Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

October 29, 2024

Cloud Load Balancing

All the Application Load Balancers, except the classic Application Load Balancer, now support stateful cookie-based session affinity. When you use stateful cookie-based affinity, the load balancer includes an HTTP cookie in the Set-Cookie header in response to the initial HTTP request. With stateful session affinity, customers can preserve stickiness to the selected backend.

For details, see Stateful cookie-based session affinity.

This capability is in General Availability.

Cloud Logging

You can now create and manage log scopes by using the Google Cloud CLI, in addition to using the Cloud Console and Terraform. Log scopes are in Public Preview. For more information, see

Cloud Storage

Data Access logs are now compatible with all authenticated browser downloads.

  • When an authenticated browser download occurs outside of the Google Cloud console, a resulting Data Access log has its principalEmail and callerIp fields redacted.
Google Kubernetes Engine

Three new metrics are added for measuring node and workload startup latency:

  • kubernetes.io/node/latencies/startup: The total startup latency of a node, from the GCE instance's CreationTimestamp to Kubernetes Node Ready for the first time.

  • kubernetes.io/pod/latencies/pod_first_ready: The Pod end-to-end startup latency (from Pod Created to Ready), including image pulls. This metric is available for clusters with GKE version 1.31.1-gke.1678000 or later.

  • kubernetes.io/autoscaler/latencies/per_hpa_recommendation_scale_latency_seconds: Horizontal Pod Autoscaling (HPA) scaling recommendation latency (the time between metrics being created and the corresponding scaling recommendation being applied to the API server) for the HPA target. This metric is available for clusters running the following versions or later:

    • 1.30.4-gke.1348001
    • 1.31.0-gke.1324000
Memorystore for Redis

Added support for the databases configuration. For more details, see the entry for databases in Supported Redis configurations.

SAP on Google Cloud

BigQuery Connector for SAP version 2.8

Version 2.8 of the BigQuery Connector for SAP is generally available (GA). This version offers several enhancements and bug fixes, including the record compression option at field level, a transaction to view the version of BigQuery Connector for SAP, and an enhancement spot for HTTP error handling.

For more information, see What's new with BigQuery Connector for SAP.

October 28, 2024

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL now supports in-place major version upgrade in Preview. You can upgrade your cluster that is compatible with PostgreSQL version 14 to 15. For more information, see Upgrade a database in-place major version.

Batch

Dynamic Workload Scheduler for Batch is available in Preview. We recommend using Dynamic Workload Scheduler to improve resource availability for jobs that run on A3 GPU VMs when you don't intend to use a reservation. For more information, see Create and run a job that uses GPUs.

Cloud Load Balancing

To take advantage of the new features of the global external Application Load Balancer, you can now migrate your classic Application Load Balancer resources to the global external Application Load Balancer infrastructure.

To migrate to the global external Application Load Balancer, you change the load balancing scheme of your load balancing resources—specifically, the backend services and forwarding rules—from EXTERNAL to EXTERNAL_MANAGED. You can also rollback resources to the classic Application Load Balancer infrastructure, as long as you do so within 90 days of changing the load balancing scheme.

For more details on the migration process, see the following pages:

This capability is available in Preview.

Cloud Logging

You can now use tags to annotate your log buckets and use the tags to manage access to the log buckets. For more information, see Manage log buckets by using tags.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.6 (2024-10-26)

Dependencies

3.20.5 (2024-10-23)

Dependencies
Cloud Monitoring

The capabilities for dashboard-level filtering has been enhanced. You can now configure pinned filters and variables to have multiple default values and support selection of multiple values. You can also create value-only variables and generate the list of possible values for a variable by running a SQL query. These features are in Public Preview. For more information, see the following documents:

Cloud Storage

Additional functionality is now available for the Object Retention Lock and Bucket Lock features:

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.44.1 (2024-10-25)

Dependencies

2.44.0 (2024-10-23)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (c517798)
  • Fix createFrom resumable upload retry offset calculation (#2771) (1126cdc), closes #2770
  • Update gRPC ReadObject retry to avoid double retry (#2765) (1fc57b9)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20241008-2.0.0 (#2776) (0545b5e)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#2787) (a470e88)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.48.0 (#2781) (8fa013e)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.49.0 (#2782) (a7baffb)
  • Update googleapis/sdk-platform-java action to v2.48.0 (#2786) (2893e61)

You can now use the Google Cloud console to get soft delete recommendations for buckets. Soft delete recommendations help you determine when it's best to enable or disable the soft delete feature on a bucket based on impact to cost and security.

Container Optimized OS

cos-105-17412-495-13

Date Kernel Docker Containerd GPU Drivers
Oct 28, 2024 COS-5.15.167 v23.0.3 v1.7.23 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded app-containers/cni-plugins to v1.5.1.

Updated R550, latest driver to v550.90.12.

Fixed CVE-2024-8096 and CVE-2024-7264 in net-misc/curl.

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-27017 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Fixed CVE-2024-39463 in the Linux kernel.

Fixed CVE-2024-47674 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812700 -> 812685

cos-117-18613-0-99

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-44991 in the Linux kernel.

Fixed CVE-2024-47674 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811768 -> 811706

cos-113-18244-236-9

Date Kernel Docker Containerd GPU Drivers
Oct 28, 2024 COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812035

cos-109-17800-372-12

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812253

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.10.2 (2024-10-23)

Bug Fixes
  • dataflow: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • dataflow: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.24.0 (2024-10-24)

Features
  • Add FindNearest API to the stable branch (3512ba2)
Bug Fixes
  • sample: Change update entity sample to use transaction (#1633) (c44f17a)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#1632) (6453f1e)
  • Update googleapis/sdk-platform-java action to v2.48.0 (#1628) (d3bce79)
Generative AI on Vertex AI

You can now fine-tune the following models from the Cloud console:

The Whisper large v3 and Whisper large v3 turbo models have been added to Model Garden.

Updated the fine-tuning notebooks for Gemma 2, Llama 3.1, Mistral, and Mixtral with the following enhancements:

  • The notebooks use an updated high-performance container for single host multi-GPU LoRA fine-tuning.
    • Better throughput and GPU utilization with well-tested max-sequence-lengths.
    • Support for input token masking.
    • No out of memory (OOM) error during fine-tuning.
  • Added a custom dataset example that uses a template and format validation.
  • Support for a default accelerator pool with quota checks.
  • Improved documentation.
Google Kubernetes Engine

The A3 Edge (a3-edgegpu-8g) machine type with H100 80GB GPUs attached is now available on GKE Standard clusters. To learn more, see About GPUs.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • AIX system (OS)
  • Apache Tomcat (Web server)
  • Apigee (Google Cloud Specific)
  • Aqua Security (IaaS Applications)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS GuardDuty (IDS/IPS)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD (LDAP)
  • Azure AD Sign-In (Misc Windows Specific)
  • Azure VPN (VPN)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Checkpoint Audit (AUDIT)
  • Chrome Management (Browser)
  • Cisco ASA (firewall)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco IronPort (Gateway Security)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Switch (Switches, Routers)
  • Cisco UCM (Communication Manager)
  • Cisco Unity Connection (Administration and Management)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloudflare (SaaS Application)
  • CommVault (Alert System)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • Darktrace (NDR)
  • Dell Switch (Switches, Routers)
  • Druva Backup (Security)
  • Entrust nShield HSM (Hardware Security Module)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • Fidelis Network (NDR)
  • FireEye (Alerts)
  • FireEye HX (EDR)
  • FireEye NX (NDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • GitGuardian Enterprise (SaaS Applications)
  • Guardicore Centra (Deception Software)
  • Halcyon Anti Ransomware (AV and endpoint logs)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Linux (OS)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • IBM Security QRadar SOAR (Security)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Audit Trail (IT infrastructure)
  • Infoblox DHCP (DHCP)
  • INTEL471 Watcher Alerts (Data Security)
  • Jamf Protect Alerts (Endpoint Security)
  • Juniper (Firewall)
  • KnowBe4 PhishER (Email server log types.)
  • Kubernetes Node (Kubernetes Container)
  • Linux Auditing System (AuditD) (OS)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD (LDAP)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Defender for Office 365 (Email server log types.)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Netlogon (Authentication)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Netscope Client (CASB)
  • Office 365 (SaaS Application)
  • Okta User Context (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opswat Metadefender (Threat Protection)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • pfSense (FIREWALL)
  • Ping Federate (Authentication)
  • Proofpoint Observeit (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Pure Storage (Data Storage)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Salesforce (SaaS Application)
  • Salesforce Commerce Cloud (SaaS Application)
  • Security Command Center Threat (Google Cloud Specific)
  • ServiceNow CMDB (Policy Management)
  • Sophos UTM (Unified Threat Management)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Sysdig (Security)
  • Tanium Threat Response (Tanium Specific)
  • ThreatX WAF (WAF)
  • Thycotic (Identity and Access Management)
  • Tines (Data Security)
  • Trend Micro (SMS, UNITY_ONE)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Twingate (VPN)
  • Unix system (OS)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • Windows Defender ATP (AV / Endpoint)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Local Administrator Password Solution (Local Administrator Password Solution)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace Alerts (Google Cloud Specific)
  • Zscaler (Web Proxy)
  • Zscaler Tunnel (N/A)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adobe I/O Runtime (ADOBE_IO_RUNTIME)
  • Amazon VPC Transit Gateway Flow Logs (AWS_VPC_TRANSIT_GATEWAY)
  • Appsentinels (APPSENTINELS)
  • Asset Panda (ASSET_PANDA)
  • AstriX (ASTRIX)
  • Atlan (ATLAN)
  • Azure Container Registry (AZURE_CONTAINER_REGISTRY)
  • Backbase Engagement Banking Platform (BACKBASE)
  • Barracuda Incident Response (BARRACUDA_INCIDENTRESPONSE)
  • Cloudflare Access (CLOUDFLARE_ACCESS)
  • Control D DNS (CONTROL_D)
  • Digicert (DIGICERT)
  • Elastic Defend (ELASTIC_DEFEND)
  • FingerprintJS (FINGERPRINT_JS)
  • Hashicorp Nomad (HASHICORP_NOMAD)
  • IBM NS1 (IBM_NS1)
  • Intel 471 Malware Intelligence (INTEL471_MALWARE_INTEL)
  • MacStadium (MACSTADIUM)
  • N-Able N-Central RMM (N_ABLE_N_CENTRAL_RMM)
  • Opentext Exstream (OPENTEXT_EXSTREAM)
  • OVHcloud (OVHCLOUD)
  • OX Security (OX_SECURITY)
  • Pharos (PHAROS)
  • ReliaQuest (RELIAQUEST)
  • Rublon (RUBLON)
  • Snyk Group level audit/issues logs (SNYK_ISSUES)
  • SolarWinds Network Performance Monitor (SOLARWINDS_NPM)
  • StackHawk (STACKHAWK)
  • Tencent Cloud Firewall (TENCENT_CLOUD_FIREWALL)
  • Tencent Cloud Waf (TENCENT_CLOUD_WAF)
  • Tencent Cloud Workload Protection (TENCENT_CLOUD_WORKLOAD_PROTECTION)
  • Trend Micro Server Protect (TRENDMICRO_SERVER_PROTECT)
  • UKG (UKG)
  • Uptivity (UPTIVITY)
  • USBAV Koramis (USBAV_KORAMIS)
  • Virtual Network Flow Logs (VIRTUAL_NETWORK_FLOW_LOGS)
  • Windows Performance Monitor (MS_PERFMON)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • AIX system (OS)
  • Apache Tomcat (Web server)
  • Apigee (Google Cloud Specific)
  • Aqua Security (IaaS Applications)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS GuardDuty (IDS/IPS)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD (LDAP)
  • Azure AD Sign-In (Misc Windows Specific)
  • Azure VPN (VPN)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Checkpoint Audit (AUDIT)
  • Chrome Management (Browser)
  • Cisco ASA (firewall)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco IronPort (Gateway Security)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Switch (Switches, Routers)
  • Cisco UCM (Communication Manager)
  • Cisco Unity Connection (Administration and Management)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloudflare (SaaS Application)
  • CommVault (Alert System)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • Darktrace (NDR)
  • Dell Switch (Switches, Routers)
  • Druva Backup (Security)
  • Entrust nShield HSM (Hardware Security Module)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • Fidelis Network (NDR)
  • FireEye (Alerts)
  • FireEye HX (EDR)
  • FireEye NX (NDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • GitGuardian Enterprise (SaaS Applications)
  • Guardicore Centra (Deception Software)
  • Halcyon Anti Ransomware (AV and endpoint logs)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Linux (OS)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • IBM Security QRadar SOAR (Security)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Audit Trail (IT infrastructure)
  • Infoblox DHCP (DHCP)
  • INTEL471 Watcher Alerts (Data Security)
  • Jamf Protect Alerts (Endpoint Security)
  • Juniper (Firewall)
  • KnowBe4 PhishER (Email server log types.)
  • Kubernetes Node (Kubernetes Container)
  • Linux Auditing System (AuditD) (OS)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD (LDAP)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Defender for Office 365 (Email server log types.)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Netlogon (Authentication)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Netscope Client (CASB)
  • Office 365 (SaaS Application)
  • Okta User Context (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opswat Metadefender (Threat Protection)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • pfSense (FIREWALL)
  • Ping Federate (Authentication)
  • Proofpoint Observeit (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Pure Storage (Data Storage)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Salesforce (SaaS Application)
  • Salesforce Commerce Cloud (SaaS Application)
  • Security Command Center Threat (Google Cloud Specific)
  • ServiceNow CMDB (Policy Management)
  • Sophos UTM (Unified Threat Management)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Sysdig (Security)
  • Tanium Threat Response (Tanium Specific)
  • ThreatX WAF (WAF)
  • Thycotic (Identity and Access Management)
  • Tines (Data Security)
  • Trend Micro (SMS, UNITY_ONE)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Twingate (VPN)
  • Unix system (OS)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • Windows Defender ATP (AV / Endpoint)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Local Administrator Password Solution (Local Administrator Password Solution)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace Alerts (Google Cloud Specific)
  • Zscaler (Web Proxy)
  • Zscaler Tunnel (N/A)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adobe I/O Runtime (ADOBE_IO_RUNTIME)
  • Amazon VPC Transit Gateway Flow Logs (AWS_VPC_TRANSIT_GATEWAY)
  • Appsentinels (APPSENTINELS)
  • Asset Panda (ASSET_PANDA)
  • AstriX (ASTRIX)
  • Atlan (ATLAN)
  • Azure Container Registry (AZURE_CONTAINER_REGISTRY)
  • Backbase Engagement Banking Platform (BACKBASE)
  • Barracuda Incident Response (BARRACUDA_INCIDENTRESPONSE)
  • Cloudflare Access (CLOUDFLARE_ACCESS)
  • Control D DNS (CONTROL_D)
  • Digicert (DIGICERT)
  • Elastic Defend (ELASTIC_DEFEND)
  • FingerprintJS (FINGERPRINT_JS)
  • Hashicorp Nomad (HASHICORP_NOMAD)
  • IBM NS1 (IBM_NS1)
  • Intel 471 Malware Intelligence (INTEL471_MALWARE_INTEL)
  • MacStadium (MACSTADIUM)
  • N-Able N-Central RMM (N_ABLE_N_CENTRAL_RMM)
  • Opentext Exstream (OPENTEXT_EXSTREAM)
  • OVHcloud (OVHCLOUD)
  • OX Security (OX_SECURITY)
  • Pharos (PHAROS)
  • ReliaQuest (RELIAQUEST)
  • Rublon (RUBLON)
  • Snyk Group level audit/issues logs (SNYK_ISSUES)
  • SolarWinds Network Performance Monitor (SOLARWINDS_NPM)
  • StackHawk (STACKHAWK)
  • Tencent Cloud Firewall (TENCENT_CLOUD_FIREWALL)
  • Tencent Cloud Waf (TENCENT_CLOUD_WAF)
  • Tencent Cloud Workload Protection (TENCENT_CLOUD_WORKLOAD_PROTECTION)
  • Trend Micro Server Protect (TRENDMICRO_SERVER_PROTECT)
  • UKG (UKG)
  • Uptivity (UPTIVITY)
  • USBAV Koramis (USBAV_KORAMIS)
  • Virtual Network Flow Logs (VIRTUAL_NETWORK_FLOW_LOGS)
  • Windows Performance Monitor (MS_PERFMON)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Sensitive Data Protection

The ITALY_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Workflows

Two standard library functions to support common hashing algorithms have been added: compute_checksum and compute_hmac.

October 26, 2024

Google SecOps SOAR

Release 6.3.23 is currently in Preview.

Custom SMTP Configuration does not send emails with send_mail function in monitoring jobs (ID #52614371)

Unexpected behavior between system wide and user preference localization time zone settings. Following this bug fix, the default time zone is now set to UTC + 1. This does not override the user local settings. The admin needs to change the default timezone to the required timezone if needed. (ID #51914939, #52558921)

October 25, 2024

Cloud SQL for MySQL

When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. This parameter contains the maximum number of bytes that you can be charged for a backup.

Cloud SQL for PostgreSQL

When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. This parameter contains the maximum number of bytes that you can be charged for a backup.

Cloud SQL for SQL Server

When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. This parameter contains the maximum number of bytes that you can be charged for a backup.

Colab Enterprise

Colab Enterprise is now available in the following regions:

  • Hamina, Finland (europe-north1)
  • Milan, Italy (europe-west8)
  • Tel Aviv, Israel (me-west1)
  • Warsaw, Poland (europe-central2)

See Colab Enterprise locations.

Compute Engine

Generally available: The A3 Edge accelerator-optimized machine type is now available. The A3 Edge machine type has NVIDIA® H100 80GB GPUs attached and provides up to 800 Gbps of network bandwidth speed depending on the region. A3 Edge VMs are ideal for inference or training ML workloads that require a single node. The A3 Edge machine type is available in the following regions and zones:

  • APAC
    • Tokyo, Japan: asia-northeast1-c
    • Seoul, South Korea: asia-northeast3-a,c
    • Mumbai, India: asia-south1-c
  • Europe
    • London, England: europe-west2-b
    • Frankfurt, Germany: europe-west3-a
    • Eemshaven, Netherlands: europe-west4-b
    • Milan, Italy: europe-west8-c
    • Paris, France: europe-west9-c
    • Turin, Italy: europe-west12-b
  • North America
    • Toronto, Ontario: northamerica-northeast2-c

To get started with A3 Edge VMs, see Create an A3 VM.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.124-debian10, 2.0.124-rocky8, 2.0.124-ubuntu18
  • 2.1.72-debian11, 2.1.72-rocky8, 2.1.72-ubuntu20, 2.1.72-ubuntu20-arm
  • 2.2.38-debian12, 2.2.38-rocky9, 2.2.38-ubuntu22

Dataproc Serverless for Spark: Added common AI/ML Python packages by default to Dataproc Serverless for Spark 1.2 and 2.2 runtimes.

Dataproc Serverless for Spark: Upgraded Cloud Storage connector to 3.0.3 version in the latest 1.2 and 2.2 runtimes.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.700-gke.110 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.700-gke.110 runs on Kubernetes v1.29.8-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.29.700-gke.110:

  • Fixed the known issue that caused gkectl to display false warnings on admin cluster version skew.
  • Fixed the known issue that caused migrating a user cluster to Controlplane V2 to fail if secrets encryption has ever been enabled on the user cluster, even if it's already disabled.
  • Fixed the known issue that caused migrating an admin cluster from non-HA to HA to fail if the admin cluster had enabled secret encryption at 1.14 or earlier, and upgraded all the way from that version.

The following vulnerabilities are fixed in 1.29.700-gke.110:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Google Kubernetes Engine

(2024-R41) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1678000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1145000
    • 1.31.1-gke.1146000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1678000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1678000 with this release.

Regular channel

Stable channel

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

Extended channel

No channel

(2024-R41) Version updates

  • Version 1.31.1-gke.1678000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1145000
    • 1.31.1-gke.1146000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1678000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1678000 with this release.

(2024-R41) Version updates

(2024-R41) Version updates

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

(2024-R41) Version updates

(2024-R41) Version updates

Security Command Center

Event Threat Detection's Outgoing DoS finding has been shut down and is no longer available.

Sensitive Data Protection

The PARAGUAY_TAX_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The sensitive data discovery service can now detect the presence of secrets, such as passwords and authentication tokens, in your Cloud Run service revision environment variables. Sensitive Data Protection sends any findings to Security Command Center as vulnerability findings. For more information, see Report secrets in environment variables to Security Command Center.

Vertex AI Agent Builder

Vertex AI Search: Get grounding scores for answers with summaries and follow-ups (GA)

The answer method can return aggregated grounding scores for answers and individual grounding scores for claims.

This feature is Generally available (GA). For more information, see Return grounding support scores.

Vertex AI Search: Return only well-grounded answers with summaries and follow-ups (GA)

With the answer method, you can choose to filter out poorly-grounded answers. There are two filter levels: choose to return only answers with high grounding scores (at the risk of losing some helpful answers) or choose a lower filter to get more answers.

This feature is Generally available (GA). For more information, see Show only well-grounded answers.

Vertex AI Search: Advanced autocomplete (Public preview)

Use advanced autocomplete to enable autocomplete on blended search apps. Also, advanced autocomplete supports:

  • Access control
  • Language boosting
  • Rich suggestions, which return document suggestions or recent search suggestions

For more information, see Configure advanced autocomplete. This feature is in Public preview.

October 24, 2024

BigQuery

BigQuery provides context-aware transformation recommendations from Gemini for cleansing data for analysis. Data preparation is available in Preview.

Cloud Data Fusion

Using Dataproc version 2.2 in your Cloud Data Fusion pipeline can fail in some cases with the following error: ERROR [Driver:o.a.s.d.y.ApplicationMaster@97] - User class threw exception: java.lang.NoSuchMethodError: 'org.apache.spark.sql.catalyst.encoders.ExpressionEncoder org.apache.spark.sql.catalyst.encoders.RowEncoder.apply(org.apache.spark.sql.types.StructType)' at io.cdap.cdap.etl.spark.batch.OpaqueDatasetCollection.toDataframeCollection(OpaqueDatasetCollection.java:111).
To avoid this issue, change the Dataproc image to 2.1 (CDAP-21075).

Cloud Load Balancing

Global external Application Load Balancers and global external proxy Network Load Balancers can now load balance IPv6 traffic. The following backends have dual-stack support:

  • VM instance groups
  • Zonal NEGs (GCE_VM_IP_PORT endpoints)

You can also convert your existing single-stack load balancers from IPv4-only to dual stack (IPv4 and IPv6) deployments.

For details, see the following pages:

This feature is available in General Availability.

Cloud Logging

You can now create alerting policies that monitor the results of your SQL queries. For more information about SQL-based alerting policies, see the following documents:

Cloud Monitoring

You can now create alerting policies that monitor the results of your SQL queries. For more information about SQL-based alerting policies, see the following documents:

Cloud Service Mesh

The rollout of managed Cloud Service Mesh version 1.19 to the stable channel has completed.

In future releases, managed Cloud Service Mesh will use the GKE release channel to determine the data plane component and Istio API versions. For more information, see Provision managed Cloud Service Mesh Requirements.

Contact Center AI Insights

Quality AI is now generally available within Insights. See the Overview, Basics, Setup Guide, and Best Practices pages for more details.

Container Optimized OS

cos-109-17800-372-7

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded app-containers/docker-credential-gcr to v2.1.23.

Upgraded app-containers/containerd, app-containers/containerd-test to v1.7.20.

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded dev-python/jsonpatch to v1.33.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded dev-lang/python-exec to v2.4.10.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded dev-python/six to v1.16.0-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.2.

Upgraded dev-python/jinja to v3.1.4.

Upgraded sys-libs/libcap to v2.70.

Upgraded app-arch/pigz to v2.8.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded dev-python/pyserial to v3.5-r2.

Upgraded sys-libs/zlib to v1.3.1-r1.

Upgraded dev-python/configobj to v5.0.8.

Upgraded sys-libs/gdbm to v1.24.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded app-arch/unzip to v6.0_p27-r1.

Upgraded dev-libs/nss to v3.103.

Upgraded sys-apps/acl to v2.3.2-r1.

Updated R550, latest driver to v550.90.12.

Upgraded app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812259

Upgraded app-containers/containerd to 1.7.23.

Dialogflow

Dialogflow CX & ES: In order to increase the stability of Cloud Text-to-speech, out-of-quota requests for Journey Voices will now be fulfilled with a fallback voice of the same speaker persona. To opt out, contact your Google account team.

Dialogflow CX & ES: Dialogflow now supports A-law encoding in addition to Mu-law encoding for input and output audio. A-law and Mu-law are the two available formats in G.711.

Google Distributed Cloud (software only) for bare metal

Release 1.29.700-gke.113

Google Distributed Cloud for bare metal 1.29.700-gke.113 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.700-gke.113 runs on Kubernetes 1.29.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.
  • Fixed an issue where bmctl restore fails due to etcd containers not starting correctly.
  • Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.

The following container image security vulnerabilities have been fixed in 1.29.700-gke.113:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Looker Studio

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

October 23, 2024

Agent Assist

(Proactive) Generative knowledge assist now offers additional functions and supports more languages. See the documentation for more details.

AlloyDB for PostgreSQL

Database server compatibility with PostgreSQL version 16 is generally available (GA). You can create AlloyDB clusters using PostgreSQL 16. Database Migration Service also supports homogeneous migrations from PostgreSQL to AlloyDB for PostgreSQL version 16.

Apigee X

On October 23, 2024, we released an updated version of Apigee (1-14-0-apigee-1).

Bug ID Description
N/A Updates to security infrastructure and libraries.
Cloud SQL for PostgreSQL

PostgreSQL version 17 is now generally available.

When using the CLI/API to create an instance, if the database version for the instance or replica that you're creating is PostgreSQL 16 and later, then the default Cloud SQL edition is Enterprise Plus.

When using the CLI/API to create an instance, If you either don't specify a database version or you specify a version other than PostgreSQL 16 and later, then the default Cloud SQL edition is Enterprise.

The following information applies to flags and extensions for PostgreSQL 17:

Flags

These flags are deprecated for PostgreSQL 17:

  • old_snapshot_threshold
  • trace_recovery_messages

For more information, see Configure database flags.

Extensions

Cloud SQL for PostgreSQL version 17 doesn't support these extensions:

  • ip4r
  • oracle_fdw
  • orafce
  • pg_background
  • pg_bigm
  • pgfincore
  • pg_hint_plan
  • pg_partman
  • pg_proctab
  • pgrouting
  • pg_similarity
  • pg_squeeze
  • pgtap
  • pgtt
  • pg_wait_sampling
  • PL/Proxy
  • plv8
  • postgresql_anonymizer
  • postgresql_hll
  • prefix
  • rdkit
  • temporal_tables

To start using PostgreSQL 17, see Create instances.

Cloud Storage

Announced billing changes for BigQuery users who are accessing Cloud Storage will now take effect February 1, 2025. These changes were originally set to take effect November 1, 2024.

Compute Engine

Generally available: You can extend the term lengths of your resource-based commitments beyond the preset 1 or 3 years and choose custom term lengths such as 2, 3.5, or 5.5 years. Term extensions let you tailor commitments to match your resource usage needs and keep receiving committed use discounts (CUDs) for a longer time.

For more information, see Extend the term length of commitments.

Datastream

Datastream is now available in the europe-southwest1 (Madrid) region. For the list of all available regions, see IP allowlists and regions.

October 22, 2024

Apigee X

On October 22, 2024, we released a new version of Apigee.

With this release, the following limits for Apigee organizations have changed:

  • The maximum number of deployed API proxies and shared flows per (non-hybrid) organizations is 6000.
  • The maximum number of proxy deployment units per Apigee instance is 6000.
  • The maximum number of API base paths per Apigee organization is 6000.

For more information, see the Apigee Limits page.

Cloud Composer

(Only new Cloud Composer 2 environments, all versions) If a GKE Control Plane IP range is specified for an environment, GKE creates a new subnetwork in this range to provision the IP address for communication with the GKE Control Plane. Otherwise, the subnetwork specified in the Cloud Composer connection subnetwork range is used (this range defaults to the environment's subnetwork). For more information about IP ranges used by Cloud Composer environments, see Configure private IP networking.

(Airflow 2.9.3) The apache-airflow-providers-google package was upgraded to version 10.24.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.23.0 to version 10.24.0.

(Airflow 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 9.0.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 8.4.2 to version 9.0.0.

(Airflow 2.9.3 and 2.7.3) Changes in preinstalled packages:

  • The grpcio package was downgraded from 1.66.2 to 1.65.5.
  • The js2py package was removed from dependencies.
  • The pyjsparser package was removed from dependencies.
  • The tzlocal package was removed from dependencies.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.4 (default)
  • composer-3-airflow-2.7.3-build.20

Cloud Composer 2.9.8 images are available:

  • composer-2.9.8-airflow-2.9.3 (default)
  • composer-2.9.8-airflow-2.7.3

Cloud Composer version 2.4.6 has reached its end of support period.

Cloud Storage

Connecting to Cloud Storage using gRPC is generally available (GA). You can use gRPC to interact with Cloud Storage.

You can now emit client-side metrics for gRPC. To learn which metrics are supported and how to emit them, see Use gRPC client-side metrics.

Document AI

The Document AI section of the Google Cloud console now allows you to configure property descriptions as part of the Custom extractor processor-creation process.

Property description allows you to provide additional context, insights, and prior knowledge for each entity to improve extraction accuracy.

Property descriptions can be edited after schema creation. After you update the property descriptions, you will need to either call the pretrained models or create or fine-tune a new processor version for the changes to take effect.

Generative AI on Vertex AI

The Anthropic Claude Sonnet 3.5 v2 is Generally Available. To learn more, view the Claude Sonnet 3.5 v2 model card in Model Garden.

Google Cloud Architecture Center

Design an optimal storage strategy for your cloud workload: Added information about Parallelstore. Updated NetApp Volumes availability capabilities and capacity limits.

October 21, 2024

Artifact Registry

Artifact Analysis now supports scanning for vulnerabilities in the following types of operating systems:

  • AlmaLinux OS
  • Chainguard
  • Google Distroless
  • Red Hat Universal Base Image (UBI)
  • Rocky Linux
  • SUSE Linux Enterprise Server (SLES)
  • Wolfi

If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry addressing these new operating systems, in addition to already supported operating system and language package vulnerabilities.

These capabilities are Generally Available.

For more information, see Container scanning overview, or enable Container Scanning API.

Artifact Analysis now supports manual scans for vulnerabilities in the following types of packages:

  • AlmaLinux OS
  • Chainguard
  • .NET
  • Google Distroless
  • NPM
  • PHP
  • Python
  • Ruby
  • Rust
  • Red Hat Universal Base Image (UBI)
  • Rocky Linux
  • SUSE Linux Enterprise Server (SLES)
  • Wolfi

You can use the On-Demand Scanning API to manually scan container images locally on your computer or in your registry. Artifact Analysis scans for vulnerabilities in these new packages types, in addition to already supported package types.

These capabilities are Generally Available (GA).

For more information, see Container scanning overview.

Assured Workloads

The IRS Publication 1075 control package is now generally available. Additionally, it now supports the following products:

  • Binary Authorization
  • Cloud Logging

See the supported products page for a complete list.

Backup and DR

Backup and DR service added support to deploy new management console without the need to create private services access. You can also deploy backup/recovery appliances in any VPC available within the management console project.

BigQuery

You can now view, trigger, and pause Airflow DAGs in BigQuery. This feature is in Preview.

You can now manage notebook schedules on the Orchestration page. Notebook scheduling is in Preview.

Custom organization policies let you allow or deny specific operations on BigQuery Data Transfer Service transfer configurations to meet your organization's compliance and security requirements. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.45.1 (2024-10-14)

Dependencies
  • Update sdk-platform-java dependencies (#2378) (2499a3c)
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (cdc2cc7)
Cloud Load Balancing

Internal and external passthrough Network Load Balancers now support connection draining for UDP and other non-TCP protocol traffic.

For details, see Enable connection draining.

This feature is available in Preview.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for logging/apiv2

1.12.0 (2024-10-16)

Features
  • logging: Add support for Go 1.23 iterators (84461c0)
Bug Fixes
  • logging: Bump dependencies (2ddeb15)
  • logging: Fixed input validation for X-Cloud-Trace-Context; encoded spanID from XCTC header into hex string. (#10979) (a157558)
  • logging: Update google.golang.org/api to v0.191.0 (5b32644)

Python

Changes for google-cloud-logging

3.11.3 (2024-10-15)

Bug Fixes
  • 16-bit hexadecimal formatting for XCTC span IDs (#946) (1f2b190)
Cloud Run

You can now create custom organization policies and apply them to projects, folders, or organizations (GA).

Cloud Run integrations are discontinued from the Google Cloud console and Google Cloud CLI for new users. If you are an existing user, you will continue to have access until January 2025. No action is required, your deployed services that use these integrations will continue to work. We recommend transitioning to use the individual product experiences for each integration you have deployed. For more information about configuring resources for your services to connect to other Google Cloud products, see Connect to Google Cloud services.

Cloud SQL for MySQL

You can now create a read replica for an instance that has private services access configured for it and connector enforcement enabled for it. For more information, see Connect using Cloud SQL Language Connectors.

Cloud SQL for PostgreSQL

You can now create a read replica for an instance that has private services access configured for it and connector enforcement enabled for it. For more information, see Connect using Cloud SQL Language Connectors.

Cloud SQL for SQL Server

You can now create a read replica for an instance that has private services access configured for it and connector enforcement enabled for it. For more information, see Connect using Cloud SQL Language Connectors.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.45.0 (2024-10-17)

Features
  • storage/internal: Adds support for restore token (70d82fe)
  • storage: Adding bucket-specific dynamicDelay (#10987) (a807a7e)
  • storage: Dynamic read request stall timeout (#10958) (a09f00e)
Documentation
  • storage: Remove preview wording from NewGRPCClient (#11002) (40c3a5b)
Confidential Space

A new Confidential Space image (241000) is now available. This image version adds IPv6 ingress traffic support.

The following Confidential Space images were also previously released:

  • September 2, 2024 (240900):
    • Added tmpfs mount support for Confidential Space workloads
    • Added configurable /dev/shm size for Confidential Space workloads
    • Added retry capability to the container signature fetch.
    • Minor bug fixes.
  • August 5, 2024 (240800):
    • Moved to COS-113 as the base image.
    • Patched OpenSSH vulnerability CVE-2024-6387 in the debug image.
Config Controller

Config Controller now uses the following versions of its included products:

Container Optimized OS

cos-113-18244-236-5

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Updated app-containers/containerd to 1.7.23.

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded app-containers/docker-credential-gcr to v2.1.23.

Upgraded dev-python/jinja to v3.1.4.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded sys-libs/libcap to v2.70.

Upgraded sys-process/procps to v4.0.4-r1.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded sys-libs/gdbm to v1.24.

Upgraded dev-libs/double-conversion to v3.3.0.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded app-arch/gzip to v1.13-r1.

Upgraded sys-apps/acl to v2.3.2-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Added NVIDIA GPU drivers R560 branch - Updated the R560 and latest drivers to v560.35.03.

Updated the R550 and latest drivers to v550.90.12.

Identify GPU drivers before installation.

Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

cos-105-17412-495-4

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

This is an LTS Refresh release.

Updated app-containers/containerd to 1.7.23.

Upgraded net-libs/libnetfilter_cttimeout to v1.0.1.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded app-arch/pigz to v2.8.

Upgraded net-libs/libnetfilter_queue to v1.0.5.

Upgraded sys-libs/libcap to v2.70.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded sys-libs/zlib to v1.3.1-r1.

Upgraded net-libs/libmnl to v1.0.5.

Upgraded net-nds/rpcbind to v1.2.6.

Upgraded sys-libs/gdbm to v1.24.

Upgraded net-libs/libnetfilter_cthelper to v1.0.1-r1.

Upgraded dev-libs/nss to v3.103.

Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812681 -> 812700

cos-dev-121-18718-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Updated app-containers/containerd to 1.7.23.

Updated the Linux kernel to v6.6.56.

Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Runtime sysctl changes:

  • Changed: fs.file-max: 811780 -> 811799

cos-109-17800-309-93

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812261 -> 812253

cos-101-17162-528-64

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

Cortex Framework

Release 6.0.1

  • Quickstart demo updates for permissions with legacy accounts.
  • CATGAP Python library vulnerability updates.
Dataproc

Announcing the General Availability (GA) release of Spark UI for Dataproc Serverless Batches and Interactive sessions which allows you to monitor and debug your serverless Spark workloads. Spark UI is available by default and free of cost for all Dataproc Serverless workloads.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.23.0 (2024-10-14)

Features
  • Support for field update operators in the Datastore API and resolution strategies when there is a conflict at write time (b299266)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.46.1 (678eee2)
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (b299266)
Dependencies
VPC Service Controls

General availability support for the following integration:

October 20, 2024

Google SecOps SOAR

Release 6.3.22 is now in General Availability.

October 18, 2024

Apigee API hub

On October 18, 2024, Apigee announced the an update to Apigee API hub.

In addition to us-central1 and europe-west1, Apigee API hub now supports the following new hosting regions:

Region Description Region name
Northern Virginia us-east4
Oregon us-west1
London europe-west2
Singapore asia-southeast1
Mumbai asia-south
Sao Paulo southamerica-east1
Sydney australia-southeast1

See Provision API hub.

Artifact Registry

Artifact Registry remote repositories support setting standard Artifact Registry repositories as upstreams for supported formats.

To learn more about how remote repositories work, read the Remote repository overview.

Cloud Key Management Service

You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud KMS resources. For more information, see Create custom organization policy constraints for Cloud KMS.

Cloud Load Balancing

You can now use the Google Cloud Console to create the following load balancers in Premium Tier:

  • Regional external Application Load Balancer
  • Regional external proxy Network Load Balancer

Previously, only Standard Tier support was available in the Console.

Previously, the classic external Application Load Balancer had lenient HTTP/2 request parsing that did not reject requests containing certain invalid characters in the request path. The same requests would have been rejected if they had arrived over HTTP/1 or HTTP/3.

Now, all HTTP requests, including HTTP/2 requests, are rejected if the path contains a character that isn't one of the following:

  • An allowed ASCII character specified in RFC 3986, sections 3.3 and 3.4.

  • One of the following special allowed characters: [ ] { } | ^

All other characters must be properly URL encoded.

You can identify rejected requests in the proxy logs by looking for the following:

  • responseCode: 400
  • response_code_details: invalid_http2_client_header_format
Dataproc
Datastream

Datastream is now available in the us-south1 (Dallas) region. For the list of all available regions, see IP allowlists and regions.

Generative AI on Vertex AI

The Llama 3.1 405B model that is managed on Vertex AI is now Generally Available.

Security Command Center

The VMTD disabled finding category from Virtual Machine Threat Detection is no longer available. For more information about the finding categories that this built-in service provides, see Virtual Machine Threat Detection overview.

Spanner

Spanner Graph now supports the following functions:

Spanner now supports customer-managed encryption keys (CMEK) to protect databases in custom, dual-region, and multi-region instance configurations. For more information, see Customer-managed encryption keys (CMEK) overview.

Text-to-Speech

Journey Voices and streaming synthesis now support the de-de, en-gb, en-in, es-us, fr-ca, fr-fr, and it-it locales.

VPC Service Controls

Updated the correct support status for the following integration in the Supported products and limitations page:

October 17, 2024

Anthos Config Management

Improved the security of the git-sync container by upgrading the base image to address known vulnerabilities.

App Hub Backup and DR

Backup and DR Service 11.0.13.278 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.

Backup and DR Service added support to view connector version logs in Cloud Logging.

Backup and DR Service added support to view connector version reports in BigQuery.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Dataproc Google Cloud VMware Engine

Stretched private clouds using `ve2' node types are now available in the following region:

  • Frankfurt, Germany, Europe (europe-west3)
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.1100-gke.91 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.1100-gke.91 runs on Kubernetes v1.28.14-gke.200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issue is fixed in 1.28.1100-gke.91:

Fixed the known issue that caused gkectl to display false warnings on admin cluster version skew.

The following vulnerabilities are fixed in 1.28.1100-gke.91:

Critical container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.28.1100-gke.94

Google Distributed Cloud for bare metal 1.28.1100-gke.94 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1100-gke.94 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

You can now use NVIDIA H100 80GB GPUs on GKE in the following smaller machine types:

  • a3-highgpu-1g (1 GPU)
  • a3-highgpu-2g (2 GPUs)
  • a3-highgpu-4g (4 GPUs)

These machine types are available through Dynamic Workload Scheduler Flex Start mode, Spot VMs in GKE Standard mode clusters, or Spot Pods in GKE Autopilot mode clusters. You can only provision these machine types if there's available capacity in your region.

GKE continues to support the 8 GPU H100 80GB machine types: a3-highgpu-8g and a3-megagpu-8g.

The new release of the GKE Gateway controller (2024-R2) is now generally available. With this release, the GKE Gateway controller provides the following new capabilities:

Conformance:

To learn more about our GKE Gateway controller capabilities, see the supported capabilities per GatewayClass.

In GKE clusters with the control plane running version 1.29.1-gke.1425000 or later, TPU slice nodes support SIGTERM signals that alert the node of an imminent shutdown. The imminent shutdown notification is configurable up to five minutes in TPU nodes. To configure GKE to terminate your workloads gracefully within this notification timeframe, see Manage GKE node disruption for GPUs and TPUs.

(2024-R40) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.

Stable channel

  • Version 1.30.4-gke.1348001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969002
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.4-gke.1348001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.4-gke.1348001 with this release.

Extended channel

  • Version 1.27.16-gke.1681000 is now available in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1576000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.

No channel

  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1049000
    • 1.28.14-gke.1175000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.4-gke.1348001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.4-gke.1348001 with this release.

(2024-R40) Version updates

(2024-R40) Version updates

  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.

(2024-R40) Version updates

  • Version 1.30.4-gke.1348001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969002
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.4-gke.1348001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.4-gke.1348001 with this release.

(2024-R40) Version updates

  • Version 1.27.16-gke.1681000 is now available in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1576000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.

(2024-R40) Version updates

  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1049000
    • 1.28.14-gke.1175000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.4-gke.1348001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.4-gke.1348001 with this release.
Spanner

Spanner now offers usage statistics for database splits along with the associated System insights dashboard to help you identify hotspots on affected rows in your database.

Directed reads are Generally Available. This feature provides the flexibility to route read-only transactions and single reads to a specific replica type or region in a multi-region instance configuration. For more information, see Directed reads.

Vertex AI Agent Builder

Vertex AI Search: CMEK for US and EU (GA) and CMEK with EKM and HSM (GA with allowlist)

Customer-managed encryption keys (CMEK) are Generally available (GA) in the US and the EU. You no longer need to be added to an allowlist to use CMEK. If you store your data in a US or EU multi-region data store, you can provide your own encryption key to protect your data at rest.

Using external key manager (EKM) or hardware security module (HSM) with CMEK is in GA with allowlist.

For information, see Customer-managed encryption keys.

October 16, 2024

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Dataproc API
    • dataproc.googleapis.com/Session
  • Identity Platform
    • identitytoolkit.googleapis.com/DefaultSupportedIdpConfig
    • identitytoolkit.googleapis.com/InboundSamlConfig
    • identitytoolkit.googleapis.com/OauthIdpConfig
    • identitytoolkit.googleapis.com/Tenant
  • Vertex AI
    • aiplatform.googleapis.com/TuningJob
Cloud Composer

Fixed a bug where upgrading a private IP environment could fail because of an invalid CIDR range.

The default version of Airflow is changed to 2.9.3.

Airflow 2.9.1 is no longer included in Cloud Composer images and builds.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.3 (default)
  • composer-3-airflow-2.7.3-build.19

Cloud Composer 2.9.7 images are available:

  • composer-2.9.7-airflow-2.9.3 (default)
  • composer-2.9.7-airflow-2.7.3
Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.39. To upgrade your existing MySQL 8.0 instance to the new version, see Upgrade the database minor version.

Compute Engine

End of life: On October 31, 2024, SLES 12 SP5 and SLES 12 SP5 for SAP are reaching end of life and the images will be deprecated on Google Cloud. If you use SLES 12 SP5 or SLES 12 SP5 for SAP images in your project, review Long Term Service Support Pack (LTSS) options.

Config Connector

Config Connector version 1.124.0 is now available.

The direct resource development guide is now available for contributors

To improve the Config Connector resource development process, we have a new development guide to contributing resources to Config Connector with the direct reconciliation process. This new approach makes contributing more reliable and consistent with Kubernetes development practices. For more information, read the new Direct resource development guide.

RedisCluster is promoted from alpha to beta (Direct Reconciler).

CertificateManagerDNSAuthorization

  • Add the spec.Location field.

ComputeForwardingRule

  • Added spec.target.googleApisBundle field (allowed values are all-apis or vpc-sc). Note, when configuring this field, the resource will use direct reconciliation.

CertificateManagerDNSAuthorization is migrated from the Terraform-based to the new Direct controller to enhance reliability and performance. The resource CRD is unchanged.

New Alpha Resources (Direct Reconciler)

  • PrivilegedAccessManagerEntitlement
  • BigQueryAnalyticsHubDataExchange
Google Cloud Deploy

You can now automatically retry failed rollouts, and automatically roll back to the most recent successful rollout, in preview.

Google Cloud VMware Engine

Added missing release notes for stretched private cloud availability using ve2 node types in Sydney, Australia, APAC (australia-southeast1-b)

Google Kubernetes Engine

In GKE version 1.31.1-gke.1621000 and later, the kube_pod_resource_request metric and the kube_pod_resource_limit metric are exported as part of the the scheduler metrics package.

Security Command Center

Toxic combination findings are generally available. This includes the following updates:

  • Support for toxic combination findings on AWS resources. This feature is available in Preview.
  • Addition of a new Toxic Combination Cases TTR and Trend widget on the Posture overview page of the Google Security Operations console. The widget details the trends for open and closed toxic combination cases for a specific time range.

October 15, 2024

Artifact Registry

Organization policy constraints for Artifact Registry is available in General Availability.

For more information, see Use custom organization policies.

Cloud Storage

Hierarchical namespace for Cloud Storage buckets is generally available (GA). With hierarchical namespace, you can store your data in a logical file system structure.

Compute Engine

Generally available: In addition to the A3 High machine type that has 8 NVIDIA H100 GPUs attached, we now have smaller machine types available that have 1, 2, or 4 NVIDIA H100 GPUs attached. These smaller machine types are ideal for workloads such as inference, simulations, and small-scale training.

To get started, review A3 High machine types.

Contact Center AI Platform

Version 3.27 is released

All release notes published on this date are part of version 3.27.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Spelling and grammar check

The agent adapter now provides spelling and grammar checking. Agents can choose from spelling and grammar suggestions while entering text in the agent adapter. You can enable spelling and grammar check globally or at the queue level. For more information, see Check spelling and grammar.

Voice detection for auto-answer

You can now configure auto-answer to listen for an agent's voice after a call is connected. If no voice is detected after the specified time, the call is considered missed by the agent. For more information, see Auto answer.

New destinations for incoming SIP header data

You can now pass incoming SIP header data to session metadata files and CRM records. For more information, see Capture data parameters from inbound SIP headers.

Emergency calling

Agents in the US and Canada can now make calls to emergency services. Agents in Canada can make calls to other special services. You can set up queues for callback from emergency or special services.

Conversational Agents (Dialogflow CX) is supported in additional regions

Conversational Agents (Dialogflow CX) is now supported in additional regions. This can help you optimize performance by keeping your support agents closer to your services and end-users. For more information, see Regionalization and location settings.

Fixed an issue where queue-level caller announcements were not working properly.

Fixed an issue where multiple contacts could be created for the same contact.

Dataplex

Some of the BigQuery metadata that is stored in Dataplex Catalog is changing. If you have workloads that depend on BigQuery metadata, you must adjust them to preserve continuity. For more information about the scope of this change and what you need to do, see Changes to BigQuery metadata stored in Dataplex Catalog.

Dataplex is available in Dammam (me-central2). For more information, see Locations and Pricing.

Google Kubernetes Engine

On GKE Autopilot clusters running version 1.30 and later, partner workloads that set AppArmor profiles might unexpectedly be rejected at admission. This might include installations of Prisma Defender, Wiz Runtime Sensor, Sentinel One Agent, Checkpoint CloudGuard, Aqua Security Enforcer and Splunk OTEL Collector.

The following GKE versions contain a fix for this issue:

  • 1.30.5-gke.1355000 and later
  • 1.31.1-gke.1621000 and later

Clusters in any release channel can be created on or upgraded to these versions. For details, see Manually upgrading the control plane.

For newly-created VPC Peering-based clusters running version 1.27 or later, traffic from the kube-apiserver to nodes routes through the Konnectivity service. For existing VPC Peering-based clusters, GKE gradually migrates your cluster to use the Konnectivity service.

You can now create workloads with multiple network interfaces in GKE Autopilot clusters running version 1.29.5-gke.1091000 and later or version 1.30.1-gke.1280000 and later. For more information, see Setup multi-network support for Pods.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (Email Server)
  • AIX system (OS)
  • Akamai DNS (DNS)
  • Akamai WAF (WAF)
  • Apache (Security)
  • Apigee (Google Cloud Specific)
  • Apple macOS (AV / Endpoint)
  • Archer Integrated Risk Management (Risk Management Solution)
  • Area1 Security (Email server)
  • Aruba (Wireless)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS CloudFront (CDN)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS CloudWatch (Cloud service monitoring)
  • AWS EMR (AWS Specific)
  • AWS VPN (VPN)
  • Azure AD (LDAP)
  • Azure AD Directory Audit (Audit)
  • Azure Firewall (Azure Firewall Application Rule)
  • Azure Key Vault logging (Audit)
  • Barracuda Firewall (Firewall)
  • Barracuda WAF (Firewall)
  • BeyondTrust Endpoint Privilege Management (Privileged Account Activity)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Check Point (Firewall)
  • Chrome Management (Browser)
  • Cisco IronPort (Gateway Security)
  • Cisco ISE (Identity and Access Management)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Stealthwatch (Log Aggregator)
  • Cisco Switch (Switches, Routers)
  • Cisco TACACS+ (Authentication)
  • Cisco Umbrella Web Proxy (Web Proxy)
  • Cisco WLC/WCS (Wireless)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloud Data Loss Prevention (Google Cloud Specific)
  • Cloud SQL (Google Cloud Specific)
  • Cohesity (Backup Software)
  • Corelight (NDR)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • CrushFTP (Application server)
  • Darktrace (NDR)
  • Delinea Secret Server (Privileged Account Activity)
  • Dell EMC Data Domain (Storage system)
  • Druva Backup (Security)
  • Duo Activity Logs (Activity)
  • Duo Administrator Logs (Authentication)
  • Elastic Windows Event Log Beats (Log Aggregator)
  • Ergon Informatik Airlock IAM (Application Whitelisting)
  • F5 BIGIP Access Policy Manager (Access Policy Manager)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • FireEye HX (EDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • Fortinet FortiAuthenticator (Security)
  • Fortinet FortiEDR (EDR)
  • Fortinet Fortimanager (Network Management and Optimization software)
  • GitHub (SaaS Application)
  • GMV Checker ATM Security (ATM Audit)
  • Guardicore Centra (Deception Software)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Aruba (ClearPass) (Identity and Access Management)
  • IBM Cloud Activity Tracker (Security Log)
  • IBM DB2 (Database)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • Imperva (WAF)
  • Imperva CEF (CEF)
  • Imperva DRA (Data Security)
  • Infoblox (DHCP, DNS)
  • Infoblox DNS (DNS)
  • JAMF Pro (Mac Endpoint Management System)
  • Keycloak (Identity and Access Management)
  • Lacework Cloud Security (Cloud Security)
  • Linux Auditing System (AuditD) (OS)
  • Linux DHCP (DHCP)
  • ManageEngine Log360 (Alert Log)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD FS (LDAP)
  • Microsoft Azure Activity (Misc Windows Specific)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender For Cloud (Automation and DevOps Tools)
  • Microsoft Defender for Endpoint (EDR)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Graph API Alerts (Gateway to data and intelligence)
  • Microsoft Intune Context (Mobile Device Management)
  • Microsoft SQL Server (Database)
  • Mimecast URL Logs (Email server log types)
  • MISP Threat Intelligence (Cybersecurity)
  • Mobile Endpoint Security (Mobile Endpoint Security)
  • NetApp ONTAP (Rest api)
  • Netskope V2 (Cloud Security)
  • Office 365 (SaaS Application)
  • Okta (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opengear Remote Management (Secure Remote Access)
  • Oracle (DATABASE)
  • Oracle Cloud Infrastructure VCN Flow Logs (Oracle Cloud Infrastructure)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Panorama (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Proofpoint CASB (CASB)
  • Proofpoint Email Filter (Email Server)
  • Proofpoint On Demand (Email Server)
  • Proofpoint Threat Response (Email Server)
  • Pulse Secure (VPN)
  • Radware Web Application Firewall (Firewall)
  • SailPoint IAM (Identity and Access Management)
  • Saiwall VPN (VPN)
  • Salesforce (SaaS Application)
  • Sentinelone Alerts (Endpoint Security)
  • SonicWall (Firewall)
  • Sophos Central (AV / Endpoint)
  • Sophos Firewall (Next Gen) (Firewall)
  • Squid Web Proxy (Web Proxy)
  • STIX Threat Intelligence (Cybersecurity Threats)
  • Suricata EVE (IPS IDS)
  • Symantec DLP (DLP)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Symantec Web Security Service (Web Proxy)
  • TINTRI (Data Security)
  • Trend Micro Apex one (Endpoint Security)
  • TrendMicro Apex Central (Endpoint)
  • UberAgent (Security)
  • Veeam (Backup software)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • VMware NSX (Network and Security Virtualization)
  • VMware vCenter (Server)
  • WatchGuard (Syslog and KV)
  • Wazuh (Log Aggregator)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Sysmon (DNS)
  • Workday User Activity (N/A)
  • Workspace Activities (Google Cloud Specific)
  • XAMS by Xiting (Log Aggregator)
  • ZeroFox Platform (Database)
  • Zscaler (Web Proxy)
  • Zywall (Network infrastructure)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adaptive Shield (ADAPTIVE_SHIELD)
  • Agiloft (AGILOFT)
  • Airwatch Context (AIRWATCH_CONTEXT)
  • Attack IQ (ATTACK_IQ)
  • AWS PY Tools (AWS_PY_TOOLS)
  • Bindplane Agent (BINDPLANE_AGENT)
  • BindPlane Audit Logs (BINDPLANE)
  • Bitsight (BITSIGHT)
  • Bitvise SFTP (BITVISE_SFTP)
  • Ciena Router logs (CIENA_ROUTER)
  • Cisco Viptela (CISCO_VIPTELA)
  • Colinet Trotta GAUS SEGUROS (CT_GAUS_SEGUROS)
  • Conductor One (CONDUCTOR_ONE)
  • Crowdstrike Endpoint Security API (CS_ENDPOINT_SECURITY_API)
  • Fiserv SecureNow (SECURE_NOW)
  • Greenhouse Harvest (GREENHOUSE_HARVEST)
  • Harness IO (HARNESS_IO)
  • Hashicorp Boundary (HASHICORP_BOUNDARY)
  • HP Linux (HP_LINUX)
  • IBM Security Guardium Insights (IBM_INSIGHTS)
  • Imperva Attack Analytics (IMPERVA_ATTACK_ANALYTICS)
  • INTEL471 Watcher Alerts (INTEL471_WATCHER_ALERTS)
  • JAMF Security Cloud (JAMF_SECURITY_CLOUD)
  • JBoss Web (JBOSS_WEB)
  • Kandji Context (KANDJI_CONTEXT)
  • Lenels2 Elements Secure (LENELS2_ELEMENTS_SECURE)
  • ManageEngine OpUtils (MANAGE_ENGINE_OPUTILS)
  • Microsoft Graph Incident (MICROSOFT_GRAPH_INCIDENT)
  • Miro (MIRO)
  • Open Policy Agent (OPA)
  • Oracle Access Manager (ORACLE_AM)
  • Oracle Enterprise Manager (ORACLE_OEM)
  • Perception Point XRay (PERCEPTION_POINT_XRAY)
  • RedSift BrandTrust (REDSIFT_BRANDTRUST)
  • Riverbed (RIVERBED)
  • SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
  • Sharefile Logs (SHAREFILE_LOGS)
  • Smartsheet (SMARTSHEET)
  • Statusgator (STATUSGATOR)
  • Titan MFT (TITAN_MFT)
  • Upwind (UPWIND)
  • Vanta Context (VANTA_CONTEXT)
  • Varnish Cache (VARNISH_CACHE)
  • Vercel WAF (VERCEL_WAF)
  • Veriato Cerebral (VERIATO_CEREBRAL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (Email Server)
  • AIX system (OS)
  • Akamai DNS (DNS)
  • Akamai WAF (WAF)
  • Apache (Security)
  • Apigee (Google Cloud Specific)
  • Apple macOS (AV / Endpoint)
  • Archer Integrated Risk Management (Risk Management Solution)
  • Area1 Security (Email server)
  • Aruba (Wireless)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS CloudFront (CDN)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS CloudWatch (Cloud service monitoring)
  • AWS EMR (AWS Specific)
  • AWS VPN (VPN)
  • Azure AD (LDAP)
  • Azure AD Directory Audit (Audit)
  • Azure Firewall (Azure Firewall Application Rule)
  • Azure Key Vault logging (Audit)
  • Barracuda Firewall (Firewall)
  • Barracuda WAF (Firewall)
  • BeyondTrust Endpoint Privilege Management (Privileged Account Activity)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Check Point (Firewall)
  • Chrome Management (Browser)
  • Cisco IronPort (Gateway Security)
  • Cisco ISE (Identity and Access Management)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Stealthwatch (Log Aggregator)
  • Cisco Switch (Switches, Routers)
  • Cisco TACACS+ (Authentication)
  • Cisco Umbrella Web Proxy (Web Proxy)
  • Cisco WLC/WCS (Wireless)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloud Data Loss Prevention (Google Cloud Specific)
  • Cloud SQL (Google Cloud Specific)
  • Cohesity (Backup Software)
  • Corelight (NDR)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • CrushFTP (Application server)
  • Darktrace (NDR)
  • Delinea Secret Server (Privileged Account Activity)
  • Dell EMC Data Domain (Storage system)
  • Druva Backup (Security)
  • Duo Activity Logs (Activity)
  • Duo Administrator Logs (Authentication)
  • Elastic Windows Event Log Beats (Log Aggregator)
  • Ergon Informatik Airlock IAM (Application Whitelisting)
  • F5 BIGIP Access Policy Manager (Access Policy Manager)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • FireEye HX (EDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • Fortinet FortiAuthenticator (Security)
  • Fortinet FortiEDR (EDR)
  • Fortinet Fortimanager (Network Management and Optimization software)
  • GitHub (SaaS Application)
  • GMV Checker ATM Security (ATM Audit)
  • Guardicore Centra (Deception Software)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Aruba (ClearPass) (Identity and Access Management)
  • IBM Cloud Activity Tracker (Security Log)
  • IBM DB2 (Database)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • Imperva (WAF)
  • Imperva CEF (CEF)
  • Imperva DRA (Data Security)
  • Infoblox (DHCP, DNS)
  • Infoblox DNS (DNS)
  • JAMF Pro (Mac Endpoint Management System)
  • Keycloak (Identity and Access Management)
  • Lacework Cloud Security (Cloud Security)
  • Linux Auditing System (AuditD) (OS)
  • Linux DHCP (DHCP)
  • ManageEngine Log360 (Alert Log)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD FS (LDAP)
  • Microsoft Azure Activity (Misc Windows Specific)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender For Cloud (Automation and DevOps Tools)
  • Microsoft Defender for Endpoint (EDR)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Graph API Alerts (Gateway to data and intelligence)
  • Microsoft Intune Context (Mobile Device Management)
  • Microsoft SQL Server (Database)
  • Mimecast URL Logs (Email server log types)
  • MISP Threat Intelligence (Cybersecurity)
  • Mobile Endpoint Security (Mobile Endpoint Security)
  • NetApp ONTAP (Rest api)
  • Netskope V2 (Cloud Security)
  • Office 365 (SaaS Application)
  • Okta (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opengear Remote Management (Secure Remote Access)
  • Oracle (DATABASE)
  • Oracle Cloud Infrastructure VCN Flow Logs (Oracle Cloud Infrastructure)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Panorama (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Proofpoint CASB (CASB)
  • Proofpoint Email Filter (Email Server)
  • Proofpoint On Demand (Email Server)
  • Proofpoint Threat Response (Email Server)
  • Pulse Secure (VPN)
  • Radware Web Application Firewall (Firewall)
  • SailPoint IAM (Identity and Access Management)
  • Saiwall VPN (VPN)
  • Salesforce (SaaS Application)
  • Sentinelone Alerts (Endpoint Security)
  • SonicWall (Firewall)
  • Sophos Central (AV / Endpoint)
  • Sophos Firewall (Next Gen) (Firewall)
  • Squid Web Proxy (Web Proxy)
  • STIX Threat Intelligence (Cybersecurity Threats)
  • Suricata EVE (IPS IDS)
  • Symantec DLP (DLP)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Symantec Web Security Service (Web Proxy)
  • TINTRI (Data Security)
  • Trend Micro Apex one (Endpoint Security)
  • TrendMicro Apex Central (Endpoint)
  • UberAgent (Security)
  • Veeam (Backup software)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • VMware NSX (Network and Security Virtualization)
  • VMware vCenter (Server)
  • WatchGuard (Syslog and KV)
  • Wazuh (Log Aggregator)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Sysmon (DNS)
  • Workday User Activity (N/A)
  • Workspace Activities (Google Cloud Specific)
  • XAMS by Xiting (Log Aggregator)
  • ZeroFox Platform (Database)
  • Zscaler (Web Proxy)
  • Zywall (Network infrastructure)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adaptive Shield (ADAPTIVE_SHIELD)
  • Agiloft (AGILOFT)
  • Airwatch Context (AIRWATCH_CONTEXT)
  • Attack IQ (ATTACK_IQ)
  • AWS PY Tools (AWS_PY_TOOLS)
  • Bindplane Agent (BINDPLANE_AGENT)
  • BindPlane Audit Logs (BINDPLANE)
  • Bitsight (BITSIGHT)
  • Bitvise SFTP (BITVISE_SFTP)
  • Ciena Router logs (CIENA_ROUTER)
  • Cisco Viptela (CISCO_VIPTELA)
  • Colinet Trotta GAUS SEGUROS (CT_GAUS_SEGUROS)
  • Conductor One (CONDUCTOR_ONE)
  • Crowdstrike Endpoint Security API (CS_ENDPOINT_SECURITY_API)
  • Fiserv SecureNow (SECURE_NOW)
  • Greenhouse Harvest (GREENHOUSE_HARVEST)
  • Harness IO (HARNESS_IO)
  • Hashicorp Boundary (HASHICORP_BOUNDARY)
  • HP Linux (HP_LINUX)
  • IBM Security Guardium Insights (IBM_INSIGHTS)
  • Imperva Attack Analytics (IMPERVA_ATTACK_ANALYTICS)
  • INTEL471 Watcher Alerts (INTEL471_WATCHER_ALERTS)
  • JAMF Security Cloud (JAMF_SECURITY_CLOUD)
  • JBoss Web (JBOSS_WEB)
  • Kandji Context (KANDJI_CONTEXT)
  • Lenels2 Elements Secure (LENELS2_ELEMENTS_SECURE)
  • ManageEngine OpUtils (MANAGE_ENGINE_OPUTILS)
  • Microsoft Graph Incident (MICROSOFT_GRAPH_INCIDENT)
  • Miro (MIRO)
  • Open Policy Agent (OPA)
  • Oracle Access Manager (ORACLE_AM)
  • Oracle Enterprise Manager (ORACLE_OEM)
  • Perception Point XRay (PERCEPTION_POINT_XRAY)
  • RedSift BrandTrust (REDSIFT_BRANDTRUST)
  • Riverbed (RIVERBED)
  • SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
  • Sharefile Logs (SHAREFILE_LOGS)
  • Smartsheet (SMARTSHEET)
  • Statusgator (STATUSGATOR)
  • Titan MFT (TITAN_MFT)
  • Upwind (UPWIND)
  • Vanta Context (VANTA_CONTEXT)
  • Varnish Cache (VARNISH_CACHE)
  • Vercel WAF (VERCEL_WAF)
  • Veriato Cerebral (VERIATO_CEREBRAL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

VPC Service Controls

Preview stage support for the following integration:

October 14, 2024

Anti Money Laundering AI

The API is now available in the australia-southeast1 region. For more information on supported regions, see AML AI locations.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.43.1 (2024-10-09)

Dependencies
  • Update actions/checkout action to v4.2.1 (#3520) (ad8175a)
  • Update actions/upload-artifact action to v4.4.1 (#3521) (dc21975)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240919-2.0.0 (#3514) (9fe3829)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (bf4d37a)
  • Update github/codeql-action action to v2.26.11 (#3517) (ac736bb)
  • Update github/codeql-action action to v2.26.12 (#3522) (fdf8dc4)

You can now use fine-grained DML to optimize the execution of UPDATE, DELETE, and MERGE statements on tables. This feature is in Preview.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.4 (2024-10-07)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (90b88ee)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (#1702) (1f7da17)
Cloud Monitoring

You can now use the Monitoring API to configure a metric-based alerting policy to send notifications when incidents are closed. For more information, see AlertStrategy in the Monitoring API documentation.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.43.2 (2024-10-08)

Bug Fixes
  • Plumb list blobs match glob option for grpc transport (#2759) (207abd1)
Dependencies
  • Update dependency com.google.api:gapic-generator-java to v2.47.0 (#2750) (9041f24)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240924-2.0.0 (#2719) (7b19831)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (#2751) (003d6fa)
  • Update googleapis/sdk-platform-java action to v2.47.0 (#2749) (befa415)
Container Optimized OS

cos-117-18613-0-79

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-46848 in the Linux kernel.

Fixed CVE-2024-44970 in the Linux kernel.

Fixed CVE-2024-46864 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Fixed CVE-2024-46847 in the Linux kernel.

Fixed CVE-2024-46855 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811772 -> 811790

cos-113-18244-151-100

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Fixed CVE-2024-43853 in the Linux kernel.

Fixed CVE-2024-45003 in the Linux kernel.

Fixed CVE-2024-46855 in the Linux kernel.

Fixed CVE-2024-46848 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-44970 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812026

cos-109-17800-309-88

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Fixed CVE-2024-43853 in the Linux kernel.

Fixed CVE-2024-45003 in the Linux kernel.

Fixed CVE-2024-46848 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-44970 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Fixed CVE-2024-46855 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812261

cos-dev-121-18712-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.54 v24.0.9 v1.7.22 See List

Updated the Linux kernel to v6.6.54.

Update R535, default driver to v535.183.06.

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Disabled MGLRU by default due to integration issues with Kubernetes.

Upgraded to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.

Runtime sysctl changes:

  • Changed: fs.file-max: 811792 -> 811780

cos-105-17412-448-66

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Update sosreport to v4.5.4

Fixed CVE-2024-45003 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812681

cos-101-17162-528-61

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-45003 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Dataproc

Dataproc Clusters created with image versions 2.0.57+, 2.1.5+, or 2.2+: Secondary workers' control plane operations are made by the Dataproc Service Agent service account (service-<project-number>@dataproc-accounts.iam.gserviceaccount.com). They will no longer use the Google APIs Service Agent service account (<project-number>@cloudservices.gserviceaccount.com).

SAP on Google Cloud

New SAP certification for operating system: SLES 15 SP6 for SAP

For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system SUSE Linux Enterprise Server (SLES) 15 SP6 for SAP.

For more information, see:

Secret Manager

Creating regional secrets using Secret Manager is now in Generally Availability (GA). Regional secrets let you store your sensitive data within a specific geographic location, ensuring it remains in that region at all times – whether at rest, in use, or in transit. Regional secrets are crucial for meeting data residency requirements and complying with regulatory mandates.

For information about all tasks related to creating and managing regional secrets, see the Regional service documentation.

Spanner

Query Optimizer version 7 is generally available and is the default optimizer version.

Vertex AI Agent Builder

Vertex AI Search: Answers with summaries and follow-ups for blended search apps (GA with allowlist)

The answer method can be used to query blended search apps. You can apply the answer method to blended search apps in the same way that you apply the method to search apps that are connected to only one data store.

This feature is Generally available to select Google customers (GA with allowlist). For more information, see Get answers and follow-ups.

October 13, 2024

Google SecOps SOAR

Release 6.3.22 is currently in Preview.

Gemini Case Summary has been added as a placeholder to playbook actions. You can now use this to show the AI-generated case summary in a playbook action. Note that the playbook will only include this summary if it is available.

NOTE: This bug fix did not get fixed in 6.3.22 but was moved to 6.3.23. Unexpected behavior between system-wide and user preference localization time zone settings. Following this bug fix, the default time zone is now set to UTC + 1. This does not override the user local settings. The admin needs to change the default time zone to the required time zone if needed. (ID #51914939, #52558921)

The Remote Agent page doesn't display all the integrations and connectors. (ID #53428660)

Advanced Reports not displaying all the information. (ID #52923225, #00298032, #52553071)

Vw Dashboard Alerts HasPlaybook column shows incorrect information. (ID #53304589)

Issue with Siemplify Create or Update Entity action. (ID #53053446)

The search_everything database is displaying incorrect entity values. (ID #52746256)

SDK _get_case_by_id function does not return case tags, even though the case has tags.

Case Close Root Causes may cause errors when removed from playbook. (ID #50942408)

CaseSearchEverything API time zone discrepancies. (ID #52558921)

Playbook errors remain in the Pending Actions widget even after re-running their playbook. (ID #00274123)

Parallel action name changes are not reflecting the subsequent actions in a playbook. (ID #352725736)

October 11, 2024

Apigee UI

On October 11, 2024, we released an updated version of the Apigee UI.

Bug ID Description
357165778 VerifyIAM policy selection removed for hybrid organizations.

The VerifyIAM policy is not supported for hybrid-enabled Apigee organizations. It has been removed as an option in the Proxy Editor.

372224845 Offline debug page not loading

Fixed issue where the offline debug page would not load if a debug session was loaded elsewhere in the UI previously.

BigQuery

Use the BigQuery migration assessment for Oracle to assess the complexity of migrating data from your Oracle data warehouse to BigQuery. This feature is in preview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Video Stitcher API
    • videostitcher.googleapis.com/CdnKey
    • videostitcher.googleapis.com/LiveConfig
    • videostitcher.googleapis.com/Slate
    • videostitcher.googleapis.com/VodConfig
Dataproc Datastream

Datastream is now available in the me-central2 (Dammam) region. For the list of all available regions, see IP allowlists and regions.

Google Cloud Architecture Center

(New series) Architecture Framework: AI and ML perspective: Describes principles and recommendations that are specific to AI and ML, for each pillar of the Architecture Framework: operational excellence, security, reliability, cost optimization, and performance optimization.

Google Kubernetes Engine

(2024-R39) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1146000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1373000
    • 1.27.16-gke.1478000
    • 1.29.8-gke.1278000
    • 1.30.5-gke.1014000
    • 1.31.1-gke.1000000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1145000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1146000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1145000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1146000 with this release.

Regular channel

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1342000
    • 1.27.16-gke.1373000
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

Stable channel

  • Version 1.30.3-gke.1969002 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.3-gke.1969002 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.3-gke.1969002 with this release.

Extended channel

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

No channel

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.27.16-gke.1287000
    • 1.27.16-gke.1342000
    • 1.27.16-gke.1373000
    • 1.27.16-gke.1478000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1057000
    • 1.30.2-gke.1587003
    • 1.30.5-gke.1014000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.3-gke.1969002 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1969002 with this release.

(2024-R39) Version updates

  • Version 1.31.1-gke.1146000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1373000
    • 1.27.16-gke.1478000
    • 1.29.8-gke.1278000
    • 1.30.5-gke.1014000
    • 1.31.1-gke.1000000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1145000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1146000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1145000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1146000 with this release.

(2024-R39) Version updates

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1342000
    • 1.27.16-gke.1373000
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

(2024-R39) Version updates

  • Version 1.30.3-gke.1969002 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.3-gke.1969002 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.3-gke.1969002 with this release.

(2024-R39) Version updates

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

(2024-R39) Version updates

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.27.16-gke.1287000
    • 1.27.16-gke.1342000
    • 1.27.16-gke.1373000
    • 1.27.16-gke.1478000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1057000
    • 1.30.2-gke.1587003
    • 1.30.5-gke.1014000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.3-gke.1969002 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1969002 with this release.
Security Command Center

Working with findings and resources in the Security Operations console

The ability to work with findings and resources using the Security Operations console is now in General Availability. This feature is available only to Security Command Center Enterprise customers.

The following capabilities were added since the Preview release of this feature:

Sensitive Data Protection

The KOREA_DRIVERS_LICENSE_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

October 10, 2024

AlloyDB for PostgreSQL

AlloyDB lets you restart one or more nodes of a read pool. For more information, see Restart specific nodes of a read pool.

Apigee X

On October 10, 2024, we released an updated version of Apigee.

Apigee no longer limits the number of Cloud projects that can connect to an Apigee instance. Previously, the limit was 50 projects. For each project, you can now create up to 100 Private Service Connect Network Endpoint Groups. The previous limit was 20. For any Apigee instances created before October 10, 2024, you must perform an update to the consumer accept list for an Apigee instance if you want to take advantage of these new limits. See Updating the consumer accept list for an Apigee instance. See also Limits.

BigQuery

BigQuery tables for Apache Iceberg bring the convenience of BigQuery storage optimization to Apache Iceberg tables that reside in your own cloud buckets. BigQuery tables for Apache Iceberg let you use BigQuery without moving data out of buckets that you control. This feature is now in preview.

You can now export and load Parquet files that include GeoParquet metadata. This feature is generally available (GA).

Cloud Database Migration Service

Database Migration Service for homogeneous MySQL to Cloud SQL for MySQL migrations now supports MySQL version 8.4. See Supported source and destination databases in Cloud SQL for MySQL migrations.

Cloud Run

You can now deploy and configure a multi-region service from a single gcloud CLI command (in Preview).

Cloud Run functions

You can now manage function resources using custom constraints that get enforced at the project level. This support is at the General Availability release level.

Data Catalog

In the data lineage list view, you can filter lineage information based on the time that lineage occurred. For more information, see About data lineage.

Dataform

Dataform is available in the following regions:

  • asia-northeast2
  • asia-south2
  • australia-southeast2
  • europe-central2
  • europe-north1
  • europe-west8
  • europe-west9
  • europe-west10
  • me-west1
  • northamerica-northeast2
  • southamerica-west1
  • us-west3

For more information, see Locations.

Dataplex

In the data lineage list view, you can filter lineage information based on the time that lineage occurred. For more information, see About data lineage.

Dialogflow

Conversational Agents: The gemini-1.5-flash-001 model is generally available (GA) for data store handlers as of August 20, 2024. The gemini-1.5-flash-002 model remains public Preview.

Google Cloud Deploy

You can now block rollouts during a specified time window, using deploy policies, in preview.

Cloud Deploy now uses Skaffold 2.13 as the default Skaffold version, as of October 4, 2024, for all target types.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.200-gke.101 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.200-gke.101 runs on Kubernetes v1.30.4-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.

The following issues are fixed in 1.30.200-gke.101:

  • Fixed the known issue that caused migrating a user cluster to Controlplane V2 to fail if secrets encryption had ever been enabled.
  • Fixed the known issue that caused migrating an admin cluster from non-HA to HA to fail if secret encryption was enabled.
  • Fixed the issue that caused the Pre-upgrade tool to block upgrading a user cluster to version 1.30 or higher because of an incorrect storage driver validator check.

The following vulnerabilities are fixed in 1.30.200-gke.101:

Critical container vulnerabilities:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.200-gke.101

Google Distributed Cloud for bare metal 1.30.200-gke.101 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.200-gke.101 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Updated the bmctl update command to identify differences (if any) between the preview feature annotations in the cluster configuration file and the annotations in the deployed Cluster resource.

Fixes:

  • Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.

  • Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Looker Studio

Cart conversion fields

The following cart conversion are now available in the New Search Ads 360 connector:

  • Orders (Cart)
  • Avg. cart size
  • Avg. order value
  • Cross-sell cost of goods sold
  • Cross-sell gross profit
  • Cross-sell revenue
  • Cross-sell units sold
  • Lead cost of goods sold
  • Lead gross profit
  • Lead revenue
  • Lead units sold
  • Cost of goods sold
  • Gross profit
  • Revenue (Cart)
  • Units sold (Cart)
Sensitive Data Protection

The INDONESIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

Spanner now lets you create incremental backups through a backup schedule. You can specify when and how often backups are created, and how long they're retained.

An incremental backup contains only the data that has changed since the previous backup. Incremental backups typically consume less storage, and can help reduce your storage costs.

Incremental backups are available on the Enterprise and Enterprise Plus editions.

For more information about incremental backups, see Backups overview.

Spanner is now available on Database Center in Preview. You can track your Spanner resources in the fleet inventory section and the resource table in the Database Center. You can also use Database Center to monitor the following health issues for your Spanner resources:

  • Short backup retention
  • Last backup older than 24h
  • Not replicating across regions

For more information about Database Center, see Database Center overview. For more information about health issues supported for Spanner, see Supported health issues.

An open-source Cassandra to Spanner proxy adapter is now available. You can use it to migrate workloads from Cassandra or DataStax Enterprise (DSE) to Spanner without making any changes to your application logic. For more information, see Cassandra to Spanner proxy adapter.

reCAPTCHA

reCAPTCHA Mobile SDK v18.7.0-beta01 is now available for Android.

This version contains a dependency on com.google.android.gms:play-services-recaptchabase for enhanced detection.

October 09, 2024

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL minor versions are upgraded to 15.7 and 14.12. For more information, see AlloyDB and AlloyDB Omni version policies.

App Hub

You can now view system metrics for your App Hub applications on App Hub and using the Metrics Explorer. You can also create charts to monitor specific metrics using App Hub metadata labels. These features are now available in Preview.

Artifact Registry

Artifact Registry artifact download rules are in Preview.

Download rules let you restrict downloads at the repository and package level. To learn more, see Restrict artifact downloads. To configure download rules, follow the instructions in Restrict artifact downloads with download rules.

Assured Workloads

You can now view and apply workload updates to ensure that your workloads are using the most recent control package configuration. This feature is available in the Preview stage.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Network Services API
    • networkservices.googleapis.com/WasmPlugin
    • networkservices.googleapis.com/WasmPluginVersion
  • Artifact Registry
    • artifactregistry.googleapis.com/Rule
Cloud Logging

Ops Agent release 2.51.0 adds support for Compute Engine Arm VMs that are running Rocky Linux 8.

Cloud Monitoring

With the Ops Agent version 2.51.0, you can now collect a set of observability metrics from NVIDIA Data Center GPU Manager (DCGM). For more information, see NVIDIA Data Center GPU Manager (DCGM).

Your App Hub applications are now writing metadata labels. You can use these labels to filter the data displayed by a chart or monitored by an alerting policy. App Hub labels have the prefix of apphub_.

From the context of an App Hub host, you can now view system metrics for your applications. To view system metrics stored in multiple projects, configure the metrics scope of the App Hub host project. For more information, see the following documents:

Ops Agent release 2.51.0 adds support for Compute Engine Arm VMs that are running Rocky Linux 8.

Cloud SQL for SQL Server

Cloud SQL configures the max server memory (mb) flag based on the instance size automatically by limiting the amount of memory that SQL Server can allocate for its internal pools. For more information, see Configure database flags.

You can export the transaction logs for point-in-time recovery (PITR) that Cloud SQL stores in Cloud Storage. This feature is in Preview.

Compute Engine

Public preview: Instance flexibility in a managed instance group (MIG) lets you configure multiple machine types in the group. This can improve resource availability for applications that require large-scale capacity and high-demand hardware. For more information, see About instance flexibility in MIGs.

Generative AI on Vertex AI

The Vertex AI Gemini API SDK supports tokenization capabilities for local token counting and computation. This is a streamlined way to compute tokens locally, ensuring compatibility across different Gemini models and their tokenizers. Supported models include gemini-1.5-flash and gemini-1.5-pro . To learn more, see Count tokens.

Google Cloud Armor

Cloud Armor support for IP address groups is Generally Available.

Cloud Armor support for regional internal Application Load Balancers is Generally Available. You can use the regional backend security policy type with this load balancer. For more information, see types of security policies.

Google Cloud VMware Engine

VMware Engine ve2 nodes are available in Frankfurt, Germany, Europe (europe-west3-b).

VMware Engine ve1 nodes are available in Jurong West, Singapore, APAC (asia-southeast1-b).

Looker

Looker 24.18 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, October 14, 2024

  • Expected Looker (original) final deployment and download available: Thursday, October 24, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, October 14, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, October 28, 2024

As of Looker 24.18, Google Maps is the only visualization engine for all map visualizations. The Legacy Maps chart type has been removed from Looker. The Allow Legacy Maps Legacy feature has been removed. Please reach out to Looker Support if you encounter any issues.

Note: As of October 17, 2024, this feature has been disabled to resolve an issue. When the feature is available, this release note will be updated. In Looker application API methods that include a query_id field, or, in the case of Query APIs, an id field, the query_id and id fields no longer accept a numeric value and now require a query slug value.

The LookML validator will now return an error if an Explore name contains the % character. The % character will also be highlighted as an invalid character for object names in the Looker IDE.

The Studio in Looker feature is now available to preview for most Looker-hosted and Looker (Google Cloud core) instances. This opt-in feature lets you create, view, and edit Looker Studio reports in your Looker instance, including both governed and ad hoc data. You can share and manage your reports in Looker folders and see your recent reports and the reports that you have marked as favorites from the Looker Home page.

For more information, see the Studio in Looker Public Preview documentation:

Both Looker (Google Cloud core) customers and Looker (original) customers who use Google OAuth for authentication must sign up for the preview using the Sign-up for Looker Cloud Core form. Looker (Google Cloud core) customers who use Google OAuth authentication only need to submit the form once.

Looker (original) customers who use authentication methods other than Google OAuth do not need to submit the sign-up form.

Note: This release notes item was updated on October 10, 2024 to include the list of Public Preview documents. This release note was also updated on October 15, 2024 to clarify which customers are required to submit the sign-up form.

The Chart Config Editor now lets you change the data label color.

The Chart Config Editor now supports a {log} variable, which returns all available data values for an attribute. We recommend that you use this feature only while building and testing visualizations, as it can affect visualization performance.

Improved search now returns more complete results for folders and Explores.

The Home page now displays updated Favorites and Recently Viewed sections.

The Explore query tracker is now generally available. The query tracker includes a progress bar that appears in the Explore UI when a query is running and that tracks the phases of the query. The GA release includes a new sidebar with a detailed breakdown of times for each query stage as well as a new System Activity dashboard for query performance that enables deeper exploration. Note: This item was added to the release notes on October 10, 2024.

An issue has been fixed where the model_fieldname_suggestions API failed to generate suggestions when a suggest_explore and suggest_dimension were defined. This feature now performs as expected.

When a field is referenced in a SQL field that does not allow field references, such as sql_table_name, the LookML validator message that is returned is now more descriptive.

Previously, interacting with chart legends could impact visualization performance. This feature now performs as expected.

The Get Async Query Results API now returns a string rather than a QueryTask object.

An issue that was preventing users from downloading or scheduling dashboards without any tiles has been resolved. This feature now performs as expected.

An issue has been fixed where heatmaps would not render data when switching from a legacy map to a Google Maps visualization. This feature now performs as expected. Note: As of Looker 24.18, Google Maps is the only visualization engine for all map visualizations.

Previously, drilling on values with ampersands would return incomplete results. This feature now performs as expected.

The filters tab in the Save to Dashboard dialog in an Explore now scrolls when there are many filters present.

Looker now loads projects faster when a user first enters dev mode for a project.

Cloud Audit Log is now generally available for Looker (Google Cloud Core) instances.

You can use the BigQuery Quickstart connection to create a default BigQuery connection that can leverage Application Default Credentials.

The principal_subject attribute in the Cloud audit logs now includes the Looker user ID.

The Propose to switch to google map if mapbox fails within the dashboard Looker Labs feature has been removed. All map visualizations are now rendered with Google Maps.

The Dashboard in Drill Menus Looker Labs feature has been removed. Use the LookML link parameter instead.

SAP on Google Cloud

SAP HANA: support for deploying striped disk to host the data directory

To enable you to deploy striped disks for hosting the /hana/data directory, we have done the following:

  • Updated our documentation with the minimum sizes for SSD-based Persistent Disk and Hyperdisk volumes.

    For more information, see Minimum sizes for SSD-based persistent disks and Hyperdisks in the SAP HANA planning guide.

  • Introduced deployment automation support through the enable_data_striping Terraform argument. You can use this argument to provision a striped disk to host the /hana/data directory while deploying SAP HANA scale-up, scale-up HA, and scale-out HA systems with Terraform.

    This argument is available from version 1.3.674800406 of the Terraform modules sap_hana and sap_hana_ha, provided by Google Cloud. For more information, see the deployment guide for your SAP HANA scenario.

Google Cloud's Agent for SAP version 3.6

Version 3.6 of Google Cloud's Agent for SAP is generally available (GA). This version introduces striped disk support for SAP HANA backup and recovery by using the disk snapshot feature, metric enhancements for monitoring SAP HANA, and other minor enhancements.

For more information, see What's new with Google Cloud's Agent for SAP.

Security Command Center

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date October 9, 2024, introduces a new widget, an updated ingestion logic, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, October 2024.

Spanner

Spanner now supports a subset of pg_system_catalog tables and views. For more information, see pg_system_catalog tables and pg_system_catalog views.

October 08, 2024

Apigee Advanced API Security

On October 8, 2024 we released an updated version of Advanced API Security.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

New features added to the Risk Assessment v2 preview

This release introduces new features to the Risk Assessment v2 preview:

  • Support for custom security profiles. You can create your own security profiles, with unique combinations of risk assessment checks and weights, to use for proxy risk assessment.
  • New assessment checks. We've added additional checks you can use when assessing proxy risk.
  • Assess proxies across multiple profiles. You can now switch between security profiles to see differences in scoring across profiles.

For usage information and a list of all features in Risk Assessment v2, see the Risk Assessment v2 customer documentation.

Apigee X

On October 8, 2024, we released an updated version of Apigee (1-13-0-apigee-6).

This release addresses the security concerns in GCP-2024-052 from Google Anthos Service Mesh.

Bug ID Description
361714906 Fixed synchronization issue with Cloud KMS keys

Implemented recovery mechanism for the Apigee dataplane in the event of an extended disruption in the CloudKMS key service.

361044374 Resolved issue with incorrect payloads shown in debug trace

When using debug trace with the AssignMessage policy, the UI now displays the correct request and response payloads.

N/A Updates to security infrastructure and libraries.
Application Integration

Build integrations with Gemini Code Assist (GA)

Building integrations with Gemini Code Assist is now generally available (GA).

Additionally, if you have API Hub enabled in your project, then Gemini can assist you to provide contextually appropriate Call REST Endpoint tasks and task configuration recommendations based on the logical flow of your existing integration. For more information see, Configure Call REST API tasks.

BigQuery

You can now use pipe syntax anywhere you write GoogleSQL. Pipe syntax supports a linear query structure designed to make your queries easier to read, write, and maintain. This feature is in Preview.

Bigtable

Hot backups, optimized backups to restore your data to production performance availability more efficiently, are now generally available (GA). For more information, see Backups overview.

Cloud Composer

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.2
  • composer-3-airflow-2.9.1-build.9 (default)
  • composer-3-airflow-2.7.3-build.18

Cloud Composer 2.9.6 images are available:

  • composer-2.9.6-airflow-2.9.3
  • composer-2.9.6-airflow-2.9.1 (default)
  • composer-2.9.6-airflow-2.7.3

Cloud Composer version 2.4.5 has reached its end of support period.

Cloud Database Migration Service

Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL does not automatically enable point-in-time recovery (PITR) for the destination instance when you promote the migration job. You can enable PITR after the migration is complete.

For more information, see Promote a migration and Known limitations.

Compute Engine

Preview: An updated version of the gVNIC driver for Windows offers improved network performance and support for Jumbo frames. For more information, see Update to the latest gVNIC driver for Windows.

Dataproc
Security Command Center

Vulnerability management dashboard released to Preview

The new Vulnerability management dashboard lets you investigate CVE vulnerabilities identified in your Google Cloud and AWS environments.

This feature is available in Preview.

Vertex AI

Vector Search Private Service Connect automation

Deploying an index with Private Service Connect automation is generally available (GA). You can set up a service connection policy so that you don't have to manually create a compute address and forwarding rule after each index deployment.

For more information, see Set up Vector Search with Private Service Connect.

October 07, 2024

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.63.1 (2024-10-01)

Bug Fixes
  • bigquery/storage: Increase method timeout to 240s for BigQuery Metastore Partition Service API version v1alpha (fdb4ea9)
  • bigquery: Create read session with client or job projectID (#10932) (f98396e)
  • bigquery: Missing schema for empty result set on stateless queries (#10935) (28a069a)

Java

Changes for google-cloud-bigquery

2.43.0 (2024-10-01)

Features
  • Add max staleness to ExternalTableDefinition (#3499) (f1ebd5b)

2.42.4 (2024-09-30)

Dependencies
  • Update actions/checkout action to v4.2.0 (#3495) (b57fefb)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.51.0 (#3480) (986b036)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.53.0 (#3504) (57ce901)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240905-2.0.0 (#3483) (a6508a2)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.55.0 (#3481) (8908cfd)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.57.0 (#3505) (6e78f56)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.0 (#3490) (a72c582)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#3496) (8f2e5c5)
  • Update dependency ubuntu to v24 (#3498) (4f87ade)
  • Update github/codeql-action action to v2.26.10 (#3506) (ca71294)
  • Update github/codeql-action action to v2.26.7 (#3482) (e2c94b6)
  • Update github/codeql-action action to v2.26.8 (#3488) (a6d75de)
  • Update github/codeql-action action to v2.26.9 (#3494) (8154043)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.45.0 (2024-10-03)

Features
  • Add support for Cloud Bigtable Node Scaling Factor for CBT Clusters (caf879c)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.46.1 (caf879c)
  • Support override monitoring endpoint (#2364) (a341eb8)
Dependencies
  • Downgrade grpc to 1.67.1 (#2366) (1baecb3)
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.45.0 (#2363) (9d24c45)
Cloud Logging

You can now include pipe syntax in the SQL queries you run on the Log Analytics page. For more information, see the BigQuery documentation about pipe syntax.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.3 (2024-10-01)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#1698) (9491512)
  • Update dependency org.apache.maven.plugins:maven-deploy-plugin to v3.1.3 (2b6ea70)
Cloud Monitoring

The user interface for configuring which events to show on a dashboard has been simplified. For more information, see Show events on a dashboard.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.44.0 (2024-10-03)

Features
  • storage/dataflux: Add dataflux interface (#10748) (cb7b0a1)
  • storage/dataflux: Add range_splitter #10748 (#10899) (d49da26)
  • storage/dataflux: Add worksteal algorithm to fast-listing (#10913) (015b52c)
  • storage/internal: Add managed folder to testIamPermissions method (2f0aec8)
  • storage/transfermanager: Add option to StripPrefix on directory download (#10894) (607534c)
  • storage/transfermanager: Add SkipIfExists option (#10893) (7daa1bd)
  • storage/transfermanager: Checksum full object downloads (#10569) (c366c90)
  • storage: Add direct google access side-effect imports by default (#10757) (9ad8324)
  • storage: Add full object checksum to reader.Attrs (#10538) (245d2ea)
  • storage: Add support for Go 1.23 iterators (84461c0)
  • storage: Add update time in bucketAttrs (#10710) (5f06ae1), refs #9361
  • storage: GA gRPC client (#10859) (c7a55a2)
  • storage: Introduce gRPC client-side metrics (#10639) (437bcb1)
  • storage: Support IncludeFoldersAsPrefixes for gRPC (#10767) (65bcc59)
Bug Fixes
  • storage/transfermanager: Correct Attrs.StartOffset for sharded downloads (#10512) (01a5cbb)
  • storage: Add retryalways policy to encryption test (#10644) (59cfd12), refs #10567
  • storage: Add unknown host to retriable errors (#10619) (4ec0452)
  • storage: Bump dependencies (2ddeb15)
  • storage: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • storage: Check for grpc NotFound error in HMAC test (#10645) (3c8e88a)
  • storage: Disable grpc metrics using emulator (#10870) (35ad73d)
  • storage: Retry gRPC DEADLINE_EXCEEDED errors (#10635) (0018415)
  • storage: Update dependencies (257c40b)
  • storage: Update google.golang.org/api to v0.191.0 (5b32644)
Performance Improvements
Documentation
  • storage/internal: Clarify possible objectAccessControl roles (2f0aec8)
  • storage/internal: Update dual-region bucket link (2f0aec8)
Container Optimized OS

cos-113-18244-151-96

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Update R535, default driver to v535.183.06.

Updated the GPU installer to v2.4.1.

Disabled MGLRU by default due to integration issues with Kubernetes.

Upgraded nvidia-container-toolkit to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.

Fixed CVE-2024-46744 in the Linux kernel.

Fixed CVE-2024-46750 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812030

cos-117-18613-0-76

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Update R535, default driver to v535.183.06.

Disabled MGLRU by default due to integration issues with Kubernetes.

Upgraded to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.

Fixed CVE-2024-46744 in the Linux kernel.

Fixed CVE-2024-46750 in the Linux kernel.

Fixed CVE-2024-46786 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811758 -> 811772

cos-109-17800-309-84

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Update R535, default driver to v535.183.06.

Updated the GPU installer to v2.4.1.

Upgraded nvidia-container-toolkit to v1.16.2. Fixed CVE-2024-0132 and CVE-2024-0133.

Fixed CVE-2024-46744 in the Linux kernel.

Fixed CVE-2024-46750 in the Linux kernel.

cos-105-17412-448-61

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Update R535 default driver to v535.183.06.

Updated the GPU installer to v2.4.1.

Fixed CVE-2024-46744 in the Linux kernel.

Fixed CVE-2024-46750 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812662 -> 812685

cos-101-17162-528-57

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Updated the GPU installer to v2.4.1.

Fixed CVE-2024-46750 in the Linux kernel.

Updated the GPU installer to v2.4.1.

Fixed CVE-2024-46750 in the Linux kernel.

cos-dev-121-18699-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.52 v24.0.9 v1.7.22 See List

Upgraded chromeos-base/shill-client to v0.0.1-r4695.

Runtime sysctl changes:

  • Changed: fs.file-max: 811711 -> 811792

Datastream

The maximum row size that Datastream supports when streaming data to Cloud Storage is now increased to 100 MB.

Filestore

Deletion protection is now generally available for Filestore instances.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.22.0 (2024-09-26)

Features
  • Add sample code for multiple inequalities indexing consideration query (#1579) (1286792)
  • Introducing Tracing with OpenTelemetry API #1537 (#1576) (5440c22)
Bug Fixes
  • Update opentelemetry-sdk dependency to be test-only (#1595) (9d719e8)
  • Update opentelemetry.version to 1.42.1 to match the BOM version (#1598) (23c5c26)
Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.43.0 (#1584) (fae3b74)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.0 (#1590) (2db9e43)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#1602) (e1b7d4b)
  • Update dependency com.google.guava:guava-testlib to v33.3.1-jre (#1592) (5d078a4)
  • Update dependency com.google.testparameterinjector:test-parameter-injector to v1.17 (#1585) (8f74a49)
Spanner

Full-text search overview is now generally available.

Spanner now lets you create and manage backup schedules. You can use backup schedules to meet your organization's data protection and compliance needs. You can specify the following when creating a backup schedule:

  • When and how often your databases are backed up.
  • The retention duration of the backups created.
  • The encryption type of the backups created.

For more information about backup schedules, see Backups overview.

Speech-to-Text

Speech-to-Text has updated the Generally Available Chirp 2 model, further enhancing its ASR accuracy and multilingual capabilities. Under the existing chirp_2 model flag, you can experience significant improvements in accuracy and speed, as well as support for word-level timestamps, model adaptation, and speech translation. Finally, Chirp 2 can support Streaming Recognizer requests, in addition to the already supported Sync and Batch Recognition requests, allowing its use in realtime applications.

Explore the new chirp_2 model's capabilities and learn how to leverage its full potential by visiting our updated documentation and tutorials.

Workload Manager

Preview: Workload Manager now supports deploying Microsoft SQL Server workloads on Google Cloud. You can configure and deploy a SQL Server system using the Guided Deployment Automation tool in Workload Manager. For more information, see Overview of SQL Server deployment.

October 06, 2024

Application Integration

Local logging in async mode (Generally available (GA))

By default, local logging for new integrations is now enabled in async mode. With this change, the log data is persisted (written) at fixed intervals or after the completion of the integration's execution, whichever is earlier. You can change the default settings by editing the integration details.

For more information, see Local logging.

Test cases (Preview)

You can now test if your integration is working as intended by creating and running test cases on your complex integrations.

For information about test case, see Introduction to test cases. Learn how to do the following:

Diagram mode in the Data Transformer Task (Preview)

The Diagram mode provides a console-based experience to select the input and output variables and perform transformations in the data transformation editor. For more information, see the Data Transformer task.

Replay execution (Preview)

You can now rerun a failed integration with the same parameters as the previous execution. For more information, see Replay executions.

Cancel execution (Preview)

If you have executions that are suspended due to an approval task or a technical issue, you can now choose to cancel those executions. For more information, see Cancel executions.

Google SecOps

When performing a search on entities in the SOAR search page, you can now focus on more precise results by using the new condition Equals, in addition to the default condition Contains.

Google SecOps SOAR

Release 6.3.20 is now in General Availability.

Remote Agents 2.2.0 is now in General Availability.

October 05, 2024

Google SecOps SOAR

Release 6.3.21 is currently in Preview.

When performing a search on entities in the SOAR search page, you can now focus on more precise results by using the new condition Equals, in addition to the default condition Contains.

October 04, 2024

Apigee Advanced API Security

On October 4, 2024 we released an updated version of Advanced API Security.

Fixed: Delay in score generation for Risk Assessment v2 with VPC-SC-enabled organizations only

In Risk Assessment v2, which is in preview, this issue has been resolved:

With VPC-SC-enabled organizations only, when generating scores for new organizations or scoring changes to included proxies, shared flows, and target server configurations, score generation could have take as much as three hours.

See the Risk Assessment v2 customer documentation for information on the functionality.

Risk Assessment v2 is now available in the me-central2 region. See Available Apigee API Analytics Regions for region information.

Apigee hybrid

hybrid v1.13.1

On October 4, 2024 we released an updated version of the Apigee hybrid software, 1.13.1.

Cassandra credential rotation in Vault

Starting in version v1.3.1, You can set up automatic Cassandra credential rotation when your credentials are stored in Hashicorp Vault. See Rotating Cassandra credentials in Hashicorp Vault.

New analytics and debug data pipeline for data residency-enabled orgs

Newly created Apigee hybrid v1.13.1 orgs created with data residency enabled can use a new data pipeline to collect analytics and debug data and allow various runtime components to write data directly to our control plane. You cannot use the new data pipeline with non data residency-enabled orgs; only new orgs created on hybrid v1.13.1 can use this new feature. For details, see Using data residency with Apigee hybrid.

Bug ID Description
364282883 Remove check for dc-expansion flag and add timeout to multi-region seed host connection test.
362305438 You can now add additional env variables to the runtime component.
353527851 WebSocket connection drops when using VerifyJwt or OAuthV2 VerifyJWTAccessToken operations.
351440306 An issue was fixed where trace could not be viewed in the UI for orgs with DRZ enabled.
338638343 An ID is now added at the end of apigee-env and virtualhost guardrails pods to make the pod names unique.
Bug ID Description
N/A Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
Channel Services

Partners selling Workspace and ChromeOS products can now import customers who currently work with a different reseller or Google.

To import a customer, you must have the purchase consent from the customer for the product group that you want to buy for them.

Learn how to change a reseller's purchase consent.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Dataproc Generative AI on Vertex AI

The AI assistant in Vertex AI Studio can help you refine and generate prompts. This feature is in Preview. To learn more, see Use AI-powered prompt writing tools.

Prompt Guard and Flux were added to Model Garden.

You can deploy Hugging Face models on Google Cloud that have text embedding inference enabled or pytorch inference enabled. For more information, see the Hugging Face model deployment in the console.

Added multiple deployment settings (with A100-80G and H100) and sample requests for some popular models, including Llama 3.1, Gemma 2, and Mixtral.

Added dynamic LoRA serving for Llama 3.1 and Stable Diffusion XL.

Google Kubernetes Engine

The following beta APIs were added in Kubernetes 1.31 and are available in GKE version 1.31.1-gke.1361000 and later:

  • networking.k8s.io/v1beta1/ipaddresses
  • networking.k8s.io/v1beta1/servicecidrs

Enabling both APIs at the same time enables the Multiple Service CIDRs Kubernetes feature in a GKE cluster. For more information, see the following resources:

During the beta phase, you can only create Service CIDRs in the 34.118.224.0/20 reserved IP address range to avoid possible issues with overlapping IP address ranges.

Ray Operator on GKE is now generally available on 1.29 and later. Ray Operator is a GKE add-on that lets you manage and scale Ray applications. To learn more, see the Ray Operator documentation.

CVE-2024-45016 was discovered in the Linux kernel, which can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more details, see the GCP-2024-057 security bulletin.

Security Command Center

Manage security postures using the Google Cloud console

You can now create, deploy, update, and delete security postures using the Google Cloud console. This feature is available in Preview.

For more information, see Manage a security posture.

Spanner

Spanner now supports the SAFE_TO_JSON function in GoogleSQL-dialect databases. You can use this function to convert SQL objects to JSON objects. Unlike TO_JSON, this function converts invalid JSON types to JSON null values, rather than errors.

October 03, 2024

Access Context Manager

Generally available: App allowlist support for context-aware access

You can now create an access binding with a map of applications to access levels to apply access levels to specific applications, avoiding unintended effects on other applications. For more information, see Create an access binding with a map of applications to access levels.

Apigee UI

On October 3, 2024, we released an updated version of the Apigee UI.

Bug ID Description
369647749 Proxy deployment units counts include shared flows

Fixed issue where proxy deployment unit counts in the UI did not take into account shared flow deployments.

369385955 Fixed the display of the Apigee apps list

Resolved an issue causing Apigee apps to display incorrectly in the Apps list when the search bar is used for filtering.

361497390 Updated the description and calculation of Apigee deployment quotas

The deployment quota displayed on the Apigee overview page now correctly describes and calculates the value of all proxy deployment units, including both API proxy and shared flow deployments across all environments./p>

Artifact Registry

Artifact Registry support for OCI specifications v1.1 is generally available in Docker format repositories.

You can upload containerized metadata about another container image to Artifact Registry as an attachment. To learn more, see Manage container metadata.

Assured Workloads

The following products are now supported by the following control packages. See supported products for more information:

  • Access Context Manager, Eventarc, GKE Hub, and Speech-to-Text
    • Australia Regions
    • Australia Regions with Assured Support
    • Brazil Regions
    • Canada Regions
    • Canada Regions and Support
    • Chile Regions
    • EU Regions
    • EU Regions and Support
    • India Regions
    • Indonesia Regions
    • Israel Regions
    • Israel Regions and Support
    • Japan Regions
    • Singapore Regions
    • South Korea Regions
    • Switzerland Regions
    • Taiwan Regions
    • UK Regions
    • US Regions
    • US Regions and Support
  • Secret Manager
    • EU Regions and Support
    • Israel Regions and Support
    • US Regions and Support

Cloud Run and Filestore are now supported by the following control packages. See supported products for more information:

BigQuery

You can now create an external dataset in BigQuery that links to an existing database in Spanner. This feature is in preview.

ODBC driver update, release 3.0.7 1016

  • [New] Connector authentication on Google Cloud VMs: The connector now supports authentication through Application Default Credentials using the Google internal metadata server, eliminating the need for a keyfile. This feature works only on Google Cloud Compute Engine VMs.
  • [Resolved] The output for PrimaryKeys previously denoted the Key Sequence as a 0-indexed value. This has been corrected to a 1-indexed value, indicating the sequential order of the primary key's column within the primary key itself.
Cloud SQL for MySQL

You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. With server CA mode, you have two options:

  • Per-instance CA: this is the default configuration. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance.
  • Shared CA: with this option, the Cloud SQL instance uses a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service). The subordinate server CAs in a region sign the server certificates and are shared across instances in the region. This option can be used only with MySQL 8.0.30 and later.

For more information about each option, see Certificate authority (CA) hierarchies. This feature is in Preview.

Cloud SQL for PostgreSQL

The pg_ivm extension, version 1.9, is generally available. This extension enables you to make materialized views up-to-date in which only incremental changes are computed and applied on views rather than recomputing the contents from scratch.

Cloud SQL for PostgreSQL, version 16, now supports the pgRouting extension. This extension extends PostGIS and enhances geospatial processing through network routing and analysis.

For more information on these extensions, see Configure PostgreSQL extensions.

The rollout of the following minor versions, extension versions, and plugin versions is underway:

Minor versions

  • 12.19 is upgraded to 12.20.
  • 13.15 is upgraded to 13.16.
  • 14.12 is upgraded to 14.13.
  • 15.7 is upgraded to 15.8.
  • 16.3 is upgraded to 16.4.

Extension and plugin versions

  • google_ml_integration is upgraded from 1.2 to 1.4.2.
  • pgvector is upgraded from 0.7.0 to 0.7.4.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20240910.01.00_02. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. With server CA mode, you have two options:

  • Per-instance CA: this is the default configuration. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance.
  • Shared CA: with this option, the Cloud SQL instance uses a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service). The subordinate server CAs in a region sign the server certificates and are shared across instances in the region.

For more information about each option, see Certificate authority (CA) hierarchies. This feature is in Preview.

Cloud SQL for SQL Server

You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. With server CA mode, you have two options:

  • Per-instance CA: this is the default configuration. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance.
  • Shared CA: with this option, the Cloud SQL instance uses a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service). The subordinate server CAs in a region sign the server certificates and are shared across instances in the region.

For more information about each option, see Certificate authority (CA) hierarchies. This feature is in Preview.

Colab Enterprise

Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, is generally available. Gemini in Colab Enterprise helps you write code by suggesting code as you type. You can also use the Help me code tool to generate code from a description of what you want.

Gemini in Colab Enterprise is available to try at no cost through December 31, 2024.

To learn how to enable and activate Gemini in Colab Enterprise features, see Set up Gemini in Colab Enterprise.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.600-gke.109 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.600-gke.109 runs on Kubernetes v1.29.8-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.

Fixed the following vulnerabilities in 1.29.600-gke.109:

Critical container vulnerabilities:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Kubernetes Engine

(2024-R38) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1000000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1342000
    • 1.28.13-gke.1119000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.31.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1000000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1000000 with this release.

Regular channel

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1057000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1057000 with this release.

Extended channel

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

No channel

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.

(2024-R38) Version updates

  • Version 1.31.1-gke.1000000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1342000
    • 1.28.13-gke.1119000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.31.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1000000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1000000 with this release.

(2024-R38) Version updates

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

(2024-R38) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1057000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1057000 with this release.

(2024-R38) Version updates

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

(2024-R38) Version updates

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
Network Connectivity Center

Producer VPC Spokes is now available in public preview.

If you have a VPC network that consumes a service offered through private services access, you can use a Network Connectivity Center producer VPC spoke to make the service reachable by other spokes on a hub.

Security Command Center

GKE Security Posture vulnerability findings now support attack exposure scores

GKE runtime OS vulnerability findings detected by GKE Security Posture in Google Cloud are now scored by attack path simulations. Use these attack exposure scores on vulnerabilities to help secure the resources that are the most valuable to your business and to address the most significant vulnerabilities in your GKE clusters. For more information, see Attack exposure scores.

Sovereign Controls by Partners Spanner

You can now create an external dataset in BigQuery that links to an existing database in Spanner. This feature is in Preview.

October 02, 2024

Agent Assist

Agent Assist now offers a native UI Connector with Twilio Flex to integrate with voice conversations. See the documentation for details.

AlloyDB for PostgreSQL

The alloydb_scann extension (previously named postgres_scann) is generally available (GA) for the AlloyDB service in Google Cloud. For more information about storing vector embeddings, creating indexes, and tuning indexes to achieve faster query performance and better recall, see Work with vectors.

AlloyDB Omni is in Limited Availability on the Aiven Platform. Aiven provides managed AlloyDB Omni as a service on multiple public clouds. For more information, see Store your data on any major cloud.

Apigee X

On October 2, 2024, we released an updated version of Apigee.

With this release, all remaining Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features.

To learn more about:

Subscription Apigee organizations (without hybrid entitlements) upgraded in this release will see changes to the user experience in the Classic Apigee UI. To support management of the upgraded functionality now available to these organizations, a number of feature administration pages are now only available in the Apigee UI in Cloud console.

For more information, see Apigee UI in Cloud console navigation.

Cloud Logging

You can now use Terraform commands to a create or update a log scope. For more information, see Create a log scope.

Container Optimized OS

cos-117-18613-0-66

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Promoted M117 to stable.

Firestore in Datastore mode

You can now use property transforms like increment in the REST API. This feature is in Preview.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.100-gke.96 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.100-gke.96 runs on Kubernetes v1.30.4-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Fixed the following issues in 1.30.100-gke.96:

  • Fixed the known issue where updating dataplaneV2.forwardMode didn't automatically trigger anetd DaemonSet restart.

Fixed the following vulnerabilities in 1.30.100-gke.96:

Memorystore for Valkey

Added support for Valkey version 8.0 (Preview). For more information, see Supported versions.

Spanner

You can perform vector similarity search using the now Generally Available K-nearest neighbors (KNN) vector distance functions:

  • COSINE_DISTANCE()
  • EUCLIDEAN_DISTANCE()
  • DOT_PRODUCT()

For more information, see Perform vector similarity search in Spanner by finding the K-nearest neighbors.

The FLOAT32 (GoogleSQL) and float4/real (PostgreSQL) data types are Generally Available.

October 01, 2024

Agent Assist

Agent Assist now offers Live transcription adaptation in preview. See the documentation for more details.

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • New recommended field counterparty_account.region_code added to the Transaction table.
  • The new engine version uses this field to account for risks associated with the region of the counterparty account.
Cloud Composer

(Available without upgrading) Fixed the cause of DAG run failures for runs created from the Cloud Console when the [scheduler]allowed_run_id_pattern Airflow configuration option is set to a custom value.

(Airflow 2.9.3 and 2.9.1) The apache-airflow-providers-google package was upgraded to version 10.23.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.22.0 to version 10.23.0.

(Airflow 2.9.3 and 2.9.1) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.4.2 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 8.4.1 to version 8.4.2.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.1
  • composer-3-airflow-2.9.1-build.8 (default)
  • composer-3-airflow-2.7.3-build.17

Cloud Composer 2.9.5 images are available:

  • composer-2.9.5-airflow-2.9.3
  • composer-2.9.5-airflow-2.9.1 (default)
  • composer-2.9.5-airflow-2.7.3

Cloud Composer version 2.4.4 has reached its end of support period.

Cloud Run

Service-level minimum instances are now generally available (GA).

Cloud SQL for MySQL

Cloud SQL for MySQL 8.4 is now generally available. For more information about the differences between MySQL 8.4 and MySQL 8.0, review What Is New in MySQL 8.4 since MySQL 8.0.

By default, if you specify MySQL 8.4 as the version when you create a Cloud SQL instance (either primary or replica) using the gcloud CLI or the REST API, then the Cloud SQL edition is Enterprise Plus.

If you specify a version other than MySQL 8.4 or don't specify a version, then the default Cloud SQL edition of the instance is Enterprise.

For more information about the implementation of MySQL 8.4 in Cloud SQL, see the following topics:

To create a MySQL 8.4 instance in Cloud SQL, see Create instances. Before you upgrade to MySQL 8.4, you must first upgrade to MySQL 8.0.37 or later. To perform a major version upgrade, see Upgrade the database major version in-place. To perform a minor version upgrade of Cloud SQL for MySQL 8.0, see Upgrade the database minor version.

Cloud SQL for SQL Server

You can now use the gcloud sql instances patch command to update the time zone of your Cloud SQL for SQL Server instance after you create the instance. Previously, you could only set a custom time zone for a SQL Server instance when you first created the instance. For more information about setting the time zone for a Cloud SQL for SQL Server instance, see About instance settings.

Cloud Service Mesh

The following images are now rolling out for managed Cloud Service Mesh:

  • 1.19.10-asm.19 is rolling out to the rapid release channel.
  • 1.19.10-asm.19 is rolling out to the regular release channel.
  • 1.19.10-asm.19 is rolling out to the stable release channel.

1.19.10-asm.19 contains the fixes for the security vulnerabilities listed in GCP-2024-052 and uses Envoy v1.27.7.

A known issue with asmcli for 1.23 is now fixed. Customers might have seen the following error when attempting to install in-cluster Cloud Service Mesh 1.23:

asmcli: Downloading ASM..
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now

A new version of asmcli with the fix has released.

Config Controller

Config Controller now uses the following versions of its included products:

Document AI

Custom Extractor pretrained-foundation-model-v1.2-2024-05-10 and pretrained-foundation-model-v1.3-2024-08-31 are now Stable versions.

v1.2 and v1.3 now have the following features:

  • Fine-tuning is now available in Public preview.
  • They were internally upgraded to a higher quality model.
  • The labeling system has been upgraded to use the latest version of the OCR model.

v1.2 is recommended for the best quality. v1.3 is recommended for the lowest latency.

We recommend creating a new processor and relabeling the training and evaluation documents to benefit from both the improved quality with the new processor versions of Custom Extractor (v1.2 and v1.3) and the enhanced labeling system.

Firestore

You can now use customer-managed encryption keys (CMEK) in Firestore to protect your data. This feature is generally available (GA) behind an allow-list.

For more information, see Customer-managed encryption keys (CMEK).

Firestore in Datastore mode

You can now use customer-managed encryption keys (CMEK) in Datastore to protect your data. This feature is generally available (GA) behind an allow-list.

For more information, see Customer-managed encryption keys (CMEK).

The Java client library for Firestore in Datastore mode now supports client-side tracing. This feature is in Preview.

Generative AI on Vertex AI

Grounding: Dynamic retrieval for grounded results (GA)

Dynamic retrieval lets you choose when to turn off grounding with Google Search. This is useful when a prompt doesn't require an answer grounded in Google Search, and the supported models can provide an answer based on their knowledge without grounding. Dynamic retrieval helps you manage latency, quality, and cost more effectively.

This feature is Generally Available. For more information, see Dynamic retrieval.

Google Cloud Architecture Center

(New guide) Enterprise application on Compute Engine VMs with Oracle Exadata in Google Cloud: Provides a reference architecture for an application that's hosted on Compute Engine VMs with connectivity to Oracle Cloud Infrastructure (OCI) Exadata databases in Google Cloud.

Google Distributed Cloud (software only) for bare metal

Release 1.29.600-gke.108

Google Distributed Cloud for bare metal 1.29.600-gke.108 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.600-gke.108 runs on Kubernetes 1.29.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

GKE now supports the Parallelstore CSI driver in allowlisted general availability (GA), which means that you can reach out to your Google support team to use the service under GA terms.

Parallelstore accelerates AI/ML training and excels at saturating individual compute clients, ensuring that expensive compute resources are efficiently used. The product demonstrated a 3.9x training time improvement and 3.7x better throughput improvement compared to native ML framework data loaders and saturates single clients NIC bandwidth at 90%+.

For details, see About the GKE Parallelstore CSI driver.

In GKE version 1.30.3-gke.1639000 and later and 1.31.0-gke.1058000 and later, GKE can handle GPU and TPU node disruptions by notifying you in advance of a shutdown and by gracefully terminating your workloads. This feature is generally available. For details, see Manage GKE node disruption for GPUs and TPUs.

Memorystore for Redis

Added support for custom constraints. For more details, see Manage Memorystore for Redis resources with custom constraints.

Memorystore for Redis Cluster

Added support for custom constraints. For more details, see Manage Memorystore for Redis Cluster resources with custom constraints.

Instance configurations are now Generally Available on Memorystore for Redis Cluster.

Pub/Sub

Pub/Sub adds support for OpenTelemetry tracing. OpenTelemetry tracing lets you identify and trace the latency of various Pub/Sub client library operations.

Security Command Center

Data residency for Security Command Center is now available in the Kingdom of Saudi Arabia.

Sensitive Data Protection

The current default LOCATION infoType detection model, which is accessible when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy.

The old detection model that was previously accessible by setting InfoType.version to legacy is no longer accessible.

The region restriction on the LOCATION infoType has been lifted. It is now available in all regions.

Spanner

Spanner now supports end-to-end tracing in preview, along with client-side tracing in the Java and Go client libraries. You can opt-in for end-to-end traces to have more visibility into the application to Spanner latencies. For more information, see Trace collection overview.

Vertex AI Agent Builder

Vertex AI Agent Builder: Dynamic retrieval for grounded results (GA with allowlist)

Dynamic retrieval lets you choose when to turn off grounding with Google Search. This is useful when a prompt doesn't require an answer grounded in Google Search and the supported models can provide an answer based on their own knowledge without grounding. Dynamic retrieval helps you manage latency, quality, and cost more effectively.

This feature is available to select Google Cloud customers (GA with allowlist). For more information, see Dynamic retrieval.

September 30, 2024

AlloyDB for PostgreSQL

AlloyDB outbound public IP connectivity on primary and secondary instances is generally available (GA).

Artifact Registry

Artifact Analysis is gradually rolling out regionalized data storage and endpoints to help support compliance with data residency requirements. The Container Analysis API stores metadata in the same region or multi-region as the Artifact Registry repository where your image is scanned.

For more information, see Metadata storage locations.

Backup and DR

Backup and DR Service added support to view unprotected resource logs in Cloud Logging.

Backup and DR Service added support to view unprotected resource reports in BigQuery.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.9.1 (2024-09-23)

Bug Fixes
  • Throw timeout error when using jobs.query (#1402) (cf962a5)

Python

Changes for google-cloud-bigquery

3.26.0 (2024-09-25)

Features
  • Include LegacyPandasError in init imports (#2014) (3ab5e95)
  • Use bigquery-magics package for the %%bigquery magic (#1965) (60128a5)
Bug Fixes
  • Add docfx to the presubmit configuration and delete docs-presubmit (#1995) (bd83cfd)
  • Add warning when encountering unknown field types (#1989) (8f5a41d)
  • Allow protobuf 5.x; require protobuf >=3.20.2; proto-plus >=1.22.3 (#1976) (57bf873)
  • Do not set job timeout extra property if None (#1987) (edcb79c)
  • Set pyarrow field nullable to False for a BigQuery field in REPEATED mode (#1999) (5352870)
Dependencies
  • Bump min version of google-api-core and google-cloud-core to 2.x (#1972) (a958732)
Documentation

You can now use flexible column names with BigQuery tables and views for extracting, loading, streaming, and querying data. This feature is generally available (GA).

You can now use the operational health dashboard to get a single-pane view of key metrics such as slot usage, shuffle usage, errors, and total storage in real time. This feature is generally available (GA).

You can now create a materialized view replica directly from the Google Cloud console. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.44.1 (2024-09-26)

Bug Fixes
  • Add RetryCallable to the callable chain (#2348) (0330d77)
  • Pass deadline through ExecuteQuery RetrySettings (#2355) (6bc9820)
  • Time based flakiness in execute query deadline test (#2358) (b474173)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#2351) (40c428e)
Cloud Billing

View and manage unexpected costs with Anomaly Detection (in preview)

You can now view and manage cost spikes that deviate from your historical spend patterns using the Anomalies dashboard (preview). Each anomaly comes with a detailed root cause analysis that identifies the top services, regions, and SKUs that contributed to the spike.

Learn more about using Anomaly Detection to manage costs.

Cloud Load Balancing

The regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, now support a configurable client HTTP keepalive timeout. The client HTTP keepalive timeout represents the maximum amount of time that a TCP connection can be idle between the (downstream) client and the target HTTP(S) proxy.

For details, see

This capability is available in General Availability.

Cloud Logging

The layout of the Logs Explorer page has been changed. For more information, see View logs by using the Logs Explorer.

The pricing for vended network logs has changed. For more information see the following:

Cloud Monitoring

You can now apply and modify dashboard-wide filters by selecting the filter option within the cell of a table. For example, if a table has a column named zone and a cell that displays us-east5-b, then selecting the filter button in that cell applies the dashboard-wide filter zone: us-east5-b. For more information about filtering your dashboard, see the following documents:

Cloud NAT

Hybrid NAT is available in General Availability.

Cloud Run functions

You can now manage function resources using custom constraints that get enforced at the project level. This support is at the Preview release level.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.43.1 (2024-09-26)

Bug Fixes
  • Add managed folder to testIamPermissions method (556dd95)
  • deps: Update the Java code generator (gapic-generator-java) to 2.46.0 (556dd95)
  • Remove server unimplemented GrpcStorageImpl#{get,list,create,delete,Update}HmacKey (#2717) (06f7292)
  • Remove server unimplemented GrpcStorageImpl#{get,list,create,delete}Notification (#2710) (310c9b2)
  • Remove server unimplemented GrpcStorageImpl#getServiceAccount (#2718) (51076a8)
  • Update grpc based ReadObject rpcs to remove race condition between cancellation and message handling (#2708) (2c7f088)
  • Update grpc upload error diagnostics to be tolerant of receiving an error if no request has been sent (#2732) (fff72d5)
  • Update GrpcStorageOptions to attempt direct path by default (#2715) (9de9a92)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.0 (#2721) (11f09fe)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#2738) (eb320e1)
  • Update googleapis/sdk-platform-java action to v2.46.1 (#2736) (795f2c3)
Compute Engine
Container Optimized OS

cos-dev-121-18698-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.52 v24.0.9 v1.7.22 See List

Upgraded app-admin/google-guest-configs to v20240924.00.

Upgraded app-admin/google-osconfig-agent to v20240924.02.

Upgraded app-admin/google-guest-configs to v20240905.00.

Upgraded app-admin/fluent-bit to v3.1.8.

Upgraded app-containers/docker-credential-gcr to v2.1.25.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r642.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2449.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2801.

Upgraded chromeos-base/debugd-client to v0.0.1-r2712.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2947.

Upgraded chromeos-base/minijail to v18-r155.

Upgraded chromeos-base/shill-client to v0.0.1-r4688.

Upgraded dev-python/configobj to v5.0.9.

Upgraded net-firewall/iptables to v1.8.10-r1.

Upgraded net-libs/libtirpc to v1.3.5.

Upgraded dev-libs/nss to v3.104.

Upgraded net-dns/c-ares to v1.33.1.

Updated the Linux kernel to v6.6.52.

Update R550, latest driver to v550.90.12.

Updated cos-gpu-installer to v2.4.2. This enables creation of /dev/dri when loading nvidia-drm.ko for COS kernels build with loadable drm and dependent modules.

Removed sys-libs/libsepol and sys-libs/libselinux.

Removed dev-libs/libusb.

Removed sys-libs/gdbm.

Removed dev-python/zope-interface.

Updated net-misc/curl to 8.10.0.

cos-105-17412-448-57

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Fixed A3 Edge VM names in google guest agent configs.

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-42246 in the Linux kernel

cos-beta-117-18613-0-66

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Fixed A3 Edge VM names in google guest agent configs and upgrade to v20240725.

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46762 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46737 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46796 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

cos-113-18244-151-88

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Fixed A3 Edge VM names in google guest agent configs.

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46737 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

cos-109-17800-309-77

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Fixed A3 Edge VM names in google guest agent configs.

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

cos-101-17162-528-54

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Updated cos-gpu-installer to v2.4.0. It identifies GPU drivers before installation.

Fixed CVE-2024-42246 in the Linux kernel

Fixed CVE-2024-46763 in the Linux kernel.

Fixed CVE-2024-46679 in the Linux kernel.

Fixed CVE-2024-46721 in the Linux kernel

Fixed CVE-2024-46800 in the Linux kernel

Fixed CVE-2024-46743 in the Linux kernel

Fixed CVE-2024-46738 in the Linux kernel

Fixed CVE-2024-40905 in the Linux kernel

Cortex Framework

Release 6.0

GitHub Submodules

Submodules are officially removed. Workloads have been migrated as follows:

Previous Submodule New Directory
cortex-dag-generator cortex-data-foundation/tree/main/src/SAP/SAP_CDC
cortex-ml-models cortex-data-foundation/tree/main/src/SAP/SAP_ML_MODELS
cortex-reporting cortex-data-foundation/tree/main/src/SAP/SAP_REPORTING
cortex-salesforce cortex-data-foundation/tree/main/src/SFDC
cortex-marketing cortex-data-foundation/tree/main/src/marketing

Note: As announced in release 5.4, workload specific repositories will continue to receive code updates for at least one more release.

New Data Sources

  • Marketing: YouTube (with DV360). Get comprehensive overview of your campaign spend, performance and audience targeting with actionable insights for paid media campaigns on YouTube purchased in DV360 platform. Access the Looker Block for YouTube (with DV360) with sample dashboards for faster data analysis and exploration.

  • Marketing: Google Analytics 4 (GA4). Understand website engagement and purchases using page views, time spent, call to action ratios, average purchases, lifetime value over time, traffic volumes, and success rates for defined conversion.

  • Oracle EBS: Measure and understand Order to Cash operational metrics around sales performance, order status, order fulfillment, invoicing, and receivables with new BigQuery integration templates and data models. Access the Looker Block for Oracle EBS with sample dashboards for further analytics.

New Cloud Build features support

Added support for the following Cloud Build features:

SAP

  • SAP Raw to CDC DAG: Rewrote logic and became less costly with about 25% improvement in performance.
  • Fiscal dimension: All views now use the new Fiscal Dimension instead of function. ECC/S4 specific Fiscal Functions are now removed as announced in v3.1. Fiscal functions will be removed in the next version.
  • Future deprecation: Legacy Currency_Conversion and Currency_Decimal functions will be deprecated in the next version. Join the views currency_conversion and currency_decimal instead.
  • Finance: New views for FSV, Cost, and Profit center hierarchy that supersedes the old hier_reader local k9, which will be removed in the next version. For more information, see Cortex Framework: integration with SAP.
  • Improved SalesStatus_Items and S/4 Billing logic.
  • Inventory: Moved the following views and functions from src/SAP/SAP_REPORTING/local_k9/inventory_snapshots to src/SAP/SAP_REPORTING/{SAP_FLAVOR}; and renamed them to make the structure more logical and succinct. Also added notes and instructions on this module in the Cortex Framework: integration with SAP . There isn't any content or logic change.

    • From 00_stock_characteristics_config to StockCharacteristicsConfig.
    • From 00_slow_moving_threshold to SlowMovingThreshold.
    • From 0_{weekly|monthly}_inventory_aggregation.sql to Aggregate{Weekly|Monthly}Inventory.
    • From stock_weekly_snapshots_inventory_aggregation_update to UpdateMonthlyInventoryAggregation.
    • From 01_stock_{weekly|monthly}_snapshots to Update{Weekly|Monthly}StockSnapshots.

Data Mesh

  • Added support for annotations on nested fields.
  • Removed inherited default values for lake regions and zone location types. These values need to be provided if deploying lakes and zones.

New documentation page

Misc Technical Notes

  • Upgraded Google Ads API from v15 to v17.1. For field name changes, see Google Ads API upgrade notes.
  • Moved deployment configs for Language and Currency to workload specific sections. This affects SAP and Oracle EBS data sources.
  • Officially dropped Airflow v1 support.
  • Adding test harness support for new BigQuery regions africa-south1 and europe-west10.
  • Deployer log verbosity reduced by 75% for reporting deployment steps across all workloads.
  • Cloud Composer (Airflow) DAGs now use current python and BigQuery operators in place of deprecated airflow.operators.python_operator and airflow.contrib.operators.bigquery_operator operators.
  • Patched multiple Python library vulnerabilities.
  • Deprecated Credly badging.

Known issues and limitations

  • Data Mesh deployments where only column descriptions are deployed require Data Catalog API to be enabled. This will be patched in a future release.
  • Local K9 for SAP produces a temporary folder (tmp*) in the target bucket for DAGs. Please, remove it manually. There is no impact in the execution.
Dataform

The maximum size limit for workspaces encrypted with customer-managed encryption keys (CMEK) is 512 MB. For more information about Dataform quotas and limits, see Quotas and limits. For more information about encrypting Dataform repositories with CMEK, see Use customer-managed encryption keys.

Dataplex

Managed connectivity pipelines are generally available (GA). Use a managed connectivity pipeline to extract metadata from third-party sources and import it into Dataplex Catalog. You develop your own connector that extracts metadata, and use Workflows for orchestration and scheduling.

For more information, see Managed connectivity overview, Import metadata from a custom source using Workflows, and Develop a custom connector for metadata import.

Also, the metadata import API methods are GA. For more information, see Import metadata using a custom pipeline.

Dataproc

Blocklisted the following Dataproc on Compute Engine subminor image versions:

  • 2.0.120-debian10, 2.0.120-rocky8, 2.0.120-ubuntu18
  • 2.1.68-debian11, 2.1.68-rocky8, 2.1.68-ubuntu20, 2.1.68-ubuntu20-arm
  • 2.2.34-debian12, 2.2.34-rocky9, 2.2.34-ubuntu22
Developer Connect

Developer Connect is now Generally Available (GA). This launch introduces the following features:

  • Connectivity with several more source code management tools, including GitHub Enterprise Cloud, GitHub Enterprise, GitLab and GitLab Enterprise

  • Integration with Gemini Code Assist, helping you get coding tips tailored to your private repositories

Gemini Code Assist users can connect their source code on GitHub or GitLab repositories and GitHub Enterprise, GitHub Enterprise Cloud, GitLab Enterprise repositories hosted on networks that can be accessed via the public internet.

Learn more at Developer Connect overview.

Filestore

NFSv4.1 protocol support, integrated with Managed Service for Microsoft Active Directory, is now generally available for zonal, regional, and enterprise instances.

Generative AI on Vertex AI

Prompt templates let you to test how different prompt formats perform with different sets of prompt data. This feature is in Preview. To learn more, see Use prompt templates.

Google SecOps

The case report now includes all information written on the case wall.

It is now possible to merge cases where the requester is not the assignee both in the platform and through the API endpoint: api/external/v1/cases-queue/bulk-operations/MergeCases

Google SecOps SOAR

Remote Agents 2.2.0 Release is currently in Preview.

Logs quality and coverage enhancements.

Identity Platform

Custom organization policies for Identity Platform are generally available (GA). You can use custom organization policies to allow or deny specific operations on Identity Platform resources for the security, compliance, or governance requirements of your application.

For more information, see Use custom organization policies.

Parallelstore

Parallelstore, Google's managed Parallel File System service, is now generally available (GA).

Parallelstore offers extreme IOPS and throughput, at very low latencies. Parallelstore supports capacities between 12 and 100 TiB and is POSIX-compatible.

Please contact your sales representative to use Parallelstore in your Google Cloud project.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.132.3 (2024-09-26)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.3 (#2173) (294d039)
  • Update dependency com.google.cloud:google-cloud-core to v2.44.0 (#2184) (faecb3b)
  • Update dependency com.google.cloud:google-cloud-core to v2.44.1 (#2190) (9ea45dc)
  • Update dependency com.google.cloud:google-cloud-storage to v2.43.0 (#2174) (ae800d7)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.0 (#2185) (5ca2c7c)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#2191) (555216e)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.2 (#2179) (c9bbd2c)

Python

Changes for google-cloud-pubsub

2.25.0 (2024-09-28)

Features

2.24.0 (2024-09-24)

Features
Bug Fixes

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.25.1 (2024-09-29)

Bug Fixes
  • Update the requirements.txt for samples directory (#1263) (5cce8b1)

The message retention duration option for a subscription specifies how long Pub/Sub retains messages after publication. The maximum value for this property is now increased to 31 days. For more information, see Message retention duration.

Sensitive Data Protection

The FINLAND_BUSINESS_ID infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.68.0 (2024-09-25)

Features
  • spanner: Add support for Go 1.23 iterators (84461c0)
Bug Fixes
  • spanner/test: Bump dependencies (2ddeb15)
  • spanner: Bump dependencies (2ddeb15)
  • spanner: Check errors in tests (#10738) (971bfb8)
  • spanner: Enable toStruct support for structs with proto message pointer fields (#10704) (42cdde6)
  • spanner: Ensure defers run at the right time in tests (#9759) (7ef0ded)
  • spanner: Increase spanner ping timeout to give backend more time to process executeSQL requests (#10874) (6997991)
  • spanner: Json null handling (#10660) (4c519e3)
  • spanner: Support custom encoding and decoding of protos (#10799) (d410907)
  • spanner: Unnecessary string formatting fixes (#10736) (1efe5c4)
  • spanner: Wait for things to complete (#10095) (7785cad)
Performance Improvements
Documentation
  • spanner: Fix Key related document code to add package name (#10711) (bbe7b9c)

Java

Changes for google-cloud-spanner

6.74.0 (2024-08-27)

Features
  • spanner: Add edition field to the instance proto (6b7e6ca)
Documentation
  • Change the example timestamps in Spanner Graph java sample code (#3295) (b6490b6)

6.74.1 (2024-09-16)

Bug Fixes
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#3329) (654835f)

6.75.0 (2024-09-19)

Features
  • Support multiplexed session for blind write with single use transaction (#3229) (b3e2b0f)

6.76.0 (2024-09-27)

Features
  • Add opt-in flag and ClientInterceptor to propagate trace context for Spanner end to end tracing (#3162) (0b7fdaf)
  • Add samples for backup schedule feature APIs. (#3339) (8cd5163)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.46.1 (1719f44)

Python

Changes for google-cloud-spanner

3.49.0 (2024-08-27)

Features
  • Create a few code snippets as examples for using Spanner Graph in Python (#1186) (f886ebd)
  • spanner: Add resource reference annotation to backup schedules (#1176) (b503fc9)
  • spanner: Add samples for instance partitions (#1168) (55f83dc)
Bug Fixes
  • JsonObject init when called on JsonObject of list (#1166) (c4af6f0)

3.49.1 (2024-09-06)

Bug Fixes
  • Revert "chore(spanner): Issue#1143 - Update dependency" (92f05ed)
Workflows

A math.floor function has been added to return the largest integer less than or equal to a given number.

September 29, 2024

Google SecOps SOAR

Release 6.3.19 is now in General Availability.

September 28, 2024

Google SecOps SOAR

Release 6.3.20 is currently in Preview.

The case report now includes all information written to the Case wall.

It is now possible to merge cases where the requester is not the assignee both in the platform and through the API endpoint: api/external/v1/cases-queue/bulk-operations/MergeCases

Custom integration is reverted to the latest imported code after saving custom integration settings. (ID #53578268)

Remote agents not visible in the drop-down field. (ID #53299495)

Timeout error when trying to add an alert grouping rule. (ID #00298026)

Time Zone sync issue (ID #52421707)

Inaccurate case tag data in Advanced Reports (ID #00308538)

Tags are displayed in the database after being deleted from the platform (ID #53263012)

Timeout error for playbook action (ID #52418008)

September 27, 2024

Access Approval

Access Approval supports Speech-to-Text in the GA stage.

Access Approval supports Dataplex in the Preview stage.

Access Transparency

Access Transparency supports Dataplex in the Preview stage.

Assured Workloads

The IRS Publication 1075 control package is now available in Preview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Data Lineage API
    • datalineage.googleapis.com/Process
  • Cloud Logging
    • logging.googleapis.com/Link
  • Cloud Next Generation Firewall Enterprise
    • networksecurity.googleapis.com/AddressGroup
  • Gemini for Google Cloud API
    • cloudaicompanion.googleapis.com/CodeRepositoryIndex
    • cloudaicompanion.googleapis.com/RepositoryGroup
Cloud Billing

Avoid charges for underutilized Compute Engine reservations in the FinOps hub

You can now get recommendations to modify or delete your underutilized, on-demand reservations for Compute Engine resources when you haven't consumed your specified threshold of resources for at least 7 days.

Learn about reservation recommendations
View and apply underutilized reservation recommendations

Confidential VM

Support for Intel TDX on c3-standard-* machine types is now released to General Availability.

Google Cloud Architecture Center

(New guide) Business continuity with CI/CD on Google Cloud: Learn how to plan and implement business continuity and disaster recovery (DR) for the CI/CD process.

Retail API

Vertex AI Search for retail: Conversational search API

As part of Search for retail's Guided search package, ConversationalSearchSpec sits on top of the Retail API. When coverage parameters are met, Search for retail users can enable this feature in the console or by setting the followup_conversation_requested flag to true in the search service interface. Conversational search uses an LLM-generated question for each catalog attribute where allowed_in_conversation field is enabled.

For more information, see Conversational search.

Vertex AI Search for retail: Tile navigation

As part of Search for retail's Guided search package, tile navigation allows tiles to appear for each of the most likely to be used dynamic facets across a search page. The objective is to increase filter usage to narrow search faster.

For more information, see Tile navigation.

Virtual Private Cloud

Private Service Connect supports IPv6 in General Availability for the following supported configurations:

For more information, see IP version translation.

September 26, 2024

Agent Assist

Agent Assist now offers a new version of summarization with custom sections in preview. Summarization with custom sections V3.1 reduces latency and improves quality from V3.0.

Anthos Config Management

You can now configure Config Sync fleet defaults with gcloud commands starting in gcloud version 494.0.0. See the Config Sync gcloud documentation for reference.

Config Sync now supports GitHub App authentication for GitHub repositories. See Grant access to Git for more information. This release note was added on October 4, 2024.

Upgraded the git-sync dependency from v4.2.3 to v4.2.4.

Apigee API hub

On September 26, 2024, Apigee announced the GA launch of Apigee API hub.

A new "Get started with API hub" page was added to the user interface. This new page includes valuable getting started information, including a new FAQ, to help you get the most out of API hub.

We added a new Supply chain page where you can create, view and manage your dependencies across API operations. The same dependencies can also be created from the API operations page. See Manage dependencies.

The Semantic Search (formerly Smart Search) user interface has been improved, and search results are shown across all API hub entities, such as APIs, deployments, specifications, and versions. See Search and filter APIs.

We added support for GMEK and CMEK in the provisioning steps. While provisioning, you can also choose to host your Vertex search data in a different location or disable Vertex search altogether. See Provision API hub.

We added support for Cloud audit logging.

The List APIs for specifications, dependencies, and external APIs have been enhanced to return a complete response, including user-defined attributes.

While you can use API hub by making direct REST over HTTP requests, we now provide client libraries for several popular languages. See API hub client libraries.

Significant user interface improvements were made, such as standardization of cards on the API details page, unlinking of deployments, various performance fixes, and more.

Apigee X

On September 26, 2024 we released an updated version of Apigee.

If you have CMEK org policy constraints on your Google Cloud project, Apigee will enforce compliance with those constraints and guide you in choosing valid configuration, and prevent you from using Apigee features that are not CMEK-compliant.

The following documents are new and explain how to use CMEK with Apigee:

The following documents have been updated with the relevant CMEK information:

A known issue was added: Apigee does not support Cloud External Key Manager.

A known issue was added: Apigee does not support key re-encryption, which means even after rotation, the old key version will still be used and you cannot change the CMEK key after org creation.

BigQuery

Cloud console updates: You can now use keyboard shortcuts to control tab navigation in the details pane. This feature is generally available (GA).

Cloud Billing

Use Gemini AI assistant to find or create Billing Reports (preview)

Gemini Cloud Assist in Cloud Billing Reports provides FinOps-focused AI assistance to create the cost reports you need to analyze your cost trends and to summarize key insights from the cost reports.

Gemini Cloud Assist in Cloud Billing Reports helps you to:

  • Use saved reports: Quickly access existing reports to analyze your spending.
  • Create new reports: Configure custom reports with AI assistance to get the exact data you need.
  • Summarize reports: Get AI-powered summaries of your reports to quickly understand key cost trends and insights.

Enable the Gemini for Google Cloud API in a project to turn on Gemini Cloud Assist in Cloud Billing Reports.

For more information about Gemini Cloud Assist features in Cloud Billing Reports, see:

Cloud Data Fusion

The SAP ODP batch source plugin version 0.11.3 is available in Cloud Data Fusion versions 6.8.0 and later. This release includes the following changes:

  • Fixed an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage. To address the issue, you must upgrade the Cloud Storage client library to version 2.3.0 or later.

  • Fixed an issue causing memory errors in the SAP system. You can choose to load changed data without loading historical data first. You can select this option in the plugin properties.

Compute Engine

OS Login POSIX groups support is deprecated. For more information, see OS Login POSIX groups support deprecation.

Deep Learning Containers

M125 release

  • TensorFlow 2.17 container images are now available.
Deep Learning VM Images

M125 release

  • TensorFlow 2.17 VM images are now available.
Dialogflow

Starting in late 2024 and ending in early 2025, there will be changes to some Dialogflow product names, feature names, and consoles. See the documentation for complete details.

Dialogflow CX: You can now enable security checks to prevent prompt injection attacks. See the documentation for details.

Dialogflow CX: Cloud Text-to-Speech europe-west1 and europe-west3 regions for Neural2 voices now use corresponding regions.

Document AI

Effective April 9, 2025, the following Custom Extractor versions will no longer be accessible:

  • pretrained-foundation-model-v1.0-2023-08-22
  • pretrained-foundation-model-v1.1-2024-03-12

You will need to migrate to a later version to avoid any service disruptions, such as pretrained-foundation-model-v1.2-2024-05-10 and pretrained-foundation-model-v1.3-2024-08-31 for improved quality from the latest proprietary vision models and foundation models.

We understand that this update requires planning, but we're here to support you during this process. If you have questions or need assistance, contact Google Cloud support.

The following earlier versions of Document AI Enterprise Document Optical Character Recognition (OCR) and Expense Parser will be discontinued in the United States (US) and European Union (EU) starting April 30, 2025.

Enterprise Document OCR:

  • pretrained-ocr-v1.0-2020-09-23
  • pretrained-ocr-v1.1-2022-09-12

Expense Parser:

  • pretrained-expense-v1.2-2022-02-18
  • pretrained-expense-v1.3-2022-07-15
  • pretrained-expense-v1.4-2022-11-18

To ensure uninterrupted service and benefit from improved extraction quality, we recommend you migrate to the following later versions before April 30, 2025:

Enterprise Document OCR (US and EU):

Expense Parser (US and EU):

To learn more about the migration process, refer to our Manage processor versions documentation.

If you have any questions or require assistance, contact us at Google Cloud support.

Google Cloud VMware Engine

VMware Engine ve2 nodes are available in Frankfurt, Germany, Europe (europe-west3-a).

Google Kubernetes Engine

(2024-R37) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.0-gke.1577000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
    • 1.30.4-gke.1476000
    • 1.31.0-gke.1506000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1577000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1577000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

Stable channel

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

Extended channel

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

No channel

  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1476000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

(2024-R37) Version updates

  • Version 1.31.0-gke.1577000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
    • 1.30.4-gke.1476000
    • 1.31.0-gke.1506000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1577000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1577000 with this release.

(2024-R37) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

(2024-R37) Version updates

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R37) Version updates

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1006000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.

(2024-R37) Version updates

  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.16-gke.1051001
    • 1.28.12-gke.1052000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1104000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1476000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
Looker Studio

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

New funnel chart option

The new funnel chart option lets you visualize how a metric changes over events in a sequential process.

Learn more about funnel charts in Looker Studio.

Microsoft Excel connector available

The Microsoft Excel connector lets you access the data stored in an Excel worksheet.

Vertex AI Workbench

M125 release

The M125 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Patched a vulnerability with adm and docker permissions when the instance's root access isn't enabled.

The M125 release of Vertex AI Workbench managed notebooks includes the following:

  • Patched a vulnerability with adm and docker permissions when the instance's root access isn't enabled.

M125 release

The M125 release of Vertex AI Workbench instances includes the following:

  • bigframes 1.9.0 is now available in all environments except TensorFlow.
  • Fixed a regression introduced in M124 where Conda was getting downgraded to an older version.
  • Patched a vulnerability with adm and docker permissions when the instance's root access isn't enabled.

September 25, 2024

AlloyDB for PostgreSQL

You can now set up AlloyDB free trial clusters using a copy of your Cloud SQL for PostgreSQL backup. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Application Integration

View logs in Cloud Logging

Viewing integration execution logs in Cloud Logging is now generally available (GA). For more information, see View logs in Cloud Logging

Bigtable

You can perform similarity vector search in Bigtable by finding the K-nearest neighbors. This feature is available as part of the GoogleSQL for Bigtable Preview.

Cloud Identity

Cloud Identity POSIX groups are deprecated. As of September 26, 2024, you can no longer create new POSIX groups, and existing POSIX groups will be removed on or after September 26, 2025. For more information, see POSIX groups deprecation.

Cloud SQL for PostgreSQL

You can now set up AlloyDB free trial clusters using a copy of your Cloud SQL for PostgreSQL backup. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Cloud Storage

Cross-bucket replication is now available in Cloud Storage. You can use cross-bucket replication to copy new and updated objects asynchronously from a source bucket to a destination bucket. For more information on how to use cross-bucket replication, see Using cross-bucket replication.

Generative AI on Vertex AI

The Llama 3.2 90B model is available in Preview on Vertex AI. Llama 3.2 90B enables developers to build and deploy the latest generative AI models and applications that use Llama's capabilities, such as image reasoning. Llama 3.2 is also designed to be more accessible for on-device applications. For more information, see Llama models.

Google Cloud Architecture Center

Google Cloud Architecture Framework: Cost optimization: Major update to align the recommendations with core principles of cost optimization.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.1000-gke.59 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.1000-gke.59 runs on Kubernetes v1.28.13-gke.600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.

Fixed the following vulnerabilities in 1.28.1000-gke.59:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.100-gke.96

Google Distributed Cloud for bare metal 1.30.100-gke.96 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.100-gke.96 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Added --skip-preflight flag to the bmctl upgrade command to prevent preflight checks from running during an upgrade.

The following container image security vulnerabilities have been fixed in 1.30.100-gke.96:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Security Command Center

YARA rule names that appear in Virtual Machine Threat Detection findings will be renamed

On or after October 28, 2024, YARA rule names that appear in Malware: Malicious file on disk (YARA) findings from Virtual Machine Threat Detection will be renamed. This update will resolve naming inconsistencies in the YARA rules. The new naming convention will contain the prefix, designation, type, name, and iteration of the YARA rule. The following are examples of the new names:

  • Ext_FE_Hunting_Linux_CYCLOPSBLINK_FEBeta
  • M_APT_Controller_REDFLARE_1
  • M_Backdoor_REDSONJA_4
  • M_Cryptomine_XMRIG_1
Spanner

Spanner now supports the spanner.farm_fingerprint() hash function in PostgreSQL-dialect databases.

Vertex AI Agent Builder

Vertex AI Search: gemini-1.5-flash-002/answer_gen/v1 model

The gemini-1.5-flash-002/answer_gen/v1 model is available for answer generation. This model is based on the gemini-1.5-flash-002 model and has been further tuned to address question and answering tasks.

For more information, see Answer generation model versions and lifecycle.

Vertex AI Search: Update to the preview model

The preview model for answer generation has been updated to gemini-1.5-pro-002 from gemini-1.5-pro-001.

For more information, see Answer generation model versions and lifecycle.

September 24, 2024

Access Approval

Access Approval supports Vertex AI Search in the GA stage.

Application Integration

The Resolve JSON Path data transformer function is now available. This function resolves a JSON path on a given JSON object by using the JSONPath reference.

BigQuery

You can now use Cloud KMS Autokey to automate the creation and use of customer-managed encryption keys (CMEKs), including the Cloud HSM service. This feature is generally available (GA).

BigQuery ML now offers the following expanded embedding support features:

Try these capabilities with the following tutorials:

These features are generally available (GA).

BigQuery ML now offers the following AI features:

These BigQuery ML feature are generally available (GA).

Cloud Database Migration Service

Database Migration Service support for homogeneous SQL Server to Cloud SQL for SQL Server migrations is now generally available (GA). For more information, see Database Migration Service for homogeneous SQL Server documentation.

Database Migration Service for homogeneous PostgreSQL migrations to AlloyDB for PostgreSQL now supports PostgreSQL version 16. See Supported source and destination databases in AlloyDB for PostgreSQL migrations.

Cloud Key Management Service

Cloud KMS with Autokey is now in General Availability for Cloud Storage, Compute Engine, BigQuery, Secret Manager, Cloud SQL, and Spanner.

Autokey simplifies creating and using customer-managed encryption keys (CMEKs) by automating provisioning and assignment. With Autokey, key rings, keys, and service accounts don't need to be planned and provisioned before they're needed. Instead, Autokey generates keys on demand as resources are created.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings. For more information, see Autokey overview.

Cloud Run

GPU support (Preview) is now available in the following region: asia-southeast1.

Cloud Storage

Cloud Storage is now enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Customer-managed encryption keys. To learn more about Cloud KMS Autokey, see Autokey overview.

Generative AI on Vertex AI

New stable versions of Gemini 1.5 Pro (gemini-1.5-pro-002) and Gemini 1.5 Flash (gemini-1.5-flash-002) are Generally Available. These models introduce broad quality improvements over the previous 001 versions, with significant gains in the following categories:

  • Factuality and reduce model hallucinations
  • Openbook Q&A for RAG use cases
  • Instruction following
  • Multilingual understanding in 102 languages, especially in Korean, French, German, Spanish, Japanese, Russian, and Chinese.
  • SQL generation
  • Audio understanding
  • Document understanding
  • Long context
  • Math and reasoning

For more information about differences with the previous model versions, see Model versions and lifecycle.

The 2M context window with Gemini 1.5 Pro is now in Generally Available, which opens up long-form multimodal use cases that only Gemini can support.

Use Gemini to directly analyze YouTube videos and publicly available media (such as images, audio, and video) by using a link. This feature is in Public Preview.

The new API parameters audioTimestamp, responseLogprob, and logprobs are in Public Preview. For more information, see API reference.

Gemini 1.5 Pro and Gemini 1.5 Flash now support multimodal input with function calling. This feature is in Preview.

The Vertex AI prompt optimizer adapts your prompts using the optimal instructions and examples to elicit the best performance from your chosen model. This feature is available in Preview. To learn more, see Optimize prompts.

Gemini 1.5 Pro and Gemini 1.5 Flash Tuning is now available in GA. Tune Gemini with text, image, audio, and document data types using the latest models:

  • gemini-1.5-pro-002
  • gemini-1.5-flash-002

Gemini 1.0 tuning remains in preview.

For more information on tuning Gemini, see Tune Gemini models by using supervised fine-tuning.

The latest versions of Gemini 1.5 Flash (gemini-1.5-flash-002) and Gemini 1.5 Pro (gemini-1.5-pro-002) use dynamic shared quota, which distributes on-demand capacity among all queries being processed. Dynamic shared quota is Generally Available.

Google Kubernetes Engine

GKE clusters using the Network Policy feature and Pods specifying a hostPort might have experienced networking connectivity issues after control plane upgrades. As a precaution, GKE disabled auto-upgrades for potentially impacted clusters.

The following GKE versions contain a fix for this issue and are safe to manually upgrade to:

  • 1.27.16-gke.1342000 or later
  • 1.28.13-gke.1078000 or later
  • 1.29.8-gke.1157000 or later
  • 1.30.4-gke.1282000 or later
  • 1.31 or later

GKE control plane upgrades are now resumed and clusters will be auto-upgraded when the patch version becomes an auto-upgrade target for your clusters, honoring maintenance windows and exclusions.

Looker

The following Gemini in Looker features are available in Public Preview:

To learn more about how to activate these features, see Administer Gemini on your Looker (Google Cloud core) instance.

Spanner

Spanner now offers editions, a tier-based pricing model that provides greater flexibility, better cost transparency, and opportunities for cost savings. You can choose between the Standard, Enterprise, and Enterprise Plus editions, letting you pick the right set of capabilities to fit your needs and budget. To learn more, read the Spanner editions overview and blog.

Spanner is now enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Customer-managed encryption keys (CMEK) overview. To learn more about Cloud KMS Autokey, see the Autokey overview.

September 23, 2024

App Engine flexible environment PHP App Engine standard environment PHP BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.63.0 (2024-09-18)

Features
  • bigquery/migration: Update MS API stubs with Unified API (1bb4c84)
  • bigquery: Add support for Go 1.23 iterators (84461c0)
  • bigquery: New client(s) (#10774) (9638b8d)
Bug Fixes
  • bigquery: Bump dependencies (2ddeb15)
  • bigquery: ProcessStream check ctx done when queuing non retryable err (#10675) (60ad7f3)
  • bigquery: Properly handle RANGE type arrays (#10883) (ce3d492)
  • bigquery: Remove retry on FailedPrecondition (#10671) (ab9a961)
  • bigquery: Update dependencies (257c40b)
  • bigquery: Update google.golang.org/api to v0.191.0 (5b32644)
Documentation
  • bigquery/datatransfer: Add a note to the CreateTransferConfigRequest and UpdateTransferConfigRequest to disable restricting service account usage (2710d0f)
  • bigquery/datatransfer: Deprecate authorization_code (84461c0)
  • bigquery/migration: A comment for field name in message .google.cloud.bigquery.migration.v2.MigrationWorkflow is changed to include 'Identifier' (1bb4c84)
  • bigquery/migration: A comment for field translation_config_details in message .google.cloud.bigquery.migration.v2.MigrationTask is changed (1bb4c84)
  • bigquery/migration: A comment for field type in message .google.cloud.bigquery.migration.v2.MigrationTask is changed to include new supported types (1bb4c84)
  • bigquery/storage: A comment for field location_uri in message .google.cloud.bigquery.storage.v1alpha.StorageDescriptor is changed (2710d0f)
  • bigquery/storage: A comment for message StreamMetastorePartitionsRequest is changed (2710d0f)
  • bigquery/storage: A comment for message StreamMetastorePartitionsResponse is changed (2710d0f)

You can now create workflows to execute code assets in sequence at a scheduled time. This feature is in Preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.44.0 (2024-09-16)

Features
Dependencies
Buildpacks Carbon Footprint

Scope 2 market-based emissions data is now Generally Available. This metric represents purchased electricity, incorporating Google's annual renewable energy purchases. Scope 2 emissions on this page are estimated using annual emissions factors from government sources (IEA, EPA & AIB). You can learn more here about the methodology and the difference between location-based and market-based emission metrics.

Scope 2 market-based emissions data is available only from January 2023 onwards and can be accessed in:

Cloud Build

Cloud Build is now available in the africa-south1 region.

For more information, see Cloud Build locations.

Cloud Data Fusion

The Cloud Data Fusion version 6.10.1.1 patch revision is generally available (GA). 6.10.1.1 includes the following changes:

The Cloud Data Fusion version 6.9.2.4 patch revision is GA. 6.9.2.4 includes the following changes:

  • Cloud Data Fusion stores lineage-related information for 30 days by default, in addition to cleaning up run records (CDAP-21053).
  • Added support to disable Field level lineage. For more information, see Explore Data Lineage using metadata (CDAP-21007).
  • Fixed an issue causing the maximum concurrent runs setting not to work as expected for scheduled pipeline runs (CDAP-20988).
  • Fixed an issue causing upgrades to fail when the schedule name had hyphens, spaces, or other symbols (CDAP-20999).
Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Monitoring

The layout of the incident detail page has been updated. You can now view related incidents, and switch between viewing only the time series that caused the condition to be met and viewing all time series that the alerting policy evaluated. For more information, see Incidents for metric-based alerting policies and Incidents for log-based alerting policies.

Cloud Run Cloud Run functions Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.13.0 (2024-09-17)

Features
  • storage: Add support for 'fields' query parameter to getFiles (#2521) (f78fe92)
Bug Fixes

Java

Changes for google-cloud-storage

2.43.0 (2024-09-13)

Features
  • Allow specifying an expected object size for resumable operations. (#2661) (3405611), closes #2511
Bug Fixes
  • Close pending zero-copy responses when Storage#close is called (#2696) (1855308)
  • GitHub workflow vulnerable to script injection (#2663) (9151ac2)
  • Make ParallelCompositeUploadBlobWriteSessionConfig.ExecutorSupplier#cachedPool a singleton (#2691) (1494809)
Dependencies
  • Promote storage-v2 artifacts to beta (9d22597)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240819-2.0.0 (#2665) (3df1000)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#2698) (1dd51c3)

In order to set a bucket to store Cloud Storage usage logs and storage logs, the bucket must now reside within the same organization as the bucket being logged.

  • If the bucket being logged is not associated with an organization, then the bucket storing the logs must reside within the same project instead.

You can now use hierarchical namespace with Cloud Storage FUSE. To learn more about how mounting buckets with hierarchical namespace enabled can help improve performance, see Mount buckets with hierarchical namespace enabled.

Cloud Workstations

Cloud Workstations is available in the us-west4 region (Las Vegas, Nevada, North America). For more information, see Locations.

Colab Enterprise

You can now use customer-managed encryption keys (CMEK) to protect notebooks in Colab Enterprise.

For more information, see Use customer-managed encryption keys.

Config Connector

Config Connector version 1.123.1 is now available.

Starting from this version, all new CustomResources (CRs) have the cnrm.cloud.google.com/state-into-spec annotation field default to absent. For more information about this behavior, see the spec fields documentation. The behavior of existing CRs is not impacted by this change.

You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on DataflowFlexTemplateJob resource to opt-in the Direct Cloud Reconciler, which provides an advanced status update solution for some timeout issues.

If you use the CloudIdentityGroup, CloudBuildTrigger and FirestoreIndex resources, do not use version 1.123.0, as it contains regression issues for these resources due to the state-into-spec setting.

BigQueryDataTransferConfig (v1alpha1) now uses direct reconciliation.

BigQueryConnectionConnection (v1alpha1) now uses direct reconciliation.

DataformRepository is promoted from alpha to beta.

Added FirestoreDatabase (v1alpha1). This uses direct reconciliation.

Contact Center AI Platform

Version 3.26 is released

All release notes published on this date are part of version 3.26.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Agent-level deflections

With agent-level deflections, you can let your agents set their own deflection options for agent to agent calls. There are deflections for over-capacity, after-hours, and automatic redirection. Agents can choose to deflect to a queue, a phone number, an outbound SIP transfer, voicemail, callback, or keep waiting. Agent-level deflections can also be configured globally. For more information, see Let an agent configure their own deflection options.

Rich messaging

With rich messaging, you can do the following when creating and sending messages: use bold, italic, and underline formatting; create bulleted and numbered lists; and add links. You can also add emojis to messages. This capability is available to agents in the chat adapter. It's also available to administrators when they configure chat shortcuts and the initial chat messages for the web SDK and the mobile SDKs. For more information, see Rich messaging.

First In First Out queue routing

With First In First Out queue routing, you can set equal priority for transferred calls and chats and non-transferred (standard) calls and chats. By default, transferred calls and chats have priority. For more information, see First in first out queue routing.

Direct inbound calling

With direct inbound calling, you can create direct phone numbers and assign them to agents or queues. This lets end-users call directly to an individual agent or queue, bypassing IVR queue trees. Administrators can enable inbound call recording and configure deflection options for direct inbound calls. For more information, see Direct phone numbers.

UPDATE: Session data is available in the agent adapter

You can configure CCAI Platform so that users can view session data in the agent adapter. This includes virtual agent session variables and custom data from the web and mobile SDKs. This information can be useful for an agent to get additional information during a session, or for a supervisor to get an overview of a session that they barge into. For more information, see View session data in the agent adapter.

Fixed an issue where the Interaction JSON metadata file was sometimes not being sent to the Kustomer CRM after a chat or call ended.

Fixed an issue where the queue duration of a chat was sometimes doubled in reporting.

Fixed an issue where messages were not sent to chat participants for chats initiated by the chat API.

Fixed an issue where co-browse metadata was not saved when the recording option was disabled.

Fixed an issue where co-browse session events were not generated at session start and end.

Made improvements to barge.

Fixed an issue where users with a permission group in workforce management could not be created or edited .

Fixed an issue where the generic message was played for custom after hours deflection.

Fixed an issue where agents had more permissions than that role permits.

Fixed an agent assist integration timeout issue.

Implemented a change that prevents the administrator account from being deactivated or changed using bulk user update.

VPC Service Controls are GA

VPC Service Controls in Contact Center AI Platform are GA. For more information, see Product launch stages.

Mobile SDK 2.9 is released

Mobile SDK 2.9 includes the following updates:

  • Android SDK and iOS SDK:
    • Support for rich messaging. End-users can see the rich messaging that agents use in the chat adapter. For more information, see TBD.
  • Android SDK:
    • Text resizing. End-users can increase text size up to 200%. Text is resized using the device settings.

Web SDK 2.24 is released

Web SDK 2.24 includes the following update:

  • Support for rich messaging. End-users can see the rich messaging that agents use in the chat adapter. For more information, see TBD.
Container Optimized OS

cos-113-18244-151-80

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to 1.7.22.

Updated net-misc/curl to 8.10.0.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-42307 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

cos-beta-117-18613-0-57

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Upgraded app-admin/fluent-bit to v3.1.8.

Updated cos-gpu-installer to v2.4.2. This enables creation of /dev/dri when loading nvidia-drm.ko for COS kernels build with loadable drm and dependent modules.

Updated net-misc/curl to 8.10.0.

Fixed CVE-2024-44996 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45020 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 811711 -> 811780

cos-105-17412-448-49

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812689

cos-109-17800-309-69

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated net-misc/curl to 8.10.0.

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Fixed CVE-2024-45018 in the Linux kernel

Fixed CVE-2024-45022 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-46686 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812253

cos-101-17162-528-49

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-38588 in the Linux kernel

Fixed CVE-2024-38588 in the Linux kernel

Fixed CVE-2024-43853 in the Linux kernel

Fixed CVE-2024-44940 in the Linux kernel

Fixed CVE-2024-43817 in the Linux kernel

Fixed CVE-2024-44947 in the Linux kernel

Fixed CVE-2024-42131 in the Linux kernel

Fixed CVE-2024-45025 in the Linux kernel

Fixed CVE-2024-45021 in the Linux kernel

Fixed CVE-2024-41012 in the Linux kernel

Dataproc

Dataproc Serverless for Spark: In runtime versions 1.2 and 2.2, minimized the dynamic memory footprint of the Spark application by setting XX:MaxHeapFreeRatio to 30% and XX:MinHeapFreeRatio to 10%.

Dataproc Serverless for Spark: Added the google-cloud-dlp Python package by default to the Dataproc Serverless for Spark runtimes.

Dataproc Serverless for Spark: Fixed an issue that would cause some batches and sessions to fail to start when using the premium compute tier.

Document AI

Models pretrained-expense-v1.3.2-2024-09-11 and pretrained-expense-v1.4.2-2024-09-12 are available as Release Candidates (RC) for Expense Parser. They are upgrades over v1.3 and v1.4 with an enhanced underlying vision model.

For more information about available models, see Expense parser processor versions.

Google Distributed Cloud (software only) for VMware

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and AUTHORITY\Authenticated Users may be able to modify container logs. For more information, see the GCP-2024-054 security bulletin.

Google Distributed Cloud (software only) for bare metal

Release 1.28.1000-gke.60

Google Distributed Cloud for bare metal 1.28.1000-gke.60 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1000-gke.60 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.

The following container image security vulnerabilities have been fixed in 1.28.1000-gke.60:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and AUTHORITY\Authenticated Users may be able to modify container logs. For more information, see the GCP-2024-054 security bulletin.

Google SecOps SOAR

Release 6.3.18 is now in General Availability.

Memorystore for Redis Cluster

Added support for cross-region replication (Preview). For more details, see About cross-region replication.

Network Intelligence Center

Network Analyzer now includes additional information in the IP address utilization summary insights. In the case of Shared VPC, Network Analyzer gives a summary of the IP address utilization of all relevant subnet ranges of the host project, and also provides the insights of the service projects. For more information, see IP address utilization summary insights.

SAP on Google Cloud

New SAP HANA certifications: X4 bare metal machine types for OLTP workloads

SAP has certified the Compute Engine bare metal machine types x4-megamem-960-metal, x4-megamem-1440-metal, and x4-megamem-1920-metal, for use with SAP HANA OLTP workloads in scale-out configurations with up to 4 nodes.

For more information, see X4 memory-optimized bare metal machine types.

Google Cloud storage manager for SAP HANA standby nodes version 2.8

Version 2.8 of the Google Cloud storage manager for SAP HANA standby nodes is generally available (GA). This version includes bug fixes and supportability improvements.

For more information about the storage manager, see Storage Manager for SAP HANA.

September 22, 2024

Google SecOps SOAR

Release 6.3.19 is currently in Preview.

Case Report can now be exported in PDF format.

The comment count on the case wall is not updating correctly. (ID #53266243)

The HTML widget refresh is not affecting the JS code. (ID #00266956)

September 21, 2024

Dataproc

Blocklisted the following Dataproc on Compute Engine subminor image versions:

  • 2.0.119-debian10, 2.0.103-rocky8, 2.0.103-ubuntu18
  • 2.1.67-debian11, 2.1.51-rocky8, 2.1.51-ubuntu20, 2.1.51-ubuntu20-arm
  • 2.2.33-debian12, 2.2.17-rocky9, 2.2.17-ubuntu22

September 20, 2024

Apigee X

On September 20, 2024, we released an updated version of Apigee (1-13-0-apigee-5).

Bug ID Description
366039324 Fixed PEM parsing error in JWT/JWS policies

Resolved a PEM parsing error in JWT/JWS policy execution caused by a problematic PEM format.

353527851 Resolved dropped WebSocket connection

Fixed issue causing a dropped WebSocket connection when using the OAuthV2 policy and the VerifyJWTAccessToken operation or VerifyJWT.

361166073 Fixed issue with JWKS rejection in GenerateJWT policy

Fixed an issue where valid JWKS used to sign encrypted JWTs with the GenerateJWT Policy are incorrectly rejected with steps.jwt.NoMatchingPublicKey.

352593965 Resolved SSL enforcement bug in proxies using the <SSLInfo> block

This release fixes an SSL enforcement bug in proxies where an <SSLInfo> block specifies both <IgnoreValidationErrors> and <Enforce> as true. The bug results in no enforcement for one specific type of SSL violation - a mismatch between the certificate subject name and the real host name of the target (No Subject Alternative Name, or NSAN). With this fix, <Enforce> uniformly overrides <IgnoreValidationErrors> in all cases, including NSAN.

N/A Updates to security infrastructure and libraries.
Confidential VM

Support for AMD SEV on C3D machine types is now released to General Availability.

Document AI

Custom extractor now features property descriptions.

Property description allows you to provide additional context, insights, and prior knowledge for each entity to improve extraction accuracy.

Good examples of property descriptions include location information and text patterns of the property values, which help disambiguate potential sources of confusion in the document, guiding the model with rules that ensure more reliable and consistent extractions, regardless of the specific document structure or content variations.

Generative AI on Vertex AI

Add label metadata to generateContent and streamGenerateContent API calls. For details, see Add labels to API calls.

GitLab on Google Cloud

Gitlab on Google cloud is Generally Available.

The integration enables customers to deploy source from GitLab to Google Cloud run-time environments. The integration simplifies authentication and authorization to Google for GitLab piplines, and uses GitLab and Google CI/CD components.

To get started, try the GitLab end-to-end tutorial.

Identity-Aware Proxy

Preview: You can now use authorization policies to delegate authorization to Identity-Aware Proxy (IAP) and Identity and Access Management (IAM). For more information, see Use authorization policies to delegate authorization to IAP and IAM.

NetApp Volumes

Auto-tiering in Preview is now generally available for allow-listed users. Auto-tiering is now available for Premium and Extreme service levels. Auto-tiering reduces the overall cost of storage by identifying data that is infrequently used and transparently moves it from primary hot storage to less expensive but slower cold storage. For more information, see Auto-tiering.

September 19, 2024

BigQuery

You can perform model monitoring in BigQuery ML. The following model monitoring functions are now generally available (GA):

  • ML.DESCRIBE_DATA: compute descriptive statistics for a set of training or serving data.
  • ML.VALIDATE_DATA_SKEW: compute the statistics for a set of serving data, and then compare them to the statistics for the data used to train a BigQuery ML model in order to identify anomalous differences between the two data sets.
  • ML.VALIDATE_DATA_DRIFT: compute and compare the statistics for two sets of serving data in order to identify anomalous differences between the two data sets.
  • ML.TFDV_DESCRIBE: compute fine-grained descriptive statistics for a set of training or serving data. This function provides the same behavior as the TensorFlow tfdv.generate_statistics_from_csv API.
  • ML.TFDV_VALIDATE: compute and compare the statistics for training and serving data, or two sets of serving data, in order to identify anomalous differences between the two data sets. This function provides the same behavior as the TensorFlow tfdv.validate_statistics API.
Cloud Data Fusion

The SAP SLT No RFC Replication plugin version 0.11.3 is available in Cloud Data Fusion version 6.8.0 and later. This release fixes an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage.

Cloud Logging

You can now query your log data from the Log Analytics page by using reserved BigQuery slots. For more information, see Query and view logs in Log Analytics.

Cloud SQL for PostgreSQL

You can now use gcloud or the Cloud SQL Admin API to switch the storage location of the transaction logs used for point-in-time recovery on your instance without downtime to Cloud Storage. For more information, see Use point-in-time recovery and Switch transaction log storage to Cloud Storage.

Cloud Service Mesh

1.23.2-asm.2 is now available for in-cluster Cloud Service Mesh.

You can now download 1.23.2-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.2 subject to the list of supported features.

Cloud Service Mesh 1.23.2-asm.2 uses Envoy v1.31.1.

This release contains the fix for the security vulnerability listed in GCP-2024-052.

Managed Cloud Service Mesh 1.23 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout.

1.22.5-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-052. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.22.5-asm.1 uses Envoy v1.30.5.

1.21.5-asm.7 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-052. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.5-asm.7 uses Envoy v1.29.8.

1.20.8-asm.7 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2024-052. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.20.8-asm.7 uses Envoy v1.28.6.

Dialogflow

Dialogflow CX and Vertex AI: The text-bison@002, text-bison and code-bison models will be deprecated on October 21, 2024 and automatically upgraded to the gemini-1.5-flash-001 model. This change applies to Vertex AI agents and the following Dialogflow CX Generative Features:

  • Vertex AI agent apps
  • Data store agents (also known as Chat agents)
  • Generators

After the upgrade on October 21, 2024, gemini-1.5-flash-001 will be automatically selected in the console. We recommend that you upgrade to the new model early to allow enough time for testing and to ensure that your solution works as intended.

Dialogflow CX & ES: Text-to-speech Journey Voices now supports MULAW output audio_encoding (CX, ES) in addition to LINEAR16. Future updates to Journey Voices will appear in the Cloud Text-to-Speech documentation.

Dialogflow CX: Cloud Text-to-Speech europe-west1 and europe-west3 regions for Neural2 voices will temporarily use the eu mulit-region instead.

Google Cloud Architecture Center

(New guide) Migrate from Amazon RDS and Amazon Aurora for PostgreSQL to Cloud SQL and AlloyDB for PostgreSQL: Describes how to design, implement, and validate a plan to migrate from Amazon Relational Database Service (RDS) or Amazon Aurora for PostgreSQL to Cloud SQL.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.500-gke.160 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.500-gke.160 runs on Kubernetes v1.29.7-gke.1200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Fixed the following issues in 1.29.500-gke.160:

  • Fixed the known issue where updating DataplaneV2 ForwardMode didn't automatically trigger anetd DaemonSet restart.
  • Fixed the known issue where the credential.yaml file regenerated incorrectly during admin workstation upgrade.

Fixed the following vulnerabilities in 1.29.500-gke.160:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Kubernetes Engine

(2024-R36) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1296000
    • 1.28.13-gke.1078000
    • 1.29.8-gke.1157000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1282000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1506000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

Regular channel

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

Stable channel

Extended channel

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • Version 1.30.3-gke.1639000 is no longer available in the Extended channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

No channel

(2024-R36) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1296000
    • 1.28.13-gke.1078000
    • 1.29.8-gke.1157000
    • 1.30.3-gke.1969000
    • 1.30.4-gke.1282000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.0-gke.1506000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R36) Version updates

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.3-gke.1969001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R36) Version updates

(2024-R36) Version updates

  • Version 1.30.3-gke.1969001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • Version 1.30.3-gke.1639000 is no longer available in the Extended channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1969001 with this release.

(2024-R36) Version updates

Looker Studio

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Memorystore for Redis Cluster

Added support for 1, 2, and 4 shard instance shapes (Preview). For more details, see Selecting an instance shape of 1, 2, or 4 shards.

Memorystore for Valkey

Added support for 1, 2, and 4 shard instance shapes (Preview). For more details, see Selecting an instance shape of 1, 2, or 4 shards.

NetApp Volumes

Flex service level now offers regional storage pools and volumes. Regional volumes provide high-availability across zones by synchronously replicating the data between the two zones selected by the user and automatically failing over to the replica zone in the event of a zone failure. This feature is now generally available.

Customer Managed Encryption Keys (CMEK) for the Flex service level which is in Preview is now generally available. For more information, see About CMEK.

Flex service level is now available in all Google Cloud regions.

You can now create more than one active directive policy per region. For more information, see Active Directory.

Flex service level now supports the optional feature Block volume from deletion when clients are connected. This option is required for using NetApp Volumes with Google Cloud VMware Engine (GCVE) datastores. When this option is enabled, it prevents the deletion of a volume if the volume is mounted as a GCVE datastore.

September 18, 2024

AlloyDB for PostgreSQL

The AlloyDB Omni operator is now available in Preview on Google Distributed Cloud (GDC) connected. For more information, see Install AlloyDB Omni on Kubernetes.

Apigee UI

On September 18, 2024, we released an updated version of the Apigee UI.

Bug ID Description
349284447 All API products associated with a key now displayed in the UI

All API products associated with a key can now be viewed in the App detail page of the UI using pagination. Previously, a maximum of 50 API products could be displayed.

Apigee X

On September 18, 2024 we released an updated version of Apigee

Release of Cloud IAM-based authorization and authentication and the VerifyIAM policy.

This release introduces Cloud IAM-based authorization and authentication for Apigee API access. With this IAM-based solution, access to invoke an API requires the API consumer to have a specific Google Cloud IAM role or permissions.

For information, see IAM-based API authentication overview and VerifyIAM policy.

Cloud Composer

Airflow 2.9.3 is available in Cloud Composer images.

(Cloud Composer 2) Fixed the issue where environment create and update operations could fail in rare cases because of the scheduler probe timeouts.

(Cloud Composer 3) Fixed the issue that caused KubernetesPodOperator tasks to fail if they ran for longer than 15 minutes.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.0
  • composer-3-airflow-2.9.1-build.7 (default)
  • composer-3-airflow-2.7.3-build.16

Cloud Composer 2.9.4 images are available:

  • composer-2.9.4-airflow-2.9.3
  • composer-2.9.4-airflow-2.9.1 (default)
  • composer-2.9.4-airflow-2.7.3

Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.9.1 are supported until September 18, 2025.

Cloud Composer versions 2.4.2 and 2.4.3 have reached their end of support period.

Cloud Database Migration Service

Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL now automatically enables point-in-time recovery (PITR) for the destination instance when you promote the migration job. Previously, you had to turn on PITR after you promoted an instance.

For more information, see Promote a migration and Known limitations.

Database Migration Service doesn't automatically enable PITR for homogeneous PostgreSQL migrations to Cloud SQL. For more information, see the release note entry for October 8, 2024.

Compute Engine

You can determine the number of running VMs and reservations that match the properties of a future reservation request. By subtracting this number from the total count specified in a future reservation request, you can determine the number of reserved VMs that an existing future reservation provisions at its start time. For more information, see Determine the number of provisioned VMs.

You can create a future reservation request by reusing the properties of an existing VM. This lets you consume the auto-created reservations for the future reservation by creating VMs with properties that exactly match the reference VM's properties. For more information, see the following:

Generally available: Hyperdisk Balanced volumes can be created in Confidential mode and attached to Confidential VMs.

Generative AI on Vertex AI

Model Garden supports an organization policy so that administrators can limit access to certain models and capabilities. For more information, see Control access to Model Garden models

Security Command Center

Assign high-value resources based on Sensitive Data Protection insights for Amazon S3 buckets

The attack path simulations feature can now automatically set the resource value of an Amazon S3 bucket based on the sensitivity of the data that the bucket contains.

For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.

For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.

Vertex AI Agent Builder

Vertex AI Agent Builder: Redirection URI for grounded results (GA)

When you use Grounding with Google Search, the grounded result contains a redirection URI that leads you to the publisher's URI. This redirection URI remains accessible for up to 30 days after the grounded result is generated.

This feature is Generally available (GA). For more information, see Generate grounded answers with RAG.

September 17, 2024

AlloyDB for PostgreSQL

You can now add the predefined CMEK organization policy for your AlloyDB clusters and backups. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Developer Connect
    • developerconnect.googleapis.com/Connection
    • developerconnect.googleapis.com/GitRepositoryLink
  • Cloud Logging
    • logging.googleapis.com/LogView
    • logging.googleapis.com/Settings
    • logging.googleapis.com/RecentQuery
    • logging.googleapis.com/SavedQuery
Cloud Run

The Direct VPC egress feature of Cloud Run now supports Secure Web Proxy.

Cloud Service Mesh

Cloud Service Mesh with a Traffic Director control plane implementation is still incompatible with Envoy version v1.31.0.

If you manually control your Envoy version, do not upgrade to v1.31.0 as there is an existing issue with connecting to the Traffic Director API. Instead, upgrade to Envoy version 1.31.1 where this issue is fixed, or set GRPC_DNS_RESOLVER=native for v1.31.0 as a workaround.

If you do not manually control your Envoy version, you don't have to do anything. Google's data plane management will not select an incompatible version for you.

Google Cloud Architecture Center

(New guide) Scalable BigQuery backup automation: Build a solution to automate recurrent BigQuery backup operations at scale, with two backup methods: BigQuery snapshots and exports to Cloud Storage. This architecture is accompanied by a deployment guide.

NetApp Volumes

Large capacity volumes in Preview is now generally available for allow-listed users. Premium and Extreme service levels now offer large capacity volumes. Large capacity volumes can be sized between 15TiB and 1 PiB in increments of 1 GiB, and deliver throughput performance of up to 12.5 GiBps. Large capacity volumes offer six storage endpoints (IP addresses) to load-balance client traffic to the volume and achieve higher performance. For more information, see Large capacity volumes.

Sensitive Data Protection

The POLITICAL_TERM infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The NEW_ZEALAND_NHI_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI

To ensure that VM resources are available when your custom training and prediction jobs need them, you can now use Compute Engine reservations. Reservations provide a high level of assurance in obtaining capacity for Compute Engine resources. This feature is available in Preview for A2 and A3 machine series reservations.

For more information, see Use reservations with training and Use reservations with prediction.

To reduce the cost of running your training and prediction jobs, you can now use Spot VMs. Spot VMs are virtual machine (VM) instances that are excess Compute Engine capacity. Spot VMs have significant discounts, but Compute Engine might preemptively stop or delete Spot VMs to reclaim the capacity at any time. This feature is available in Preview.

For more information, see Use Spot VMs with training and Use Spot VMs with prediction.

Vertex AI Agent Builder

Vertex AI Search: Firestore and Cloud SQL import (GA)

Importing data from Firestore and Cloud SQL is Generally available.

For more information, see Import from Firestore and Import from Cloud SQL.

September 16, 2024

AlloyDB for PostgreSQL

The postgres_ann extension has been renamed to alloydb_scann. Before you upgrade to AlloyDB Omni Kubernetes operator version 1.1.1, you must drop any indexes created using the earlier postgres_ann version, then upgrade AlloyDB Omni, and then create the indexes again using the alloydb_scann extension.

Added a tutorial that shows you how to set up a connection from an application running in a Google Kubernetes Engine autopilot cluster to an AlloyDB instance.

AlloyDB Omni Kubernetes operator version 1.1.1 is now available. This patch fixes the following issues:

  • Fixed a regression for the AlloyDB Vertex AI integration.
  • Fixed a bug in which upgrading from version 1.0.0 to version 1.1.0 failed when using injected sidecars.
  • Fixed a bug in which backups weren't reestablished correctly across failovers when using the Commvault sidecar with high availability (HA) configurations.
  • Fixed a bug that caused a status to be incorrectly set by the load balancer, resulting in erroneous reports that the database cluster wasn't ready.

Upgrading to version 1.1.1 of the AlloyDB Omni Kubernetes operator might result in a brief interruption to all database clusters. No data loss is expected.

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • Reduction of the total requirement for Transaction and Account data from 41 to 30 months
  • Performance improvements across several feature families, focusing on more recent high risk activity
  • Adjustment to the calculation of the PartyRecall metric in the rare corner case when many customers have the same prediction score and it's not possible to yield exactly partyInvestigationsPerPeriod positive predictions
  • Uses the latest FATF high risk geos, published in Jan 2024 (High-Risk Jurisdictions subject to a Call for Action and Jurisdictions under Increased Monitoring)
AutoML Translation

AutoML Translation API is deprecated and will no longer be available on Google Cloud after September 30, 2025. You can replicate the functionality of custom models through Cloud Translate - Advanced (v3).

BigQuery

You can now batch migrate classic saved queries to saved queries. This feature is in Preview for projects that have fewer than 2500 classic saved queries.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.42.3 (2024-09-12)

Dependencies
  • Update actions/upload-artifact action to v4.4.0 (#3467) (08b28c5)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#3472) (fa9ac5d)

You can now use a CREATE MODEL statement to create a contribution analysis model in BigQuery ML. You can use a contribution analysis model with the ML.GET_INSIGHTS function to generate insights about changes to key metrics in your multi-dimensional data.

Try this feature with the Get data insights from a contribution analysis model tutorial.

This feature is in preview.

You can store columns in your vector indexes and pre-filter data in your vector searches to improve query efficiency. This feature is Generally Available.

BigQuery Engine for Apache Flink

BigQuery Engine for Apache Flink is now in Preview. BigQuery Engine for Apache Flink is a Google Cloud service that helps you run Apache Flink.

Cloud Load Balancing

Envoy-based Application Load Balancers now support authorization policies that let you establish access control checks for incoming traffic. For details, see Authorization policy.

This feature is available in Preview.

Cloud Logging

You can now create and manage your log scopes by using the Logging API in addition to using the Cloud Console. This feature is in public preview. For more information, see Create and manage log scopes.

There is a new Cloud Observability Overview page in the Google Cloud Console. The new page, which you can customize, introduces the Cloud Observability products, and provides information about your logs, dashboards, incidents, and more. This page can help you detect issues in your resources, view relevant events, and view signals that matter to you.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.2 (2024-09-12)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#1683) (31ec2b9)
Cloud Monitoring

There is a new Cloud Observability Overview page in the Google Cloud Console. The new page, which you can customize, introduces the Cloud Observability products, and provides information about your logs, dashboards, incidents, and more. This page can help you detect issues in your resources, view relevant events, and view signals that matter to you.

Cloud Run

You can now apply custom constraints for projects that get enforced by organization policies on your Cloud Run services and jobs (in Preview).

Cloud SQL for MySQL

Cloud SQL is discontinuing support for legacy high availability (HA) instance configuration on January 6, 2025. After this date, you can't create Cloud SQL for MySQL instances with the legacy configuration for high availability. You also can't enable the legacy configuration for high availability on existing instances. Until January 6, 2025, legacy HA instances are still covered by the Cloud SQL SLA. We recommend that you upgrade your existing legacy HA instances to regional persistent disk HA instances as soon as possible and create new HA instances using regional persistent disk instead.

Starting on May 1, 2025, Cloud SQL will migrate any remaining instances that use the legacy HA configuration to the current HA configuration automatically.

Cloud Workstations

Cloud Workstations preconfigured base images use Ubuntu 24.04. The last images built on Ubuntu 22.04 are tagged with last-ubuntu2204 for building backwards compatible custom images.

Cloud Workstations preconfigured base images default to Python 3.12.3.

Container Optimized OS

cos-beta-117-18613-0-41

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-lang/python to v3.8.19_p1. This fixes CVE-2007-4559.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-44943 in the Linux kernel

Fixed CVE-2024-43891 in the Linux kernel

Fixed CVE-2024-43892 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44952 in the Linux kernel

Fixed CVE-2024-44957 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 811784 -> 811711

cos-109-17800-309-59

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Updated dev-lang/python to 3.8.19_p1. This fixes

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2024-44983 in the Linux kernel

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44989 in the Linux kernel

Fixed CVE-2024-44990 in the Linux kernel

Fixed CVE-2024-45000 in the Linux kernel

Fixed CVE-2024-42307 in the Linux kernel

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-43873 in the Linux kernel

Fixed CVE-2024-42302 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812274 -> 812257

cos-113-18244-151-57

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated dev-lang/python to v3.8.19_p1. This fixes CVE-2007-4559.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-42302 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-43873 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812022 -> 812026

cos-105-17412-448-36

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2024-6232 in dev-lang/python and upgraded to v3.8.19 which fixes CVE-2007-4559.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2023-7256 in net-libs/libpcap.

Fixed CVE-2024-43914 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-43853 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

cos-101-17162-528-40

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-6232 in dev-lang/python.

Updated dev-libs/expat to v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Fixed CVE-2024-43893 in the Linux kernel

Fixed CVE-2024-39468 in the Linux kernel

Fixed CVE-2024-43871 in the Linux kernel

Fixed CVE-2024-44944 in the Linux kernel

Fixed CVE-2024-44985 in the Linux kernel

Fixed CVE-2024-43882 in the Linux kernel

Fixed CVE-2024-44987 in the Linux kernel

Fixed CVE-2024-44986 in the Linux kernel

cos-dev-121-18667-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.51 v24.0.9 v1.7.22 See List

Updated app-containers/containerd to v1.7.22.

Updated the Linux kernel to v6.6.51.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-7592 in dev-lang/python.

Fixed CVE-2024-6232 in dev-lang/python.

Fixed CVE-2024-6119 in net-libs/openssl.

Updated dev-libs/expat to version v2.6.3. This fixed CVE-2024-45492, CVE-2024-45490, CVE-2024-45491.

Runtime sysctl changes:

  • Changed: fs.file-max: 811768 -> 811782

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.10.1 (2024-09-12)

Bug Fixes
  • dataflow: Bump dependencies (2ddeb15)
Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.118-debian10, 2.0.118-rocky8, 2.0.118-ubuntu18
  • 2.1.66-debian11, 2.1.66-rocky8, 2.1.66-ubuntu20, 2.1.66-ubuntu20-arm
  • 2.2.32-debian12, 2.2.32-rocky9, 2.2.32-ubuntu22
Dialogflow

Dialogflow CX and Vertex AI Agents: Generative features will migrate to the gemini-1.5-flash-001 model on September 30, 2024. See the email notification.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.21.3 (2024-09-11)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#1561) (5a79fd8)
  • Update dependency com.google.errorprone:error_prone_core to v2.31.0 (#1523) (8d3af32)
  • Update dependency com.google.guava:guava-testlib to v33.3.0-jre (#1548) (18ba37f)
  • Update dependency org.easymock:easymock to v5.4.0 (#1482) (ee788a1)
Google Cloud Architecture Center

Design an optimal storage strategy for your cloud workload: Updated guidance about storage recommendations and storage options decision tree with information about Hyperdisk ML and Hyperdisk Balanced. Updated file storage guidance based on performance scalability and supported file system protocols.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Apache (APACHE)
  • Apigee (GCP_APIGEE_X)
  • Archer Integrated Risk Management (ARCHER_IRM)
  • Arcsight CEF (ARCSIGHT_CEF)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPN (AWS_VPN)
  • Azure AD (AZURE_AD)
  • Azure AD Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Privileged Identity (BEYONDTRUST_PI)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco WSA (CISCO_WSA)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cohesity (COHESITY)
  • Corelight (CORELIGHT)
  • CrowdStrike Falcon (CS_EDR)
  • Cyber 2.0 IDS (CYBER_2_IDS)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • CyberArk PTA Privileged Threat Analytics (CYBERARK_PTA)
  • Darktrace (DARKTRACE)
  • Dell Switch (DELL_SWITCH)
  • Duo Administrator Logs (DUO_ADMIN)
  • Duo Auth (DUO_AUTH)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • F5 ASM (F5_ASM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • FireEye (FIREEYE_ALERT)
  • FireEye ETP (FIREEYE_ETP)
  • FireEye HX (FIREEYE_HX)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Mail Relay (FORCEPOINT_MAIL_RELAY)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • GCP_APP_ENGINE (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Guardium (GUARDIUM)
  • IBM OpenPages (IBM_OPENPAGES)
  • Infoblox DNS (INFOBLOX_DNS)
  • Jenkins (JENKINS)
  • Layer7 SiteMinder (SITEMINDER_SSO)
  • Linux Auditing System (AuditD) (AUDITD)
  • Malwarebytes (MALWAREBYTES_EDR)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mimecast (MIMECAST_MAIL)
  • Nagios Infrastructure Monitoring (NAGIOS)
  • Network Policy Server (MICROSOFT_NPS)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Oracle (ORACLE_DB)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • PostgreSQL (POSTGRESQL)
  • Precisely Ironstream IBM z/OS (IRONSTREAM_ZOS)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sap Business Technology Platform (SAP_BTP)
  • Security Command Center Threat (N/A)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • Shibboleth IDP (SHIBBOLETH_IDP)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snowflake (SNOWFLAKE)
  • Sophos AV (SOPHOS_AV)
  • Sophos Intercept EDR (SOPHOS_EDR)
  • Sourcefire (SOURCEFIRE_IDS)
  • Splunk Attack Analyzer (SPLUNK_ATTACK_ANALYZER)
  • SpyCloud (SPYCLOUD)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Endpoint Protection (SEP)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Tenable Audit (TENABLE_AUDIT)
  • Thales Vormetric (VORMETRIC)
  • Trend Micro Apex one (TRENDMICRO_APEX_ONE)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • Twingate (TWINGATE)
  • Ubika Waf (UBIKA_WAF)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Wazuh (WAZUH)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • XAMS by Xiting (XITING_XAMS)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Active Identity HID (ACTIVE_IDENTITY_HID)
  • Akamai Event Viewer (AKAMAI_EVT_VWR)
  • Autodesk Vault (AUTODESK_VAULT)
  • Avaza (AVAZA)
  • Avigilon Access Logs (AVIGILON_ACCESS_LOGS)
  • Axis Camera (AXIS_CAMERA)
  • Axis License Plate Reader (AXIS_LPR)
  • Azure Nix System (AZURE_NIX_SYSTEM)
  • CallTower Audio Conferencing (CALLTOWER_AUDIO)
  • Canon Printers (CANON_PRINTERS)
  • Cisco Secure Endpoint (CISCO_SECURE_ENDPOINT)
  • Control UP (CONTROL_UP)
  • Cradlepoint Router Logs (CRADLEPOINT)
  • Crowdstrike Spotlight (CROWDSTRIKE_SPOTLIGHT)
  • CrushFTP (CRUSHFTP)
  • CrowdStrike Filevantage (CS_FILEVANTAGE)
  • Cybersixgill (CYBERSIXGILL)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Dell Core Switch (DELL_EMC_NETWORKING)
  • DLink Switch (DLINK_SWITCH)
  • Elastic Security (ELASTIC_EDR)
  • Fireblocks (FIREBLOCKS)
  • Forescout eyeInspect (FORESCOUT_EYEINSPECT)
  • Fortinet FortiGate IPS (FORTINET_IPS)
  • H3C Router (H3C_ROUTER)
  • Hackerone (HACKERONE)
  • Halo Sensor (HALO_SENSOR)
  • Hashcast (HASHCAST)
  • Perforce Helix Core (HELIX_CORE)
  • Heroku (HEROKU)
  • Hillstone NDR (HILLSTONE_NDR)
  • HL7 (HL7)
  • HoopDev (HOOPDEV)
  • Huawei Switches (HUAWEI_SWITCH)
  • Identity Security Cloud (IDENTITY_SECURITY_CLOUD)
  • Imperva Data Risk Analytics (IMPERVA_DATA_ANALYTICS)
  • Imperva DRA (IMPERVA_DRA)
  • IM Express (IM_EXPRESS)
  • Intezer (INTEZER)
  • Jumpcloud IAM (JUMPCLOUD_IAM)
  • Maltiverse IOC (MALTIVERSE_IOC)
  • ManageEngine Log360 (MANAGE_ENGINE_LOG360)
  • McAfee Network Security Platform (MCAFEE_NSP)
  • Miro Cloud (MIRO_CLOUD)
  • Nokia Home Device Manager (NOKIA_HDM)
  • Nortel Secure Router (NORTEL_SR)
  • Notion (NOTION)
  • One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
  • IDnomic Public Key Infrastructure (OPENTRUST)
  • Outline Activity Logs (OUTLINE_ACTIVITY_LOGS)
  • Prismatic IO (PRISMATIC_IO)
  • ProFTPD (PROFTPD)
  • Provision Asset Context (PROVISION_ASSET_CONTEXT)
  • Ransomcare (RANSOMCARE)
  • Rapid7 Insights Threat Command (RAPID7_INSIGHTS_THREAT_COMMAND)
  • Saporo (SAPORO)
  • SAS Metadata Server log (SAS_METADATA_SERVER_LOG)
  • Scylla (SCYLLA)
  • Senseon Alerts (SENSEON_ALERTS)
  • Sonic Switch (SONIC_SWITCH)
  • Symantec Data Center Security (SYMANTEC_DCS)
  • Syncplify SFTP 2 Events (SYNCPLIFY_SFTP)
  • Team Cymru Scout Threat Intelligence (TEAM_CYMRU_SCOUT_THREATINTEL)
  • Tenable CSPM (TENABLE_CSPM)
  • Teqtivity Assets (TEQTIVITY_ASSETS)
  • Tines (TINES)
  • TP Link Network Switches (TPLINK_SWITCH)
  • TT D365 (TT_D365)
  • TT MSAN DSLAM (TT_MSAN_DSLAM)
  • TT Trio Chordiant (TT_TRIO_CHORDIANT)
  • Tufin (TUFIN)
  • Tufin Secure Track (TUFIN_SECURE_TRACK)
  • UberAgent (UBERAGENT)
  • Upstream Vehicle SOC Alerts (UPSTREAM_VSOC_ALERTS)
  • URLScan IO (URLSCAN_IO)
  • Vertiv UPS (VERTIV_UPS)
  • Very Good Security (VERY_GOOD_SECURITY)
  • Virtual Browser (VIRTUAL_BROWSER)
  • VMWare VSphere (VMWARE_VSPHERE)
  • Webroot Identity Protection (WEBROOT_IDENTITY_PROTECTION)
  • WideField (WIDEFIELD_SECURITY)
  • Zscaler Sandbox (ZSCALER_SANDBOX)
  • Zywall (ZYWALL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (ABNORMAL_SECURITY)
  • Akamai DNS (AKAMAI_DNS)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Apache (APACHE)
  • Apigee (GCP_APIGEE_X)
  • Archer Integrated Risk Management (ARCHER_IRM)
  • Arcsight CEF (ARCSIGHT_CEF)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS VPN (AWS_VPN)
  • Azure AD (AZURE_AD)
  • Azure AD Audit (AZURE_AD_AUDIT)
  • Azure AD Sign-In (AZURE_AD_SIGNIN)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Privileged Identity (BEYONDTRUST_PI)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco WSA (CISCO_WSA)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cohesity (COHESITY)
  • Corelight (CORELIGHT)
  • CrowdStrike Falcon (CS_EDR)
  • Cyber 2.0 IDS (CYBER_2_IDS)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • CyberArk PTA Privileged Threat Analytics (CYBERARK_PTA)
  • Darktrace (DARKTRACE)
  • Dell Switch (DELL_SWITCH)
  • Duo Administrator Logs (DUO_ADMIN)
  • Duo Auth (DUO_AUTH)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • F5 ASM (F5_ASM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • FireEye (FIREEYE_ALERT)
  • FireEye ETP (FIREEYE_ETP)
  • FireEye HX (FIREEYE_HX)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Mail Relay (FORCEPOINT_MAIL_RELAY)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • GCP_APP_ENGINE (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • HP Aruba (ClearPass) (CLEARPASS)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM Guardium (GUARDIUM)
  • IBM OpenPages (IBM_OPENPAGES)
  • Infoblox DNS (INFOBLOX_DNS)
  • Jenkins (JENKINS)
  • Layer7 SiteMinder (SITEMINDER_SSO)
  • Linux Auditing System (AuditD) (AUDITD)
  • Malwarebytes (MALWAREBYTES_EDR)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mimecast (MIMECAST_MAIL)
  • Nagios Infrastructure Monitoring (NAGIOS)
  • Network Policy Server (MICROSOFT_NPS)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Oracle (ORACLE_DB)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • PostgreSQL (POSTGRESQL)
  • Precisely Ironstream IBM z/OS (IRONSTREAM_ZOS)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sap Business Technology Platform (SAP_BTP)
  • Security Command Center Threat (N/A)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • Shibboleth IDP (SHIBBOLETH_IDP)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snowflake (SNOWFLAKE)
  • Sophos AV (SOPHOS_AV)
  • Sophos Intercept EDR (SOPHOS_EDR)
  • Sourcefire (SOURCEFIRE_IDS)
  • Splunk Attack Analyzer (SPLUNK_ATTACK_ANALYZER)
  • SpyCloud (SPYCLOUD)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Endpoint Protection (SEP)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Tenable Audit (TENABLE_AUDIT)
  • Thales Vormetric (VORMETRIC)
  • Trend Micro Apex one (TRENDMICRO_APEX_ONE)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • Twingate (TWINGATE)
  • Ubika Waf (UBIKA_WAF)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Wazuh (WAZUH)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • XAMS by Xiting (XITING_XAMS)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Active Identity HID (ACTIVE_IDENTITY_HID)
  • Akamai Event Viewer (AKAMAI_EVT_VWR)
  • Autodesk Vault (AUTODESK_VAULT)
  • Avaza (AVAZA)
  • Avigilon Access Logs (AVIGILON_ACCESS_LOGS)
  • Axis Camera (AXIS_CAMERA)
  • Axis License Plate Reader (AXIS_LPR)
  • Azure Nix System (AZURE_NIX_SYSTEM)
  • CallTower Audio Conferencing (CALLTOWER_AUDIO)
  • Canon Printers (CANON_PRINTERS)
  • Cisco Secure Endpoint (CISCO_SECURE_ENDPOINT)
  • Control UP (CONTROL_UP)
  • Cradlepoint Router Logs (CRADLEPOINT)
  • Crowdstrike Spotlight (CROWDSTRIKE_SPOTLIGHT)
  • CrushFTP (CRUSHFTP)
  • CrowdStrike Filevantage (CS_FILEVANTAGE)
  • Cybersixgill (CYBERSIXGILL)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Dell Core Switch (DELL_EMC_NETWORKING)
  • DLink Switch (DLINK_SWITCH)
  • Elastic Security (ELASTIC_EDR)
  • Fireblocks (FIREBLOCKS)
  • Forescout eyeInspect (FORESCOUT_EYEINSPECT)
  • Fortinet FortiGate IPS (FORTINET_IPS)
  • H3C Router (H3C_ROUTER)
  • Hackerone (HACKERONE)
  • Halo Sensor (HALO_SENSOR)
  • Hashcast (HASHCAST)
  • Perforce Helix Core (HELIX_CORE)
  • Heroku (HEROKU)
  • Hillstone NDR (HILLSTONE_NDR)
  • HL7 (HL7)
  • HoopDev (HOOPDEV)
  • Huawei Switches (HUAWEI_SWITCH)
  • Identity Security Cloud (IDENTITY_SECURITY_CLOUD)
  • Imperva Data Risk Analytics (IMPERVA_DATA_ANALYTICS)
  • Imperva DRA (IMPERVA_DRA)
  • IM Express (IM_EXPRESS)
  • Intezer (INTEZER)
  • Jumpcloud IAM (JUMPCLOUD_IAM)
  • Maltiverse IOC (MALTIVERSE_IOC)
  • ManageEngine Log360 (MANAGE_ENGINE_LOG360)
  • McAfee Network Security Platform (MCAFEE_NSP)
  • Miro Cloud (MIRO_CLOUD)
  • Nokia Home Device Manager (NOKIA_HDM)
  • Nortel Secure Router (NORTEL_SR)
  • Notion (NOTION)
  • One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
  • IDnomic Public Key Infrastructure (OPENTRUST)
  • Outline Activity Logs (OUTLINE_ACTIVITY_LOGS)
  • Prismatic IO (PRISMATIC_IO)
  • ProFTPD (PROFTPD)
  • Provision Asset Context (PROVISION_ASSET_CONTEXT)
  • Ransomcare (RANSOMCARE)
  • Rapid7 Insights Threat Command (RAPID7_INSIGHTS_THREAT_COMMAND)
  • Saporo (SAPORO)
  • SAS Metadata Server log (SAS_METADATA_SERVER_LOG)
  • Scylla (SCYLLA)
  • Senseon Alerts (SENSEON_ALERTS)
  • Sonic Switch (SONIC_SWITCH)
  • Symantec Data Center Security (SYMANTEC_DCS)
  • Syncplify SFTP 2 Events (SYNCPLIFY_SFTP)
  • Team Cymru Scout Threat Intelligence (TEAM_CYMRU_SCOUT_THREATINTEL)
  • Tenable CSPM (TENABLE_CSPM)
  • Teqtivity Assets (TEQTIVITY_ASSETS)
  • Tines (TINES)
  • TP Link Network Switches (TPLINK_SWITCH)
  • TT D365 (TT_D365)
  • TT MSAN DSLAM (TT_MSAN_DSLAM)
  • TT Trio Chordiant (TT_TRIO_CHORDIANT)
  • Tufin (TUFIN)
  • Tufin Secure Track (TUFIN_SECURE_TRACK)
  • UberAgent (UBERAGENT)
  • Upstream Vehicle SOC Alerts (UPSTREAM_VSOC_ALERTS)
  • URLScan IO (URLSCAN_IO)
  • Vertiv UPS (VERTIV_UPS)
  • Very Good Security (VERY_GOOD_SECURITY)
  • Virtual Browser (VIRTUAL_BROWSER)
  • VMWare VSphere (VMWARE_VSPHERE)
  • Webroot Identity Protection (WEBROOT_IDENTITY_PROTECTION)
  • WideField (WIDEFIELD_SECURITY)
  • Zscaler Sandbox (ZSCALER_SANDBOX)
  • Zywall (ZYWALL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Identity and Access Management

Privileged Access Manager (PAM) is now released to General Availability. The following features have been added:

Media CDN

HTTP method filtering for specific route rules is now Generally Available. You can now also implement such filtering by using the GUI.

Migrate to Virtual Machines

As Container Registry is deprecated, Migrate to Virtual Machines is transitioning from Container Registry to Artifact Registry to store images running on Migrate Connector. This transition will be completed by October 15, 2025. For the most part, this change should not affect your usage of Migrate Connector or Migrate to Virtual Machines. However, for some configurations, you might have to add VPC-SC rules to allow Migrate Connector to access Artifact Registry. If you need help using Artifact Registry with Migrate to Virtual Machines, contact the Migrate to Virtual Machines support team.

Oracle Database@Google Cloud

Oracle Database@Google Cloud is now Generally Available (GA).

Google Cloud's partnership with Oracle allows you to combine Oracle Cloud Infrastructure (OCI) and Google Cloud technologies. With native integration, you can deploy your Oracle database services in a Google Cloud data center running on OCI Exadata hardware with minimal latency. Oracle Database@Google Cloud supports the following OCI products on Google Cloud:

  • Exadata Database Service
  • Autonomous Database Service

For more information about Oracle Database@Google Cloud, see the Product overview.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.7.2 (2024-09-13)

Bug Fixes

Go

Changes for pubsub/apiv1

1.43.0 (2024-09-09)

Features
  • pubsub: Add support for Go 1.23 iterators (84461c0)
  • pubsub: Allow trace extraction from protobuf message (#10827) (caa826c)
Bug Fixes

Java

Changes for google-cloud-pubsub

1.132.2 (2024-09-11)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.1 (#2152) (1457489)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.2 (#2157) (d671347)
  • Update dependency com.google.cloud:google-cloud-core to v2.43.0 (#2161) (05a37b7)
  • Update dependency com.google.cloud:google-cloud-storage to v2.42.0 (#2145) (77c3e78)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.35.0 (#2162) (27eaffd)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.4 (#2153) (32c78b3)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.0 (#2155) (5f61fe1)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.1 (#2167) (bb8ea71)
  • Update dependency org.xerial.snappy:snappy-java to v1.1.10.7 (#2165) (e7fb60e)

Python

Changes for google-cloud-pubsub

2.23.1 (2024-09-09)

Bug Fixes
  • Replace asserts with None checks for graceful shutdown (#1244) (ced4f52)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.1 (2024-09-12)

Bug Fixes
  • secretmanager: Bump dependencies (2ddeb15)
Service Extensions

Authorization extensions help you configure Cloud Load Balancing authorization policies to use custom authorization engines. This feature is in Preview.

You can now also host an extension on a backend service that uses serverless NEGs pointing to Cloud Run services. For more information, see Supported backends for extension services.

Vertex AI

Schedule Vertex AI custom training jobs based on resource availability. For details, see the Vertex AI documentation.

September 15, 2024

Google SecOps SOAR

Release 6.3.17 is now in General Availability.

Release 6.3.18 is currently in Preview.

September 13, 2024

Access Approval

Access Approval supports Cloud Interconnect in the GA stage.

Apigee hybrid

hybrid v1.12.2

On September 13, 2024 we released an updated version of the Apigee hybrid software, 1.12.2.

Bug ID Description
362305438 You can now add additional env variables to the runtime component.
347798999 You can now configure forward proxy for opentelemetry pods in Apigee hybrid.
Bug ID Description
N/A Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra.
This addresses the following vulnerability:
Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Secure Web Proxy
    • networksecurity.googleapis.com/FirewallEndpoint
    • networksecurity.googleapis.com/FirewallEndpointAssociation
    • networksecurity.googleapis.com/SecurityProfile
    • networksecurity.googleapis.com/SecurityProfileGroup
    • networkservices.googleapis.com/ServiceLbPolicy
    • networksecurity.googleapis.com/TlsInspectionPolicy
Cloud SQL for SQL Server

For Cloud SQL Enterprise Plus edition, you can set the number of days of retained transaction logs from 1 to 35. For more information, see Use point-in-time recovery (PITR).

Dataproc

Dataproc Serverless for Spark: Fixed a bug that caused some batches and sessions to fail to start when using the premium compute tier.

Memorystore for Redis Cluster

Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.

Memorystore for Valkey

Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.

NetApp Volumes

New Identity and Access Management (IAM) permissions have been added. For more information, see Identity and Access Management roles and permissions.

Added new cloud monitoring metrics, specifically for auto-tiering and backups. For more information, see Monitor NetApp Volumes.

SAP on Google Cloud

Support for version 1 of Google Cloud's Agent for SAP has ended

Version 1 of Google Cloud's Agent for SAP has reached the end of support.

If you're using version 1 of the agent, then we strongly recommend that you update to using a supported version as soon as possible. For information about supported versions, see Supported versions for SAP on Google Cloud. For information about how to update to a supported version of the agent, see Update Google Cloud's Agent for SAP.

Virtual Private Cloud

You can use Private Service Connect endpoints to access the regional service endpoints of supported Google APIs. This feature is available in General Availability.

Workflows

The maximum number of concurrent workflow executions has increased from 7,500 to 10,000.

September 12, 2024

Access Approval

Access Approval supports Database Center in the Preview stage.

Access Transparency

Access Transparency supports Database Center in the Preview stage.

Apigee X

On September 12, 2024, we released an updated version of Apigee.

With this release, Apigee supports Workforce Identity Federation.

Workforce Identity Federation lets you use an external identity provider (IdP) to authenticate and authorize a workforce — a group of users, such as employees, partners, and contractors — using Identity and Access Management (IAM) to access Apigee services.

See Access Apigee using Workforce Identity Federation for more information.

Bug ID Description
338285095 Fixed a problem where apps associated with an AppGroup did not appear in the Apps list in the Apigee UI in Cloud Console. As a result, users could not access the app's App Detail page in the console. Using search in the console with a partial app name or API key search for the app was not available.

With this fix, users can now view apps associated with an AppGroup in the Apps list, and view details for each app or delete the app. Users will still not be able to create or edit AppGroup apps.

Apigee hybrid organizations were not impacted by this problem, as they use the Classic UI to view the app details.

PEM parsing error in JWT/JWS policies due to non-standard format

For Apigee and Apigee hybrid versions 1.13 and higher, any deviations in the required PEM format of keys used in Apigee JWS or JWT policies may result in a parsing error.

For more information, see Apigee known issues.

Application Integration

The XSLT Transform data transformer function is now available. This function transforms the specified XML string using the specified XSL string.

BigQuery

You can now use the partial ordering mode in BigQuery DataFrames to generate more efficient queries. This feature is in Preview.

Cloud SQL for MySQL

Cloud SQL now supports near-zero downtime planned maintenance on standalone Cloud SQL Enterprise Plus edition primary instances. In addition, you can also simulate near-zero downtime for planned maintenance events on standalone Cloud SQL Enterprise Plus edition primary instances.

For more information, see About maintenance on Cloud SQL instances.

You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. To upgrade your instance, see Upgrade an instance to Cloud SQL Enterprise Plus edition using in-place upgrade.

You can now upgrade the minor version of a Cloud SQL for MySQL Enterprise Plus edition instance with near-zero downtime. To upgrade the minor version of your Cloud SQL for MySQL 8.0 instance, see Upgrade the minor version.

You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser), instead of using the Cloud SQL Admin IAM role.

For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Cloud SQL for PostgreSQL

Cloud SQL now supports near-zero downtime planned maintenance on standalone Cloud SQL Enterprise Plus edition primary instances. In addition, you can also simulate near-zero downtime for planned maintenance events on standalone Cloud SQL Enterprise Plus edition primary instances.

For more information, see About maintenance on Cloud SQL instances.

You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. To upgrade your instance, see Upgrade an instance to Cloud SQL Enterprise Plus edition using in-place upgrade.

You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser), instead of using the Cloud SQL Admin IAM role.

For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Cloud SQL for SQL Server

You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser), instead of using the Cloud SQL Admin IAM role.

For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Google Distributed Cloud (software only) for bare metal

Release 1.29.500-gke.163

Google Distributed Cloud for bare metal 1.29.500-gke.163 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.500-gke.163 runs on Kubernetes v1.29.7-gke.1200.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following container image security vulnerabilities have been fixed in 1.29.500-gke.163:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Identity and Access Management

You can manage IAM deny policies using the Google Cloud console. For more information, see Deny access to resources.

Looker Studio

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Text wrapping for pivot table column headers

You can choose to wrap column header text in pivot table charts by enabling the Wrap text option in the Style tab.

Public Preview of Gemini in Looker Conversational Analytics

You can query data in natural language. The Conversational Analytics feature is a Gemini-powered data querying experience that makes it easier to find answers, explore data, and share insights using natural language. This feature is now available in Public Preview.

Learn more about Gemini in Looker and how to enable it in Looker Studio.

September 11, 2024

Apigee Advanced API Security

Delay in score generation for Risk Assessment v2 with VPC-SC-enabled organizations only

This issue impacts Risk Assessment v2 only, which is in preview.

With VPC-SC-enabled organizations only, when generating scores for new organizations or scoring changes to included proxies, shared flows, and target server configurations, score generation could take as much as three hours.

See the Risk Assessment v2 customer documentation for information on the functionality.

BigQuery

You can now use Terraform to manage IAM tags on datasets and tables. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Pub/Sub
    • pubsub.googleapis.com/Schema
  • Secure Web Proxy
    • networksecurity.googleapis.com/GatewaySecurityPolicy
    • networksecurity.googleapis.com/GatewaySecurityPolicyRule
    • networksecurity.googleapis.com/UrlList
Cloud Storage

You can now specify United States regions when using regional endpoints.

Config Connector

Config Connector version 1.122.0 is now available.

The state-into-spec field now defaults to Absent in all Config Controller clusters.

RedisCluster (Alpha) now uses direct reconciliation.

SQLInstance now uses direct reconciliation.

Added RedisCluster (Alpha) resource for service Redis.

ContainerCluster

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

ContainerNodePool

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

SQLInstance

Add the spec.cloneSource field to clone a SQLInstance.

RunJob

Add the spec.template.template.volumes[].cloudSqlInstance field to configure Cloud SQL instance.

Google Kubernetes Engine

For GPU node pools created in GKE Standard clusters running version 1.30.1-gke.115600 or later, GKE automatically installs the default NVIDIA GPU driver version corresponding to the GKE version if you don't specify the gpu-driver-version flag.

(2024-R35) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.0-gke.1506000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1234000
    • 1.27.16-gke.1234001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1024000
    • 1.28.13-gke.1042000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.4-gke.1129000
    • 1.30.4-gke.1213000
    • 1.31.0-gke.1058000
    • 1.31.0-gke.1324000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1506000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

Stable channel

  • Version 1.30.2-gke.1587003 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • Version 1.27.16-gke.1008000 is no longer available in the Stable channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1051001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1051001 with this release.

Extended channel

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

No channel

(2024-R35) Version updates

  • Version 1.31.0-gke.1506000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1234000
    • 1.27.16-gke.1234001
    • 1.27.16-gke.1258000
    • 1.28.13-gke.1024000
    • 1.28.13-gke.1042000
    • 1.29.8-gke.1031000
    • 1.29.8-gke.1057000
    • 1.30.4-gke.1129000
    • 1.30.4-gke.1213000
    • 1.31.0-gke.1058000
    • 1.31.0-gke.1324000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1506000 with this release.

(2024-R35) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

(2024-R35) Version updates

  • Version 1.30.2-gke.1587003 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • Version 1.27.16-gke.1008000 is no longer available in the Stable channel.
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1051001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1051001 with this release.

(2024-R35) Version updates

  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1148000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1969000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.

(2024-R35) Version updates

Looker

Looker 24.16 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, September 16, 2024

  • Expected Looker (original) final deployment and download available: Thursday, September 26, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, September 16, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, September 30, 2024

Beginning in Looker 24.18, the October 2024 Looker release, Google Maps will be the only visualization engine for all map visualizations. The Legacy Maps chart type will be removed. Please go to the Legacy features page in the Admin panel and disable "Allow legacy maps"; if you encounter any issues, contact Looker Support.

The LookML Validator now checks for incompatible types in Liquid comparison expressions and, if it finds them, returns an error.

You can change the width of the panels in the Looker IDE, both the feature panel (which contains File Browser, Object Browser, and Git Actions) and the side panel (which contains Project Health, Quick Help, and Metadata). The size of the side panels is persisted across logins and refreshes.

The Chart Config Editor now supports sunburst visualizations.

The Redshift driver is now configured with AWS's recommended TCP keep-alive settings.

The content_summary API endpoint is now generally available. You can use this endpoint to search for recently viewed content or content that you have marked as a favorite.

Comprehensive API support for Looker Connected Sheets is now accessible through both AppsScript and the Google Sheets APIs. API support enables automated data refresh, custom workflows, and integration with external tools and services.

Looker instances with the Redshift license feature enabled will now use the driver version 2.1.0.30.

The Looker IDE now persists a user's IDE state, including the open LookML file in the file browser; the expanded or collapsed status of items in the file browser; the selected item in the IDE navigation bar (such as the file browser, Git actions, object browser, or project settings); the sidebar item (such as the Quick Help panel, the Metadata panel, and the Project Health panel), and the size of the IDE side panels. You can remove the persistence by clicking the Reset IDE Layout button in the new IDE Settings page of the Looker IDE. Note: Item added to release notes on September 16, 2024.

The Looker IDE now supports text line wrapping in the IDE editor. Line wrapping is now the default behavior. You can turn off line wrap mode in the new IDE Settings page in the Looker IDE. Note: Item added to release notes on September 16, 2024.

The Looker IDE supports Vim and Emacs editors in addition to the default Looker IDE editor. You now can set your editor preference in the new IDE Settings page in the Looker IDE. Note: Item added to release notes on September 16, 2024.

To improve performance for LookML validation, the LookML parser object pool has been increased from a fixed-size pool of three LookML parser objects per Looker node to a dynamic pool size that is equal to the number of provisioned CPUs in the Looker node.

An issue has been fixed where measures would remove COALESCE SQL expressions from dimensions during query generation. This feature now performs as expected.

CJK characters are now displayed properly in mobile browsers when they are included within inline table email attachments.

An issue has been fixed that was causing the Collapse All Folders button in the Looker IDE to not work correctly. This feature now performs as expected.

An issue has been fixed where some schedules would fail to send if a PDT was rebuilding. This feature now performs as expected.

An issue where downloaded queries would not show error messages has been fixed. This feature now performs as expected.

An issue has been fixed where the progress bar on single value visualizations could overlap with the visualization note. This feature now performs as expected.

The LookML validator no longer forces the full_suggestions parameter to be enabled in certain situations involving Liquid variables and derived tables.

The Chart Config Editor now displays a more informative error message if you try to use an unsupported visualization type.

An issue has been fixed where the LookML Validator would return incorrect errors on cancel_grouping_fields in Explores with joins. This feature now performs as expected.

An issue has been fixed where the Looker SQL Interface could not connect to Tableau using OAuth. This feature now performs as expected.

Internal database calls during LookML validation have been reduced.

An issue where the LookML Validator could crash if a LookML file incorrectly referenced a dimension_group in a filters parameter has been fixed. This feature now performs as expected.

An issue has been fixed where Looker was incorrectly sanitizing some of the allowed CSS properties. This feature now performs as expected.

The child_count property can now be omitted from dashboard and Look API responses when a feature flag is enabled.

An issue has been fixed with the TRUNC function on some Denodo 8 dialects. This feature now performs as expected.

An issue has been fixed where query metrics were not appearing in the Explore list. This feature now performs as expected.

An issue has been fixed where the LookML validator would not return an error when value_format and named_value_format were both defined for a field. This feature now performs as expected.

The render event has been added to the audit log list.

Looker (Google Cloud Core) provides comprehensive audit logging through Cloud Audit Logs, including full Data Access and System Event audit log coverage. Previously, Cloud Audit Logs for Looker (Google Cloud core) captured only admin activities like instance creation and deletion. Note: Item added to release notes on September 16, 2024.

An issue with SAML authentication has been fixed.

The audit log buffer is now persisted to minimize log data loss.

A new Labs feature, Delegate Model Set Management, lets admins grant a new permission, manage_modelsets_restricted. This permission grants users permissions that are similar to manage_models, but only for model sets to which the users have access.

Secure Source Manager

Secure Source Manager branch protection is Generally Available. To learn more about branch protection, see the Branch protection overview and Configure branch protection.

Secure Source Manager integration with Cloud Build lets you define your Cloud Build configuration and build triggers in your Secure Source Manager repository. To learn how to trigger builds automatically, see Connect to Cloud Build.

Security Command Center

Validate updates to integrations in the Security Command Center Enterprise use case

Updates to the threat response playbook blocks and use case flows are available in the SCC Enterprise - Cloud Orchestration & Remediation use case for Security Command Center Enterprise. To get these changes, upgrade the integrations to the latest versions.

For more information, see Validate integration versions in the use case.

Sensitive Data Protection

The discovery service of Sensitive Data Protection now supports Amazon S3. You can run discovery to generate data profiles of your S3 buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.

This feature is available only to Security Command Center Enterprise customers. To use this feature, you need an AWS connector in Security Command Center that has Sensitive Data Protection enabled.

To get started on profiling Amazon S3 data, see the following:

For more information about sensitive data discovery, see Data profiles.

VPC Service Controls

Preview stage support for the following integration:

Vertex AI Agent Builder

Vertex AI Search: Natural language query filters (Public preview)

For queries on structured data stores, the natural language queries can be reformulated as filters and a residual query. For example, "Find a coffee shop serving banana bread" becomes "query": "banana bread", "filter": "type": ANY(\"cafe\").

The natural-language query understanding feature only applies to generic apps. It is recommended for structured data stores but can also be applied to unstructured data stores with metadata and to website data stores with structured data.

This feature is in Public preview. For more information, see Filter with natural language understanding.

Vertex AI APIs: Updated model for ranking and reranking documents for RAG

The ranking API model is upgraded. This underlying model significantly improves the relevance of top-ranked documents and provides more nuanced scores. For more information about ranking documents, see Rank and rerank documents with RAG.

September 10, 2024

Apigee Advanced API Security

On September 10, 2024 we released an updated version of Advanced API Security.

Proxy-specific security actions

You can now create security actions that apply only to one or more specified proxies.

This new functionality is not available with Apigee hybrid at this time.

See Security actions to learn more about proxy-specific security actions.

Google Kubernetes Engine

We previously identified a potential issue that could cause downtime for traffic directed to your GKE-managed internal passthrough Network Load Balancers after certain cluster operations, like node upgrades. This issue specifically affected clusters with GKE subsetting and Services configured with externalTrafficPolicy=Cluster. See the Aug 14, 2024 release note for details.

A fix for this issue is now available. We recommend upgrading your GKE cluster's control plane to the following patch versions or later:

  • 1.27.16-gke.1258000
  • 1.28.13-gke.1024000
  • 1.29.8-gke.1057000
  • 1.30.4-gke.1129000
  • 1.31.0-gke.1506000
Memorystore for Redis

Added support for CMEK organization policies.

SAP on Google Cloud

New SAP certification for operating system

For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system Red Hat Enterprise Linux (RHEL) for SAP 8.10.

For more information about SAP-certified operating systems, see:

Secret Manager

Secret Manager is now enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Enable customer-managed encryption keys for Secret Manager. To learn more about Cloud KMS Autokey, see Autokey overview.

Sensitive Data Protection

The DOD_ID_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Text-to-Speech

Journey Voices is now in Preview and supports text streaming.

Vertex AI Workbench

The ability to back up and restore data on a Vertex AI Workbench instance is now available in Preview. For more information, see Back up and restore an instance.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.1 is now available for Android.

This version contains the compatibility fix for Android 6 and earlier.

September 09, 2024

Access Approval

Access Approval supports Cloud Data Fusion in the GA stage.

BigQuery

The BigQuery Data Transfer Service can now transfer campaign reporting and configuration data from Display & Video 360 into BigQuery, including Creative, Partner, and Advertiser tables. This feature is generally available (GA).

Cloud Monitoring

Table and TopList widgets can now display the results of multiple queries. You can also configure the column headers, data alignment, and color-code cells based on how a numeric value compares to a threshold. For more information, see the following documents:

Cloud Storage

You can now use the Google Cloud console to do the following:

Container Optimized OS

cos-109-17800-309-46

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Upgraded app-containers/containerd to v1.7.20, Upgraded app-containers/containerd-test to v1.7.20.

Fixes CVE-2023-7256 in net-libs/libpcap.

Fixes CVE-2024-44987 in the Linux kernel.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-41057 in the linux kernel.

Fixes CVE-2024-43837 in the Linux kernel.

Fixes CVE-2024-43855 in the Linux kernel.

Fixes CVE-2024-41076 in the Linux kernel.

Fixes CVE-2024-42316 in the Linux kernel

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812248 -> 812274

cos-dev-121-18657-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.49 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Updated dev-go/oauth2 to v0.23.0. Removed dev-go/appengine.

Updated dev-lang/python to 3.8.19_p1. This fixes CVE-2007-4559.

Updated the Linux kernel to v6.6.49.

Removed chromeos-base/ec-utils and chromeos-base/ec-utils.

Removed dev-libs/confuse and dev-embedded/libftdi.

Removed dev-python/setuptools.

Removed dev-python/webcolors.

Replaced cos-extensions with new Go binary.

Updated google-osconfig-agent to v20240822.00.

Fixes CVE-2023-7256 in net-libs/libpcap.

Upgraded app-editors/vim, app-editors/vim-core to 9.1.0698. This fixed CVE-2024-43790, CVE-2024-43802.

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Runtime sysctl changes:

  • Changed: fs.file-max: 811752 -> 811768

cos-113-18244-151-50

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-41057 in the linux kernel.

Fixes CVE-2024-43837 in the Linux kernel.

Fixes CVE-2024-43855 in the Linux kernel.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-42316 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-43854 in the Linux kernel.

Fixes CVE-2024-41058 in the Linux kernel.

Fixes CVE-2024-41098 in Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812039 -> 812022

cos-105-17412-448-29

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Fixes CVE-2024-43889 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-42302 in the Linux kernel.

Fixes CVE-2024-43854 in the Linux kernel.

Fixes CVE-2024-41098 in Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812696 -> 812685
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-101-17162-528-34

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixes CVE-2023-7256 in net-libs/libpcap.

Fixes CVE-2024-40959 in the Linux kernel.

Fixes CVE-2024-40995 in the Linux kernel.

Fixes CVE-2024-43828 in the Linux kernel.

Fixes CVE-2024-41055 in the Linux kernel.

Fixes CVE-2024-43856 in the Linux kernel.

Fixes CVE-2024-40958 in the Linux kernel.

Fixes CVE-2024-41073 in the Linux kernel.

Fixes CVE-2024-44934 in the Linux kernel.

Fixes CVE-2024-41049 in the Linux kernel.

cos-beta-117-18613-0-25

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.21 See List

Fixes CVE-2024-43889 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811778 -> 811784

Dataform

You can now set a default Dataform customer-managed encryption keys (CMEK) key for your project to encrypt multiple Dataform repositories with the same CMEK key. For more information, see Use Dataform default CMEK keys.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-ndb

2.3.2 (2024-07-15)

Bug Fixes
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.900-gke.113 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.900-gke.113 runs on Kubernetes v1.28.12-gke.1100.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.28.900-gke.113:

  • Fixed the known issue where updating DataplaneV2 ForwardMode doesn't automatically trigger anetd DaemonSet restart.
  • Fixed the known issue where the credential.yaml file was regenerated incorrectly during an admin workstation upgrade.
  • Fixed the known issue where the etcdctl command was not found during cluster upgrade at the admin cluster backup stage.

Fixed the following vulnerabilities in 1.28.900-gke.113:

High-severity container vulnerabilities:

Ubuntu vulnerabilities:

Google SecOps SIEM

The following new YARA-L 2.0 functions are available in Rules and Search:

  • arrays.concat
  • arrays.join_string
  • arrays.max
  • arrays.min
  • arrays.size
  • arrays.index_to_int
  • cast.as_bool
  • cast.as_float
  • math.ceil
  • math.floor
  • math.geo_distance
  • math.is_increasing
  • math.pow
  • math.random
  • strings.contains
  • strings.count_substrings
  • strings.extract_domain
  • strings.extract_hostname
  • strings.from_hex
  • strings.ltrim
  • strings.reverse
  • strings.rtrim
  • strings.trim
  • strings.url_decode
  • timestamp.as_unix_seconds
  • timestamp.now

The following new YARA-L 2.0 functions are available in Rules:

  • hash.sha256
  • window.avg
  • window.first
  • window.last
  • window.median
  • window.mode
  • window.stddev
  • window.variance

Details on function signatures and behavior can be found in YARA-L2.0 Function Syntax Reference Documentation

Google SecOps SOAR

Due to technical issues, the SOAR version has been rolled back to Release 6.3.16.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.7.1 (2024-08-26)

Bug Fixes
  • deps: Update dependency @opentelemetry/semantic-conventions to ~1.26.0 (#1945) (f082869)
  • deps: Update dependency protobufjs to ~7.4.0 (#1959) (25946e0)
  • Propagate set options to LeaseManager (from https://github.com/googleapis/nodejs-pubsub/pull/1880) (#1954) (cdb0916)
SAP on Google Cloud

ABAP SDK for Google Cloud version v1.8 (On-premises or any cloud edition)

Version 1.8 of the on-premises or any cloud edition of ABAP SDK for Google Cloud is generally available (GA). This version introduces the Vertex AI SDK for ABAP, a dedicated toolset for seamless interaction with Google Cloud's Vertex AI platform from SAP environment. The SDK lets you build AI-powered enterprise features and applications with reduced complexity and development efforts from within your SAP systems.

For more information, see:

Security Command Center

New configuration options for Vulnerability Assessment for AWS

When configuring Vulnerability Assessment for AWS, you can customize the scan settings by defining the scan interval, specific regions, specific tags, and specific instance IDs. You can also include SC1 or ST1 instances in the scan. For more information, see Enable and use Vulnerability Assessment for AWS.

Vertex AI

Ray cluster's autoscaling feature is now supported. See Scale Ray clusters on Vertex AI

September 08, 2024

Google SecOps SOAR

Release 6.3.17 is now in General Availability.

September 07, 2024

Google SecOps SOAR

Release 6.3.18 is currently in Preview.

Playbooks are getting stuck in the queue. (ID #53247410)

September 06, 2024

Cloud Data Fusion

The CloudSQL MySQL plugin version 1.10.7 is available in Cloud Data Fusion versions 6.9.0 and 6.10.0. This plugin version lets you use a macro to specify the name of the CloudSQL instance in the plugin's Connection name field.

Cloud Monitoring

The Metrics management page in Cloud Monitoring now shows you the sources of metric reads and lets you exclude unneeded metrics entirely, eliminating the cost of ingesting them. For more information, see View and manage metric usage.

The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu metrics.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.117-debian10, 2.0.117-rocky8, 2.0.117-ubuntu18
  • 2.1.65-debian11, 2.1.65-rocky8, 2.1.65-ubuntu20, 2.1.65-ubuntu20-arm
  • 2.2.31-debian12, 2.2.31-rocky9, 2.2.31-ubuntu22

Dataproc on Compute Engine: The latest 2.2 image versions now support Hudi 0.15.0.

Dataproc on Compute Engine: The latest 2.2 image versions support Hudi Trino integration natively. If both components are selected when you create a Dataproc cluster, Trino will be configured to support Hudi automatically.

Google Kubernetes Engine

(2024-R34) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

There are no new releases in the Rapid channel.

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

There are no new releases in the Extended channel.

No channel

There are no updates for clusters not enrolled in a release channel.

(2024-R33) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.0-gke.1058000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1148000
    • 1.28.13-gke.1006000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969000 with this release.

Regular channel

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

Stable channel

  • Version 1.29.7-gke.1104000 is now the default version for cluster creation in the Stable channel.
  • Version 1.27.16-gke.1051001 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.

Extended channel

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

No channel

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation.
  • The following control plane and node versions are now available:
  • The following versions are no longer available:
    • 1.27.15-gke.1252000
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1254000
    • 1.29.7-gke.1008000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R34) Version updates

There are no new releases in the Rapid channel.

(2024-R33) Version updates

  • Version 1.31.0-gke.1058000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1148000
    • 1.28.13-gke.1006000
    • 1.29.7-gke.1274000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1234000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969000 with this release.

(2024-R34) Version updates

There are no new releases in the Regular channel.

(2024-R33) Version updates

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R34) Version updates

There are no new releases in the Stable channel.

(2024-R33) Version updates

  • Version 1.29.7-gke.1104000 is now the default version for cluster creation in the Stable channel.
  • Version 1.27.16-gke.1051001 is now available in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.

(2024-R34) Version updates

There are no new releases in the Extended channel.

(2024-R33) Version updates

  • Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1051000
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
    • 1.30.3-gke.1225000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R34) Version updates

There are no updates for clusters not enrolled in a release channel.

(2024-R33) Version updates

Google SecOps

Burst limits will be rolling out over the next 90 days. This should not affect customers if sources are properly configured. Review documentation for full details.

Google SecOps SIEM

Burst limits will be rolling out over the next 90 days. This should not affect customers if sources are properly configured. Review documentation for full details.

Sensitive Data Protection

The SEXUAL_ORIENTATION infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

September 05, 2024

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Apigee UI

On September 5, 2024, we released an updated version of the Apigee UI.

An informational message was added to the action creation flow for Apigee Security actions, informing users that actions can't be edited or deleted.

Bug ID Description
349284447 Correct sorting for revisions in Duplicate Proxy

The Duplicate Proxy experience now correctly sorts the list of existing revisions.

359475166 Fixed issue with Analytics Error Analysis

Resolved issue with the Error Composition page that interchanged the proxy error and target error legend.

Apigee hybrid

hybrid 1.13.0-hotfix.1

On September 5, 2024 we released an updated version of the Apigee hybrid software, 1.13.0-hotfix.1.

Apply this hotfix following the steps in Upgrading Apigee hybrid to version 1.13:

  1. Prepare for the Helm charts upgrade
  2. Install the Apigee hybrid Helm charts
Bug ID Description
362690729 Fix for aggressive scaling of runtime pods & cpu spike.
362979563 Fix for Ingress Health Check failure /healthz/ingress - route_not_found.
Capacity Planner

Preview: You can view the on-demand reservations and future reservation requests available for consumption in your project, folder, or organization. This helps you plan for future capacity assurance, as well as view the reserved resources that cover your projected growth or peak usage. For more information, see View usage and forecast data in Capacity Planner.

Preview: You can use the Capacity Planner API to export usage and forecast data of the VMs, Persistent Disk volumes, or GPUs in your project, folder, or organization. This lets you export usage and forecast data in a Cloud Storage bucket or BigQuery table. For more information, see Export usage and forecast data using the Capacity Planner API.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

Generally available: Multi-writer support for Hyperdisk Balanced disks. Up to 8 VMs can simultaneously read from and write to the same disk. For more information, see Share disks between VMs.

Dataproc Metastore

Dataproc Metastore supports custom region configurations. A custom region configuration lets your service run workloads from two separate regions.

Firestore

You can now use Firestore to perform K-nearest neighbor (KNN) vector searches. Additionally, use Firestore vector searches with inequality filters, retrieve the calculated vector distance, and specify a distance threshold. This feature is generally available (GA).

For more information, see Search with vector embeddings.

Google Cloud Architecture Center

(New guide) Enterprise application with Oracle Database on Compute Engine: Provides a reference architecture to host an application that uses an Oracle database, deployed on Compute Engine VMs.

Looker Studio

Gemini in Looker now available for Looker Studio content

Looker Studio Pro users can now create calculated fields and generate Google Slides from Looker Studio content using Gemini assistance. Gemini in Looker no longer requires content to be associated with a Looker Studio Pro subscription.

For more information about Gemini in Looker, see the Gemini in Looker overview.

September 04, 2024

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL is now available in africa-south1 (Johannesburg) and in
me-central2 (Damman). For more information, see AlloyDB locations.

Backup and DR

Backup and DR Service added support to automatically protect your Google Cloud VMware Engine VMs using vSphere tags. The dynamic protection tags feature is supported for backup/recovery appliances running on version 11.0.12.320 or later. You can check the appliance version from Manage > Appliances page.

BigQuery

You can now use vector search and vector index features in BigQuery.

You can use the VECTOR_SEARCH function to search embeddings in order to identify semantically similar entities.

You can use vector indexes to make VECTOR_SEARCH more efficient, with the trade-off of returning more approximate results.

You can try the vector search and vector index capabilities by using the Search embeddings with vector search tutorial.

The BigQuery vector search and vector index features are generally available (GA).

Dataproc

Dataproc on Compute Engine: Dataproc image version 2.2 will become the default Dataproc on Compute Engine image version on September 6, 2024.

Google Kubernetes Engine

For GKE versions 1.29 and later, the gke-metrics-agent Pod runs with the prometheus-metrics-collector container in addition to the existing gke-metrics-agent and core-metrics-exporter containers. This change might result in an increase in the Service time series ingestion requests per minute quota; however, there is no additional cost.

Migrate to Virtual Machines

Experimental: As CentOS Linux 7 has reached end-of-life (EOL) on June 30, 2024, Migrate to Virtual Machines lets you convert CentOS Linux 7 to Rocky Linux 8 as part of your migration.

To use this feature, send a request to the email address: centos-to-rocky-linux@google.com.

Note: This product or feature is subject to the Pre-GA Offerings Terms in the General Service Terms section of the Service Specific Terms. Pre-GA products and features are available as is and might have limited support.

Security Command Center

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date, September 4, 2024, introduces updated widgets, new playbooks, optimized data synchronization jobs, updated ingestion logic, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, September 2024.

September 03, 2024

AlloyDB for PostgreSQL

The extension pgvector is updated to version 0.7.2.

Cloud Run

Deterministic URLs, which let you predict a Cloud Run service URL before the service is created, is now in general availability (GA).

Cloud SQL for MySQL

When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.

Cloud SQL for PostgreSQL

You can now use point-in-time recovery to restore your zonal instance to a preferred primary zone and your regional instance to both a preferred primary zone and a preferred secondary zone. For more information, see Use point-in-time recovery (PITR).

When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.

Cloud SQL for SQL Server

When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.

Contact Center AI Platform

Version 3.24 is released

All release notes published on this date are part of version 3.24.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Raw data export

With raw data export, you can export detailed CCAI Platform session data to an external storage bucket. With this data you can get insights into calls, chats, emails, queues, agent performance, virtual agents, and more.

Virtual agents can create and assign tickets for custom CRM apps

Virtual agents can now create and assign incoming tickets for custom CRM apps prior to a human agent taking the ticket. This capability was previously available only for some commercial CRM apps. For more information, see Configure the assignment of chat or call records created by virtual agents.

Barge is available for chat

Barge, which lets supervisors join or take over calls with end-users, is now available for chat. For more information, see Barge for calls and chat.

Reserved data attributes

With reserved data attributes, you can tag sessions with one of the following labels: Verified Customer, Bad Actor, or Repeat Customer. You can send this information to Google at the start of a session using an SDK, a SIP header, or the Apps API. With the API you can also send this information after the session starts. After we receive this information we display it in the agent adapter so the agent or a supervisor can act accordingly. For more information, see Reserved data attributes.

Fixed an issue where listening to a voicemail would occasionally lead to the creation of a duplicate entry at the top of the list.

Fixed an issue that prevented emails from being sent to external storage.

Fixed an issue where integrating the Salesforce CRM with CCAI Platform was failing.

Container Optimized OS

cos-101-17162-528-27

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-40954 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-41098 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2024-40994 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-41000 in the Linux kernel.

Fixed CVE-2024-42102 in the Linux kernel.

Fixed CVE-2024-40960 in the Linux kernel.

Fixed CVE-2024-40961 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

cos-109-17800-309-33

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2023-46246, CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-41058 in the Linux kernel.

Fixed CVE-2024-41058 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-43854 in the Linux kernel.

Fixed CVE-2024-41098 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812248

cos-beta-117-18613-0-24

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.21 See List

Updated app-containers/containerd to 1.7.21.

Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-44934 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811697 -> 811778
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-113-18244-151-33

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42268 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812039

cos-105-17412-448-22

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.

Fixed CVE-2023-52889 in the Linux kernel.

Fixed CVE-2024-42285 in the Linux kernel.

Fixed CVE-2024-42269 in the Linux kernel.

Fixed CVE-2024-42283 in the Linux kernel.

Fixed CVE-2024-42270 in the Linux kernel.

Fixed KCTF-c07ff85 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812696

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.116-debian10, 2.0.116-rocky8, 2.0.116-ubuntu18
  • 2.1.64-debian11, 2.1.64-rocky8, 2.1.64-ubuntu20, 2.1.64-ubuntu20-arm
  • 2.2.30-debian12, 2.2.30-rocky9, 2.2.30-ubuntu22,

Dataproc on Compute Engine: Apache Spark upgraded to version 3.5.1 in image version 2.2 starting with image version 2.2.30.

Generative AI on Vertex AI

Gemini 1.5 Flash (gemini-1.5-flash) supports controlled generation.

Google Cloud VMware Engine

VMware Engine now offers GA support for VPC Service Controls. VPC Service Controls provides an additional layer of security to prevent data exfiltration and unauthorized access. For more information, see VPC Service Controls.

Memorystore for Redis Cluster

Added support for Maintenance Windows (Preview). For more details, see About maintenance.

Workflows

Support for execution backlogging is available in Preview. Backlogged executions automatically run as soon as execution concurrency quota becomes available.

September 02, 2024

Backup and DR

Backup and DR Service added support to view mounted image logs in Cloud Logging.

Backup and DR Service added support to view mounted image reports in BigQuery.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.42.2 (2024-08-29)

Bug Fixes
  • ExecuteSelect now use provided credentials instead of GOOGLE_APP… (#3465) (cd82235)
Dependencies
  • Update actions/upload-artifact action to v4.3.5 (#3456) (f00977c)
  • Update actions/upload-artifact action to v4.3.5 (#3462) (e1c6e92)
  • Update actions/upload-artifact action to v4.3.6 (#3463) (ba91227)
  • Update github/codeql-action action to v2.26.6 (#3464) (2aeb44d)

2.42.1 (2024-08-27)

Bug Fixes
  • NPE for executeSelect nonFast path with empty result (#3445) (d0d758a)
Dependencies
  • Update actions/upload-artifact action to v4.3.5 (#3420) (d5ec87d)
  • Update actions/upload-artifact action to v4.3.5 (#3422) (c7d07b3)
  • Update actions/upload-artifact action to v4.3.5 (#3424) (a9d6869)
  • Update actions/upload-artifact action to v4.3.5 (#3427) (022eb57)
  • Update actions/upload-artifact action to v4.3.5 (#3430) (c7aacba)
  • Update actions/upload-artifact action to v4.3.5 (#3432) (b7e8244)
  • Update actions/upload-artifact action to v4.3.5 (#3436) (ccefd6e)
  • Update actions/upload-artifact action to v4.3.5 (#3440) (916fe9a)
  • Update actions/upload-artifact action to v4.3.5 (#3443) (187f099)
  • Update actions/upload-artifact action to v4.3.5 (#3444) (04aea5e)
  • Update actions/upload-artifact action to v4.3.5 (#3449) (c6e93cd)
  • Update actions/upload-artifact action to v4.3.5 (#3455) (fbfc106)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.49.0 (#3417) (66336a8)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.50.0 (#3448) (2c12839)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240714-2.0.0 (#3412) (8a48fd1)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3421) (91d780b)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3423) (16f350c)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3428) (9ae6eca)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240803-2.0.0 (#3435) (b4e20db)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240815-2.0.0 (#3454) (8796aee)
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.9.0 (c4afbef)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.53.0 (#3418) (6cff7f0)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.54.0 (#3450) (cc9da95)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#3433) (801f441)
  • Update github/codeql-action action to v2.26.2 (#3426) (0a6574f)
  • Update github/codeql-action action to v2.26.3 (#3438) (390e182)
  • Update github/codeql-action action to v2.26.5 (#3446) (58aacc5)
Documentation
  • Update iam policy sample user to be consistent with other languages (#3429) (2fc15b3)
Cloud Composer

Added a new metric: composer.googleapis.com/workflow/task_instance/queued_duration. This metric is based on the dag.<dag_id>.<task_id>.queued_duration Airflow metric.

Fixed an issue where an upgrade of a PSC-based private IP environment failed leaving the environment in an inconsistent state.

(Cloud Composer 3) Fixed the cause of false-positive failures of Airflow Celery workers reported by the liveness health check.

The apache-airflow-providers-google package was upgraded to version 10.22.0 in Cloud Composer 2 images and Cloud Composer 3 builds with Airflow 2.9.1. For more information about changes, see the apache-airflow-providers-google changelog from version 10.21.0 to version 10.22.0.

The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.4.1 in Cloud Composer 2 images and Cloud Composer 3 builds with Airflow 2.9.1. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 8.3.4 to version 8.4.1.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.6 (default)
  • composer-3-airflow-2.7.3-build.15

Cloud Composer 2.9.3 images are available:

  • composer-2.9.3-airflow-2.9.1 (default)
  • composer-2.9.3-airflow-2.7.3
Cloud Monitoring

You can now import Grafana dashboards into Cloud Monitoring by using the console. For more information, see Import Grafana dashboards into Cloud Monitoring.

Compute Engine

Generally available: You can use the performance monitoring unit (PMU) to monitor low-level CPU events and metrics in VMs that use a C4 machine type. Using the PMU is helpful to analyze and optimize the performance of the software running on your VM when running performance-sensitive workloads, such as high-performance computing (HPC) or machine learning (ML) workloads.

For more information, see the following pages:

Google SecOps SOAR

Release Notes 6.3.16 is now in General Availability.

Remote Agents 2.1.0 is now in General Availability.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.7.0 (2024-08-24)

Features
  • Add support for OTel context propagation and harmonized spans (#1833) (4b5c90d)

September 01, 2024

Cloud Data Fusion

Cloud Data Fusion version 6.8 is no longer supported. You should upgrade your instances to run in a supported version. For instructions, see Manage version upgrades for instances and pipelines.

Google SecOps SOAR

Release Notes 6.3.17 is currently in Preview.

Last Close comment and Last Close Root Cause not showing up in BigQuery. (ID #00298031)

Alert names that are too long cover the time remaining on the alert SLA. (ID #52831259)

Unable to edit, delete or export custom integration (ID #52403533)

Multi Select option not working in Custom Actions. (ID #52874346)

Playbook shows failed step even though it's not being used by the playbook. (ID #00282731)

Playbook export contains archived blocks. (ID #00251935)