloud Configuration Manager API
config.googleapis.com/Deployment
Create your first budget with one click
You can now create your first budget and receive budget alerts in one step using the Create a budget alert panel on the Billing Overview page. The tool shows you recommended budget amounts based on your usage patterns, and you will receive alerts when your actual spend reaches 50%, 75%, 100%, and 150% of your selected budget. You can later edit these settings in the Manage budgets and alerts section.
Cloud Build repositories (2nd gen) now supports integration with Bitbucket Cloud and Bitbucket Data Center. These features are generally available.
Log buckets in the africa-south1
region can now be upgraded to use Log Analytics. For more information, see Supported regions.
You can display events, such as the crash of a GKE pod, on your dashboards. This feature is now GA. This feature is available for dashboards managed by Cloud Monitoring, and for the observability dashboards managed by Compute Engine, Google Kubernetes Engine and Cloud Run.
- For a list of supported events, see Event types.
- For information about enabling events, see Show events on a dashboard.
Charts on the metrics dashboard of Cloud Run services now display deployment events.
cos-97-16919-450-26
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.208 | v20.10.24 | v1.6.21 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.
Updated dev-libs/libxml2 to version 2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2024-23851 in the Linux kernel.
Fixed CVE-2024-26581 in the Linux kernel.
Fixed CVE-2022-3566 in the Linux kernel.
Fixed CVE-2022-3567 in the Linux kernel.
New Dataproc Serverless for Spark runtime versions:
- 1.1.53
- 2.0.61
- 2.1.40
- 2.2.0-RC13
Dataproc Serverless for Spark: Upgraded Cloud Storage connector to 2.2.20 version in the latest 1.1, 2.0, and 2.1 runtimes.
Beginning mid-March 2024, the VMware Engine operations team will upgrade VMware components to newer versions. Users affected by this upgrade will receive an email with planned maintenance dates and times.
For details about the upgrade and steps to prepare, see Latest service annoucements.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-3611
For more information, see the GCP-2024-017 security bulletin.
Starting in GKE 1.29.2-gke.1035000, you can configure Identity-Aware Proxy (IAP) with Google Managed OAuth Client for load balancers configured through GKE Ingress. To learn more, see Ingress configuration on Google Cloud.
(2024-R07) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following cluster and node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1360000
- 1.26.13-gke.1052000
- 1.27.11-gke.1018000
- 1.28.6-gke.1456000
- 1.29.1-gke.1589000
- 1.29.2-gke.1060000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.
Stable channel
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1360000
- 1.26.13-gke.1052000
- 1.29.0-gke.1381000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.
Rapid channel
- Version 1.29.1-gke.1589017 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1537000
- 1.26.14-gke.1006000
- 1.27.11-gke.1018000
- 1.28.6-gke.1456000
- 1.29.0-gke.1381000
- 1.29.1-gke.1589000
- 1.29.2-gke.1060000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1570000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.
You can now preload data or container images in new nodes to get fast workload deployment and auto scaling. This feature is available in Preview starting from GKE version 1.28.3-gke.1067000.
(2024-R07) Version updates
- The following cluster and node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1360000
- 1.26.13-gke.1052000
- 1.27.11-gke.1018000
- 1.28.6-gke.1456000
- 1.29.1-gke.1589000
- 1.29.2-gke.1060000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.
(2024-R07) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1360000
- 1.26.13-gke.1052000
- 1.29.0-gke.1381000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.
(2024-R07) Version updates
- Version 1.29.1-gke.1589017 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1537000
- 1.26.14-gke.1006000
- 1.27.11-gke.1018000
- 1.28.6-gke.1456000
- 1.29.0-gke.1381000
- 1.29.1-gke.1589000
- 1.29.2-gke.1060000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1570000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.
(2024-R07) Version updates
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.
For more information, see Use Secret Manager add-on with Google Kubernetes Engine.
The discovery service of Sensitive Data Protection now supports Cloud SQL. You can run discovery at the organization, folder, or project level to generate data profiles of your Cloud SQL tables. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.
To get started on profiling Cloud SQL data, see the following:
For more information about sensitive data discovery, see Data profiles.
General availability support for the following integration:
Internal ranges are available in General Availability. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.
March 06, 2024
Access ApprovalAccess Approval supports Serverless VPC Access in the Preview stage.
Application Integration now supports config variables. Config variables let you to build CICD for your integration. This feature is in preview.
The INFORMATION_SCHEMA.WRITE_API_TIMELINE* views, containing per minute aggregated BigQuery Storage Write API ingestion statistics, are now generally available (GA).
Duet AI in BigQuery can now assist with Python code generation and code completion. This feature is in preview.
Partners selling Workspace can now use the BigQuery Export (Rebilling) feature to programmatically access their Workspace billing data. By setting up a BigQuery dataset and enabling the export, you can get billing data pushed to you as it becomes available, including Channel Service-specific identifiers, and any CRM IDs you may have configured for your customers.
You can use BigQuery to programmatically access your billing data, generate customer invoices, and perform Business Intelligence analysis. You can also create a Looker Studio Dashboard to provide cost management dashboards to your customers.
For Partners that sell both Google Cloud and Google Workspace, you can have all your billing data centralized with a unified BigQuery table schema.
Learn more in the following documentation:
Cloud Functions (1st gen) now supports custom service accounts for Cloud Build, at the Preview release level.
cos-101-17162-386-37
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-24557 in app-emulation/docker.
Fixed CVE-2024-23851 in the Linux kernel.
cos-109-17800-147-28
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.9 | v1.7.13 | v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-23851 in the Linux kernel.
cos-105-17412-294-36
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-23851 in the Linux kernel.
New Dataproc on Compute Engine subminor image versions:
- 2.0.94-debian10, 2.0.94-rocky8, 2.0.94-ubuntu18
- 2.1.42-debian11, 2.1.42-rocky8, 2.1.42-ubuntu20, 2.1.42-ubuntu20-arm
- 2.2.8-debian12, 2.2.8-rocky9, 2.2.8-ubuntu22
Dataproc on Compute Engine: Upgraded Cloud Storage connector version to 2.2.20 for 2.0 and 2.1 images.
Dataproc on Compute Engine: Mounted Java cacerts into containers by default when the Docker-on-YARN feature is enabled.
Vertex AI Conversation now supports the Dialogflow CX Messenger integration for preview.
Eventarc support for creating triggers for direct Batch events is generally available (GA).
Generally available: Guided Deployment Automation in Workload Manager for SAP
The Guided Deployment Automation tool in Workload Manager is generally available (GA). You can use this tool to configure and deploy supported SAP workloads directly from the Google Cloud console, or choose to generate and download the equivalent Terraform and Ansible code.
The GA launch adds support for custom OS images, Shared VPC configurations, and increased deployment customization.
For more information, see About Guided Deployment Automation.
Generally Available: Workload Manager now supports deploying SAP workloads on Google Cloud. You can configure and deploy a SAP S/4HANA system using the Guided Deployment Automation tool in Workload Manager. For more information, see About Guided Deployment Automation.
reCAPTCHA Enterprise for WAF integration with Cloudflare is now available in Preview. For more information, see Integrate reCAPTCHA Enterprise for WAF with Cloudflare .
March 05, 2024
Anthos Attached ClustersThis release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
Backup for GKE is now available in three new regions: africa-south1, europe-west10, and us-west8.
Cloud Composer 2.6.3 release was rolled back. If you have an environment that was created with a composer-2.6.3-airflow-*
image, you can later upgrade it to a newer version.
You can now apply minimum instance configuration at the service level (in Preview).
You can now upgrade network architecture for your HA-enabled instances in a region, even if you have multiple instances in your network and region. For more information, see Upgrade an instance to the new network architecture.
You can now upgrade network architecture for your HA-enabled instances in a region, even if you have multiple instances in your network and region. For more information, see Upgrade an instance to the new network architecture.
You can now upgrade your Cloud SQL instances to use the new network architecture to get additional capabilities not available in the old network architecture. For more information, see Upgrade an instance to the new network architecture.
Vertex AI Conversation generative agent creation with playbooks is now available for public preview. Try it by following the quickstart.
You can now use the Firestore emulator to test Firestore in Datastore mode behavior. Use gcloud emulators firestore start
with --database-mode=datastore-mode
.
To improve performance, we've removed the ability to expand abbreviated permissions in the predefined roles table. You can still filter the predefined roles table based on the full list of permissions included in a role.
Create an empty index with Vector Search
You can create an empty index in Vector Search for batch and for streaming. No embedding data is required at index creation time, which enables faster startup time. To learn more, see Manage indexes.
Vertex AI Search: Watch time duration objective for media recommendations apps
When you create a media recommendations app, you can select watch duration per session as a business objective. Optimizing for watch duration per session maximizes the duration of media consumption.
For more information, see Watch duration per session.
March 04, 2024
AlloyDB for PostgreSQLYou can now use Key Access Justifications when working with external CMEK keys. This lets you view and manage external key access requests.
Managed Anthos Service Mesh 1.18 has completed its rollout in the rapid channel. See Managed Anthos Service Mesh release channels for more information.
AML AI has improved handling of supplementary risk indicators included in your datasets. This includes:
- Release of new engine versions within both v003 and v004, improving usability of party supplementary data. You can now use letters, numbers, and underscores for the party supplementary data ID.
- Addition of new data validations for party supplementary data IDs.
Save time and cost when adopting new EngineVersions:
- For new engine versions, including versions in v003 and v004, you can now inherit hyperparameters from an existing engine config instead of re-tuning. This leads to quicker creation, and there are no additional costs for tuning.
- All of your existing engine versions can be used as a source for inheriting hyperparameters.
- See Configure an Engine to find out more about how this works.
On March 4, 2024 we released an updated version of Advanced API Security.
New conditions for security actions
You can now create security actions based on the following condition types (in addition to the condition types for Detection rules and IP addresses that were already available):
- API keys
- API products
- Access tokens
- Developers
- Developer apps
- User agents
These new conditions are not available with Apigee hybrid at this time.
See Create a security action to learn more.
A weekly digest of client library updates from across the Cloud SDK.
You can now selectively refresh the metadata cache for BigLake tables by using the
BQ.REFRESH_EXTERNAL_METADATA_CACHE
system procedure.
This feature is
generally available
(GA).
The new maintenance version listed in the February 7th entry for PostgreSQL extensions, flags, minor versions, extension versions, and plugin versions is [PostgreSQL version].R20240130.00_05
.
Dataproc Serverless for Spark: Extended Spark metrics collected for a batch now include executor:resultSize
, executor:shuffleBytesWritten
, and executor:shuffleTotalBytesRead
.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-ndb
2.3.0 (2024-03-01)
Features
- Add field information when raising validation errors. (#956) (17caf0b)
- Add Python 3.12 (#949) (b5c8477)
- Add support for google.cloud.ndb.version (#929) (42b3f01)
- Add support for server side NOT_IN filter. (#957) (f0b0724)
- Allow queries using server side IN. (#954) (2646cef)
- Introduce compatibility with native namespace packages (#933) (ccae387)
- Use server side != for queries. (#950) (106772f)
Bug Fixes
- Compressed repeated to uncompressed property (#772) (dab9edf)
- Repeated structured property containing blob property with legacy_data (#817) (#946) (455f860)
Documentation
Architecting disaster recovery for cloud infrastructure outages: Added information about zonal and regional resilience of Speech-to-Text, Looker, and Cloud Intrusion Detection System.
Cloud Deploy support for custom targets is now generally available.
When you create a new private offer, or replace an existing private offer, you select a payment frequency for how your customer is charged. This can be monthly, quarterly, annually, or custom. For more information, visit Payment frequency for private offers.
Release 1.28.200-gke.118
GKE on Bare Metal 1.28.200-gke.118 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.200-gke.118 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Fixes:
- Fixed an issue where upgrades are blocked because
cluster-operator
can't delete stale, failing preflight check resources.
Fixes:
The following container image security vulnerabilities have been fixed in 1.28.200-gke.118:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
Release 1.15.10
GKE on Bare Metal 1.15.10 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.15.10 runs on Kubernetes 1.26.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
GKE on Bare Metal version 1.15.10 and later has been qualified on and supports Red Hat Enterprise Linux (RHEL) version 8.9.
Fixes:
The following container image security vulnerabilities have been fixed in 1.15.10:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
NVIDIA H100 (80 GB) GPUs are now available in GKE Autopilot mode in versions 1.28.6-gke.1369000 or later, and 1.29.1-gke.1575000 or later.
GPU workloads running in Autopilot mode can now be configured using the Accelerator Compute Class. This configuration supports resource reservations, Compute Engine committed use discounts, and a new pricing model in GKE versions 1.28.6-gke.1095000 and later, and 1.29.1-gke.1143000 and later.
(2024-R06) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.27.10-gke.1207000
- 1.28.6-gke.1369000
- 1.29.1-gke.1575000
Stable channel
- Version 1.27.8-gke.1067004 is now the default version in the Stable channel.
Regular channel
- There are no new releases in the Regular release channel.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1460000
- 1.26.13-gke.1144000
- 1.27.10-gke.1207000
- 1.28.6-gke.1369000
- 1.29.1-gke.1575000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1018000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1018000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589000 with this release.
(2024-R06) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1460000
- 1.26.13-gke.1144000
- 1.27.10-gke.1207000
- 1.28.6-gke.1369000
- 1.29.1-gke.1575000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1018000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1018000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589000 with this release.
(2024-R06) Version updates
- Version 1.27.8-gke.1067004 is now the default version in the Stable channel.
(2024-R06) Version updates
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.27.10-gke.1207000
- 1.28.6-gke.1369000
- 1.29.1-gke.1575000
(2024-R06) Version updates
- There are no new releases in the Regular release channel.
Preview: Migrate to Virtual Machines lets you import a virtual disk image to a Compute Engine image. If you have virtual disk images with software and configurations that you need, you can save time by importing these virtual disk images to Compute Engine images, and use this image to create virtual machine instances or persistent disks.
Generally available: You can now use Customer-Managed Encryption Keys (CMEK) in Migrate to Virtual Machines to do the following:
Network Analyzer now includes an insight that gives a summary of the IP address utilization of all the Private Service Access ranges. This insight is also available in Recommender API. For more information, see PSA IP address utilization summary.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
1.36.2 (2024-02-28)
Bug Fixes
Documentation
- pubsub: Small fix in Pub/Sub ingestion comments (a86aa8e)
Java
Changes for google-cloud-pubsub
1.127.0 (2024-02-28)
Features
- Add an API method for reordering firewall policies (#1868) (2039f7e)
- Add universe domain support for Java (#1904) (1e316d3)
- Next release from main branch is 1.126.0 (#1933) (255d8bc)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.37.2 (#1918) (b8846f9)
- Update dependency com.google.cloud:google-cloud-storage to v2.34.0 (#1917) (4a7d6b9)
- Update dependency com.google.protobuf:protobuf-java-util to v3.25.3 (#1919) (4bf13bb)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#1923) (cd704bd)
Python
Changes for google-cloud-pubsub
2.19.7 (2024-02-24)
Bug Fixes
A new detection model is available for the LOCATION
infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the LOCATION
infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the LOCATION
infoType. In 30 days, the new model will be promoted to stable
.
Spanner now supports a new client library interface. The new interface leverages auto-generated admin clients instead of hand-written admin clients for improved efficiency and maintainability. While the older client library interface remains supported, all new Spanner admin features released after March 1, 2024 will be available exclusively through the new client library interface. All code samples in the Spanner documentation are updated to use the new client library interface. The older client interface code samples are archived in GitHub for Java, Node.js, Python, and PHP.
Vertex AI Prediction
You can now use A3 machine types to serve predictions.
An issue that allowed jumps in or out of parallel branches, parallel loops, and for
loops is resolved. Only these jumps are allowed:
- To steps within the same parallel branch or loop
- Between steps belonging to the same for loop
February 29, 2024
AlloyDB for PostgreSQLAlloyDB AI is now generally available (GA).
AlloyDB Omni version 15.5.0 is now available. This version includes the following features and changes:
- When installing AlloyDB Omni using its command-line tool, you can now specify the TCP port that the instance accepts connections on.
- Automated failover for highly available (HA) Kubernetes-based clusters is available in Preview.
- The following extensions are updated:
- Updated
pg_cron
to version 1.6. - Updated
pg_repack
to version 1.5.0. - Updated
pgfincore
to version 1.3.1. - Updated
pglogical
to version 2.4.4. - Updated
pgvector
to version 0.5.1.
- Updated
- The following extensions are now included:
- Added
autoinc
version 1.0. - Added
insert_username
version 1.0. - Added
moddatetime
version 1.0. - Added
tcn
version 1.0.
- Added
- Updated core PostgreSQL compatibility to version 15.5.
- Applied security fix CVE-2024-0985 from PostgreSQL.
- Various bug fixes and performance improvements.
The return value of the embedding()
function of google_ml_integration
has changed.
The embedding()
function now returns an array of REAL
values, and not a VECTOR
value. This allows you to install and use the extension without the requirement of installing pgvector
as well.
If you wrote application code that uses embedding()
during the Preview of AlloyDB AI, then you might need to update it to add explicit casting from the REAL[]
data type to the VECTOR
data type. For more information, see Work with vector embeddings.
A revised quickstart helps you install and run AlloyDB Omni on a Debian or Ubuntu system using a handful of commands.
The following BigQuery cross-cloud features are now generally available (GA):
- You can take advantage of the benefits of materialized views over Amazon S3 metadata cache-enabled BigLake tables.
- You can create materialized view replicas of materialized views over Amazon S3 metadata cache-enabled Biglake tables. Materialized view replicas let you use the materialized view data in queries while avoiding data egress costs and improving query performance.
- You can get information about materialized view replicas by using SQL, the bq command-line tool, or the BigQuery API.
- You can use cross-cloud joins to run queries that span both Google Cloud and BigQuery Omni regions.
The consolidated SQL translator API combines the interactive and batch translator into a single workflow, improving the efficiency and stability of your translation jobs created using the API. This feature is available in preview.
Data Catalog is now available in the Frankfurt (aws-eu-central-1
), Sydney (aws-ap-southeast-2
) and Washington (azure-westus2
) regions. For more information on region and feature availability, see regions.
New Dataproc Serverless for Spark runtime versions:
- 1.1.52
- 2.0.60
- 2.1.39
- 2.2.0-RC12
The Custom Extractor supports three levels of nesting so you can easily extract structured data from complex documents and tables (earnings reports, tax forms, invoices, resumes, etc.). Learn how to use three levels of nesting.
The Custom Extractor with generative AI is now available in the asia-southeast1 (Singapore) regions. For more information, see Custom processors.
See the model type, generative or custom, powering a Custom Extractor processor version by getting the model type from the processorVersions API.
GKE on VMware 1.16.6-gke.40 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.16.6-gke.40 runs on Kubernetes v1.27.8-gke.1500.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following issues are fixed in1.16.6-gke.40:
- Fixed the
known issue
that caused kubelet to be flooded with logs stating that
/etc/kubernetes/manifests
does not exist on the worker nodes. - Fixed the known issue that caused a preflight check to fail when the hostname isn't in the IP block file.
- Fixed the manual load balancer issue where the IngressIP is overwritten with the Spec.LoadBalancerIP even if it is empty.
- Fixed the known issue where a 1.15 user master machine encountered an unexpected recreation when the user cluster controller was upgraded to 1.16.
The following vulnerabilities are fixed in1.16.6-gke.40:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.
Security Command Center API v2 released to Preview
The Security Command Center API v2, which enables data residency control and includes the /locations/LOCATION
field in resource names, is released to Preview.
For more information, see the REST reference Security Command Center API Overview.
Data residency for Security Command Center release to Preview
Security Command Center data residency control is released to Preview. Security Command Center supports the following data locations:
- European Union (
eu
) - United States (
us
) - Global (
global
)
For more information, see Data residency.
Spanner regional endpoint is now available in me-central2
. You can use regional endpoints if your data location must be restricted and controlled to comply with regulatory requirements. For more information, see Global and regional service endpoints.
February 2024 Client libraries release note
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.56.0 (2024-01-30)
Features
- spanner/admin/database: Add proto descriptors for proto and enum types in create/update/get database ddl requests (97d62c7)
- spanner/spansql: Add support for CREATE VIEW with SQL SECURITY DEFINER (#8754) (5f156e8)
- spanner: Add FLOAT32 enum to TypeCode (97d62c7)
- spanner: Add max_commit_delay API (af2f8b4)
- spanner: Add proto and enum types (00b9900)
- spanner: Add SelectAll method to decode from Spanner iterator.Rows to golang struct (#9206) (802088f)
1.57.0 (2024-02-13)
Features
- spanner: Add OpenTelemetry implementation (#9254) (fc51cc2)
- spanner: Support max_commit_delay in Spanner transactions (#9299) (a8078f0)
Bug Fixes
- spanner: Enable universe domain resolution options (fd1d569)
- spanner: Internal test package should import local version (#9416) (f377281)
- spanner: SelectAll struct fields match should be case-insensitive (#9417) (7ff5356)
- spanner: Support time.Time and other custom types using SelectAll (#9382) (dc21234)
Documentation
- spanner: Update the comment regarding eligible SQL shapes for PartitionQuery (e60a6ba)
Java
Changes for google-cloud-spanner
6.57.0 (2024-01-29)
Features
- Add FLOAT32 enum to TypeCode (#2800) (383fea5)
- Add support for Proto Columns (#2779) (30d37dd)
- spanner: Add proto descriptors for proto and enum types in create/update/get database ddl requests (#2774) (4a906bf)
Bug Fixes
Dependencies
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.22.0 (#2785) (f689f74)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.23.0 (#2801) (95f064f)
Documentation
6.58.0 (2024-02-08)
Features
- Open telemetry implementation (#2770) (244d6a8)
- spanner: Support max_commit_delay in Spanner transactions (#2854) (e2b7ae6)
- Support Directed Read in Connection API (#2855) (ee477c2)
Bug Fixes
- Cast for Proto type (#2862) (0a95dba)
- Ignore UnsupportedOperationException for virtual threads (#2866) (aa9ad7f)
- Use default query options with statement cache (#2860) (741e4cf)
Dependencies
6.59.0 (2024-02-15)
Features
Dependencies
Documentation
- README for OpenTelemetry metrics and traces (#2880) (c8632f5)
- Samples and tests for database Admin APIs. (#2775) (14ae01c)
6.60.0 (2024-02-21)
Features
- Add an API method for reordering firewall policies (62319f0)
- spanner: Add field for multiplexed session in spanner.proto (62319f0)
- Update TransactionOptions to include new option exclude_txn_from_change_streams (#2853) (62319f0)
Bug Fixes
- Add ensureDecoded to proto type (#2897) (e99b78c)
- spanner: Fix write replace used by dataflow template and import export (#2901) (64b9042)
Dependencies
Documentation
- Update comments (62319f0)
- Update the comment regarding eligible SQL shapes for PartitionQuery (62319f0)
6.60.1 (2024-02-23)
Dependencies
- Update dependency com.google.cloud:google-cloud-monitoring to v3.37.0 (#2920) (a3441bb)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.0 (#2861) (a652c3b)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#2919) (8800a28)
- Update dependency org.json:json to v20240205 (#2913) (277ed81)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.2 (#2868) (71a65ec)
- Update opentelemetry.version to v1.35.0 (#2902) (3286eae)
Node.js
Changes for @google-cloud/spanner
7.3.0 (2024-02-08)
Features
Bug Fixes
- deps: Update dependency google-gax to v4.1.0 (#1981) (2a36150)
- deps: Update dependency google-gax to v4.2.0 (#1988) (005589a)
- deps: Update dependency google-gax to v4.2.1 (#1989) (d2ae995)
- deps: Update dependency google-gax to v4.3.0 (#1990) (e625753)
7.4.0 (2024-02-23)
Features
- spanner: Add PG.OID support (#1948) (cf9df7a)
- Untyped param types (#1869) (6ef44c3)
- Update TransactionOptions to include new option exclude_txn_from_change_streams (#1998) (937a7a1)
Bug Fixes
Python
Changes for google-cloud-spanner
3.42.0 (2024-01-30)
Features
- Add FLOAT32 enum to TypeCode (5b94dac)
- Add max_commit_delay API (#1078) (ec87c08)
- Add proto descriptors for proto and enum types in create/update/get database ddl requests (5b94dac)
- Fixing and refactoring transaction retry logic in dbapi. Also adding interceptors support for testing (#1056) (6640888)
- Implementation of run partition query (#1080) (f3b23b2)
Bug Fixes
- Few fixes in DBAPI (#1085) (1ed5a47)
- Small fix in description when metadata is not present in cursor's _result_set (#1088) (57643e6)
- spanner: Add SpannerAsyncClient import to spanner_v1 package (#1086) (2d98b54)
Documentation
Vector Search feature launch
Update streaming index metadata: With this launch, you can directly update restricts and numeric restricts of data points inside StreamUpdate
indexes without the compaction cost of a full update. To learn more, see Update dynamic metadata.
reCAPTCHA Enterprise Mobile SDK v18.5.0-beta01 is now available for iOS.
This version contains the following changes:
- The new minimum iOS version is iOS 12.
- New exception type is added for devices without a network connection: NO_NETWORK_FOUND.
February 28, 2024
AlloyDB for PostgreSQLAlloyDB now supports the use of Google Cloud tags on cluster and backup resources. Tags are key-value pairs you can apply to your resources for granular IAM permissions. To learn more, see Organize resources using tags. To use tags now, see Attach and manage tags on AlloyDB resources.
Added a new engine version page so you can keep track of the latest engine version releases.
Backup and DR Service is now integrated with Cloud Monitoring. You can analyze metrics and set custom email alerts. Learn more.
Backup and DR Service has added a new reporting system based on the built-in Google Cloud services: Cloud Monitoring, Cloud Logging, and BigQuery. Learn more.
You can now view prebuilt reports in BigQuery. Learn more.
You can now view comprehensive job related reporting data through backup and recovery job logs in Cloud Logging. Learn more.
Materialized views can now reference logical views. This feature is in preview.
The ability to perform
anomaly detection
with BigQuery ML
multivariate time series (ARIMA_PLUS_XREG
) models
is now in
preview.
This feature enables you to detect anomalies in historical time series data or
in new data with multiple feature columns. Try this new feature by using the
Perform anomaly detection with a multivariate time-series forecasting model
tutorial.
The following statements are now generally available (GA) with billing enabled:
CREATE TABLE AS SELECT
CREATE TABLE IF NOT EXISTS AS SELECT
CREATE OR REPLACE TABLE AS SELECT
INSERT INTO SELECT
These statements let you filter data from files in Amazon S3 and Azure Blob Storage before transferring results into BigQuery tables.
Cloud Composer 2.6.3 release started on February 28, 2024. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet
(Cloud Composer 2 in select regions) Cloud Composer shows the account selection and consent screens when opening Airflow UI for an environment.
If you have the "Don't allow users to access any third-party apps" setting enabled in Google Workspace, then configure access to the "Apache Airflow in Cloud Composer" app in Google Workspace, so that your Google Workspace users can still access Airflow UI in Cloud Composer environments. For more information, see Allow access to Airflow UI in Google Workspace.
(Cloud Composer 2 in select regions) Reduced the propagation time of the revoked Cloud IAM permission that blocks access to Airflow UI.
In new environments with Airflow 2.6.3, the default values of the following Airflow configuration options are changed to provide more optimized Cloud Composer environments:
[scheduler]job_heartbeat_sec
to30
[scheduler]scheduler_heartbeat_sec
to15
Fixed a problem where the IAM policy of a custom environment's bucket is replaced when an environment is created.
The apache-airflow-providers-google
package is upgraded to version 10.15.0 in images with Airflow 2.6.3. For more information about changes, see the apache-airflow-providers-google changelog from version 10.14.0 to version 10.15.0.
Cloud Composer 2.6.3 images are available:
- composer-2.6.3-airflow-2.6.3 (default)
- composer-2.6.3-airflow-2.5.3
Data collaborators can now check if memory monitoring is enabled on a Confidential VM running a Confidential Space workload.
A new Confidential Space image (240200) is now available. This image provides support for data collaborators to add memory monitoring as part of their attestation assertions.
New Dataproc on Compute Engine subminor image versions:
- 2.0.93-debian10, 2.0.93-rocky8, 2.0.93-ubuntu18
- 2.1.41-debian11, 2.1.41-rocky8, 2.1.41-ubuntu20, 2.1.41-ubuntu20-arm
- 2.2.7-debian12, 2.2.7-rocky9, 2.2.7-ubuntu22
Dataproc on Compute Engine: The new Secret Manager credential provider feature is available in the latest 2.1 image versions.
Dataproc on Compute Engine:
- Upgraded Zookeeper to 3.8.3 for Dataproc 2.2.
- Upgraded ORC for Hive to 1.15.13 for Dataproc 2.1.
- Upgraded ORC for Spark to 1.7.10 for Dataproc 2.1.
- Extended expiry for the internal Knox Gateway certificate from one year to five years from cluster creation for Dataproc images 2.0, 2.1, and 2.2.
Dataproc on Compute Engine: Fixed ZooKeeper startup failures in image 2.2 HA (High Availability) clusters that use fully qualified hostnames.
M117 release
- Added the CUDA version (CUDA 11.8) to the TensorFlow 2.12, 2.13, and 2.14 image names and image family names. For example,
tf-2-12-gpu
is renamedtf-2-12-cu118
.
(New guide) Configure networks for FedRAMP and DoD in Google Cloud: Provides configuration guidance to help you comply with design requirements for FedRAMP High and DoD IL2, IL4, and IL5 when you deploy Google Cloud networking policies.
(New guide) Infrastructure for a RAG-capable generative AI application using Vertex AI: Design infrastructure to run a generative AI application with retrieval-augmented generation (RAG) to help improve the factual accuracy and contextual relevance of LLM-generated content.
Beginning on March 12, 2024, the VMware Engine operations team will perform essential maintenance of the network infrastructure to improve equipment robustness and apply security patches. Users affected by this upgrade will receive an email with planned maintenance dates and times.
For details about the upgrade and steps to prepare, see Service annoucements.
The Performance Compute Class, designed for running whole-machine CPU workloads, is available in Autopilot mode from versions 1.28.6-gke.1369000 and 1.29.1-gke.1575000 and later.
Disk snapshot based backup and recovery for SAP HANA
From version 3.0, you can use the disk snapshot feature of Google Cloud's Agent for SAP to perform backup and recovery operations for SAP HANA systems running on Google Cloud.
For more information, see Disk snapshot based backup and recovery for SAP HANA.
Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, has launched a new detector, Defense Evasion: Rootkit
, in Preview.
The detector monitors virtual machines and generates a finding if a combination of signals matching a known kernel-mode rootkit is present.
For more information, see Virtual Machine Threat Detection overview.
Vertex AI Search: Add metadata to your web index (Public preview)
If advanced website indexing is enabled in your data store, you can add metadata to the data store schema to enrich your indexing.
For more information, see Add metadata for advanced site indexing.
Vertex AI Search: Automatic web page refresh (Public preview)
With advanced website indexing, Vertex AI Search performs conditional, automatic refresh.
For more information, see Refresh web pages.
Vertex AI Search: Apply tuned search to some queries (Public preview)
You can specify whether you want a query to use the tuned search model or the non-tuned search model. This is particularly helpful for testing the difference between the two versions of the model.
Previously, the tuned search model was enabled (or disabled) for all queries against the data store.
For more information, see Test tuned search and use it for individual search queries.
Vertex AI Search: Access controlled data sources (Public preview)
Access control for BigQuery, Cloud Storage, and Confluence data is available in Public preview. This feature allows you to limit the data that users can view in your search app's results. Google uses your identity provider to identify the end user performing a search and determine if they have access to the documents that are returned as results. Google Identity and third-party identity provider federation are supported.
For more information, see Use data source access control.
Vertex AI Search: Blended search (Public preview)
Blended search, where multiple data stores can be connected to a single generic search app, is available in Public preview. This feature allows you to use one generic search app to search across multiple sources and types of data.
For more information, see About connecting multiple data stores.
Vertex AI Search: Search analytics (GA)
Search analytics are GA for global data stores. For data stores in US and EU multi-regions, viewing analytics is in Public Preview.
For more information, see View analytics.
M117 release
The M117 release of Vertex AI Workbench instances includes the following:
- Removed the Cloud Storage browser in the left side pane in favor of the existing Mount shared storage button.
February 27, 2024
AlloyDB for PostgreSQLYou can now use Automatic IAM Authentication with the AlloyDB Language Connectors (Preview) to connect to your cluster. For more information, see Connect using the AlloyDB Language Connectors.
You can now use time series and range functions to support time series analysis. This feature is in preview.
You can now use data manipulation language (DML) statements to efficiently delete entire partitions. If a DELETE
statement targets all rows in a partition, then the entire partition is deleted without scanning bytes or consuming slots. This feature is now generally available (GA).
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
VPC Service Controls has general availability support in Colab Enterprise.
For more information, see Use VPC Service Controls.
cos-101-17162-386-33
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.28 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated app-emulation/containerd to 1.6.28.
Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2024-26581 in the Linux kernel.
Fixed CVE-2022-3566 in the Linux kernel.
Fixed CVE-2022-3567 in the Linux kernel.
Fixed CVE-2024-1086 in the Linux kernel.
cos-109-17800-147-22
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.9 | v1.7.13 | v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Upgraded Docker to v24.0.9. This fixes CVE-2024-24557.
Fixed CVE-2024-0684 in sys-apps/coreutils.
Fixed CVE-2024-26581 in the Linux kernel.
cos-105-17412-294-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-26581 in the Linux kernel.
Dataflow now supports at-least-once streaming mode. You can use this mode to achieve lower latency and reduced costs for workloads that can tolerate duplicate records. This feature is generally available (GA). For more information, see Set the pipeline streaming mode.
Generally available: Purchasing commitments for VMware Engine nodes. For more information, see Purchasing commitments for node types.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
CVE-2023-3776
For more information, see the GCP-2024-014 security bulletin.
GKE on VMware 1.15.9-gke.20 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.15.9-gke.20 runs on Kubernetes v1.26.10-gke.2000.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following vulnerabilities are fixed in 1.15.9-gke.20:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
An improvement was made in the way Sensitive Data Protection calculates the predicted infoType of the data that it profiles. The service now considers correlations between the detected infoTypes, where one infoType is a subset of another. For more information, see Predicted infoType.
For more information about data profiling, see Data profiles.
General availability support for the following integration:
Preview stage support for the following integration:
February 26, 2024
Anthos clusters on AWSThe following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
CVE-2023-3776
For more information, see the GCP-2024-014 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-0193
For more information, see the GCP-2024-013 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-6932
For more information, see the GCP-2024-011 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
- CVE-2023-6931
For more information, see the GCP-2024-010 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
- CVE-2023-6817
For more information, see the GCP-2024-004 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
CVE-2023-3776
For more information, see the GCP-2024-014 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-0193
For more information, see the GCP-2024-013 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-6932
For more information, see the GCP-2024-011 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
- CVE-2023-6931
For more information, see the GCP-2024-010 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
- CVE-2023-6817
For more information, see the GCP-2024-004 security bulletin.
Java 21 is now generally available.
PHP 8.3 is now generally available.
Go 1.22 is now available in preview.
Java 21 is now generally available.
PHP 8.3 is now generally available.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.38.0 (2024-02-22)
Features
Dependencies
The BigQuery Data Transfer Service can now transfer data from the following data sources:
Transfers from these data sources are supported in preview.
The following SQL features are now generally available (GA):
GROUP BY GROUPING SETS
clause: Produces aggregated data for one or more grouping sets.GROUP BY CUBE
clause: Produces aggregated data for all grouping set permutations.GROUPING
function: Checks if a groupable value in theGROUP BY
clause is aggregated.
The GROUP BY ALL
clause, which groups rows by inferring grouping keys from the SELECT
items, is now in preview.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.34.0 (2024-02-21)
Features
- Add the export logic for per-connection error rate metric (#2121) (d053f2d)
- Create the backbone of counting errors per connection each minute. (#2094) (7d27816)
Dependencies
- Update actions/setup-java action to v4 (#2106) (a694296)
- Update dependency com.google.cloud:gapic-libraries-bom to v1.30.0 (#2126) (f613bd0)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.25.0 (#2113) (ba1973e)
- Update dependency com.google.truth.extensions:truth-proto-extension to v1.4.1 (#2119) (0a7ad66)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.1 (#2122) (99ec284)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#2123) (12d961a)
Starting in Go version 1.22 and later, you can no longer use GOPATH
for installing dependencies. To manage dependencies, you use a go.mod
file. For more information about Go versions, and managing dependencies for vendor directories, see GOPATH and Modules in Go documentation.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- GKE Hub
gkehub.googleapis.com/Fleet
gkehub.googleapis.com/Scope
gkehub.googleapis.com/Namespace
gkehub.googleapis.com/MembershipBinding
gkehub.googleapis.com/RBACRoleBinding
- AI Platform
aiplatform.googleapis.com/NotebookRuntime
aiplatform.googleapis.com/NotebookRuntimeTemplate
Starting February 27, 2024, in the us-central1, europe-west1, europe-west2, europe-west3, europe-west6, us-east1, and us-east4 regions it is possible to create new Cloud Composer 1 environments only in projects that already have Cloud Composer 1 environments.
In all other existing or newly created projects in these regions, it is possible to create only Cloud Composer 2 environments. This change is a part of the preparation for Cloud Composer 1 end of support, as communicated earlier and described in the Versioning overview.
Cloud Functions now supports the PHP 8.3 and Java 21 runtimes at the General Availability release level for 2nd gen functions.
Cloud Functions now supports the Go 1.22 runtime at the Preview release level.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.16.0 (2024-02-20)
Features
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.25.0 (#1535) (7fde779)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.0 (#1528) (b3e4f9b)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.0 (#1456) (f27713e)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#1542) (af784bc)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.2 (#1530) (20981dc)
Live migration is now available on new Confidential VM instances that meet the following configuration criteria:
An N2D machine type with AMD EPYC Milan CPU platform
AMD SEV Confidential Computing technology
An operating system image that supports live migration
Dataform is available in the us-south1 region. For more information, see Locations.
Eventarc is available in the us-west8
(Phoenix, Arizona, North America) region.
GKE on VMware 1.28.200-gke.111 is now available. To upgrade, see Upgrading Anthos clusters on VMware. GKE on VMware 1.28.200-gke.111 runs on Kubernetes v1.28.4-gke.1400.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
The following issues are fixed in 1.28.200-gke.111:
- Fixed the known issue that caused a preflight check to fail when the hostname isn't in the IP block file.
- Fixed the known issue where the storage policy field is missing in the admin cluster configuration template.
- Fixed the manual load balancer issue where the IngressIP is overwritten with the Spec.LoadBalancerIP even if it is empty.
- Fixed the issue that preflight jobs might be stuck in the pending state.
- Fixed the known issue where nfs-common is missing from the Ubuntu OS image.
The following vulnerabilities are fixed in 1.28.200-gke.111:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
This note was updated on March 20, 2024. The links to the security bulletins related to CVE-2024-0193 and CVE-2023-3610 have been updated.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
CVE-2023-3776
For more information, see the GCP-2024-014 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-0193
For more information, see the GCP-2024-012 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-3610
For more information, see the GCP-2024-013 security bulletin.
GKE now supports Gemma (2B, 7B), Google's new state-of-the-art open models. To learn more, refer to the following guides:
- Serve Gemma on GKE with GPUs using Hugging Face TGI
- Serve Gemma on GKE with GPUs using vLLM
- Serve Gemma on GKE with GPUs using TensorRT-LLM
- Serve Gemma on GKE with TPUs using SaxML
Deployment to GKE is also supported via Vertex AI Model Garden as part of our Hugging Face, Vertex AI, and GKE integration.
Generally available: Migrate to Virtual Machines lets you migrate virtual machine (VM) disks to Persistent Disk volumes on Google Cloud. The migrated disks can be attached to a new VM during the migration process, or an existing VM after the migration is complete.
The IAM recommender offers role recommendations for BigQuery datasets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.
A weekly digest of client library updates from across the Cloud SDK.
The following GoogleSQL JSON functions are now generally available (GA):
LAX_BOOL
: Attempts to convert a JSON value to a SQLBOOL
value.LAX_FLOAT64
: Attempts to convert a JSON value to a SQLFLOAT64
value.LAX_INT64
: Attempts to convert a JSON value to a SQLINT64
value.LAX_STRING
: Attempts to convert a JSON value to a SQLSTRING
value.BOOL
: Converts a JSON boolean to a SQLBOOL
value.FLOAT64
: Converts a JSON number to a SQLFLOAT64
value.INT64
: Converts a JSON number to a SQLINT64
value.STRING
: Converts a JSON string to a SQLSTRING
value.JSON_TYPE
: Gets the JSON type of the outermost JSON value and converts the name of this type to a SQLSTRING
value.
Studio voices are now GA.
Casual voices are now in preview.
Ground Multimodal Models
Model grounding for gemini-pro
is available in Preview. Use grounding to
connect the gemini-pro
model to unstructured text data stores in Vertex AI Search. Grounding lets models access and use the information in the data repositories to generate more enhanced and nuanced responses.
For more information, see Ground multimodal models.
Vertex AI Search: Use Terraform to create search apps
You can use Terraform to create search apps for your Vertex AI Search.
For information, see Create a search app.
The VPC documentation has been updated with a new page that describes which services in Google Cloud include support for IPv6. For more information, see IPv6 support in Google Cloud.
February 24, 2024
Google Distributed Cloud Virtual for VMwareThe following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-0193
For more information, see the GCP-2024-013 security bulletin.
February 23, 2024
Application IntegrationApplication Integration now supports private triggers that enable you to break large flows into various subflows. This feature is in preview.
Chronicle now supports the timestamp.get_date()
function. For more information and example usage, see YARA-L 2.0 language syntax.
Global external Application Load Balancers now let you customize your own error responses when an HTTP error status code (4xx
and
5xx
) is generated. You can customize error responses for errors generated by
both the load balancer and the backend instances. You can also customize error
responses for error response codes that are generated when traffic is denied by
Cloud Armor.
For more information, see the following pages:
This feature is available in Preview.
(2024-R05) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1268000
- 1.25.16-gke.1497000
- 1.26.12-gke.1111000
- 1.26.13-gke.1189000
- 1.27.10-gke.1152000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.16-gke.1360000 with this release.
Stable channel
- There are no new releases in the Stable release channel.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1268000
- 1.26.12-gke.1111000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1052000 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1497000
- 1.26.13-gke.1189000
- 1.27.10-gke.1152000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1207000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1207000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1575000 with this release.
(2024-R05) Version updates
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.25.16-gke.1268000
- 1.25.16-gke.1497000
- 1.26.12-gke.1111000
- 1.26.13-gke.1189000
- 1.27.10-gke.1152000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.16-gke.1360000 with this release.
(2024-R05) Version updates
- There are no new releases in the Stable release channel.
(2024-R05) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1268000
- 1.26.12-gke.1111000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1052000 with this release.
(2024-R05) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1497000
- 1.26.13-gke.1189000
- 1.27.10-gke.1152000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1207000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1207000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1575000 with this release.
You can now set an exact frame rate on the output video. For more information, see Frame rate conversion strategies.
February 22, 2024
Anthos Config ManagementThe constraint template library includes a new template: K8sRestrictAdmissionController
. For reference, see the Constraint template library.
The constraint template library includes a new template: K8sCronJobAllowedRepos
. For reference, see the Constraint template library.
Added the authentication type k8sserviceaccount
for syncing from OCI images and Helm charts hosted in Artifact Registry. For more details, see Grant Config Sync read-only access to OCI and Grant Config Sync read-only access to Helm.
Simplified the steps to export metrics to Cloud Monitoring. For more details, see Configure Cloud Monitoring with Workload Identity.
Fixed the unrecognized label error in the otel-collector
configuration that caused kustomize metrics to be rejected.
In the Google Cloud console, the Job list page has been updated to reduce latency. Although the console no longer summarizes the statuses of your jobs, you can filter based on job state when you view a list of your jobs.
Fixed the issue causing latency when listing jobs in projects that contain more than 10,000 jobs.
The following BigQuery text embedding features are now generally available (GA):
- Creating a BigQuery ML remote model that references a Vertex AI
textembedding-gecko*
text embedding model. - Using the
ML.GENERATE_EMBEDDING
function with the remote model to embed text stored in BigQuery. - Generating text embeddings with the NNLM, SWIVEL, and BERT TensorFlow models.
Certificate Manager supports the management of certificates independently in each project with separate authorization. You can also issue regional managed certificates with Certificate Manager. This is a public preview feature. For more information, see Certificate Manager overview.
Release 6.2.49 is currently in Preview.
In the IDE, using CrowdStrikeFalcon - Execute command and selecting scope as internal hosts and external hosts does not work (ID #00250316)
The following APIs have been deprecated and will be deleted in 6 months.
- GET
/api/external/v1/connectors/GetConnectorsData
- POST
/api/external/v1/connectors/DeleteConnector
- POST
/api/external/v1/connectors/AddOrUpdateConnector
- POST
/api/external/v1/connectors/UpdateConnectorFromIde
- POST
/api/external/v1/connectors/GetConnectorStatus
For each API above, there are one or more alternative endpoints that you can use as shown below:
Instead of
GET /api/external/v1/connectors/GetConnectorsData
Use one of the following:
GET /api/external/v1/connectors/template-cards
Provides basic information per each accessible connector definition.POST /api/external/v1/connectors/template
Retrieves detailed information regarding a specific connector definition.GET /api/external/v1/connectors/cards
Provides basic information per each accessible connector.GET /api/external/v1/connectors/{identifier}
Retrieves detailed information regarding a specific connector instance.
Instead of
POST /api/external/v1/connectors/DeleteConnector
Use
DELETE /api/external/v1/connectors/{identifier}
Instead of
POST /api/external/v1/connectors/AddOrUpdateConnector
Use
POST /api/external/v1/connectors
Instead of
POST /api/external/v1/connectors/UpdateConnectorFromIde
Use
POST /api/external/v1/connectors/update-from-ide
Instead of
POST /api/external/v1/connectors/GetConnectorStatus
Use
GET /api/external/v1/connectors/{identifier}/statistics
Between February 13, 2024 and February 22, 2024, some SKU IDs for your support subscriptions have changed. Use the following table to check whether you're affected by this change. If you have reports or BigQuery queries that depend on these IDs, edit them to use the new SKU IDs.
Subscription | Legacy SKU IDs | New SKU IDs |
---|---|---|
Premium | Base Tier 1: F08D-670F-E528
Base Tier 2: 3ADC-4232-8F2F Base Tier 3: 768B-9B76-8BFA Variable: E4F5-0256-E0EE |
Base Tier 1: 5D14-41DF-B7BF
Base Tier 2: A73A-2FBD-A226 Base Tier 3: 7EFE-705D-1818 Variable: 5467-9D2D-5B98 |
TAM | Additional Coverage:
Included: 39DA-470F-1873 Additional Coverage: Tier 1: 1D0C-C18F-A3E9 Tier 2: A4ED-26C4-BE0A Tier 3: 7625-C72D-58B1 |
Additional Coverage:
Included: FECC-20EE-2595 Additional Coverage: Tier 1: 164C-4F75-934A Tier 2: C9E4-CC90-085B Tier 3: 0401-A11E-7A40 |
Enhanced |
Base: D61B-E147-B8A6 Variable: 8D85-10F1-28B3 |
Base: 7F2E-344B-FBDD Variable: 0D7A-4FBF-FA55 |
Gold |
Base: 118A-4BF5-51E1 |
Base: 0AD0-476B-879E |
Silver |
Base: 5D8F-0D17-AAA2 |
Base: F5D2-4995-B3D7 |
Fixed a problem where one DAG run could potentially delete task instances from other DAG runs if run_id was the same (backported #32684 from a later Airflow version).
Cloud Composer 2.6.2 images are available:
- composer-2.6.2-airflow-2.6.3 (default)
- composer-2.6.2-airflow-2.5.3
Cloud Workstations supports Image Streaming, which provides faster workstations startup by reducing image pull time.
New Dataproc Serverless for Spark runtime versions:
- 1.1.51
- 2.0.59
- 2.1.38
- 2.2.0-RC11
NFSv4.1 protocol support, integrated with Managed Service for Microsoft Active Directory, is now available in Preview for Filestore enterprise and zonal instances.
Show field descriptions in table chart headers
You can now let report viewers access field descriptions in tooltips when the Show field descriptions option is enabled for table charts. Show field descriptions is automatically enabled for charts that are connected to a Looker or Search Ads 360 data source. Field descriptions are sourced from the Description column in the data source.
Learn more about table chart header options.
Looker Studio release notes moving to Google Cloud
We're changing how we deliver product release notes. Beginning in a few weeks, Looker Studio release notes will be available solely on the Google Cloud release notes platform.
Cloud release notes offer enhanced features, such as RSS feed support and programmatic access using BigQuery. These features make it easier for customers to stay informed about feature updates. Additionally, Google Cloud customers will have the convenience of accessing updates for related products like Looker and BigQuery in a centralized location.
Release notes prior to this change are preserved in the historical release notes page.
If you have filtering enabled, the backlog metrics only include data from messages that match the filter. To learn more, see How filters affect backlog metrics.
Storage Transfer Service has added preview support for transferring managed folders between Cloud Storage buckets. Permissions on managed folders are copied between buckets when using this option.
See Transfer Cloud Storage managed folders for details.
February 21, 2024
ChronicleFixed an issue that prevents you from using the list, percentile, and percentile_distinct functions when you create a custom measure in your dashboard.
Remote Agents Release 1.4.9 is currently in Preview.
The Docker image to pull for this release is 1.4.9.2
Upgrade agents from 1.3.8 on RHEL not working as expected (ID #00243884)
Publisher memory usage issue (ID #00273756)
Preview: With managed workload identities for Compute Engine, you can implement mutually authenticated and encrypted communications between any two Compute Engine VMs. Workload applications running on the configured VMs can use the X.509 credentials for per-VM mTLS. These mTLS certificates are automatically rotated and managed for you by Certificate Authority Service.
For more information, see Authenticate workloads to other workloads over mTLS.
Version 3.11 is released
All release notes published on this date are part of version 3.11.
Cold chat transfer
Agents can do a "cold transfer" for a chat. With a cold chat transfer, the agent assigns a chat session to a new agent or a queue, and then immediately leaves the chat without waiting for the new agent to join. This helps agents efficiently transfer chats without being bound to them. For more information, see Transfer a Chat.
Support for partial response in Dialogflow
CCAI Platform supports the partial response option in Dialogflow. This is particularly useful when the virtual agent needs to call a webhook that will likely take a while to run. With partial response enabled, Dialogflow can immediately send an initial fulfillment message to the end-user, such as, "One moment while I look that up." This way, while the webhook runs and the final fulfillment message is generated, the end-user expects a short wait instead of assuming that there is a problem. For information about configuring this capability in Dialogflow, see Partial response for streaming API.
Added new response fields for indicating agent availability to the manager/api/v1/agents/current_status
and apps/api/v1/wait_times
APIs. These indicate the number of assigned agents, logged-in agents, available agents, and breakthrough agents.
Fixed an issue that prevented copying an IVR menu structure.
Fixed an issue where the automatic redirect to a PSTN number used a direct PSTN dial instead of the configured BYOC SIP dial settings.
Fixed an issue where the account ID in search results did not refresh after removing search input.
Fixed an issue preventing the editing of user permissions for Microsoft Teams users.
Updated virtual task assistants to support an unlimited number of data parameters.
Fixed an issue where the Contact Name displayed 'Chat User' instead of the end-user's name.
Fixed an issue where the Agent and Supervisor filters on the Agents page displayed as All undefined.
Fixed an issue where the file name was not visible when the user held the pointer over the compose-email pane.
Fixed the error message that displays when an administrator disables an email queue with an invalid IMAP connection.
Fixed an issue where holiday-hours messages didn't play when the support center or queues were outside of their hours of operation.
You can now use Gemma models in your Apache Beam inference pipelines. For more information, see Use Gemma open models with Dataflow.
Support for VPC Service Controls is generally available (GA).
The GKE Stateful HA Operator is now available in GA starting in GKE versions 1.28.5-gke.1113000 and later, or 1.29.0-gke.1272000 and later. The GKE Stateful HA Operator is enabled in new Autopilot clusters and opt-in for new Standard clusters.
Upgrade to Unreal Engine 5.3.
- Cloud builder in ISXR Content now uses Unreal Engine version 5.3.2.
- Only the latest version of the Template Project (3.0.0) is compatible with the latest builder in the Content.
Optimized the Unreal Template Project.
- Simplified logic in blueprints.
- Easier to use events for mode switching.
- New demos for Session ID and AR Virtual Background.
- Now you can integrate files from the template directly into your existing Unreal projects to work on Immersive Stream for XR in both 3D and AR modes.
The OpenCensus libraries are archived. Spanner now supports OpenTelemetry, and we recommend all OpenCensus users to migrate to OpenTelemetry for your observability needs. For more information, see Examine latency in a Spanner component with OpenTelemetry.
General availability support for the following integration:
Gemma open models are available
Gemma models, a family of lightweight, open models built from the same research and technology used to create the Gemini models, are available to run on your hardware, mobile devices, or hosted services. To learn more, see Use Gemma open models and the Gemma Model Garden card.
reCAPTCHA Enterprise Mobile SDK v18.4.2 is now available for iOS.
This version contains fixes for the following stability issues:
reCAPTCHA Enterprise Mobile SDK v18.5.0-beta01 is now available for Android.
This version contains the following changes:
- Support for Android API 19 is removed.
- Dependency on OkHttp 4.11.0 is added.
- New exception type is added for devices without a network connection:
NO_NETWORK_FOUND
.
February 20, 2024
AlloyDB for PostgreSQLYou can now configure instances to use 128 vCPUs and 864 GB of RAM per node.
Google has added Tokyo (Japan) as a new region for Chronicle customers. Chronicle can now store customer data in this region. This also adds a new regional endpoint for Chronicle APIs at https://asia-northeast1-backstory.googleapis.com
.
US-based billing accounts only: In August 2023, Google Cloud Marketplace transitioned to the Agency model for marketplace services for US partners and US customers. As part of this change, the remittance information has changed on your Google Cloud invoices and in the Google Cloud console.
As part of this change, you can see the following information in your Cloud Billing tools:
You can now configure and save a Log Analytics chart directly in Monitoring. For more information, see Add charts generated from a Log Analytics query.
For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents:
For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents:
Cloud SQL Enterprise Plus edition now supports versions 12 and 13 of PostgreSQL. For more information, see Introduction to Cloud SQL editions.
For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents:
cos-105-17412-294-29
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-24557 in app-emulation/docker.
Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.
Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2022-3566 in the Linux kernel.
Fixed CVE-2022-3567 in the Linux kernel.
cos-109-17800-147-15
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.5 | v1.7.13 | v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated app-containers/containerd to v1.7.13.
Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.
Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.
M117 release
- Fixed an issue wherein the
latest
container had adeprecation-public-image
tag. In this release and future releases, this tag will only be on the deprecated containers. - Fixed a problem wherein the user couldn't access the vulnerabilities result of each container.
The previously announced migration from Standard NLU to Advanced NLU will no longer occur on March 1, 2024. For more information, see the email announcement
Dialogflow CX agents now default to advanced NLU.
You can now import and export Dialogflow CX custom entities.
Dialogflow CX channel-specific response messages are now available for the following integrations: Google Chat, LINE, Messenger from Meta, Workplace from Meta, Slack. See the integration documentation for details.
Release 1.16.6
GKE on Bare Metal 1.16.6 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.6 runs on Kubernetes 1.27.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Fixes:
Fixed an issue where upgrades are blocked because
cluster-operator
can't delete stale, failing preflight check resources.Cleaned up stale
etcd-events
membership to enhance control plane initialization reliability in the event of a node join failure.
Fixes:
The following container image security vulnerabilities have been fixed in 1.16.6:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
You can now use the GKE API to apply Resource Manager tags to your GKE nodes. GKE attaches these tags to the underlying Compute Engine VMs. You can use these tags to selectively enforce Cloud Firewall network firewall policies. This feature is generally available in GKE version 1.28 and later.
Kubernetes Engine best practice observability packages, including control plane logs, control plane metrics, and kube state metrics are now enabled by default for new managed GKE Enterprise clusters to ensure availability of necessary data when it's needed for troubleshooting or optimization. Control plane metrics and kube state metrics are included in GKE Enterprise Edition at no additional charge.
GKE now delivers insights and recommendations if your cluster's Certificate Authority (CA) is expired or will expire in the next 180 days. To learn more, see Find clusters with expiring or expired credentials.
A bug in the image streaming feature might cause containers to fail because of a missing file or files.
Containers running on a node with image streaming enabled on the following versions might fail to start or run with errors informing that certain files don't exist. The following are examples of such errors:
No such file or directory
Executable file not found in $PATH
The following GKE versions are impacted:
- For 1.27: 1.27.10-gke.1077000 and later
- For 1.28: All 1.28 versions
- For 1.29: All 1.29 versions
GKE is working on fixing the issue. In the meantime, if you are impacted by this issue, please disable image streaming.
Manual control of finding state deprecated for vulnerabilities and misconfigurations
Starting October 21, 2024, you will no longer be able to manually update the state of vulnerability or misconfiguration findings that are issued by Security Health Analytics or VM Manager. Security Command Center will return an error message on manual attempts to change the values of the state. Security Command Center will also begin preventing the manual creation of findings under the exact same name as a source that is automatically managed by Security Command Center in order to prevent the creation of findings that can never be resolved.
For more information, see Finding states.
Pane on Overview page that supports postures for Vertex AI released to Preview
A pane on the Overview page lets you monitor for vulnerabilities that were found by the Security Health Analytics custom modules that apply to Vertex AI, and lets you view any drift from the Vertex AI organization policies that are defined in a posture.
For more information, see Monitor posture drift.
February 19, 2024
Application IntegrationData masking in logs
You can now prevent sensitive data from appearing the integration execution logs. For more information, see Mask sensitive data in logs.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for bigquery/storage/apiv1beta1
1.59.1 (2024-02-12)
Bug Fixes
Java
Changes for google-cloud-bigquery
2.37.2 (2024-02-14)
Dependencies
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.37.0 (#3132) (3a1efc2)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240203-2.0.0 (#3126) (5e28419)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.41.0 (#3135) (9ab79ec)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.25.0 (#3140) (e61a7bc)
- Update github/codeql-action action to v2.24.1 (#3139) (4b3a429)
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.33.0 (2024-02-12)
Features
Bug Fixes
- Deflake backup integration tests due to deleteBackup timeouts (#2105) (0948da7)
- Extend timeouts for deleting snapshots, backups and tables (#2108) (df1d307)
Dependencies
- Autogen: Set packed = false on field_behavior extension (#2101) (7c438c6)
- Update actions/setup-java action to v4 (#2099) (a6c7c77)
- Update dependency com.google.cloud:gapic-libraries-bom to v1.29.0 (#2109) (ef88519)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.24.0 (#2085) (3851a5e)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.0 (#2091) (2516a09)
- Update protobuf to 25.2 in WORKSPACE (#2086) (3eafcee)
The following items have been added to Release Notes 6.2.48.
The AI Investigation widget is now available in Europe. For more information, refer to AI Investigation widget.
Timeout for automatic and manual python-run operations failing after 5 minutes even though it's defined for a longer time in the platform (ID #00243596, #00213817, #45379045, #48348087, #00245583. #00227758, #00250153)
Automatic actions/operations now run for up to the time defined in the platform (maximum of 20 minutes).
The 5 minute timeout still applies for the following manual operations:
- Run manual action
- Run connector once
- IDE - Play Item
The AI Investigation widget is now available in Europe. For more information, refer to AI Investigation widget.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
4.3.2 (2024-02-13)
Bug Fixes
Java
Changes for google-cloud-pubsub
1.126.6 (2024-02-14)
Dependencies
- Update dependency com.google.cloud:google-cloud-core to v2.33.0 (#1912) (9691c6f)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.25.0 (#1913) (9636c55)
1.126.5 (2024-02-12)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.37.1 (#1898) (fc0dc96)
- Update dependency com.google.cloud:google-cloud-storage to v2.33.0 (#1900) (0efceb4)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.0 (#1887) (2bfa5cc)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.0 (#1888) (5017789)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.2 (#1891) (231ba51)
The maximum number of concurrent workflow executions has increased from 3,000 to 5,000.
February 16, 2024
Anthos Config ManagementUpgraded git-sync (Config Sync dependency for pulling from git) from v3.6.9 to v4.1.0 to pick up enhancements, such as improved efficiency and race condition fixes. This contains a breaking change that short commit SHA is no longer accepted in the spec.git.revision
field of RootSync and RepoSync. If you want to sync from a Git commit, use a full commit SHA in the spec.git.revision
field. For more details, please refer to Configuration for the Git repository. This release note was updated February 16, 2024 with a correction to the version number.
Backup and DR Service 11.0.9.429 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.
The upcoming 11.0.10 release includes an important OS change. If your backup appliance was originally installed as version 11.0.5 or older (before July 2023), then the 11.0.9 upgrade includes an additional automated procedure to prepare for the coming upgrade by making some adjustments to the backup appliance's boot disk partitions. This additional procedure takes about 30 minutes.
If the upgrade is disrupted, there is a chance that the backup/recovery appliance might become non-functional. To prepare for this risk, it is highly recommended that you take a snapshot of the backup appliance boot disk before upgrading the appliance to 11.0.9. If the backup appliance is not back online after the upgrade, contact the Backup and DR support team. Here is a brief guide for how to take the snapshot:
- In the Backup and DR management console, click Manage > Appliances and write down or screen-capture the appliance names.
- In the Google Cloud console of your workload project, click Compute Engine > VM instances.
- Identify the backup appliance VM instance with the same name as that shown in the Backup and DR management console.
- Take a snapshot of the backup appliance boot disk. If you need assistance taking the snapshot, contact the Backup and DR support team.
- Contact the Backup and DR support team if the appliance becomes non-functional after the upgrade. The support team will determine the best way to mitigate the problem.
Caution: Do NOT try to restore the bootdisk from the snapshot without assistance from Support. Doing so may damage the appliance and make it unrecoverable. - Delete the snapshot once you confirm that the appliance is online using version 11.0.9.
SAP HANA databases running in Compute Engine instances can now be backed up as Persistent Disk snapshots of the Compute Engine instance. For more information, see protect and recover an SAP HANA database running in a Compute Engine instance.
Backup and DR Service now supports Google Cloud VMware Engine Storage only nodes. Learn more.
Added basic connector support for the following OSes. See Support matrix.
- RHEL 8.9
- RHEL 9.3
- Rocky Linux 8.9
- Rocky Linux 9.3
- Rocky Linux Optimized for Google Cloud 8.9
- Rocky Linux Optimized for Google Cloud 9.3
Added Change Block Tracking (CBT) support for the following OSes. See Support matrix.
Release 6.2.47 is now in General Availability.
Dataproc on Compute Engine: The internalIpOnly cluster configuration setting now defaults to true for clusters created with 2.2 image versions. Also see Create a Dataproc cluster with internal IP addresses only.
Enterprise Document OCR version 2.0, pretrained-ocr-v2.0-2023-06-02
, is now Generally Available and ready for production workloads.
Please migrate OCR workloads to this new processor version.
VMware Engine ve2-standard-128
node type is generally available in us-east4
region. For more information on the node type, see Node types. To use the node type in us-east4
region, contact your Google account team.
The following vulnerability was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-6932
For more information, see the GCP-2024-011 security bulletin.
The following GKE versions might cause Ubuntu node pools to enter an unhealthy state. Don't create or upgrade your Ubuntu node pools using these versions:
- 1.25.16-gke.1497000
- 1.26.13-gke.1189000
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-6932
For more information, see the GCP-2024-011 security bulletin.
The HTTP_USER_AGENT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
February 15, 2024
BigQueryThe following Generative AI features are now generally available (GA):
- Creating a
remote model
based on the
gemini-pro
Vertex AI large language model (LLM). - Using the
ML.GENERATE_TEXT
function with a remote model based upongemini-pro
to perform generative natural language tasks on text stored in BigQuery tables. - Use the BigQuery DataFrames
GeminiTextGenerator
class in thebigframes.ml.llm
module to create estimator-like Gemini text generator models.
After you run a query in the query editor, in the Chart tab, you can now see a visualization of your query results. This feature is generally available (GA).
The following supported default parsers have changed. Each is listed by product name and log_type
value, if applicable.
- A10 Load Balancer (
A10_LOAD_BALANCER
) - Anomali (
ANOMALI_IOC
) - Apache (
APACHE
) - Arcsight CEF (
ARCSIGHT_CEF
) - AWS CloudWatch (
AWS_CLOUDWATCH
) - AWS EC2 Hosts (
AWS_EC2_HOSTS
) - AWS EC2 Instances (
AWS_EC2_INSTANCES
) - AWS EC2 VPCs (
AWS_EC2_VPCS
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure DevOps Audit (
AZURE_DEVOPS
) - Azure Firewall (
AZURE_FIREWALL
) - BIND (
BIND_DNS
) - BloxOne Threat Defense (
BLOXONE
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Carbon Black (
CB_EDR
) - Cato Networks (
CATO_NETWORKS
) - CENSYS (
CENSYS
) - Check Point (
CHECKPOINT_FIREWALL
) - Chrome Management (
N/A
) - Cisco IronPort (
CISCO_IRONPORT
) - Cisco Meraki (
CISCO_MERAKI
) - Cisco Prime (
CISCO_PRIME
) - Cisco Secure Workload (
CISCO_SECURE_WORKLOAD
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Cloud Audit Logs (
N/A
) - Cloud Load Balancing (
GCP_LOADBALANCING
) - Cloud Run (
GCP_RUN
) - Cloudflare (
CLOUDFLARE
) - CommVault Commcell (
COMMVAULT_COMMCELL
) - Compute Context (
N/A
) - Corelight (
CORELIGHT
) - CrowdStrike Detection Monitoring (
CS_DETECTS
) - CSV Custom IOC (
CSV_CUSTOM_IOC
) - Cybereason EDR (
CYBEREASON_EDR
) - Dataminr Alerts (
DATAMINR_ALERT
) - Elastic Windows Event Log Beats (
ELASTIC_WINLOGBEAT
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - FireEye ETP (
FIREEYE_ETP
) - Forescout NAC (
FORESCOUT_NAC
) - ForgeRock OpenAM (
OPENAM
) - IBM WebSEAL (
IBM_WEBSEAL
) - Imperva (
IMPERVA_WAF
) - Imperva Database (
IMPERVA_DB
) - Infoblox RPZ (
INFOBLOX_RPZ
) - ISC DHCP (
ISC_DHCP
) - Juniper (
JUNIPER_FIREWALL
) - Linux Sysmon (
LINUX_SYSMON
) - LogonBox (
LOGONBOX
) - ManageEngine ADAudit Plus (
ADAUDIT_PLUS
) - Micro Focus iManager (
MICROFOCUS_IMANAGER
) - Microsoft AD (
WINDOWS_AD
) - Microsoft ATA (
MICROSOFT_ATA
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft Defender For Cloud (
MICROSOFT_DEFENDER_CLOUD_ALERTS
) - Microsoft Exchange (
EXCHANGE_MAIL
) - Microsoft IIS (
IIS
) - Netskope (
NETSKOPE_ALERT
) - Netskope CASB (
NETSKOPE_CASB
) - Ntopng (
NTOPNG
) - Office 365 (
OFFICE_365
) - OpenCanary (
OPENCANARY
) - OpenSSH (
OPENSSH
) - OSSEC (
OSSEC
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Panorama (
PAN_PANORAMA
) - Quest Active Directory (
QUEST_AD
) - Recordia (
RECORDIA
) - Sangfor Next Generation Firewall (
SANGFOR_NGAF
) - SAP SM20 (
SAP_SM20
) - Security Command Center Threat (
N/A
) - SEPPmail Secure Email (
SEPPMAIL
) - ServiceNow CMDB (
SERVICENOW_CMDB
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - Solaris system (
SOLARIS_SYSTEM
) - STIX Threat Intelligence (
STIX
) - Symantec CloudSOC CASB (
SYMANTEC_CASB
) - Symantec Web Security Service (
SYMANTEC_WSS
) - Trend Micro Deep Security (
TRENDMICRO_DEEP_SECURITY
) - Veritas NetBackup (
VERITAS_NETBACKUP
) - VMware ESXi (
VMWARE_ESX
) - Watchguard EDR (
WATCHGUARD_EDR
) - WindChill (
WINDCHILL
) - Windows Defender AV (
WINDOWS_DEFENDER_AV
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - wiz.io (
WIZ_IO
) - Zeek JSON (
BRO_JSON
) - Zscaler (
ZSCALER_WEBPROXY
) - Zscaler CASB (
ZSCALER_CASB
) - Zscaler Internet Access Audit Logs (
ZSCALER_INTERNET_ACCESS
) - Zscaler Private Access (
ZSCALER_ZPA
)
The following log types, without a default parser, were added. Each is listed by product name and log_type
value, if applicable.
- Arista Guardian For Network Identity (
ARISTA_AGNI
) - HPE Aruba Networking Central (
ARUBA_CENTRAL
) - Blackberry Workspaces (
BLACKBERRY_WORKSPACES
) - Barracuda CloudGen Firewall (
BARRACUDA_CLOUDGEN_FIREWALL
) - Blackberry Workspaces (
BLACKBERRY_WORKSPACES
) - Cisco EStreamer (
CISCO_ESTREAMER
) - Cyderes IOC (
CYDERES_IOC
) - Dataiku DSS Logging (
DATAIKU_DSS_LOGS
) - Edgecore Networks (
EDGECORE_NETWORKS
) - Fisglobal Quantum (
FISGLOBAL_QUANTUM
) - ForgeRock Identity Cloud (
FORGEROCK_IDENTITY_CLOUD
) - Forgerock OpenIdM (
FORGEROCK_OPENIDM
) - FS-ISAC IOC (
FS_ISAC_IOC
) - Genetec Audit (
GENETEC_AUDIT
) - HiBob (
HIBOB
) - Imperva Audit Trail (
IMPERVA_AUDIT_TRAIL
) - KerioControl Firewall (
KERIOCONTROL
) - Looker Audit (
LOOKER_AUDIT
) - Mobile Endpoint Security (
LOOKOUT_MOBILE_ENDPOINT_SECURITY
) - ManageEngine PAM360 (
MANAGE_ENGINE_PAM360
) - Melissa (
MELISSA
) - Microsoft CASB Files & Entities (
MICROSOFT_CASB_CONTEXT
) - Windows Local Administrator Password Solution (
MICROSOFT_LAPS
) - Network Policy Server (
MICROSOFT_NPS
) - Power BI Activity Log (
MICROSOFT_POWERBI_ACTIVITY_LOG
) - Nxlog Agent (
NXLOG_AGENT
) - Nxlog Fim (
NXLOG_FIM
) - Opus Codec (
OPUS
) - Oracle NetSuite (
ORACLE_NETSUITE
) - Pega Automation (
PEGA
) - Qualys Knowledgebase (
QUALYS_KNOWLEDGEBASE
) - RealiteQ (
REALITEQ
) - SAP Webdispatcher (
SAP_WEBDISP
) - Serpico (
SERPICO
) - Software House Ccure9000 (
SOFTWARE_HOUSE_CCURE9000
) - Spirion (
SPIRION
) - Spur data feeds (
SPUR_FEEDS
) - Swift (
SWIFT
) - Technitium DNS (
TECHNITIUM_DNS
) - Tetragon Ebpf Audit Logs (
TETRAGON_EBPF_AUDIT_LOGS
) - Trend Micro Email Security Advanced (
TRENDMICRO_EMAIL_SECURITY
) - Tridium Niagara Framework (
TRIDIUM_NIAGARA_FRAMEWORK
) - VeridiumID by Veridium (
VERIDIUM_ID
) - Wallarm Webhook Notifications (
WALLARM_NOTIFICATIONS
) - Winscp (
WINSCP
) - XAMS by Xiting (
XITING_XAMS
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
Release 6.2.48 is currently in Preview.
Playbook condition branch name field can now hold up to 150 characters (ID #48159735)
Just-in-Time User Provisioning configuration not available in Okta configuration. (ID #49263630)
IDE - creating an integration or manager with the same name as an existing one results in the wrong error message (ID #47233004)
Save button not showing when adding lots of list items to the List type action parameter (ID #00266458)
Starting February 16, 2024, in the asia-east2, asia-northeast1, asia-northeast2, asia-northeast3, asia-south1, and australia-southeast1 regions it is possible to create new Cloud Composer 1 environments only in projects that already have Cloud Composer 1 environments.
In all other existing or newly created projects in these regions, it is possible to create only Cloud Composer 2 environments. This change is a part of the preparation for Cloud Composer 1 end of support, as communicated earlier and described in the Versioning overview.
The apache-airflow-providers-google
package is upgraded to version 10.14.0 in images with Airflow 2.6.3. For more information about changes, see the apache-airflow-providers-google changelog from version 10.13.1 to version 10.14.0.
Improved the reliability of syncing Airflow tasks logs to the environment bucket. This fix addresses the issue with storing Airflow task log files, which affected environments in some cases.
Improved the environment component responsible for metrics reporting (composer-monitoring) to minimize the restarts of this component.
Cloud Composer 2.6.1 images are available:
- composer-2.6.1-airflow-2.6.3 (default)
- composer-2.6.1-airflow-2.5.3
Cloud Composer versions 2.1.6 and 1.20.6 have reached their end of full support period.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
Partner Interconnect supports dual-stack IPv4 and IPv6 in Public Preview. For more information, see IPv6 support.
Preview: You can now use SSH-in-browser to connect to VMs using security keys with OS Login. For more information, see Enable security keys with OS Login.
You can now use a turnkey transform to enrich streaming data in your Dataflow pipeline. When you enrich data, you augment the raw data from one source by adding related data from a second source. For more information, see Enrich streaming data.
Dataform is available in the following regions:
- asia-east2
- asia-northeast3
- asia-southeast2
- europe-southwest1
- europe-west12
- me-central1
- me-central2
- northamerica-northeast
- us-east4
- us-east5
- us-west2
- us-west4
For more information, see Locations.
New Dataproc Serverless for Spark runtime versions:
- 1.1.50
- 2.0.58
- 2.1.37
- 2.2.0-RC10
Dataproc Serverless for Spark: Spark Lineage is available for Dataproc Serverless for Spark 1.1 runtime.
Architecting disaster recovery for cloud infrastructure outages: Added information about zonal and regional resilience of Sole Tenant Nodes.
HorizontalPodAutoscaler (HPA) and VerticalPodAutoscaler (VPA) may stop autoscaling all workloads in a cluster if it contains misconfigured autoscaling/v2
HPA objects. The issue impacts clusters running earlier patch versions of GKE version 1.27 and 1.28 (for example, 1.27.3-gke.100).
The fix is available in following cluster versions:
- 1.27.5-gke.1300 and later
- 1.28.1-gke.1400 and later
- 1.29 and later
We recommend that affected customers upgrade clusters to these versions to prevent HPA and VPA from misbehaving when there is at least one misconfigured HPA object.
We recommend that affected customers correct misconfigured autoscaling/v2
HPA objects by making sure the fields in spec.metrics.resource.target
match, for example:
- When
spec.metrics.resource.target.type
isUtilization
then target should beaverageUtilization
; - When
spec.metrics.resource.target.type
isAverageValue
then target should beaverageValue
.
For more details on how to configure autoscaling/v2
HPA objects, see the HorizontalPodAutoscaler Kubernetes documentation.
Managed workload identities let you bind strongly attested identities to your Compute Engine workloads. The feature is in Preview. Google Cloud provisions X.509 credentials, issued from Certificate Authority Service, that can be used to reliably authenticate your workload with other workloads over mutual TLS (mTLS) authentication. For more information, see Managed workload identities overview.
The BLOOD_TYPE
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
The Vertex AI Gemini 1.0 Pro and Gemini 1.0 Pro Vision multimodal language models are available Generally Available (GA). They have also been made available in the following regions: europe-west1, europe-west2, europe-west3, europe-west4, and europe-west9.
For more information, see the following topics:
Vertex AI Search: Stable Gemini Pro answer generation model
gemini-pro@001/answer_gen/v1
is available as a stable, generally available model for answer generation. For information about all available models for answer generation, see Specify the summarization model.
February 14, 2024
Carbon FootprintBeginning with the release of January 2024 data, Google Cloud Carbon Footprint will adopt a biannual methodology refresh schedule, with updates planned for January and July data releases each year.
For the January 2024 data release (in mid-February 2024), we have made the updates below and updated carbon model to version 10:
Data accuracy:
- Improve internal machine-level power readings for storage machines. Update allocation of energy from some machines, improving Bigtable data accuracy.
- Further improve mapping between Google Cloud services and internal resource use, particularly for a few Networking SKUs.
- Improve Google Cloud region defaults and coverage.
location.location
/location.region
with formerNULL
values are defined asglobal
, and we improved data for theeurope
multiregion.
Corporate data input refresh:
- Update Scope 1/3 apportionment factors using latest Google company-wide data from 2023 Google Environmental Report. See the Non-electricity emission sources section of methodology document on how we apply these apportionment factors.
Service coverage:
- Reintroduce App Engine and GKE Enterprise/GDC services (formerly Anthos/GDC-V), as internal data mappings have been improved.
- Remove Looker, Apigee, Chronicle, and AppSheet from covered services of Carbon Footprint, due to potential mis-attribution of carbon to these services. We are actively investigating and working on the improvements. Once internal data mapping improves for a service, we plan to add it back.
Cloud Interconnect supports VLAN attachments with a maximum transmission unit (MTU) up to 8896 bytes. For more information, see Cloud Interconnect MTU and Maximum transmission unit.
Adaptive translation is Generally Available and adds Portuguese support, raises the limit for input and output characters, and decreases latency in the API and console.
Cloud Workstations is available in the europe-west8
region (Milan, Italy, Europe). For more information, see Locations.
Config Connector version 1.113.0 is now available.
Initial support for status.observedState in ContainerCluster, ContainerNodePool and RedisInstance.
To encourage use of cnrm.cloud.google.com/state-into-spec: absent
, you can now use status.observedState in ContainerCluster,
ContainerNodePool and RedisInstance. Some important resource information (such as the certificate for connecting to a GKE cluster) is currently only available in spec, and we recommend instead reading this resource information from observedState
if available. More fields may be added to observedState
in the future.
Added support for ComputeNetworkFirewallPolicy (v1beta1) resource.
Added support for TagsLocationTagBinding (v1alpha1) resource.
Resource RunJob (CloudRun Job):
- Added spec.template.vpcAccess.connectorRef field.
The following vulnerability was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-6931
For more information, see the GCP-2024-010 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
- CVE-2023-6931
For more information, see the GCP-2024-010 security bulletin.
Looker 24.2 includes the following changes, features, and fixes.
Expected Looker (original) deployment start: Tuesday, February 20, 2024
Expected Looker (original) final deployment and download available: Thursday, February 29, 2024
Expected Looker (Google Cloud core) deployment start: Tuesday, February 20, 2024
Expected Looker (Google Cloud core) final deployment: Tuesday, March 5, 2024
Planned for Looker 24.4, the Allow Legacy Maps legacy feature will be disabled by default. When the Allow Legacy Maps legacy feature is disabled, any map visualization that uses the Map (Legacy) chart type will be converted to use the Google Maps chart type. This may be a breaking change for some customers who are still using Legacy Maps.
Duplicate join names will throw a new model-level LookML error during validation.
A new LookML warning is returned when the convert_tz
parameter is used on a LookML field that is configured as type: date_raw
. date_raw
fields have never supported timezone conversion, so this LookML warning has been added to alert LookML developers.
For projects that use the new LookML runtime, the LookML validator will now correctly show a model-level error when a join name is duplicated within an Explore. The error already existed for projects that use the legacy LookML runtime, so this update is just to bring the new LookML runtime behavior in line with the legacy LookML runtime.
The Signed Embed URL generator can now include themes, current parameters, and external group IDs.
The following permissions are now generally available to use in permission sets: manage_groups
, manage_roles
, manage_user_attributes
, manage_embed_settings
, manage_themes
, manage_privatelabel
.
A new Dashboard Diagnostics System Activity dashboard is available for troubleshooting the performance of individual dashboards.
The looker_internal_email_domain_allowlist user attribute is now generally available. This lets admins configure the Email Domain Allowlist for Scheduled Content feature on a per-group basis.
The Chart Config Editor now supports customizing tooltip content and styles.
Looker now supports self-service migration from Looker (original) instances to Looker (Google Cloud core) instances. Looker (original) instances must meet certain prerequisites, and you must have a Looker (Google Cloud core) instance into which you can import.
Filters on yesno
fields will no longer show the "is not" option.
An XSS security issue in Grid code has been fixed.
Size-by field rendering for scatter charts has been fixed. This feature now performs as expected.
An issue where download and Explore options were showing up on drill modals for merged queries when the user did not have permission has been resolved. This feature now performs as expected.
Previously, text truncation wasn't working properly on headers on small tiles. This feature now performs as expected.
Waterfall charts now render all available columns as expected.
BigQuery: Previously, if OAuth tokens were passed through as query parameters rather than in the authentication header, Looker would return the following error: "OAuth token was passed in the query parameter. Please send it in Authorization header instead."
The BigQuery driver has been updated, so this error will no longer appear.
The minimum Git command line version has been increased to 2.36.0+.
The user interface of the Admin Settings - Schedules page has been updated.
For instances with offline licenses: When an offline license expiration date is less than 14 days away, Looker admins will see a license expiration banner on all Looker pages.
The Login Consent Configuration option causes a consent screen with a configurable message to be displayed to all users who attempt to sign in to the Looker instance.
Google Cloud's Agent for SAP version 3.1
Version 3.1 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements for discovering SAP system information and for the Backint feature of the agent.
For more information, see What's new with Google Cloud's Agent for SAP.
Support for VPC Service Controls released to General Availability
You can now protect Security Command Center using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.
February 13, 2024
Cloud Asset InventoryThe following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Cloud SQL
sqladmin.googleapis.com/Backup
- Cloud Monitoring
monitoring.googleapis.com/NotificationChannel
monitoring.googleapis.com/Snooze
- VPC Service Controls Policy
accesscontextmanager.googleapis.com/AuthorizedOrgsDesc
View granular cost data from Cloud Storage usage in Cloud Billing exports to BigQuery
You can now view granular Cloud Storage bucket-level cost data in the Cloud Billing Detailed cost export. Use the resource.global_name
field in the export to view and filter your detailed Cloud Storage bucket usage.
Copying log entries is now generally available (GA).
You can now set and override the deployment service account for Cloud Run integrations when creating, updating, or deleting integrations using the Google Cloud CLI.
A new maintenance version rollout is currently underway for all supported MySQL versions.
If you have configured a maintenance window for your instance, then the updates will occur according to the timeframe that you set in the window. Otherwise, the updates will occur within the next few weeks. The new maintenance version is [MySQL version].R20240207.00_00.
To learn how to check your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.
In the new maintenance version [MySQL version].R20240207.00_00, the default value of the performance_schema
flag for all MySQL 8.0 instances with more than 15 GB of RAM will be set to on
. Previously, the default of on
for MySQL 8.0 only applied to 8.0.26 and later. This change applies to new and existing MySQL 8.0 instances.
For more information about this flag, see supported flags.
Generally available: The following quotas and metrics are now available to help you monitor the usage and limits for Compute Engine concurrent operation quotas:
- Quotas for global concurrent operations (metric -
compute.googleapis.com/global_concurrent_operations
):Concurrent global operations per project
Concurrent global operations per project operation type
- Quotas for regional concurrent operations (metric:
compute.googleapis.com/regional_concurrent_operations
):Concurrent regional operations per project
Concurrent regional operations per project operation type
For more information, see Concurrent operation quotas.
Dialogflow CX text-to-speech settings now have an option for custom voices.
The following new NTI feeds are now available:
iplist-vpn-providers
iplist-anon-proxies
iplist-crypto-miners
For more information about Network Threat Intelligence, see the overview.
(2024-R04) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.28.6-gke.1095000
- 1.28.6-gke.1289000
- 1.29.1-gke.1016000
- 1.29.1-gke.1425000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1268000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.16-gke.1268000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.9-gke.1092000 with this release.
Stable channel
- There are no new releases in the Stable release channel.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1041000
- 1.26.11-gke.1055000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1268000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.12-gke.1111000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.12-gke.1111000 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1360000
- 1.26.13-gke.1052000
- 1.27.10-gke.1055000
- 1.28.6-gke.1095000
- 1.28.6-gke.1289000
- 1.29.1-gke.1016000
- 1.29.1-gke.1425000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1152000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1152000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.0-gke.1381000 with this release.
(2024-R04) Version updates
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.28.6-gke.1095000
- 1.28.6-gke.1289000
- 1.29.1-gke.1016000
- 1.29.1-gke.1425000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to version 1.25.16-gke.1268000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.25.16-gke.1268000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.9-gke.1092000 with this release.
(2024-R04) Version updates
- There are no new releases in the Stable release channel.
(2024-R04) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.25.16-gke.1041000
- 1.26.11-gke.1055000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1268000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.12-gke.1111000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.12-gke.1111000 with this release.
(2024-R04) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1360000
- 1.26.13-gke.1052000
- 1.27.10-gke.1055000
- 1.28.6-gke.1095000
- 1.28.6-gke.1289000
- 1.29.1-gke.1016000
- 1.29.1-gke.1425000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1152000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1152000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.0-gke.1381000 with this release.
Added new Memorystore for Memcached region: Johannesburg (africa-south1
).
February 12, 2024
Apigee XOn February 12, 2024, we released an updated version of Apigee (1-11-0-apigee-17).
This release addresses the security concerns in GCP-2024-007 from Google Anthos Service Mesh.
Bug ID | Description |
---|---|
322389251 | Security fix for apigee-ingress. This addresses the following vulnerabilities: |
Bug ID | Description |
---|---|
230082910 | Fixed issue causing null values for system.timestamp and system.time.millisecond proxy variables. |
285592278 | Fixed issue with deduction of recurring fees from prepaid balances. This note is incorrect; see entry for March 26, 2024. |
You can now also view the integration execution logs in Cloud Logging. For more information, see View logs in Cloud Logging.
You can now select the pod for your Bare Metal Solution resources through the Google Cloud console intake form. This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.4.0 (2024-02-06)
Features
Bug Fixes
Go
Changes for bigquery/storage/apiv1beta1
1.59.0 (2024-02-06)
Features
- bigquery: Add ExportDataStatstics to QueryStatistics (#9371) (261c8d9)
- bigquery: Switch all timestamp representations to int64 usec (#9368) (8c1fb7d)
Bug Fixes
Java
Changes for google-cloud-bigquery
2.37.1 (2024-02-06)
Features
- Add queryId to TableResult (#3106) (2156f02)
- Update universe domain exception error code/message (#3113) (5a82c85)
Dependencies
- Update actions/upload-artifact action to v4.3.1 (#3121) (3abdc70)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240124-2.0.0 (#3104) (6eff68e)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.24.0 (#3109) (5ad778c)
- Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.0 (#3110) (3f8e8d1)
- Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.0 (#3111) (2858e96)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.2 (#3119) (4b4fdd8)
- Update github/codeql-action action to v2.23.2 (#3102) (2cc545e)
- Update github/codeql-action action to v2.24.0 (#3114) (01f0405)
Python
Changes for google-cloud-bigquery
3.17.2 (2024-01-30)
Bug Fixes
Documentation
- Update to use API (#1781) (81563b0)
- Update
client_query_destination_table.py
sample to usequery_and_wait
(#1783) (68ebbe1) - Update query_external_sheets_permanent_table.py to use query_and_wait API (#1778) (a7be88a)
- Update sample for query_to_arrow to use query_and_wait API (#1776) (dbf10de)
- Update the query destination table legacy file to use query_and_wait API (#1775) (ef89f9e)
- Update to use
query_and_wait
inclient_query_w_positional_params.py
(#1786) (410f71e) - Update to use
query_and_wait
insamples/client_query_w_timestamp_params.py
(#1785) (ba36948) - Update to_geodataframe to use query_and_wait functionality (#1800) (1298594)
A weekly digest of client library updates from across the Cloud SDK.
Google has introduced Risk Analytics to Chronicle. Risk Analytics looks for patterns of risk across your enterprise, assigning risk scores to all entities and activities. These scores are surfaced in the Risk Analytics dashboard which lets you better understand risk in your environment by visualizing entity risk trends. The dashboard helps you to identify unusual behavior and the potential risk that entities pose to your enterprise. You can specify watchlists of entities you suspect of having greater risk. The watchlists let you more easily monitor risk within your environment.
Risk Analytics also provides both predefined curated detections and YARA-L metric functions for authoring custom rules.
Risk Analytics is available with Enterprise and Enterprise Plus licenses, or as an add-on to a SIEM standalone license.
Cloud Functions now supports the PHP 8.3 runtime at the Preview release level for 2nd gen functions.
A weekly digest of client library updates from across the Cloud SDK.
You can now display Log Analytics query results as a table in your Monitoring dashboards by selecting Table as the widget type.
You can now create a broken-link checker, which periodically validates the links contained in your website. This feature is GA. For more information, see Create a broken-link checker.
Config Controller now uses the following versions of its included products:
Anthos Config Management v1.17.1, release notes
cos-dev-113-18203-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.5 | v1.7.10 | v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Update default and latest NVIDIA GPU drivers to 535.154.05.
Upgraded chromeos-base/shill-client to v0.0.1-r4278.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2712.
Upgraded chromeos-base/debugd-client to v0.0.1-r2628.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r225.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r597.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r871.
Upgraded chromeos-base/hiberman-client to v0.0.1-r437.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2844.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2367.
Upgraded chromeos-base/shill-client to v0.0.1-r4263.
Upgraded dev-libs/nss to v3.97.
Upgraded net-libs/gnutls to v3.8.3.
Upgraded net-dns/c-ares to v1.25.0-r1.
Upgraded sys-apps/attr to v2.5.2.
Upgraded dev-python/jinja to v3.1.3.
Updated the Linux kernel to v6.1.75.
Changed default umask value for a user to 027.
Updated cos-gpu-installer to v2.1.11. Added major version specification for GPU driver installation
Removed legacy logging agent (fluentd).
Upgraded app-admin/google-guest-agent to v20240109.00.
Upgraded app-admin/google-guest-configs to v20240109.00.
Upgraded app-admin/google-osconfig-agent to v20231219.00.
Upgraded app-admin/node-problem-detector to v0.8.15.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-libs/libcap-ng to v0.8.4-r1.
Upgraded net-misc/rsync to v3.2.7-r4.
Upgraded net-misc/curl to v8.5.0-r2.
Upgraded dev-python/netifaces to v0.11.0-r2.
Fixed CVE-2024-21626 in app-containers/runc.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
- Changed: fs.epoll.max_user_watches: 1809920 -> 1809474
- Changed: fs.fanotify.max_user_marks: 67577 -> 67560
- Changed: fs.file-max: 812606 -> 812400
- Changed: fs.inotify.max_user_watches: 63456 -> 63441
- Changed: kernel.threads-max: 63520 -> 63504
- Changed: net.core.optmem_max: 20480 -> 131072
- Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94068 125424 188136
- Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188136 250848 376272
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
- Changed: user.max_cgroup_namespaces: 31760 -> 31752
- Changed: user.max_fanotify_marks: 67577 -> 67560
- Changed: user.max_inotify_watches: 63456 -> 63441
- Changed: user.max_ipc_namespaces: 31760 -> 31752
- Changed: user.max_mnt_namespaces: 31760 -> 31752
- Changed: user.max_net_namespaces: 31760 -> 31752
- Changed: user.max_pid_namespaces: 31760 -> 31752
- Changed: user.max_time_namespaces: 31760 -> 31752
- Changed: user.max_user_namespaces: 31760 -> 31752
- Changed: user.max_uts_namespaces: 31760 -> 31752
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
Enhanced integrity-fs with disk resize and dm-clone.
Removed deprecated R525 NVIDIA GPU drivers.
Added support for dm-zero and dm-clone.
cos-109-17800-147-9
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.75 | v24.0.5 | v1.7.10 | v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
This is an LTS Refresh Release.
Update default NVIDIA GPU drivers to 535.154.05.
Updated cos-gpu-installer to v2.1.10.
Backported support for TCP RTO configuration in networkd.
Fixed CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550 and CVE-2023-40551 in sys-boot/shim.
Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.
Fixed CVE-2024-1086 in the linux kernel.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
- Added: net.ipv4.tcp_shrink_window: 0
- Changed: fs.file-max: 812608 -> 812605
- Changed: net.core.optmem_max: 20480 -> 131072
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
cos-101-17162-386-22
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-40546, CVE-2023-40547 CVE-2023-40548, CVE-2023-40549, CVE-2023-40550 and CVE-2023-40551 in sys-boot/shim.
Fixed CVE-2023-5678 in dev-libs/openssl.
Fixed CVE-2024-0567 and CVE-2024-0553 in net-libs/gnutls.
Fixed CVE-2024-1085 and CVE-2023-46838 in the Linux kernel.
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
cos-97-16919-450-16
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.208 | v20.10.24 | v1.6.21 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-40546, CVE-2023-40547, CVE-2023-40549 and CVE-2023-40551 in sys-boot/shim.
Fixed CVE-2023-5678 in dev-libs/openssl.
Fixed CVE-2024-0567 and CVE-2024-0553 in net-libs/gnutls.
Fixed CVE-2024-1086 and CVE-2023-46838 in the linux kernel.
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
cos-105-17412-294-23
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 , CVE-2023-40551, CVE-2023-40547 and CVE-2023-40550 in sys-boot/shim.
Fixed CVE-2023-5678 in dev-libs/openssl.
Fixed CVE-2024-1085 , CVE-2024-1086 and CVE-2023-46838 in the Linux kernel.
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
Dataflow Streaming Engine now supports resource-based billing. When you enable resource-based billing with Streaming Engine, you're billed for the total resources consumed by your job.
Two new Dialogflow CX prebuilt components are available: retail authentication and order status.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
4.3.1 (2024-02-08)
Bug Fixes
4.3.0 (2024-02-05)
Features
Bug Fixes
Java
Changes for google-cloud-pubsub
1.126.4 (2024-02-09)
Bug Fixes
1.126.3 (2024-02-08)
Dependencies
Python
Changes for google-cloud-pubsub
2.19.4 (2024-02-09)
Bug Fixes
2.19.3 (2024-02-08)
Bug Fixes
2.19.2 (2024-02-08)
Bug Fixes
February 11, 2024
Security Command CenterExports of compliance reports will require new permissions
On or after March 15, 2024, a new Identity and Access Management (IAM) permission will be required to export a compliance report from the Google Cloud console. If you use custom roles to control access to Google Cloud resources, you will need to add this new permission to your custom roles before that date to continue exporting compliance reports.
For more information, see Export a compliance report.
February 09, 2024
AlloyDB for PostgreSQLYou can now use public IP with the AlloyDB Language Connectors (Preview) to connect to your cluster. For more information, see Connect using the AlloyDB Language Connectors.
hybrid v1.11.1-hotfix.1
On February 9, 2024 we released an updated version of the Apigee hybrid software, v1.11.1-hotfix.1.
This release addresses the security concerns in GCP-2024-007 from Google Anthos Service Mesh.
- To install the hotfix, follow the instructions in Upgrading Apigee hybrid to version 1.11.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
324460830 | Security fix for apigee-ingress. This addresses the following vulnerabilities: |
hybrid v1.10.4-hotfix.1
On February 9, 2024 we released an updated version of the Apigee hybrid software, v1.10.4-hotfix.1.
This release addresses the security concerns in GCP-2024-007 from Google Anthos Service Mesh.
- To install the hotfix, follow the instructions in Upgrading Apigee hybrid to version 1.10.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
324460830 | Security fix for apigee-ingress. This addresses the following vulnerabilities: |
Release 6.2.46 is now in General Availability.
Starting January 20, 2024, in the asia-southeast1, us-west3, and us-west4 regions it is possible to create new Cloud Composer 1 environments only in projects that already have Cloud Composer 1 environments.
In all other existing or newly created projects in these regions, it is possible to create only Cloud Composer 2 environments. This change is a part of the preparation for Cloud Composer 1 end of support, as communicated earlier and described in the Versioning overview.
Cloud SQL now automatically updates your read replicas when you perform self-service maintenance on the primary instance. For more information, see Self-service maintenance.
Cloud SQL now automatically updates your read replicas when you perform self-service maintenance on the primary instance. For more information, see Self-service maintenance.
Cloud SQL now automatically updates your read replicas when you perform self-service maintenance on the primary instance. For more information, see Self-service maintenance.
From edge to mesh: Deploy service mesh applications through GKE Gateway: Switched from Ingress API to the more modern Gateway API. Updated relevant sections to reflect this change.
The following GKE versions fix a memory leak issue with the Google Cloud Storage FUSE CSI driver DaemonSet Pod:
- 1.25.16-gke.1360000 and later
- 1.26.13-gke.1052000 and later
- 1.27.10-gke.1055000 and later
- 1.28.6-gke.1095000 and later
- 1.29.1-gke.1425000 and later
Multimodal embeddings video support is Generally Available
Embeddings for video data is now Generally available using the multimodal embedding model (multimodalembedding
). For more information, see the product documentation.
This features incurs pricing based on the mode you use. For more information, see pricing.
February 08, 2024
Anthos Service MeshGoogle has ended support for in-cluster Anthos Service Mesh 1.17 following the official policy. Managed Anthos Service Mesh will continue to support 1.17 until 1.18 is promoted to the regular and stable channels. For more information, see Supported versions.
1.17.8-asm.20 is now available for in-cluster Anthos Service Mesh.
This patch release contains the fix for the security vulnerability listed in GCP-2024-007. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.
While these CVE fixes have been backported to 1.17, you should upgrade to a supported version, 1.18 or later.
1.20.3-asm.4 is now available for in-cluster Anthos Service Mesh.
You can now download 1.20.3-asm.4 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.20.3 subject to the list of supported features. Anthos Service Mesh 1.20.3-asm.4 uses Envoy v1.28.1.
This release contains the fix for the security vulnerability listed in GCP-2024-007.
After upgrading Anthos Service Mesh to version 1.20.3 for off-Google Cloud clusters, make sure to restart all Pods in order to trigger the re-injection of sidecars. Otherwise, the Anthos Service Mesh metric reports might become inconsistent between the old and new proxies in the cluster.
Managed Anthos Service Mesh 1.20 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout. See Select a managed Anthos Service Mesh release channel for more information.
1.19.7-asm.3 is now available for in-cluster Anthos Service Mesh.
This patch release contains the fix for the security vulnerability listed in GCP-2024-007. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.
1.18.7-asm.4 is now available for in-cluster Anthos Service Mesh.
This patch release contains the fix for the security vulnerability listed in GCP-2024-007. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.
On February 8, 2024 we released an updated version of the Apigee APIs.
API support for update operations on KeyValueMap entries
Starting with this release, the Apigee APIs support update operations for KeyValueMap entries. See the API reference page for REST Resource: organizations.environments.keyvaluemaps.entries for information.
Custom data masking is now generally available (GA). You can define custom masking routines for custom masking capabilities such as salt based hash. The feature is available on the Enterprise Plus edition.
BigQuery now offers entity resolution. This feature lets users match records across datasets even when a common identifier is missing. It utilizes an identity provider for this process; BigQuery supports LiveRamp and provides a framework for other identity providers to offer similar services. This feature is generally available (GA).
Release 6.2.47 is currently in Preview.
Email settings: customer configuration change
In order to help with safe and secure communication, the Trust Certificate checkbox is scheduled to be deleted in April 2024 as it will be enabled automatically by default.
Customers who currently do not have this checkbox enabled are advised to carry out the following procedure.
- In the Email Settings > Customer Configuration tab, enable the Trust Certificate checkbox.
- Save the settings.
- Click Test to ensure the configuration works.
- Perform an action which will trigger a test email notification.
- If errors are shown, follow the instructions in the error message.
Manual Action Menu - Group and Specific filters when chosen together lead to errors (ID #49013713)
Custom SAML provider configuration error (ID #49125693)
The placeholder CurrentUserRole
that was removed from Release 6.2.45 is now supported.
The enabling and disabling functionality for the Logs in Cloud Logging only feature was temporarily rolled back.
At the moment, it is not possible to enable or disable this feature, and your environment will keep its current configuration. If this feature is enabled, Cloud Composer will keep saving logs to Cloud Logging only. Newly created environments save logs to Cloud Logging only and the environment's bucket.
We will announce when the issue is resolved.
You can now create log buckets in the africa-south1
region. For a complete list of supported regions, see
Supported regions.
Cloud SQL now supports near-zero downtime planned maintenance on HA-enabled Cloud SQL Enterprise Plus instances with all combinations of public IP connectivity.
Cloud SQL now supports near-zero downtime planned maintenance on HA-enabled Cloud SQL Enterprise Plus instances with all combinations of public IP connectivity.
Generally available: Hyperdisk Throughput is available with the following VMs:
- A3
- C3
- C3D
- G2
- H3
- M3
Hyperdisk Throughput support for Z3 VMs is also available in Preview.
Also, the maximum number of Hyperdisk Throughput volumes you can attach to a VM has been increased. See Hyperdisk capacity limits per VM for more information.
Hyperdisk volumes are durable network storage devices that your VMs can access, similar to Persistent Disk. Hyperdisk Throughput provides cost-effective and throughput-oriented storage with dynamically configurable capacity and throughput. For more information, see About Hyperdisk.
New Dataproc on Compute Engine subminor image versions:
- 2.0.92-debian10, 2.0.92-rocky8, 2.0.92-ubuntu18
- 2.1.40-debian11, 2.1.40-rocky8, 2.1.40-ubuntu20, 2.1.40-ubuntu20-arm
- 2.2.6-debian12, 2.2.6-rocky9, 2.2.6-ubuntu22
Dataproc on Compute Engine Ranger Cloud Storage enhancement:
- Enabled downscoping
- Added caching of tokens in local cache
Both settings are configurable and can be enabled by customers: see Use Ranger with caching and downscoping .
Dataproc on Compute Engine: The new Secret Manager credential provider feature is available in the latest 2.2 image versions.
Dataproc on Compute Engine: Backported patch for HADOOP-18652.
New Dataproc Serverless for Spark runtime versions:
- 1.1.49
- 2.0.57
- 2.1.36
- 2.2.0-RC9
Dataproc Serverless for Spark: Backported patch for HADOOP-18652.
M116 release
- Added the CUDA version to the TensorFlow 2.15 image family name, for this release and future releases. For example,
tf-2-15-gpu
is renamed totf-2-15-cu121
. - Deprecated the
tf-2-15-gpu
image family in favor oftf-2-15-cu121
.
(New guide) Single-zone deployment on Compute Engine: Provides a reference architecture for a multi-tier application that runs on Compute Engine VMs in a single Google Cloud zone and describes the design factors to consider when you build a single-zone architecture.
(2024-R03) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.27.8-gke.1067004 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.5-gke.2100
- 1.26.6-gke.1700
- 1.27.2-gke.1200
Stable channel
- Version 1.27.7-gke.1121002 is now the default version in the Stable channel.
- Version 1.28.3-gke.1286000 is now available in the Stable channel.
- Version 1.27.3-gke.100 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.3-gke.1203001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.
Regular channel
- Version 1.27.8-gke.1067004 is now the default version in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.26.6-gke.1700
- 1.27.3-gke.100
- 1.28.3-gke.1118000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1268000
- 1.26.12-gke.1111000
- 1.27.9-gke.1092000
- 1.28.5-gke.1217000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.13-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1016000 with this release.
(2024-R03) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.25.16-gke.1268000
- 1.26.12-gke.1111000
- 1.27.9-gke.1092000
- 1.28.5-gke.1217000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.13-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1016000 with this release.
(2024-R03) Version updates
- Version 1.27.8-gke.1067004 is now the default version in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.26.6-gke.1700
- 1.27.3-gke.100
- 1.28.3-gke.1118000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.
(2024-R03) Version updates
- Version 1.27.7-gke.1121002 is now the default version in the Stable channel.
- Version 1.28.3-gke.1286000 is now available in the Stable channel.
- Version 1.27.3-gke.100 is no longer available in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.3-gke.1203001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.3-gke.1203001 with this release.
(2024-R03) Version updates
- Version 1.27.8-gke.1067004 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.5-gke.2100
- 1.26.6-gke.1700
- 1.27.2-gke.1200
M116 release
The M116 release of Vertex AI Workbench user-managed notebooks includes the following:
- Updated custom container user-managed notebooks to use NVIDIA driver version 535.104.05.
- Fixed bugs in custom container user-managed notebooks where GPUs either wouldn't attach to the container properly, or detached after some time.
The M116 release of Vertex AI Workbench managed notebooks includes the following:
- Fixed a bug (present in versions M113 through M115) that prevented new local kernels from being usable.
February 07, 2024
Apigee Integrated PortalOn February 07, 2024 we released an updated version of Apigee integrated portal.
Bug ID | Description |
---|---|
323278335 | A security issue was fixed. |
192987085 | Fixed an issue where switching API spec pages in the public developer portal resulted in an error. Note, this issue was erroneously mentioned in the 12/7/23 release notes. |
You can now view query plans to see details of SQL pushdowns in federated queries. This feature is now generally available.
A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.
Log buckets in the following regions can now be upgraded to use Log Analytics:
- europe-west10
For more information, see Supported regions.
The rollout of the following extensions and flags is underway:
Extensions
- autoinc (version 1.0): provides functions for incrementing fields automatically. This trigger stores the next value of a sequence into an integer field.
- bloom (version 1.0): provides a method to access indexes based on bloom filters. These filters are space-efficient data structures that you can use to test whether an element is a member of a set.
- insert_username (version 1.0): provides functions for storing the current user's name into a text field. You can use this to track who last modified a row in a database table.
- moddatetime (version 1.0): provides functions for storing the current time into a timestamp field. You can use this to track the last time that a row in a database table is modified.
- pg_background (version 1.2): lets you run arbitrary commands in a background worker.
- pg_squeeze (version 1.5): removes unused space from a table and lets you use an index to sort records or rows (tuples) of the table.
- tcn (version 1.0): provides a trigger function that notifies listeners of changes to the content of database tables.
Flags
- cloudsql.enable_pg_squeeze: enables the
pg_squeeze
extension for Cloud SQL for PostgreSQL - squeeze.max_xlock_time: sets the time (in milliseconds) that the extension uses to finalize the processing for modifying a table
- squeeze.worker_autostart: starts a background worker automatically
- squeeze.worker_role: specifies the role for the background worker
The rollout of the following minor versions, extension versions, and plugin versions is underway:
Minor versions
- 11.21 is upgraded to 11.22.
- 12.16 is upgraded to 12.17.
- 13.12 is upgraded to 13.13.
- 14.9 is upgraded to 14.10.
- 15.4 is upgraded to 15.5.
Extension and plugin versions
- ipr4 is upgraded from 2.4.1 to 2.4.2.
- orafce is upgraded, as follows:
- from 3.25.1 to 4.6.1 (for PostgreSQL versions 9.6 and 10)
- from 4.6.1 to 4.7.0 (for PostgreSQL versions 11 and later)
- pg_cron is upgraded from 1.5.2 to 1.6.0.
- pgfincore is upgraded from 1.2.3 to 1.3.1.
- pg_partman is upgraded from 4.7.3 to 4.7.4.
- pg_repack is upgraded from 1.4.8 to 1.5.0.
- pgTAP is upgraded from 1.2.0 to 1.3.0.
- pgtt is upgraded from 2.9.0 to 3.0.
- pg_wait_sampling is upgraded from 1.1.4 to 1.1.5.
- PL/Proxy is upgraded from 2.10.0 to 2.11.0.
- plv8 is upgraded from 3.1.4 to 3.2.0.
- postgresql_hll is upgraded from 2.17 to 2.18.
If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.
The new maintenance version is [PostgreSQL version].R20240130.00_00
. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.
When you purchase a resource-based commitment for GPUs, Local SSD disks, or both, you can attach any of your existing on-demand or auto-created future reservations to that commitment. By attaching existing reservations, you can reserve resources in advance and minimize resource unavailability issues when you purchase commitments for GPU or Local SSD disk resources.
For more information, see Purchase commitments with attached reservations.
Cloud Deploy now uses Skaffold 2.10 as the default Skaffold version for all target types.
Made changes to the information schema to improve the accuracy of data type reporting.
The information_schema.columns.spanner_type
and information_schema.index_columns.spanner_type
columns now include a limit value for the character varying(limit_value)
and character varying(limit_value)[]
types.
The following models have been added to Model Garden:
- Stable Diffusion XL LCM: The Latent Consistency Model (LCM) enhances text-to-image generation in Latent Diffusion Models by enabling faster and high-quality image creation with fewer steps.
- LLaVA 1.5: Deploy LLaVA 1.5 models.
- PyTorch-ZipNeRF: The Pytorch-ZipNeRF model is a state-of-the-art implementation of the ZipNeRF algorithm in the Pytorch framework, designed for efficient and accurate 3D reconstruction from 2D images.
- LLaMA 2 (Quantized): A quantized version of Meta's Llama 2 models.
- WizardLM: WizardLM is a large language model (LLM) developed by Microsoft, fine-tuned on complex instructions by adapting the Evol-Instruct method.
- WizardCoder: WizardCoder is a large language model (LLM) developed by Microsoft, fine-tuned on complex instructions by adapting the Evol-Instruct method to the domain of code.
- AutoGluon: With AutoGluon you can train and deploy high-accuracy machine learning and deep learning models for tabular data.
- Lama (Large mask inpainting): Use Large Mask Inpainting with fast Fourier convolutions (FFCs), a high receptive field perceptual loss, and large training masks for resolution-robust image inpainting.
The following changes have been made to Model Garden:
- Added one-click tuning button, and dedicated deployment, tuning, quantization, and evaluation notebooks for Llama 2.
- Added one-click deployment button for more than 20 models with pre-trained
OSS artifacts, including
Salesforce/blip-image-captioning-base
andtimbrooks/instruct-pix2pix
. - Supported CodeLlaMA70b with notebooks and the one-click deployment button.
- Added tuning notebooks for Mistral models.
- Added serving notebooks for Stable Video Diffusion Img2Vid XT. These notebooks are used for research purposes.
February 06, 2024
AlloyDB for PostgreSQLAlloyDB for PostgreSQL is now available in europe-west10
(Berlin). For more information, see AlloyDB locations.
You can now view the details of the OS of your Bare Metal Solution server. This feature is generally available (GA).
Billing for Spark stored procedures begins on March 12, 2024. Until that date, Spark stored procedures are offered at no extra cost.
Chronicle requires a minimum Transport Layer Security (TLS) version of 1.2 to maintain security compliance. Ingestion routing connections that use lower TLS versions are automatically blocked. Upgrade any custom ingestion mechanisms to adhere to TLS 1.2 or higher.
When the data ingestion rate for a tenant reaches a certain threshold, Chronicle controls the rate of ingestion for new data feeds to prevent a source with a high ingestion rate from affecting the ingestion rate of another data source. The ingestion volume and tenant's usage history determine the threshold. If the rate of ingestion does not deviate greatly then there is no effect on the ingestion rate.
Cloud SQL for MySQL now supports minor version 8.0.36. To upgrade your existing instance to the new version, see Upgrade the database minor version.
Clusters on control plane versions 1.26.6-gke.1900 and later might encounter intermittent connection establishment failures.
The chances of failures are low and it doesn't affect all clusters. The failures should stop completely after a few days since the symptom onset.
Alternatively, upgrade to the following versions instead, which are not affected by this issue:
- 1.26.13-gke.1052000 and later.
- 1.27.10-gke.1055000 and later.
- 1.28.6-gke.1095000 and later.
- 1.29.1-gke.1016000 and later.
You can use the Google Cloud console with Policy Simulator for Organization Policy to test organization policies. This feature is available in Preview.
New security posture service released to General Availability
The new security posture service is released to General Availability. This service lets you create and deploy postures so that you can define the policies for your Google Cloud organization and monitor for drift.
For more information, see Security posture overview.
Mandiant analyst CVE ratings added to vulnerability findings
The addition of CVE information, including ratings of the vulnerability by Mandiant Threat Intelligence analysts, to the details of Security Command Center vulnerability findings is released to Preview. You can now prioritize vulnerabilities based on the exploitability and impact ratings from Mandiant. For more information, see Prioritize vulnerability findings to reduce risk.
Improvements to compliance standards support now available
Improvements to the Security Command Center Compliance page in the Google Cloud console are released to General Availability. Your state of compliance with all supported standards is now presented more clearly and a new Compliance details page makes it easier to see failing controls. For more information, see Assess and report compliance.
Prioritize high-value resources automatically by data sensitivity
The optional integration of the Sensitive Data Protection discovery feature with the Security Command Center attack path simulation feature is released to Preview. If you use Sensitive Data Protection discovery, you can choose to have the priority value of supported high-value resources set automatically based on whether they contain medium-sensitivity or high-sensitivity data. For more information, see Set resource priority values automatically by data sensitivity.
Attack exposure scores informed by Mandiant Threat Intelligence
The inclusion of CVE exploitability ratings in the calculation of attack exposure scores for vulnerability findings is released to Preview. The ratings, which are provided by Mandiant Threat Intelligence analysts, enables Security Command Center attack path simulations to provide more accurate scores for prioritizing vulnerability findings. For more information, see Incorporation of CVE data.
High-value resources now include attack exposure scores
The calculation of attack exposure scores for high-value resources by the Security Command Center Attack Path Simulations feature is released to Preview. Use attack exposure scores on resources to proactively secure the resources that are the most valuable to your business. For more information, see Attack exposure scores.
February 05, 2024
Anthos clusters on AWSYou can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
Data lineage is now generally available (GA) in Cloud Composer 2.
Data lineage integration is now enabled by default in newly created environments with Cloud Composer version 2.1.2 and later, if Data Lineage API is enabled in the environment's project. Existing and upgraded environments keep their current configuration.
Python 3.11 is available in environments with Airflow 2.6.3:
New environments with Airflow 2.6.3 use Python 3.11. Python 3.8 is no longer available in new environments with Airflow 2.6.3.
Existing environments with Airflow 2.6.3 switch to Python 3.11 when upgraded. Before upgrading, make sure that custom PyPI packages in your environment are compatible with Python 3.11.
New and upgraded environments with Airflow 2.5.3 keep using Python 3.8.
Cloud Composer versions earlier than 2.6.0 keep using Python 3.8.
Airflow worker memory requirements in Python 3.11 are 10% higher compared to workers in Python 3.8. If you use custom settings for Airflow worker CPU and memory limits, then Airflow workers in your environment might enter the CrashLoopBackOff
status and stop executing tasks, if resource consumption goes above the limit.
If your environment is impacted, see the related known issue for possible solutions: Workers require more memory than in previous Airflow versions.
The default worker_concurrency formula was adjusted in Airflow 2.6.3 and later versions to accommodate this change.
(Available without upgrading) The default worker_concurrency in Airflow 2.6.3 and later versions is now calculated using a different formula. For more information, see Change worker concurrency.
Connections to the Redis environment component are now additionally secured with a password. Improved the reliability of the environment component responsible for metrics reporting (airflow-monitoring).
The apache-airflow-providers-google
package is upgraded to version 10.13.1 in images with Airflow 2.6.3. For more information about changes, see the apache-airflow-providers-google changelog from version 10.12.0 to version 10.13.1.
Cloud Composer 2.6.0 images are available:
- composer-2.6.0-airflow-2.6.3 (default)
- composer-2.6.0-airflow-2.5.3
Cloud Composer versions 2.1.5 and 1.20.5 have reached their end of full support period.
Cloud Composer 2.6.0 is a version with an extended upgrade timeline.
cos-109-17800-66-81
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.58 | v24.0.5 | v1.7.10 | v535.129.03(default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Update latest NVIDIA GPU driver to v535.154.05.
Fixed CVE-2023-6531 in the Linux kernel.
Fixed CVE-2024-0607 in the Linux kernel.
cos-105-17412-294-13
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Update latest NVIDIA GPU driver to v535.154.05.
Fixed CVE-2023-6915 in the Linux kernel.
cos-97-16919-450-7
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.208 | v20.10.24 | v1.6.21 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-6915 in the Linux kernel.
Updated cos-gpu-installer to v2.1.10.
cos-101-17162-386-12
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2023-6915 in the Linux kernel.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.5 (2024-01-30)
Bug Fixes
- dataflow: Enable universe domain resolution options (fd1d569)
Google Cloud Deploy is now available in the following regions:
- me-central1 (Doha)
- me-central2 (Dammam)
- europe-west12 (Turin)
- europe-west10 (Berlin)
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
4.2.0 (2024-02-01)
Features
- Add enforce_in_transit fields and optional annotations (#1873) (09fc424)
- Add schema revision samples (#1870) (044e149)
Bug Fixes
Go
Changes for pubsub/apiv1
1.36.1 (2024-01-30)
Bug Fixes
- pubsub: Enable universe domain resolution options (fd1d569)
Python
Changes for google-cloud-pubsub
2.19.1 (2024-02-02)
Documentation
- samples: Swap writer and reader schema to correct places (265f410)
With the secure-by-default organization policy enforcements, insecure posture is addressed with a bundle of organization policies that are enforced at the time of creation of an organization resource. Enforcement of these policies will apply to organizations created early in 2024, as the feature is gradually rolled out.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.11.5 (2024-01-30)
Bug Fixes
- secretmanager: Enable universe domain resolution options (fd1d569)
You can now convert the input video in a transcoding job to a supported high dynamic range (HDR) format.
Query an index from the Vector Search console
Vector Search has launched an improved console experience for querying both private and public deployed indexes, now available in Preview. From the console, you can create an index and endpoint, deploy the index to the endpoint, and query the index for nearest neighbors. For more information, see Manage indexes.
Support for IPv6 extension headers is available in General Availability.
reCAPTCHA Enterprise Mobile SDK v18.4.1 is now available for iOS.
This version contains fixes for the following issues:
February 04, 2024
Chronicle SOARIn Release 6.2.45 we announced new placeholders. The placeholder CurrentUserRole
has been removed and is not supported.
February 02, 2024
Apigee XOn February 2, 2024, we released an updated version of Apigee.
We modified or added these limits:
- Changed the maximum API proxy endpoints per API proxy from 5 to 10
- Specified the maximum API base paths per organization as 21,250
See the Limits page for details.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Live Stream API
livestream.googleapis.com/Asset
livestream.googleapis.com/Channel
livestream.googleapis.com/Input
livestream.googleapis.com/Pool
Generally available: You can plan ahead for VM maintenance on C3, C3D, and Z3 Preview machine types by viewing their maintenance schedule notifications. For specific machine types within these families, you can also trigger VM maintenance ahead of schedule.
Data Catalog is now available in Johannesburg (africa-south1
). For more information on region and feature availability, see regions.
Dataproc on Compute Engine: Bucket ttl validation now also runs for buckets created by Dataproc.
Dataproc on Compute Engine: Added a warning during cluster creation if the cluster Cloud Storage staging bucket is using the legacy fine-grained/ACL IAM configuration instead of the recommended Uniform bucket-level access controls.
Dataproc Serverless for Spark: When dynamic allocation is enabled, the initial executor number is determined by max of spark.dynamicAllocation.initialExecutors
and spark.executor.instances
.
FQDN network policies are now generally available with the following GKE versions:
- 1.26.4-gke.500 and later.
- 1.27.1-gke.400 and later.
- 1.28 and later.
You can further control your GKE workloads' egress traffic to a public or private service or endpoint by using a network policy matching a fully-qualified domain name or a regular expression.
FQDN Network Policy is only available and supported with GKE Enterprise.
To learn more, read Control Pod egress traffic using FQDN network policies.
reCAPTCHA Enterprise mobile SDKs now support 11 levels of scores along with the reason codes. This enhancement requires a security review. To request access, contact our sales team.
February 01, 2024
Apigee XOn February 1, 2024, we released an updated version of Apigee.
With this release, Apigee API Management organizations with Pay-as-you-go pricing provisioned before October 1, 2023, will be converted to Pay-as-you-go organizations that use updated attributes for pricing.
Prior to the conversion, these organizations were billed for API runtimes based on Apigee gateway node usage and the total number of API requests processed by Apigee analytics.
Once converted, these organizations will be billed for the following:
- Volume of API calls processed by a given proxy type
- Usage of deployment environments (per hour per region)
- Usage of additional deployment units (API proxies or shared flows)
- Any additional add-on capabilities (Advanced API security, Monetization, Analytics)
The conversion process is expected to last about 5 minutes and traffic will continue to be processed normally during this time. If proxy revision deployments are interrupted during this time frame, revisions can be deployed after conversion completes.
The Apigee API Analytics add-on will be enabled by default in converted organizations.The Analytics add-on can be disabled after the pricing change if it is not required.
For more information on the updated pricing and enhanced features now available for these organizations, see Pay-as-you-go (updated attributes) overview.
Updated pricing attributes will be reflected in March invoices. For billing questions related to this change, contact Google Cloud Billing support.
You can configure custom status events, which describe important events for a job's runnables. By providing additional information about a job's progress, custom status events can help make a job easier to analyze and troubleshoot.
For more information, see Configure custom status events to describe runnables and View a job's history through status events.
You can write unstructured and structured task logs:
- An unstructured task log lets you define a log's message.
- A structured task log lets you define multiple details for a log such as the message, the severity, custom fields, and a custom status event.
By allowing you to surface custom information in Cloud Logging, task logs can help make a job easier to analyze and troubleshoot.
For more information, see Write task logs.
You can run Batch jobs as a non-root user to meet workload or security requirements. For more information, see Create and run jobs as a non-root user.
The Bigtable Studio query builder is generally available (GA). The query builder lets you create and run queries and view the results directly from the Google Cloud console. For details, see Build queries in the console.
On February 1, 2024, Blockchain Node Engine upgraded all Ethereum Holesky nodes in preparation for the Dencun Hardfork.
The following log types were added to the Chronicle feed management API to create AWS data feeds. These feeds can be used to get context on AWS resources such as EC2 instances and users in identity and access management (IAM). Each is listed by product name and log_type
value, if applicable.
- AWS EC2 Hosts (
AWS_EC2_HOSTS
) - AWS EC2 Instances (
AWS_EC2_INSTANCES
) - AWS EC2 VPCs (
AWS_EC2_VPCS
) - AWS Identity and Access Management (
AWS_IAM
)
To view a list of log types that Chronicle supports for third-party APIs, see Configuration by log type.
Release 6.2.46 is now in Preview.
New audit logs
The platform now captures audit logs when a playbook folder is deleted. (ID 48557086)
Mentioning users in a case is not working as expected. (ID #00180795)
You can use the Google Cloud console to view DICOM store metrics.
You can use the Google Cloud console to view HL7v2 store metrics.
Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in Preview.
For more information, see Connect to an instance using Private Service Connect.
Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in Preview.
For more information, see Connect to an instance using Private Service Connect.
You can now use Private Service Connect to connect to a Cloud SQL for SQL Server instance. This solution allows you to connect to the instance from multiple VPC networks that belong to different groups, teams, projects, or organizations.
You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances.
All features are in Preview. For more information, see Connect to an instance using Private Service Connect.
New Dataproc on Compute Engine subminor image versions:
- 2.0.91-debian10, 2.0.91-rocky8, 2.0.91-ubuntu18
- 2.1.39-debian11, 2.1.39-rocky8, 2.1.39-ubuntu20, 2.1.39-ubuntu20-arm
- 2.2.5-debian12, 2.2.5-rocky9, 2.2.5-ubuntu22
New Dataproc Serverless for Spark runtime versions:
- 1.1.48
- 2.0.56
- 2.1.35
- 2.2.0-RC8
Dataproc on Compute Engine: Backported patches for HIVE-21214, HIVE-23154, HIVE-23354 and HIVE-23614.
Release 1.15.9
GKE on Bare Metal 1.15.9 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.15.9 runs on Kubernetes 1.26.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Fixes:
The following container image security vulnerabilities have been fixed in 1.15.9:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
GKE on VMware 1.15.8-gke.41 is now available. To upgrade, see Upgrading Anthos clusters on VMware. GKE on VMware 1.15.8-gke.41 runs on Kubernetes v1.26.10-gke.2000.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.
Upgraded etcd to v3.4.27-0-gke.1.
The following issues are fixed in 1.15.8-gke.41:
- Fixed Seesaw crashing on duplicated service IP.
- Fixed a warning in the storage preflight check.
The following vulnerabilities are fixed in 1.15.8-gke.41:
High-severity container vulnerabilities:
Ubuntu vulnerabilities:
You can now encrypt Pod-to-Pod traffic between nodes in the same cluster or in a multi-cluster environment natively with GKE. Inter-node transparent encryption is now generally available, only with GKE Enterprise, for GKE clusters in the following versions:
- 1.26.9-gke.1024000 and later.
- 1.27.6-gke.1506000 and later.
- 1.28.2-gke.1098000 and later.
- 1.29 and later.
To learn more, see Encrypt your data in-transit in GKE with user-managed encryption keys.
A security vulnerability, CVE-2024-21626, has been discovered in runc
where a user with permission to create Pods on Container-Optimized OS and Ubuntu nodes might be able to gain full access to the node file system.
For instructions and more details, see the GCP-2024-005 security bulletin.
Effective January 12, 2024, a BeyondCorp Enterprise license is no longer required to deploy internal applications with an internal load balancer when securing those applications with Identity-Aware Proxy. This provides a consistent experience when using Identity-Aware Proxy with all load balancers.
Pro feature: Folders in team workspaces
You can use folders and subfolders to organize assets (reports and data sources) in team workspaces.
Learn more about using folders to organize assets in team workspaces.
You can now configure your discovery scans to reprofile data when the inspection template changes. By default, inspection template changes do not cause the affected data to be reprofiled. For more information, see Frequency of data profile generation.
January 31, 2024
App Engine standard environment JavaJava 8 has reached end of support on January 31, 2024. Your existing Java 8 applications will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you migrate to the latest supported version of Java.
Python 2.7 has reached end of support on January 31, 2024. Your existing Python 2.7 applications will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you migrate to the latest supported version of Python.
Artifact Registry is available in the africa-south1
region (Johannesburg, South Africa).
The following information schema views display the history of configuration changes to the options of your organization and projects:
ORGANIZATION_OPTIONS_CHANGES view
displays the configuration changes to an organization, including all organization and project-level changes.PROJECT_OPTIONS_CHANGES view
displays the configuration changes to a project.
This feature is now in preview.
BigQuery now supports vector search and vector indexes. These features are in preview.
You can use the
VECTOR_SEARCH
function
to search embeddings in order to identify semantically similar entities.
You can use
vector indexes
to make VECTOR_SEARCH
more efficient, with the trade-off of returning more
approximate results.
Try the new vector search and vector index capabilities with the Search embeddings with vector search tutorial.
Bigtable is available in the africa-south1
(Johannesburg) region. For more information, see Bigtable locations.
The bi-weekly release of Chronicle parsers will change to a more frequent release schedule to allow for more testing before parser changes automatically take effect in Parser Management.
Beginning on February 1, 2024, new parser updates will be released weekly as pending updates in Parser Management. Every 4 weeks beginning February 15, pending updates will automatically become active when these parser versions are promoted to default.
Any Chronicle tenants with Parser Management disabled do not use the standard Parser Management release process, so weekly parser updates will automatically take effect.
Release 6.2.45 is scheduled to be in General Availability as of February 4th, 2024.
In the first half of February, 2024, Cloud Composer 2 environments with Airflow 2.6.3 will start using Python 3.11:
- New and upgraded environments with Airflow 2.6.3 will switch to Python 3.11.
- New and upgraded environments with Airflow 2.5.3 will still use Python 3.8.
- Python 3.8 will no longer be available in new versions of Cloud Composer with Airflow 2.6.3 (and later versions of Airflow).
- Existing environments with Airflow 2.6.3 will keep using Python 3.8 until they are upgraded.
- Cloud Composer versions released before this change will keep using Python 3.8.
Dedicated Cloud Interconnect support is available in the following colocation facilities:
- Teraco Johannesburg Campus, South Africa
- Africa Data Centres, Johannesburg JHB2
For more information, see the Locations table.
Cloud KMS is available in the following region:
africa-south1
For more information, see Cloud KMS locations.
Fixed a bug that caused the audit log associated with an API that performs both Data Access and Admin Activity operations to be classified as a Data Access log. These logs are now always classified as Admin Activity audit logs.
The following new region is now available: africa-south1
.
Support for africa-south1 (Johannesburg) region.
Support for africa-south1 (Johannesburg) region.
Support for africa-south1 (Johannesburg) region.
Cloud Storage is now available in Johannesburg, South Africa (africa-south1
region).
Cloud VPN is now available in region africa-south1 (Johannesburg, South Africa).
Pricing is available on the Cloud VPN pricing page.
Preview: You can create GPU VMs in a MIG by using resize requests. Resize requests help you create VMs all at once and give you higher chances to obtain highly demanded resources such as GPUs.
For more information, see About resize requests in a MIG.
Generally available: Johannesburg, South Africa africa-south1-a,b,c
has launched with E2, N2, N2D, and T2D general-purpose VMs in all three zones.
cos-101-17162-386-11
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v20.10.24 | v1.6.24 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated latest NVIDIA GPU driver to 535.154.05.
Updated cos-gpu-installer to v2.1.10.
Updated app-emulation/containerd to 1.6.24.
Fixed CVE-2023-3164 in sys-apps/gawk.
Fixed CVE-2024-22195 in dev-python/jinja.
Fixed CVE-2024-21626 in app-emulation/runc.
Fixed CVE-2024-0646 in the Linux kernel.
Fixed CVE-2023-6040 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Changed: fs.file-max: 813032 -> 813030
cos-105-17412-294-10
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.146 | v23.0.3 | v1.7.10 | v470.223.02 (default),v535.129.03(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated cos-gpu-installer to v2.1.10.
Backported support for TCP RTO configuration in networkd.
Added kernel compatibility with iptables-nft.
Fixed CVE-2024-22195 in dev-python/jinja.
Fixed CVE-2024-21626 in app-emulation/runc.
Fixed CVE-2024-0646 in the Linux kernel.
Fixed CVE-2023-6040 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Added: net.netfilter.nf_flowtable_tcp_timeout: 30
- Added: net.netfilter.nf_flowtable_udp_timeout: 30
- Changed: fs.file-max: 813031 -> 813029
cos-109-17800-66-78
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.58 | v24.0.5 | v1.7.10 | v535.129.03(default, latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Added kernel compatibility with iptables-nft.
Upgraded dev-python/jinja to v3.1.3. This resolves CVE-2024-22195.
Fixed CVE-2024-21626 in app-containers/runc.
Fixed CVE-2024-0646 in the Linux kernel.
Fixed CVE-2023-6915 in the Linux kernel.
Fixed CVE-2024-0565 in the Linux kernel.
Fixed CVE-2024-0193 in the Linux kernel.
Runtime sysctl changes:
- Added: net.netfilter.nf_flowtable_tcp_timeout: 30
- Added: net.netfilter.nf_flowtable_udp_timeout: 30
cos-97-16919-450-6
Kernel | Docker | Containerd | GPU Drivers |
COS-5.10.208 | v20.10.24 | v1.6.21 | v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs) |
Updated latest NVIDIA GPU driver to 535.154.05.
Fixed CVE-2023-3164 in sys-apps/gawk.
Fixed CVE-2024-22195 in dev-python/jinja.
Fixed CVE-2024-21626 in app-emulation/runc.
Runtime sysctl changes:
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Changed: fs.file-max: 813422 -> 813419
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
Updated cos-gpu-installer to v2.1.10.
Dataflow is available in Johannesburg, South Africa (africa-south1
).
Dataproc is now available in the africa-south1
region (Johannesburg, South Africa).
The GitHub Ops Agent initialization action installs the Ops Agent on a Dataproc cluster, and provides metrics similar to the metrics that were enabled with the --metric-sources=monitoring-agent-defaults setting available for use with Dataproc images versions prior to version 2.2.
Eventarc is available in the africa-south1
(Johannesburg, South Africa) region.
(New guide) Regional deployment on Compute Engine: Architect a multi-tier application that runs on Compute Engine VMs in multiple zones within a Google Cloud region.
Release 1.28.100-gke.146
GKE on Bare Metal 1.28.100-gke.146 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.100-gke.146 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Fixes:
Fixed a rootless permission issue on file /var/lib/audit.log
in 1.28.100, which might block control plane node upgrades.
The following container image security vulnerabilities have been fixed in 1.28.100-gke.146:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
Security bulletin (all minor versions)
A security vulnerability, CVE-2024-21626, has been discovered in runc
where a user with permission to create Pods might be able to gain full access to the node filesystem.
For instructions and more details, see the GCP-2024-005 security bulletin.
A security vulnerability, CVE-2024-21626, has been discovered in runc where a user with permission to create Pods on Container-Optimized OS and Ubuntu nodes might be able to gain full access to the node filesystem.
For instructions and more details, see the GCP-2024-005 security bulletin.
The africa-south1
region in Johannesburg, South Africa is now available.
Managed Microsoft AD is available in the africa-south1
(Johannesburg) region. For more information, see Deploy domain controllers in additional regions.
Added new Memorystore for Redis region: Johannesburg (africa-south1
).
Pub/Sub is available in Johannesburg, South Africa (africa-south1).
Secret Manager is now available in the following region:
- africa-south1
For more information, see Secret Manager locations.
Virtual Machine Threat Detection, a built-in service of Security Command Center, launched the Malware: Malicious file on disk (YARA)
detector to Preview. This detector generates a finding if an executable file in a virtual machine matches known malware signatures.
Sensitive Data Protection is now available in Johannesburg, South Africa (africa-south1
region).
For more information, see Sensitive Data Protection locations.
You can create Spanner regional instances in Johannesburg, South Africa (africa-south1
).
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.55.0 (2024-01-08)
Features
Java
Changes for google-cloud-spanner
6.56.0 (2024-01-05)
Features
- Add autoscaling config in the instance to support autoscaling in systests (#2756) (99ae565)
- Add support for Directed Read options (#2766) (26c6c63)
- Update OwlBot.yaml file to pull autogenerated executor code (#2754) (20562d4)
Dependencies
Documentation
Node.js
Changes for @google-cloud/spanner
7.2.0 (2024-01-11)
Features
Bug Fixes
Python
Changes for google-cloud-spanner
3.41.0 (2024-01-10)
Features
- Add BatchWrite API (#1011) (d0e4ffc)
- Add PG.OID type cod annotation (#1023) (2d59dd0)
- Add support for Directed Reads (#1000) (c4210b2)
- Add support for Python 3.12 (#1040) (b28dc9b)
- Batch Write API implementation and samples (#1027) (aa36b07)
- Implementation for batch dml in dbapi (#1055) (7a92315)
- Implementation for Begin and Rollback clientside statements (#1041) (15623cd)
- Implementation for partitioned query in dbapi (#1067) (63daa8a)
- Implementation of client side statements that return (#1046) (bb5fa1f)
- Implementing client side statements in dbapi (starting with commit) (#1037) (eb41b0d)
- Introduce compatibility with native namespace packages (#1036) (5d80ab0)
- Return list of dictionaries for execute streaming sql (#1003) (b534a8a)
- spanner: Add autoscaling config to the instance proto (#1022) (4d490cf)
- spanner: Add directed_read_option in spanner.proto (#1030) (84d662b)
Bug Fixes
- Executing existing DDL statements on executemany statement execution (#1032) (07fbc45)
- Fix for flaky test_read_timestamp_client_side_autocommit test (#1071) (0406ded)
- Require google-cloud-core >= 1.4.4 (#1015) (a2f87b9)
- Require proto-plus 1.22.2 for python 3.11 (#880) (7debe71)
- Use
retry_async
instead ofretry
in async client (#1044) (1253ae4)
Documentation
- Minor formatting (498dba2)
Vertex AI Search: CMEK for US and EU is GA
Customer-managed encryption keys (CMEK) are available in the US and the EU as GA with allowlist.
If you store your data in a US or EU multi-region data store, you can provide your own encryption key to protect your data at rest.
For information, see Customer-managed encryption keys.
Vertex AI Search: Check grounding in Preview with allowlist
The CheckGrounding API determines how grounded a piece of text is in a given set of facts. Perfect grounding requires that every statement in the text can be attributed to one or more of the given facts. The API returns an overall score of 0 to 1, indicating how grounded the text is, along with citations to the appropriate given facts for each statement.
See Check grounding.
Vertex AI Search and Conversation: Use Terraform to create data stores
You can use Terraform to create data stores for your Vertex AI Search and Conversation apps. The data stores are created empty; you then ingest the data through the console or an API call.
For information, see, for example, Create a search data store.
Vertex AI Search: Gemini Pro for search summaries
You can now choose Gemini Pro as a model for generating search summaries.
For more information, see Specify the summarization model.
Vertex AI Search: Updates to autocomplete
Autocomplete is available for your search apps in the US and EU multi-regions as Public preview.
Autocomplete removes unsafe and offensive terms in eight languages in addition to English (
en
).For more information, see Autocomplete features.
Private Service Connect interfaces are available in General Availability. Private Service Connect interfaces let service producers initiate connections to consumer VPC networks.
For auto mode VPC networks, added a new subnet 10.218.0.0/20
for the Johannesburg africa-south1
region. For more information, see Auto mode IP ranges.
Workflows is available in the following additional region: africa-south1
(Johannesburg, South Africa).
Generally available: Workload Manager is now generally available (GA) for evaluating SQL Server workloads. For more information, see About Workload Manager Evaluation
January 30, 2024
App Engine standard environment GoGo 1.11 has reached end of support on January 30, 2024. Your existing Go 1.11 applications will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you migrate to the latest supported version of Go.
Go 1.12, 1.13, 1.14, 1.15, 1.16, and 1.18 have reached end of support on January 30, 2024. Your existing applications using these versions will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you migrate to the latest supported version of Go.
Node.js 10, 12, 14, and 16 have reached end of support on January 30, 2024. Your existing applications using these versions will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you upgrade to the latest supported version of Node.js.
PHP 5 has reached end of support on January 30, 2024. Your existing PHP 5 applications will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you migrate to the latest supported version of PHP.
PHP 7.2, 7.3, and 7.4 have reached end of support on January 30, 2024. Your existing applications using these versions will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you migrate to the latest supported version of PHP.
Python 3.7 has reached end of support on January 30, 2024. Your existing Python 3.7 applications will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you migrate to the latest supported version of Python.
Ruby 2.5, 2.6, and 2.7 have reached end of support on January 30, 2024. Your existing applications using these versions will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you upgrade to the latest supported version of Ruby.
On January 30, 2024, Blockchain Node Engine upgraded all Ethereum Sepolia nodes in preparation for the Dencun Hardfork.
You can now use the MySQL Shell dumpInstance
and loadDump
utilities to export and import data for multiple files in parallel. For more information, see Export and import files in parallel.
You can now use the pg_dump
and pg_restore
utilities to export and import data for multiple files in parallel. For more information, see Export and import files in parallel.
Cloud VPN support for IPv6-only HA VPN gateways is in Preview. For more information, see IPv6 support.
Generally available: Persistent Disk Asynchronous Replication is available between the following region pairs:
europe-west3
(Frankfurt, Germany) andeurope-west8
(Milan, Italy)europe-west3
(Frankfurt, Germany) andeurope-west10
(Berlin, Germany)us-east1
(Moncks Corner, South Carolina) andnorthamerica-northeast1
(Montréal, Québec)
For the full list of available regions, see Supported region pairs.
Preview: Z3 VMs, which offer the latest compute, networking, and storage innovations in one platform with a particular focus on high density, high performing Local SSD are now in Preview. For more information, see Storage-optimized machine family for Compute Engine.
Generally available: Snapshot settings are centralized configuration parameters for all snapshots in a project. You can use snapshot settings to customize the default storage location for all future snapshots in your project. By enabling you to do this, snapshot settings remove the need for you to manually specify a storage location during each individual snapshot creation.
For information about how to use snapshot settings and set your project's default snapshot storage location, see the snapshot settings documentation.
Generally available: NVIDIA L4 GPUs are now available in the following additional region and zone:
- Zurich, Switzerland (
europe-west6-b
)
For more information about using GPUs on Compute Engine, see GPU platforms.
Release 1.16.5
GKE on Bare Metal 1.16.5 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.5 runs on Kubernetes 1.27.
If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.
Fixes:
The following container image security vulnerabilities have been fixed in 1.16.5:
Critical container vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.
Cloud Spanner directed reads is now available in Preview. Directed reads provides the flexibility to route read-only transactions and single reads to a specific replica type or region in a multi-region instance configuration. For more information, see Directed reads.
January 29, 2024
AlloyDB for PostgreSQLAlloyDB Public IP is now available in Preview. You can configure an AlloyDB instance to have a public IP address and accept connections from authorized external IP addresses.
Fixed the issue causing failed connections to certain AlloyDB instances when using Auth Proxy version 1.5.0.
In February 2024, Managed Anthos Service Mesh will begin creating new Google Cloud backend resources that relate to upcoming control plane enhancements. These resources will have no impact on your traffic. The resources include but are not limited to the following:
- HealthChecks
- Gateways
- Meshes
- HTTPRoutes
- TCPRoutes
- TLSRoutes
- TrafficPolicies
- EndpointPolicies
- ServerTLSPolicies
- ClientTLSPolicies
- HTTPFilters
- TCPFilters
- ServiceLbPolicies
Managed Anthos Service Mesh 1.17 is rolling out in the stable channel. See Managed Anthos Service Mesh release channels for more information.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.37.0 (2024-01-25)
Features
Dependencies
- Update actions/upload-artifact action to v4.1.0 (#3071) (3fbb2bb)
- Update actions/upload-artifact action to v4.2.0 (#3081) (af81354)
- Update actions/upload-artifact action to v4.3.0 (#3091) (f4411b0)
- Update arrow.version to v15 (#3084) (4d4cbae)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.35.0 (#3066) (48cdaa8)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.36.0 (#3093) (24456a3)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240105-2.0.0 (#3073) (f371d67)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.39.0 (#3067) (6ff4f04)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.40.0 (#3094) (110bcc5)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.22.0 (#3080) (a5b119c)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.23.0 (#3096) (0933b34)
- Update dependency com.google.oauth-client:google-oauth-client-java6 to v1.35.0 (#3078) (2614df2)
- Update dependency com.google.oauth-client:google-oauth-client-jetty to v1.35.0 (#3079) (f03c4fc)
- Update github/codeql-action action to v2.23.0 (#3061) (0fbdfba)
- Update github/codeql-action action to v2.23.1 (#3077) (e3f417c)
Python
Changes for google-cloud-bigquery
3.17.1 (2024-01-24)
Bug Fixes
- Add pyarrow.large_strign to the _ARROW_SCALAR_IDS_TO_BQ map (#1796) (b402a6d)
- Retry 'job exceeded rate limits' for DDL queries (#1794) (39f33b2)
3.17.0 (2024-01-24)
Features
Bug Fixes
query_and_wait
now retains unknown query configuration_properties
(#1793) (4ba4342)- Raise
ValueError
inquery_and_wait
with wrongjob_config
type (4ba4342)
Documentation
- Remove unused query code sample (#1769) (1f96439)
- Update
snippets.py
to usequery_and_wait
(#1773) (d90602d) - Update multiple samples to change query to query_and_wait (#1784) (d1161dd)
- Update the query with no cache sample to use query_and_wait API (#1770) (955a4cd)
- Updates
query
toquery and wait
in samples/desktopapp/user_credentials.py (#1787) (89f1299)
You can now use tags on BigQuery tables to conditionally grant or deny access with Identity and Access Management (IAM) policies. This feature is in preview.
Cloud console updates: You can now sort query results by column. Click generally available (GA).
Open sort menu next to the column name and select a sort order. This feature isA weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.32.0 (2024-01-25)
Features
Bug Fixes
Dependencies
A weekly digest of client library updates from across the Cloud SDK.
New event types for VM instances and for GKE Pods, Clusters, and Nodes, are now available to display on your dashboards. This feature is in Public Preview.
- For a list of supported events, see Events overview.
- For information about enabling events, see Show events on a dashboard.
All release notes published on this date are part of the 3.10 release.
OAuth for Email Channel: Email channel authentication now supports Microsoft OAuth.
Deltacast and Multicast, queue-level configuration: Admins can now designate a cast type (Multicast or Deltacast) at the queue level. The following updates are included:
- Updated queue and global settings in the CCAP Platform Portal, featuring a dedicated Routing section to configure call or chat routing.
- A new Deltacast Attempt Count setting that lets you configure how many times to attempt to Deltacast to a single agent before Multicasting.
Chat translations: CCAI Platform now supports automatic translations in the Agent Chat Adapter. The end-user's message is automatically translated into the Agent Adapter's default language. Incoming messages are translated according to settings on the incoming queue. Responses from the agent are then automatically translated back into the end-user's language.
Agent Call Adapter, answer button: The answer button has been updated to be more visible to agents.
Email Chrome notification: CCAI Platform now offers Chrome push notifications to notify agents when they are assigned new emails.
Pass CCAI Platform metadata to web chat Virtual Agent: You can now pass CCAIP metadata parameters to a Virtual Agent for web queues. For more information on adding a dynamic parameter see Pass Data Parameters.
Fixed an issue that caused an agent to receive errors if they tried to send messages through the Blended SMS feature when custom messages were disabled.
Fixed an issue where the Smart Actions menu wouldn't close if the agent was redacting the call.
Fixed an issue where the displayed time of the participants joining the call was marked as invalid.
Fixed an issue that caused some screens in the Agent Call Adapter to be displayed with a black background when the agent had dark mode activated in the Kustomer CRM.
The search field for disposition codes is no longer case sensitive.
Fixed an issue that prevented the use of the clipboard copy function while using a CRM in custom CRM view.
Fixed an issue that caused a Dialogflow CX session to not last longer than 30 minutes.
Fixed an issue where closing the participants' screen did not navigate the agent back to the call screen.
Support for VPC Service Controls is available in preview.
Eventarc support for creating triggers for direct events from Cloud Firestore is generally available (GA).
Eventarc events and Firestore events for Cloud Functions (2nd gen) are now supported at the General Availability (GA) level.
Eventarc events and Firestore events for Cloud Functions (2nd gen) are now supported at the General Availability (GA) level.
Mode and GPU class selection are available when creating new instances.
- NVIDIA L4 GPUs are supported in certain regions.
- 3D-only mode is available.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
1.36.0 (2024-01-26)
Features
- pubsub: Add
ingestion_data_source_settings
field toTopic
(97d62c7) - pubsub: Add enforce_in_transit fields and optional annotations (97d62c7)
Bug Fixes
1.35.0 (2024-01-25)
Features
Java
Changes for google-cloud-pubsub
1.126.2 (2024-01-26)
Bug Fixes
Dependencies
1.126.1 (2024-01-25)
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.36.0 (#1840) (8c5117d)
- Update dependency com.google.cloud:google-cloud-core to v2.30.0 (#1853) (db36def)
- Update dependency com.google.cloud:google-cloud-core to v2.31.0 (#1872) (06db9a0)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.22.0 (#1865) (f4c6f51)
- Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.23.0 (#1873) (0d445f1)
- Update dependency com.google.cloud:google-cloud-storage to v2.32.0 (#1857) (d673e55)
- Update dependency com.google.cloud:google-cloud-storage to v2.32.1 (#1874) (adae8a4)
- Update dependency com.google.protobuf:protobuf-java-util to v3.25.2 (#1858) (8fa6354)
New SAP HANA certification: Hyperdisk Balanced usage with M3 machine types
For running SAP HANA on Google Cloud, SAP has certified using Hyperdisk Balanced with M3 machine types.
For more information, see:
- About Hyperdisks
- Certified Compute Engine VMs for SAP HANA
- The Hyperdisk Balanced sizes tab in Minimum sizes for SSD-based persistent disks and Hyperdisks
Vertex Prediction
You can now customize more deployment parameters when uploading your models, such as shared memory allocation and custom startup and readiness probes. These parameters may be useful when deploying LLMs.
For more information, see Deploy generative AI models, Custom container requirements for prediction, and ModelContainerSpec
.