Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

November 27, 2024

Cloud Composer

In December 2024, Google will remove the following previously deprecated Airflow operators from the apache-airflow-providers-google package.

The new version of this package will be included in one of the future releases of Cloud Composer and the change will be announced in the Release Notes. After this change, it will not be possible to use these operators in your DAGs.

Make sure that you use up-to-date alternatives of the removed operators instead. For more information about removed and deprecated Airflow operators and their up-to-date alternatives, see Deprecated and removed Airflow operators.

Operators that will be removed in December 2024: DataPipelineHook, CreateDataPipelineOperator, RunDataPipelineOperator, AutoMLDatasetLink, AutoMLDatasetListLink, AutoMLModelLink, AutoMLModelTrainLink, AutoMLModelPredictLink.

Cloud Data Fusion

The Cloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.10.0 and later. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines to fail when the schema contains a MySQL reserved word (PLUGIN-1017).

Cloud SQL for MySQL

You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.

Cloud SQL for PostgreSQL

You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.

Cloud SQL for SQL Server

You can now create instances with both private services access and Private Service Connect enabled for them. You can also enable Private Service Connect for existing private services access instances. This feature is available in Preview. For more information, see Configure both private services access and Private Service Connect.

Google Kubernetes Engine

Cloud TPU Trillium (v6e) machine types are now in public preview for Autopilot clusters running version 1.31.2-gke.1384000 or later. These TPUs are available in the following zones: us-east5-b, europe-west4-a, us-east1-d, asia-northeast1-b, and us-south1-a. To learn more, see Plan TPUs in GKE.

(2024-R46) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

No channel

(2024-R46) Version updates

(2024-R46) Version updates

There are no new releases in the Regular channel.

(2024-R46) Version updates

There are no new releases in the Stable channel.

(2024-R46) Version updates

(2024-R46) Version updates

November 26, 2024

Compute Engine

To learn more, see Monitor disk health.

Google Kubernetes Engine

Cluster autoscaler and node auto-provisioning support the C4 machine family in GKE version 1.28.15-gke.1159000, 1.29.10-gke.1227000 or later.

Vertex AI Agent Builder

Vertex AI Search: Check ingested data quality for media recommendations (GA)

You can check the quality of your ingested data for media recommendations through the Google Cloud console. These checks are not blocking but can suggest ways that your data can be improved. This feature is Generally available (GA).

Previously, this check was only available through API method calls.

For more information, see Check data quality for media recommendations.

November 25, 2024

Anti Money Laundering AI

A new major engine version is available for Retail and Commercial lines of business, within the v4 tuning version. This includes technical improvements and simplifications for tuning and training.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.44.0 (2024-11-17)

Features
  • Enable maxTimeTravelHours in BigQuery java client library (#3555) (bd24fd8)
Bug Fixes
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.55.0 (#3559) (950ad0c)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241027-2.0.0 (#3568) (b5ccfcc)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.59.0 (#3561) (1bd24a1)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.40.0 (#3576) (d5fa951)
  • Update github/codeql-action action to v2.27.1 (#3567) (e154ee3)
  • Update github/codeql-action action to v2.27.3 (#3569) (3707a40)
  • Update github/codeql-action action to v2.27.4 (#3572) (2c7b4f7)
Documentation
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.48.0 (2024-11-19)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (6b35b47)
  • Make client side metrics tag in sync with server (#2401) (bba4183)
Dependencies
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.7 (2024-11-18)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (a1ec68d)
  • deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (afcf63c)
  • Fixed outdated link to X-Cloud-Trace-Context header description (#1713) (d474313)
Dependencies
Cloud Run

You can now set a task timeout up to 168 hours (7 days) for Cloud Run jobs. (Preview)

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.45.0 (2024-11-18)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (aef367d)
  • deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (281cccb)
  • Set default values for monitored resource (#2809) (27829a4)
Dependencies
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.24.3 (2024-11-18)

Dependencies
Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.134.2 (2024-11-18)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.49.0 (77546e0)
  • deps: Update the Java code generator (gapic-generator-java) to 2.50.0 (3f21af3)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.43.3 (#2256) (f7fbc6c)
  • Update dependency com.google.cloud:google-cloud-core to v2.47.0 (#2249) (3df5729)
  • Update dependency com.google.cloud:google-cloud-storage to v2.44.1 (#2240) (f8dae4d)
  • Update googleapis/sdk-platform-java action to v2.50.0 (#2261) (d0aab7d)
  • Update sdk platform java dependencies (#2262) (b689fe2)
Sensitive Data Protection

The PHONE_NUMBER infoType functionality that was previously only available by setting InfoType.version to latest or stable is now also used when InfoType.version is set to legacy. The new model includes US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results.

The old detection model that was previously available by setting InfoType.version to legacy is no longer available.

Spanner

Default backup schedules are now available and automatically enabled for all new instances. You can enable or disable default backup schedules in an instance when creating the instance or by editing the instance later. You can also enable default backup schedules for new databases in existing instances. You can edit or delete the default backup schedule once it's created.

When enabled, Spanner creates a default backup schedule for every new database created in the instance. The default backup schedule creates a full backup every 24 hours. These backups have a retention period of 7 days.

For more information, see Default backup schedules.

November 24, 2024

Google SecOps

New options for closing a case

New custom field options have been added to the admin settings close case page. Using these fields, you can ask the analyst to enter different types of information when closing a case.

For more information, refer to Customize the Close Case dialog.

Google SecOps SOAR

Release 6.3.26 is currently in Preview.

New options for closing a case

New custom field options have been added to the admin settings close case page. Using these fields, you can ask the analyst to enter different types of information when closing a case.

For more information, refer to Customize the Close Case dialog

November 22, 2024

Anthos Attached Clusters

GKE attached clusters now supports clusters in the us-central1 region. For more information, see:

Apigee UI

On November 22, 2024, we released an updated version of the Apigee UI.

This release includes an improved Apps page for Apigee API Management in the Google Cloud console, making it easier to manage API products that are assigned to app credentials.

With this release:

  • Products can be added to an app from a single multi-select list box.
  • Products can be approved, revoked, and removed from a credential by selecting products in the credential product table and using one of the available action buttons.
  • Clicking the Add Credential button adds an empty credential to the list.
  • Credential approval and expiry configuration fields are located in the credential card.
  • A warning appears to users if they attempt to leave the Apps page when un-saved changes are present.
Bug ID Description
357165778 Refactored app credential management experience

Resolved issue causing the Apps page in the Apigee UI in Cloud console to crash when working with apps that have a large amount of products assigned to app credentials.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

Firestore

You can now use Active Assist to provide recommendations and insights that improve the reliability of your databases. This feature is generally available (GA).

For more information, see Reliability recommender.

Firestore in Datastore mode

You can now use Active Assist to provide recommendations and insights that improve the reliability of your databases. This feature is generally available (GA).

For more information, see Reliability recommender.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.300-gke.84 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.300-gke.84 runs on Kubernetes v1.30.5-gke.600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.30.300-gke.84:

  • Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster.
  • Fixed the known issue that caused gkectl to display false warnings on admin cluster version skew.

The following vulnerabilities are fixed in 1.30.300-gke.84:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.300-gke.84

Google Distributed Cloud for bare metal 1.30.300-gke.84 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.300-gke.84 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.

  • Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.

The following container image security vulnerabilities have been fixed in 1.30.300-gke.84:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Text-to-Speech

Cloud TTS Journey voices have been updated to improve the accuracy of generated speech. This means you should notice fewer instances of dropped words.

November 21, 2024

Agent Assist

Summarization with custom sections V3.1 is generally available.

AlloyDB for PostgreSQL

You can set up AlloyDB clusters using a copy of your Cloud SQL for PostgreSQL backup. This feature is in Preview. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Model endpoint management is generally available (GA) for both AlloyDB and AlloyDB Omni. You can use sample templates to register model endpoints. For more information, see Register and call remote AI models in AlloyDB or Register and call remote AI models in AlloyDB Omni.

Backup and DR

This release fixes an issue with OnVault pool jobs leaving behind inactive cloudbacker mountpoints. It does this by retrying the unmount process a set number of times, including forced unmounts. Due to the increased number of retries and the wait time between them, job durations may be slightly longer.

This release deprecates support for ssh-rsa as the ssh Host Key algorithm.

This release fixes the synchronization between database and log backup states. Log backups should not copy the logs to the database staging after the database staging disk is unmounted and the state DBBACKUP_DONE is set.

This release fixes an issue where SAP HANA database and log backup jobs using Persistent Disk snapshots would complete with a warning status due to metadata upload failures to Google Cloud Storage for disaster recovery.

This release removes the 700 thread hard limit and psrv restarts at 800 threads when the psrv is at high usage.

This release fixes the Tomcat vulnerability CVE-2024-38286.

This release fixes the following Kernel vulnerabilities:

CRITICAL Kernel issues: CVE-2023-25775 CVE-2019-15505

MEDIUM Kernel issues CVE-2019-13631 CVE-2020-25656 CVE-2020-26555 CVE-2020-36777 CVE-2021-3753 CVE-2021-46909 CVE-2021-46939 CVE-2021-47171 CVE-2022-38096 CVE-2022-48743 CVE-2023-1192 CVE-2023-4133 CVE-2023-5090 CVE-2023-6121 CVE-2023-6176 CVE-2023-6240 CVE-2023-6622 CVE-2023-6915 CVE-2023-24023 CVE-2023-31083 CVE-2023-37453 CVE-2023-38409 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-39198 CVE-2023-42754 CVE-2023-42755 CVE-2023-45863 CVE-2023-52448 CVE-2023-52463 CVE-2023-52471 CVE-2024-0340 CVE-2024-21140 CVE-2024-21145 CVE-2024-25739 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26602 CVE-2024-26603 CVE-2024-26901 CVE-2024-26908 CVE-2024-27014 CVE-2024-27019 CVE-2024-36270 CVE-2024-36489 CVE-2024-38598 CVE-2024-39472 CVE-2024-39476

HIGH Kernel issues: CVE-2019-25162 CVE-2021-4204 CVE-2021-33631 CVE-2021-47624 CVE-2022-0500 CVE-2022-3565 CVE-2022-23222 CVE-2022-45884 CVE-2022-45886 CVE-2022-45919 CVE-2022-45934 CVE-2023-2163 CVE-2023-3567 CVE-2023-3812 CVE-2023-4244 CVE-2023-5178 CVE-2023-6546 CVE-2023-6931 CVE-2023-6932 CVE-2023-28464 CVE-2023-51042 CVE-2023-51780 CVE-2023-52340 CVE-2023-52434 CVE-2023-52439 CVE-2023-52445 CVE-2023-52451 CVE-2023-52464 CVE-2023-52469 CVE-2024-0565 CVE-2024-0841 CVE-2024-1086 CVE-2024-21147 CVE-2024-23307 CVE-2024-25744 CVE-2024-26593 CVE-2024-26907 CVE-2024-26933 CVE-2024-26934 CVE-2024-27020 CVE-2024-36971 CVE-2024-36978 CVE-2024-36979 CVE-2024-38538 CVE-2024-38555 CVE-2024-38627 CVE-2024-39487

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.

Cloud SQL for PostgreSQL

You can now set up AlloyDB clusters using a copy of your Cloud SQL for PostgreSQL backup. This feature is in Preview. For more information, see Migrate from Cloud SQL for PostgreSQL to AlloyDB.

Generative AI on Vertex AI

Mistral Large (24.11) is Generally Available on Vertex AI as a managed model. To learn more, view the Mistral Large (24.11) model card in Model Garden.

The Gen AI evaluation service can now help you evaluate your translation models using MetricX, COMET, and BLEU metrics. To learn more about evaluating your translation models, see Evaluate translation models.

Google Cloud VMware Engine

VMware Engine ve1 nodes are now available in the following additional region:

  • Dallas, Texas, North America (us-south1-b).
Google Distributed Cloud (software only) for bare metal

Release 1.29.800-gke.111

Google Distributed Cloud for bare metal 1.29.800-gke.111 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.800-gke.111 runs on Kubernetes 1.29.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

Fixes:

  • Fixed the issue where non-root users can't run bmctl restore to restore quorum.

The following container image security vulnerabilities have been fixed in 1.29.800-gke.111:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

If your GKE cluster was created before version 1.26, you can now migrate it to cgroupv2. This migration enables the use of Pod bursting in Autopilot mode.

Looker Studio

Let report viewers see all filters

Report editors can let report viewers see all of the filters applied to a report, including filters that viewers can't edit.

Filter value suggestions

When defining filters on charts, pages, or reports that use Equal to (=) or In conditions, report editors can select from a list of possible filter values that are provided from the underlying data. Filter suggestions are supported for all data connectors and can be disabled during filter creation.

Learn more about filter properties.

Looker connector filter enhancements

The following features are now available for use with the Looker connector:

  • Filter-only fields can be set as a report control and a quick filter.
  • Looker Studio displays suggestions for filter values based on the data source's LookML suggest_dimension and suggest_explore definitions when Equal to (=) and In conditions are used.
Secure Source Manager

Secure Source Manager supports email notifications. For more information, see Notifications overview. To configure notifications, follow the instructions in Set up notifications.

Security Command Center

The Sensitive Data Protection discovery service is now included in Security Command Center Enterprise. To enable discovery, see Enable sensitive data discovery in the Enterprise tier.

The Sensitive Data Protection discovery service remains available to Security Command Center Premium and Standard customers as a separately priced feature.

As of November 13, 2024, Security Command Center can produce Cloud Entitlement Infrastructure Management (CIEM) findings for the following identity and access issues in AWS environments:

  • Users, groups, or assumed IAM roles that are inactive and have one or more permissions.
  • Overly permissive trust policies that are enforced on an AWS IAM role.
  • Identities that can move laterally through impersonation.

November 20, 2024

Artifact Registry

Artifact Registry is available in the northamerica-south1 region (Queretaro, Mexico, North America). For more information, see Global locations.

Cloud Load Balancing

Regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, cross-region internal proxy Network Load Balancers, and regional external proxy Network Load Balancers now support IPv4 and IPv6 (dual-stack) backends.

The following backends have dual-stack support:

  • VM instance groups
  • Zonal NEGs (GCE_VM_IP_PORT endpoints)

You can also convert your existing single-stack load balancers from IPv4-only to dual stack (IPv4 and IPv6) deployments.

For details, see the following pages:

This feature is available in General Availability.

Cloud SQL for MySQL

You can now authenticate to Cloud SQL Studio by using IAM database authentication.

For more information about authentication in Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Cloud SQL for PostgreSQL

You can now authenticate to Cloud SQL Studio by using IAM database authentication.

For more information about authentication in Cloud SQL Studio, see Manage your data using Cloud SQL Studio.

Deep Learning Containers

M126 release

  • Base CUDA 12.3 container images are now available.
  • Base CUDA 12.4 container images are now available.
  • PyTorch 2.4.0 with CUDA 12.4 and Python 3.10 container images are now available.
  • Upgraded R from 4.4.1 to 4.4.2 for R container images.
Deep Learning VM Images

M126 release

  • CUDA 12.4 VM images are now available.
  • PyTorch 2.4.0 with CUDA 12.4 and Python 3.10 VM images are now available.
  • Upgraded R from 4.4.1 to 4.4.2 for R VM images.
  • One or more supported framework versions have reached their end of patch and support dates. To view end of patch and support dates, see Supported framework versions. To create a VM instance using an image family that has reached its end of patch and support date, you must specify an image from the image family when you create the VM instance. To list images from an image family name after its end of patch and support date, include the --show-deprecated flag in your gcloud compute images list command, or select Show deprecated images when creating an instance in the Google Cloud console.
Google Cloud Deploy

You can now automatically promote releases across targets at scheduled times, in preview.

Google Cloud VMware Engine

VMware Engine ve2 nodes are now available in the following regions:

  • São Paulo, Brazil (southamerica-east1)
  • Santiago, Chile (southamerica-west1)
Google Kubernetes Engine

You can now specify a custom resource policy as a compact placement policy with node auto-provisioning in clusters running GKE version 1.31.1-gke.2010000 or later. To learn more, see Use compact placement for node auto-provisioning.

VPC Service Controls

VPC Service Controls feature: VPC Service Controls extends support for etags in the service perimeter resources. For example, you can use the --etag flag with the gcloud CLI commands such as gcloud access-context-manager perimeters update and gcloud access-context-manager perimeters describe. This feature is generally available.

Vertex AI Workbench

M126 release

The M126 release of Vertex AI Workbench user-managed notebooks includes the following:

The M126 release of Vertex AI Workbench managed notebooks includes the following:

  • Upgraded JupyterLab to 3.6.8.

M126 release

The M126 release of Vertex AI Workbench instances includes the following:

  • Preview: JupyterLab 4+ is available on new Vertex AI Workbench instances. To try it, select JupyterLab 4 when you create your instance.
  • Upgraded JupyterLab to 3.6.8.

November 19, 2024

App Engine flexible environment Go

Go 1.23 is now available in preview.

App Engine flexible environment Node.js App Engine standard environment Go

Go 1.23 is now available in preview.

App Engine standard environment Node.js Artifact Registry

Artifact Registry now provides the option to enable or disable vulnerability scanning on individual repositories. By giving you more granular control over the number of images scanned, this feature can help you manage scanning costs and reduce noise in vulnerability scanning results.

This feature is Generally Available.

For more information, see Enable or disable automatic scanning.

BigQuery

You can create a search index on columns containing INT64 or TIMESTAMP data and BigQuery can optimize predicates that use those columns. This feature is generally available (GA).

Cloud Load Balancing

Percentage-based request mirroring is now supported for the cross-region and regional internal Application Load Balancers. By default, the mirrored backend service receives all requests, even if the original traffic is being split between multiple weighted backend services. You can now configure the mirrored backend service to receive only a percentage of the requests by using the mirrorPercent flag to specify the percentage of requests to be mirrored expressed as a value between 0 and 100.0.

For an example, see Set up traffic management for regional internal Application Load Balancers.

This capability is available in Preview.

Cloud Run

Support for the Go 1.23 runtime is now in Preview.

Cloud Run functions

Cloud Run functions now supports the Go 1.23 runtime at the Preview release level.

Cloud SQL for MySQL

For Cloud SQL Enterprise Plus edition instances, advanced disaster recovery (DR) is now generally available (GA). For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR).

The write endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.

By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a regional failure. For more information, see Configure private IP.

Cloud SQL for PostgreSQL

For Cloud SQL Enterprise Plus edition instances, you can now use advanced disaster recovery (DR) to simplify recovery and fallback processes after you perform a cross-regional failover. With advanced DR, you can:

  • Designate a cross-region disaster recovery (DR) replica
  • Perform a cross-region replica failover for disaster recovery
  • Restore your original deployment by using zero-data loss switchover

You can also use switchover to simulate disaster recovery without data loss. You can use advanced DR on Cloud SQL for PostgreSQL version 12, 13, 14, 15, or 16.

For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR). This feature is generally available (GA).

The write endpoint feature is now available in Preview. This endpoint is a global domain name service (DNS) name. This name resolves to the IP address of the current primary Cloud SQL instance that's enabled with private services access.

By using a write endpoint, you can avoid having to make application connection changes after performing a switchover or replica failover operation to test or mitigate a regional failure. For more information, see Configure private IP.

Cloud Service Mesh

The rollout of managed Cloud Service Mesh version 1.19 to all channels has completed.

Compute Engine

The documentation has been updated to clarify that future reservation requests don't support E2 machine types. To reserve VMs that use E2 machine types, use on-demand reservations instead.

For more information, see Restrictions on creation.

Google Cloud Architecture Center

(New guide) Cross-Cloud Network inter-VPC connectivity using VPC Network Peering: Describes how to configure hub-and-spoke Cross-Cloud Network using VPC Network Peering.

(New guide) Deploy and operate generative AI applications: Describes how you can adapt DevOps and MLOps processes to develop, deploy, and operate generative AI applications on existing foundation models.

Google Kubernetes Engine

(2024-R45) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

No channel

(2024-R45) Version updates

(2024-R45) Version updates

There are no new releases in the Regular channel.

(2024-R45) Version updates

There are no new releases in the Stable channel.

(2024-R45) Version updates

(2024-R45) Version updates

GKE version 1.31 introduces increased scalability, allowing users to create clusters with up to 65,000 nodes. For clusters exceeding 5,000 nodes, a quota increase is required. Contact Google Cloud support to request this increase.

Kf

Upgraded server-side dependencies - Tekton Pipelines, ASM

Updated Go version used to build images and CLI tools

Changed version of php-buildpack to address build issue.

Secret Manager

Creating custom organization policies with Secret Manager resources is now in General Availability (GA). You can use custom organization policies to enhance secret security by enforcing rotation schedules, annotations, and expirations for secrets. You can also use custom organization policies to restrict secret types to manage costs. To learn more about using custom organization policies in Secret Manager, see Use custom organization policies.

Sensitive Data Protection

The November 4 release note announcing the release of sample discovery findings was published in error. This feature is not available.

Spanner

Spanner supports the ALL_DIFFERENT graph predicate in GoogleSQL-dialect databases. You can use this predicate to see if the graph elements in a list are mutually distinct.

November 18, 2024

Access Approval

Access Approval now supports Cloud Healthcare API in the Preview stage.

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL is now available in the following region: northamerica-south1 (Mexico). For more information, see AlloyDB Locations.

Anti Money Laundering AI

Two major engine versions within the v4 tuning version are no longer used by customers and are deprecated as of today. We recommend customers use the most recent engine versions instead. Deprecation overrides the support timeline for all minor versions within these major engine versions.

App Hub Application Integration

JavaScript task using Gemini

If your integration flow requires any complex data mapping logic, Gemini can now recommend a JavaScript task. For more information, see Create an integration using Gemini.

You can add a JavaScript task, edit an existing task, or use Gemini to help understand the JavaScript code. For more information, see Configure JavaScript tasks.

Assured Workloads

The Sovereign Controls for Kingdom of Saudi Arabia control package now supports the following products. See Supported products by control package for more information:

  • Sensitive Data Protection
  • Google Cloud Armor
  • Secret Manager

The Sovereign Controls for EU control package now supports the following products. See Supported products by control package for more information:

  • BigQuery Data Transfer Service
  • Sensitive Data Protection
  • GKE Identity Service
  • Google Cloud Armor
  • Resource Manager
  • Secret Manager
Bigtable

You can now create a Data Boost app profile and view Data Boost metrics in the Google Cloud console. Data Boost for Bigtable is in Preview. For more information, see Create and configure app profiles.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.47.0 (2024-11-13)

Features
  • Add an experimental feature to skip waiting for trailers for unary ops (#2404) (cf58f26)
  • Add internal "deadline remaining" client side metric #2341 (#2370) (75d4105)
Bug Fixes

Python

Changes for google-cloud-bigtable

2.27.0 (2024-11-12)

Features
  • Add support for Cloud Bigtable Node Scaling Factor for CBT Clusters (#1023) (0809c6a)
  • Surface retry param to Table.read_row api (#982) (a8286d2)
Bug Fixes

Bigtable is now available in the northamerica-south1 (Mexico) region. For more information, see Bigtable locations.

Cloud Data Fusion

The Cloud SQL MySQL plugins version 1.11.5 is available in Cloud Data Fusion versions 6.8.0 and later. This release fixes an issue in the Cloud SQL MySQL sink causing pipelines to fail when the schema contains a MySQL reserved word (PLUGIN-1017). This note is incorrect; see entry for November 27, 2024.

The SAP table batch source plugin version 0.11.5 is available in Cloud Data Fusion version 6.8.0 and later. This release fixes an issue causing the following error: Error encountered while configuring the stage: Unable to access Cloud Storage or download JCo libraries from Cloud Storage.

Cloud Database Migration Service

Database Migration Service now lets you select if a connection profile is for a source or a destination database, based on your migration scenario. Database Migration Service shows configuration options applicable to your choice.

Cloud Interconnect

Dedicated Cloud Interconnect support is available in the following colocation facilities:

  • Queretaro, Mexico, North America

For more information, see the Locations table and Global Locations.

Cloud Key Management Service

Cloud KMS is available in the following region:

  • northamerica-south1

For more information, see Cloud KMS locations.

Cloud Run

Support for the Node.js 22 runtime is now in general availability (GA).

Cloud Run functions

Cloud Run functions now supports the Node.js 22 runtime at the General Availability release level.

Cloud SQL for MySQL

Support for the northamerica-south1 (Mexico) region.

Cloud SQL now supports near-zero downtime when you enable or disable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information, see Availability in Cloud SQL.

Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU, memory) of your Cloud SQL Enterprise Plus edition primary instance.

For more information, see Availability in Cloud SQL.

Cloud SQL for PostgreSQL

The pgvector extension is now upgraded from version 0.7.4 to version 0.8.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.

To use this version of the extension, update your instance to one of the following:

  • POSTGRES_17_0.R20241011.00_03 (for PostgreSQL instances, version 17)
  • [PostgreSQL version].R20240910.01_17 (for PostgreSQL instances, versions 13 to 16)

For more information, see Self-service maintenance.

Support for the northamerica-south1 (Mexico) region.

Cloud SQL now supports near-zero downtime when you enable or disable data cache for Cloud SQL Enterprise Plus edition primary instances. For more information, see Availability in Cloud SQL.

Cloud SQL now supports near-zero downtime for infrequent scale downs (once every three hours) of the compute size (vCPU, memory) of your Cloud SQL Enterprise Plus edition primary instance.

For more information, see Availability in Cloud SQL.

Cloud SQL for SQL Server

Support for the northamerica-south1 (Mexico) region.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.47.0 (2024-11-14)

Features
  • storage: Introduce dp detector based on grpc metrics (#11100) (60c2323)
Bug Fixes

Cloud Storage is now available in Querétaro, Mexico (northamerica-south1 region). For more information, see Cloud Storage regions.

Cloud VPN

Cloud VPN is now available in region northamerica-south1 (Queretaro, Mexico, North America). For more information, see Global locations.

Pricing is available on the Cloud VPN pricing page.

Cloud Workstations

The Cloud Workstations base editor (Code OSS) has been upgraded to 1.94.2. The last image that offers the previous version is tagged code-oss-1.89.1.

Compute Engine

Generally available: Queretaro, Mexico, North America (northamerica-south1-a,b,c) has launched with E2, N4, C4, and C3D VMs available in all three zones. For more information, see Global Locations and VM instance pricing.

Container Optimized OS

cos-117-18613-75-37

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Fixed CVE-2024-50101 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

Fixed CVE-2024-50066 in the Linux kernel.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-50120 in the Linux kernel.

Fixed CVE-2024-50121 in the Linux kernel.

Fixed CVE-2024-50115 in the Linux kernel.

Fixed CVE-2024-50130 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

cos-113-18244-236-44

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-49952 in the Linux kernel.

Fixed CVE-2024-50095 in the Linux kernel.

Fixed CVE-2024-49946 in the Linux kernel.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-50138 in the Linux kernel.

Fixed CVE-2024-49959 in the Linux kernel.

Fixed CVE-2024-49954 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-50115 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

cos-109-17800-372-45

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-45310 in app-containers/runc.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-49959 in the Linux kernel.

Fixed CVE-2024-49954 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-50138 in the Linux kernel.

Fixed CVE-2024-50115 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

cos-105-17412-495-45

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Fixed CVE-2024-49952 in the Linux kernel.

Fixed CVE-2024-50110 in the Linux kernel.

Fixed CVE-2024-49959 in the Linux kernel.

Fixed CVE-2024-49954 in the Linux kernel.

Fixed CVE-2024-50010 in the Linux kernel.

Fixed CVE-2024-50131 in the Linux kernel.

Fixed CVE-2024-46855 in the Linux kernel.

cos-dev-121-18759-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.61 v24.0.9 v2.0.0 See List

Updated app-admin/google-guest-configs to v20241112.00.

Updated app-containers/containerd to v2.0.0.

Updated the Linux kernel to v6.6.61.

Upgraded cos-gpu-installer to v2.4.4: Relax precise GPU driver version check to allow version with two numeric segments pass.

Data Catalog

Data Catalog is now available in the Mexico (northamerica-south1) region. For more information, see Global locations and pricing.

Dataflow

Dataflow is available in Queretaro, Mexico (northamerica-south1). Learn more about Google Cloud locations.

Dataproc

Dataproc is now available in the northamerica-south1 region (Queretaro, Mexico).

Filestore

Filestore is now available in Mexico (northamerica-south1 region).

Firestore

Firestore now supports the northamerica-south1 Queretaro region.

For a full list of supported locations, see Locations.

Firestore in Datastore mode

Firestore in Datastore mode now supports the northamerica-south1 Queretaro region.

For a full list of supported locations, see Locations.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.24.2 (2024-11-06)

Bug Fixes
  • doc: Add discriptions for TransactionCallable interface (#1644) (173a883)
  • doc: Fix return types for batch interface (#1645) (1189211)
Google Kubernetes Engine

The northamerica-south1 region in Querétaro, Mexico location is now available. For more information, see Global Locations.

Performance horizontal Pod autoscaling (HPA) profile is now available in Preview for new and existing GKE clusters running version 1.31.2-gke.1138000 or later. This feature speeds up HPA reaction time and enables quick recalculation of up to 1,000 HPA objects. To learn more, see Configuring Performance HPA profile.

Live Stream API

You can now create a DVR session for a past, current, or future live stream.

Memorystore for Memcached

Added new Memorystore for Memcached region: Querétaro (northamerica-south1).

Pub/Sub

Pub/Sub is now available in the northamerica-south1 region (Queretaro, Mexico, North America). For more information, see Cloud locations.

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.9.0 (2024-11-12)

Features
  • Add IngestionFailureEvent to the external proto (#1984) (7075430)
Bug Fixes
Sovereign Controls by Partners

The Sovereign Controls Foundation by CNTXT and Sovereign Controls Advanced by CNTXT control packages now support the following products. See Supported products by control package for more information:

  • Google Cloud Armor
  • Secret Manager
  • Sensitive Data Protection

The following control packages now support the following products. See Supported products by control package for more information:

Control packages:

New supported products:

  • BigQuery Data Transfer Service
  • GKE Identity Service
  • Google Cloud Armor
  • Secret Manager
  • Sensitive Data Protection
Spanner

You can create Spanner regional instance configurations in Querétaro, Mexico (northamerica-south1). For more information, see Google Cloud locations and Spanner pricing.

Virtual Private Cloud

For auto mode VPC networks, added a new subnet 10.224.0.0/20 for the Mexico northamerica-south1 region. For more information, see Global Locations and Auto mode IP ranges.

November 17, 2024

Secret Manager

Secret Manager is now available in the following region:

  • northamerica-south1

For more information, see Secret Manager locations.

November 15, 2024

AlloyDB for PostgreSQL

AlloyDB free trial clusters are now available in all regions. For more information, see the AlloyDB free trial clusters overview.

The extension vector, which includes pgvector functions and operators, is updated to version 0.7.4.

Apigee UI

On November 15, 2024, we released an updated version of the Apigee UI.

Bug ID Description
376257906 Fixed issue with custom report editing

Resolved issue where customer reports without properties that were created using the API could not be rendered with the Edit option.

Assured Workloads

The CJIS control package now supports the following products. See Supported products by control package for more information:

  • Access Context Manager
  • Apigee
  • Cloud Build
  • Cloud EKM
  • Cloud Interconnect
  • Cloud NAT
  • Cloud Router
  • Cloud Service Mesh
  • Cloud VPN
  • Resource Manager
  • Firestore
  • Identity-Aware Proxy (IAP)
  • Memorystore for Redis
  • Sensitive Data Protection
Backup for GKE

Backup for GKE now supports backing up and restoring Hyperdisk throughput, extreme, and balanced types volumes.

Capacity Planner

Preview: You can view and export historical utilization of on-demand and future reservations in your project, folder, or organization. This data helps you analyze usage trends for your VMs or GPUs, as well as plan for future capacity needs. For more information, see the following:

Cloud Run

asia-south1 (Mumbai, India) is now subject to Tier 1 pricing

Cloud SQL for PostgreSQL

You can now register an AI model endpoint, generate vector embeddings, and invoke predictions by using model endpoint management in Cloud SQL. For more information, see Register and call remote AI models in Cloud SQL overview.

Cloud Storage

You can now use the x-amz-decoded-content-length header to allow an XML API upload that uses chunked transfer encoding to include a signature in its Authorization header.

Security Command Center

Manage security postures using the Google Cloud console is generally available.

You can now create, deploy, update, and delete security postures using the Google Cloud console. For more information, see Manage a security posture.

Sensitive Data Protection

Sensitive data discovery is now included in Security Command Center Enterprise. To enable discovery in the Security Command Center Enterprise tier, see Enable sensitive data discovery in the Enterprise tier in the Security Command Center documentation.

The Sensitive Data Protection discovery service remains available to Security Command Center Premium and Standard customers as a separately priced feature. For more information, see Publish data profiles to Security Command Center.

VPC Service Controls

VPC Service Controls feature (Status: Preview): VPC Service Controls adds support for using groups of third-party identities in ingress and egress rules to allow access to resources protected by service perimeters. This feature is available in Preview.

For more information, see Configure identity groups and third-party identities in ingress and egress rules.

November 14, 2024

Apigee Advanced API Security

On November 14, 2024 we released a new version of Advanced API Security

IP address drill down details are now available in the preview release of Advanced API Security Abuse Detection Incidents.

This new functionality allows viewing details of detected abuse by source IP.

For usage information, see the Abuse Detection customer documentation.

Batch

Dependent jobs are available in Preview. Dependent jobs let you schedule an automated chain of jobs, which can help you optimize resource consumption—for example, separate the types of VMs used for data preparation and compute-intensive data processing.

BigQuery

The following BigQuery ML features are now available:

Try these features with the Generate text by using the ML.GENERATE_TEXT function how-to topic.

These features are now generally available (GA).

You can try Gemini in BigQuery at no charge until January 27, 2025. After that date, to continue to use Gemini in BigQuery you must do one of the following:

  • Purchase and assign BigQuery Enterprise Plus edition reservations to projects that use Gemini in BigQuery.
  • Purchase Gemini Code Assist Enterprise.
To learn more, see Purchase Gemini in BigQuery. These purchase options are now generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, and Feed APIs.

  • Cloud Build
    • cloudbuild.googleapis.com/Build
Cloud SQL for MySQL

You can now create custom organization policies for the BackupRun resource in Cloud SQL instances. In addition, more fields in the Instances resource are available to create custom organization policies. For more information, see Add custom organization policies.

Cloud SQL for PostgreSQL

You can now create custom organization policies for the BackupRun resource in Cloud SQL instances. In addition, more fields in the Instances resource are available to create custom organization policies. For more information, see Add custom organization policies.

Cloud SQL for SQL Server

You can now create custom organization policies for the BackupRun resource in Cloud SQL instances. In addition, more fields in the Instances resource are available to create custom organization policies. For more information, see Add custom organization policies.

Cloud Storage

Bucket IP filtering for Cloud Storage is now available in Preview. With bucket IP filtering, you can restrict access to a bucket based on the source IP address of the request and secure your data from unauthorized access.

Contact Center AI Insights

Conversational Insights now offers Rule-based analysis as a preview feature to customize your conversation analyses. Rule-based analysis provides the following customizations for your conversation analyses:

  • Filter conversations.
  • Select a percentage of your dataset.
  • Designate different types of analysis.

For more information, see the documentation.

Dialogflow

Data store tools: You can now optimize the RAG performance of data store tools used by Playbooks. See the documentation for details.

Dialogflow CX: New feature Context token limits has been added to Agent Settings > Generative AI. You can use this feature to set a percentage of the token budget to be reserved for conversation history, as a maximum. See the Agent Settings documentation for details.

Generators and data store handlers: The model gemini-1.5-flash-002 is now GA.

Data store handlers: The default generative model has been changed to gemini-1.5-flash-001.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.800-gke.108 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.800-gke.108 runs on Kubernetes 1.29.10-gke.100.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

The following issue is fixed in 1.29.800-gke.108:

Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster.

The following vulnerabilities are fixed in 1.29.800-gke.108:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Looker

You can now use the Google Cloud console to create a Looker (Google Cloud core) Private Service Connect instance. The console also includes additional options to edit Looker (Google Cloud core) Private Service Connect instance settings.

Migrate to Virtual Machines

Preview: Migrate to Virtual Machines lets you migrate Elastic Block Store (EBS) volumes not attached to a VM from AWS to Google Cloud, as part of a preview program. Use this feature when you have detached the disks associated with a VM to archive data and need to migrate these disks to Google cloud.

To participate in the preview, contact us at m2vm-independent-disks-migration@google.com.

Secure Source Manager

Secure Source Manager supports Workforce Identity Federation.

To create an instance with Workforce Identity Federation enabled, follow the instructions in Create a Secure Source Manager instance to use with federated identities.

Security Command Center

You can now view the configurations that determine the resource values of your high-value resource set. For more information, see View the configurations that match a high-value resource.

The Defense Evasion: Rootkit detector of Virtual Machine Threat Detection is in General Availability. For more information, see Virtual Machine Threat Detection overview.

The application steps to activate the Security Command Center Enterprise tier have been streamlined. For information, see Activate the Security Command Center Enterprise tier.

Sensitive Data Protection

The current default STREET_ADDRESS infoType detection model, which is available when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy.

The old detection model that was previously available by setting InfoType.version to legacy is no longer available.

November 13, 2024

Agent Assist

Agent Assist offers a UI Connector with Salesforce to integrate with chat conversations.

Cloud Composer

Airflow 2.10.2 is available in Cloud Composer.

(Airflow 2.7.3) Backported #35887 to fix an issue that occurred during the DST transition. The issue affected DAGs with timezone-aware cron schedule and caused infinite loops in the Airflow scheduler.

Improved the error message generated when a Cloud Composer 3 environment creation fails because of missing permissions.

(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-google package was upgraded to version 10.25.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.24.0 to version 10.25.0.

(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 9.0.1 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 9.0.0 to version 9.0.1.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.0
  • composer-3-airflow-2.9.3-build.7 (default)
  • composer-3-airflow-2.7.3-build.23

New images are available in Cloud Composer 2:

  • composer-2.9.11-airflow-2.10.2
  • composer-2.9.11-airflow-2.9.3 (default)
  • composer-2.9.11-airflow-2.7.3

Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.9.3 are supported until November 13, 2025.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

Preview: The OS policy orchestrator feature in VM Manager lets you manage OS policy assignments across projects and zones at scale in large organizations. OS policy assignment was previously available only for zonal resources in a project. For more information, see About OS Policy Orchestrator.

Config Connector

Config Connector version 1.125.0 is now available.

New Beta resources (direct reconciler)

Added cluster mode to manage the rate-limit for the Config Connector requests

SQLInstance Reconciliation Improvements

  • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the SQLInstance CR object to opt-in the direct controller.
  • The direct reconciler contains 2 fix and improvement:
    • Fix the upgrade and downgrade issue between ENTERPRISE and ENTERPRISE_PLUS.
    • Supports creating from clone functionality via spec. cloneSource
  • Migrated the SQLInstance from the Terraform-based or DCL-based controller to the new Direct Controller to enhance the reliability and performance. The CRD is unchanged.

ComputeFirewallPolicyRule Reconciliation Improvements

  • You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the ComputeFirewallPolicyRule CR object to opt-in the direct controller, which fixes the targetResources error "required value priority could not be found".
  • Migrated this resource from the Terraform-based controller to the new Direct Controller to enhance the reliability and performance. The resource CRD is unchanged.

AlloyDBInstance

  • Added spec.networkConfig.enableOutboundPublicIp field.
  • Added status.outboundPublicIpAddresses field.

Issue 3007 ComputeBackendService cannot refer clientTLSPolicy due to invalid format

Issue 2973 kubelet_config has insecure_kubelet_readonly_port_enabled: true set even if not configured in the ContainerNodePool object.

Google Cloud Contact Center as a Service

Flutter for the Mobile SDKs

You can now use Flutter to help you integrate the Mobile SDKs (the Android SDK and the iOS SDK) into your Android or iOS app. For more information, see Integrate using Flutter.

Google Kubernetes Engine

(2024-R44) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.2105000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1628000
    • 1.31.1-gke.1846000
    • 1.31.2-gke.1115000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.2105000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

Regular channel

Stable channel

Extended channel

No channel

(2024-R44) Version updates

GKE cluster versions have been updated.

  • Version 1.31.1-gke.2105000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1376000
    • 1.29.9-gke.1541000
    • 1.30.5-gke.1628000
    • 1.31.1-gke.1846000
    • 1.31.2-gke.1115000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.2105000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1020000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.10-gke.1054000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1699000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.2105000 with this release.

(2024-R44) Version updates

GKE cluster versions have been updated.

(2024-R44) Version updates

GKE cluster versions have been updated.

(2024-R44) Version updates

GKE cluster versions have been updated.

(2024-R44) Version updates

GKE cluster versions have been updated.

November 12, 2024

AlloyDB for PostgreSQL

AlloyDB now supports up to 128 TiB storage per cluster in all regions where AlloyDB is available.

If you are dropping an AlloyDB database that is larger than 64 TiB, then any write operations on other AlloyDB databases are paused until the drop operation is completed.

Apigee hybrid

hybrid v1.13.2

On November 12, 2024 we released an updated version of the Apigee hybrid software, 1.13.2.

Bug ID Description
373722434 Fixed support for backups to GCS buckets with retention policies.
361044374 Fixes assign message not correctly highlighting the set payload action in the debug trace.
355122464 This release contains a few error-handling fixes for CSI backup and restore.
237656263 Fix added to make use of asynchronous ServiceCallout execution when the ServiceCallout policy <Response> element is not present.

Procedure:

  1. In the apigee-env/values.yaml file set conf_system_servicecallout.expects.response to false under runtime:cwcAppend:. For example:
    # Apigee Runtime.
    runtime:
      cwcAppend:
        conf_system_servicecallout.expects.response: false
  2. Upgrade the apigee-env chart for each environment to apply the change. For example:
    helm upgrade ENV_RELEASE_NAME apigee-env/ \
      --install \
      --namespace APIGEE_NAMESPACE \
      --set env=ENV_NAME \
      -f OVERRIDES_FILE
Bug ID Description
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
App Engine flexible environment .NET

.NET 6 has reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of .NET.

Cloud Load Balancing

Cloud Load Balancing resources now let you use custom constraints to define your own restrictions on Google Cloud services. To learn about which load balancing resources support custom constraints, and some sample use cases, see Manage Cloud Load Balancing resources using custom constraints.

For more information about custom constraints, see the following:

This feature is available in General Availability.

Cloud Run

The in-memory volume type is now generally available (GA) for Cloud Run services and jobs.

Cloud SQL for MySQL

You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.

Cloud SQL for PostgreSQL

You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.

Cloud SQL for SQL Server

You can now have Cloud SQL create a Private Service Connect endpoint automatically instead of creating the endpoint manually after the instance is created. You use this endpoint to access a Cloud SQL instance through a VPC network. For more information, see Connect to an instance using Private Service Connect. This feature is available in Preview.

Cloud Service Mesh

In-cluster Cloud Service Mesh 1.20 is no longer supported. For more information, see Supported versions.

1.20.8-asm.10 is now available for in-cluster Cloud Service Mesh.

1.20 is no longer supported. While the fix for the bug in the distroless proxy container has been backported to 1.20, you should upgrade to 1.21 or later.

You can now download 1.20.8-asm.10 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh version 1.20.8-asm.10 uses envoy v1.28.6.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.23.3-asm.2 is now available for in-cluster Cloud Service Mesh.

You can now download 1.23.3-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.3 subject to the list of supported features. Cloud Service Mesh version 1.23.3-asm.2 uses envoy v1.31.2.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.22.6-asm.2 is now available for in-cluster Cloud Service Mesh.

You can now download 1.22.6-asm.2 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.6 subject to the list of supported features. Cloud Service Mesh version 1.22.6-asm.2 uses envoy v1.30.6.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.21.5-asm.12 is now available for in-cluster Cloud Service Mesh.

You can now download 1.21.5-asm.12 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh version 1.21.5-asm.12 uses envoy v1.29.8.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

This release fixes a bug in the distroless proxy container. Before this fix, the distroless proxy produced errors similar to the following when deployed in a Kubernetes cluster with in-cluster control plane that did not have Container Network Interface (CNI) installed.

xtables resource problem: can't open lock file /run/xtables.lock: No such file or directory

This fix applies to the following new versions:

  • 1.20.8-asm.10
  • 1.21.5-asm.12
  • 1.22.6-asm.2
  • 1.23.3-asm.2
Config Controller

Config Controller now uses the following versions of its included products:

Datastream

Datastream now supports global transaction identifier (GTID)-based replication for MySQL sources. The feature is in Preview.

GTID-based replication supports failovers and managed database clusters, such as Cloud SQL Enterprise Plus edition. For more information, see the Datastream documentation.

Google Cloud Contact Center as a Service

Mobile SDK 2.10 is released

Mobile SDK 2.10 includes the following updates:

  • iOS SDK:
    • Text resizing. End-users can increase text size up to 200%. Text is resized using the device settings.
  • Android SDK:
    • Fixed the sticky button behavior so that it matches iOS.
  • Android SDK and iOS SDK:
    • Fixed an issue where content card text was misaligned.
Google Cloud Managed Service for Apache Kafka

Google Cloud Managed Service for Apache Kafka is now in General Availability (GA).

November 11, 2024

Artifact Registry

The Container Registry -> Artifact Registry Migration Admin role simplifies the IAM roles required for the transition from Container Registry to Artifact Registry. For instructions on how to use the role, see Automatically migrate from Container Registry to Artifact Registry.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.27.0 (2024-11-01)

Features
  • Updates to allow users to set max_stream_count (#2039) (7372ad6)

The following BigQuery ML features are now available:

Try tuning and evaluating an LLM with the Customize an LLM by using supervised fine tuning how-to topic or the Use tuning and evaluation to improve model performance tutorial.

These BigQuery ML features are generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Dataplex
    • dataplex.googleapis.com/AspectType
    • dataplex.googleapis.com/EntryGroup
    • dataplex.googleapis.com/EntryType
Cloud Monitoring

Dashboard variables and dashboard-level filtering is now GA. Pinned filters and variables can have multiple default values and they support selection of multiple values. For more information, see the following documents:

Container Optimized OS

cos-105-17412-495-37

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

Fixed CVE-2024-50083 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Fixed CVE-2024-50002 in the Linux kernel.

Fixed CVE-2024-49967 in the Linux kernel.

Fixed CVE-2024-50006 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-50001 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812681 -> 812709

cos-117-18613-75-26

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed CVE-2024-50067 in the Linux kernel.

Fixed CVE-2024-50036 in the Linux kernel.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50076 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Fixed KCTF-8ea6073 in the Linux kernel.

Fixed CVE-2024-50072 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811757 -> 811721

cos-113-18244-236-35

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

Fixed CVE-2024-50083 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812011

cos-109-17800-372-38

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-50602 in dev-libs/expat.

Fixed KCTF-2e95c43 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50038 in the Linux kernel.

Fixed CVE-2024-50082 in the Linux kernel.

Fixed CVE-2024-50083 in the Linux kernel.

Fixed CVE-2024-50024 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812248 -> 812209

cos-dev-121-18747-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.59 v24.0.9 v1.7.23 See List

Updated runc to version 1.1.14. This fixes CVE-2024-45310, CVE-2024-9341, CVE-2024-9407, and CVE-2024-9675.

Fixed CVE-2024-9143 in dev-libs/openssl.

Fixed KCTF-2e95c43 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811822 -> 811804

Dataproc

Announcing the General Availability (GA) of Flexible shapes for Dataproc secondary workers which allows you to provide a ranked selection of machine types to use for the creation of VMs.

Announcing the General Availability (GA) of Spot and non-preemptible VM mixing for Dataproc secondary workers which allows you to mix spot and non-preemptible secondary workers when you create a Dataproc cluster.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/datastore

9.2.1 (2024-11-06)

Bug Fixes
  • Address edge cases for excluding large properties when using save (#1356) (ceaff7e)
  • Create a release (#1353) (536873e)
Google Kubernetes Engine

Clusters now have unified and flexible configuration, allowing you to modify control plane access and cluster node settings at any time, without the need to recreate the cluster. This eliminates the previous distinction between private and public clusters. All clusters support this flexibility and utilize DNS-based endpoints for secure and direct control plane access from any network, removing the need for bastion hosts or proxies. You can still enhance security with measures like VPC Service Controls.

To learn more, see About network isolation in GKE.

DNS-based access for GKE clusters control plane is now generally available. This capability provides each cluster with a unique domain name system (DNS) name or fully-qualified domain name (FQDN). Access to clusters is controlled through IAM policies, eliminating the need for bastion hosts or proxy nodes. Authorized users can connect to the control plane from different cloud networks, on-prem deployments, or from remote locations, without relying on proxies.

To learn more, see About network isolation in GKE.

Memorystore for Redis Cluster

Instances that use 1, 2, or 4 shards are now Generally Available. For more information about the minimum and maximum supported shard count, see Cluster and node specification.

Added support for Node-level monitoring metrics (Generally Available).

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.27.1 (2024-11-08)

Bug Fixes
Security Command Center

As of December 9, 2024, if you activate Security Command Center within an organization for the first time, then you must use only version 2 of the Security Command Center API in that organization. Earlier versions are not supported.

If you activated Security Command Center at the project level prior to December 9, 2024, then any projects you activate in the same organization will support all available versions of the Security Command Center API.

To migrate to the v2 API from an earlier version, see Migrate to v2 of the Security Command Center API.

The Vulnerability management dashboard was enhanced to include information about containers with exploitable vulnerabilities. This feature is in Preview.

Starting October 24, 2024, the IAM Recommender service is enabled by default when activating Security Command Center. You manage the IAM Recommender service under the Security Command Center Settings page > Integrated services tab. For more information, see Add integrated Google Cloud services to Security Command Center.

Sensitive Data Protection

The current default ORGANIZATION_NAME infoType detection model, which is available when InfoType.version is set to latest or stable, is now also used when InfoType.version is set to legacy.

The old detection model that was previously available by setting InfoType.version to legacy is no longer available.

The region restriction on the ORGANIZATION_NAME infoType has been lifted. It is now available in all regions.

Text-to-Speech

Journey Voices now supports the de-de, en-gb, en-in, es-us, fr-ca, fr-fr, and it-it locales.

November 09, 2024

Google SecOps Google SecOps SIEM Google SecOps SOAR

Release 6.3.24 is now in General Availability.

November 08, 2024

AlloyDB for PostgreSQL

AlloyDB Omni version 15.7.0 is generally available (GA). Version 15.7.0 includes the following features and changes:

  • AlloyDB Omni supports PostgreSQL version 15.7.

  • The alloydb_scann extension—previously named postgres_scann—is generally available (GA). For more information about storing vector embeddings, creating indexes, and tuning indexes to achieve faster query performance and better recall, see Work with vectors.

  • Support for Red Hat Enterprise Linux (RHEL) 8 is generally available (GA).

  • The AlloyDB Omni columnar engine is available in Preview on ARM.

  • Disk cache and columnar storage cache are available to improve AlloyDB Omni performance by accelerating data access for AlloyDB Omni in a container and on a Kubernetes cluster.

  • Security fixes for CVE-2023-50387 and CVE-2024-7348 have been implemented.

  • The AlloyDB Omni Reference documentation is available. This includes metrics, database flags, model endpoint management reference, and extensions documentation for AlloyDB Omni 15.7.0.

  • AlloyDB Omni supports the pg_ivm extension, which provides incremental view maintenance for materialized views.

  • Various bug fixes and performance improvements.

The AlloyDB Omni Kubernetes operator version 1.2.0 is generally available (GA). Version 1.2.0 includes the following new features:

  • The healthcheckPeriodSeconds parameter lets you specify the number of seconds to wait between health checks. For more information, see Adjust automatic failover trigger settings.

  • The following metrics help you monitor the performance of your database container. Each of these metrics is of type gauge. For more information, see Database container-level metrics.

    • alloydb_omni_memory_limit_byte shows the memory limit of a database container.

    • alloydb_omni_instance_postgresql_replication_state shows the state of each replica that's connected to the AlloyDB Omni primary node.

    • alloydb_omni_memory_used_byte shows the memory used by the database container in bytes.

  • An issue that caused a brief interruption to all database clusters when the following is true is fixed:

  • High availability is supported on a secondary database cluster after it's promoted. For more information, see Promote a secondary database cluster and Manage high availability in Kubernetes.

  • You can enable or disable model endpoint management through Kubernetes manifests. For more information, see Install AlloyDB Omni with AlloyDB AI.

  • You can configure when logs rotate using thresholds that are based on the size of the log files, the time since the log file last rotated, or both. For more information, see Configure AlloyDB Omni log rotation.

  • You can create a snapshot of the memory heap of AlloyDB Omni Kubernetes operator to help you analyze and debug its memory performance. For more information, see Analyze AlloyDB Omni Kubernetes operator memory heap usage.

In AlloyDB Omni versions 15.5.5 and earlier, parameterized view features were available in the alloydb_ai_nl extension. Starting in version 15.7.0, parameterized view features are available in the parameterized_views extension, which you must create before you use parameterized views. Also starting in version 15.7.0, the related function, google_exec_param_query, has been renamed to execute_parameterized_query and is available in the parameterized_views extension. For more information, see Query your database using natural language.

The extension pg_ivm version 1.9 has been added to extensions supported by AlloyDB.

The following extensions are updated:

  • google_ml_integration from 1.3 to 1.4.2
  • pg_partman from 4.7.4 to 5.0.1
  • pglogical from 2.4.4 to 2.4.5
  • pgtt from 3.0.0 to 4.0.0
  • vector is updated from 0.7.0 to 0.7.4
Cloud Data Fusion

The Multiple table plugin version 1.4.1 is available in Cloud Data Fusion versions 6.10.1 and later. This release fixes an issue causing pipelines to fail if a Multiple database tables batch source's Reference Name field contains spaces. The field no longer accepts spaces (PLUGIN-1752).

Cloud Logging

Audit Logging now populates the status.details field in the audit log with the google.rpc.ErrorInfo and google.rpc.Help proto payload types in cases where an API returns an error status and that status includes one of those types in the details field.

Cloud Workstations

Cloud Workstations supports granting access to individual ports. For details, see the Grant access to individual Cloud Workstations ports page.

Eventarc

Eventarc Standard is available in the northamerica-south1 (Mexico, North America) region.

Generative AI on Vertex AI

Batch predictions for Llama models on Vertex AI (MaaS) is available in Preview.

Batch prediction support for Gemini

Batch prediction is available for Gemini in General Availability (GA). Available Gemini models include Gemini 1.0 Pro, Gemini 1.5 Pro, and Gemini 1.5 Flash. To get started with batch prediction, see Get batch predictions for Gemini.

Google Kubernetes Engine

The machine family of N1 custom machine types (like custom-1-1024) is now accurately labeled as "N1" for all node versions later than 1.31.2-gke.1115000.

Live Stream API

The Live Stream API is now available in asia-south1 and europe-north1. For more information, see Live Stream API locations.

Security Command Center

To help you detect potentially malicious anomalies in your network, Event Threat Detection now supports the ability to analyze foundational log sources, which produce Bad IP findings without enabling VPC Flow Logs. This feature is in Preview.

  • If you activated Security Command Center Premium or Enterprise in a project or organization before October 18, 2024, then you have access to this feature in that project or organization.
  • If you activated Security Command Center Premium or Enterprise at the project level before October 18, 2024, and you activate additional projects in the same organization, then the additional projects will have access to this feature.
  • If you activated Security Command Center Premium or Enterprise in a project or organization on or after October 18, 2024, and you want to enable this feature, then contact Google Cloud Customer Care.
Sensitive Data Protection

The EMPLOYMENT_STATUS infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

November 07, 2024

AlloyDB for PostgreSQL

Since the google_ml_integration.enable_model_support flag is enabled by default, if you are using the google_ml_integration extension version 1.3, your ability to query Vertex AI models using the embedding() function might be impacted. Querying registered models using the google_ml.embedding() function remains unaffected.

To resolve the issue with using the embedding() function , upgrade the google_ml_integration extension version 1.3 to the latest version, 1.4.2. For more information, see how to upgrade the extension.

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Audit Manager

Audit Manager is now generally available (GA).

Audit Manager is a compliance audit solution that helps you to simplify your compliance audit process on Google Cloud.

Cloud Database Migration Service

Database Migration Service now supports MySQL minor version 8.0.39 for homogeneous MySQL migrations. For more information, see Supported source and destination databases in Cloud SQL for MySQL migrations.

Cloud Run

You can now specify mount options when you configure Cloud Storage volume mounts for both Cloud Run services and jobs. (In Preview)

Cloud Service Mesh

The following images are now rolling out for managed Cloud Service Mesh:

  • 1.19.10-asm.21 is rolling out to the rapid release channel.
  • 1.19.10-asm.21 is rolling out to the regular release channel.
  • 1.19.10-asm.21 is rolling out to the stable release channel.
Cloud Storage

You can now restore soft-deleted buckets. If you delete a bucket with an active soft delete policy, Cloud Storage retains the bucket for the specified soft delete retention duration, during which the bucket can be restored to a live state. To learn more about the bucket restore feature, see Use soft-deleted buckets.

Dialogflow

Dialogflow CX: As of August 2024, us-dialogflow.* has been re-introduced as the canonical endpoint for the US multi-region. The usa-dialogflow.* endpoint is still supported as an alias. See the regionalization documentation for details.

Google Cloud Contact Center as a Service

Version 3.29 is released

All release notes published on this date are part of version 3.29.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Skip CRM account and record creation (Zendesk and ServiceNow)

You can now skip CRM account and record creation for Zendesk and ServiceNow. You can also adjust the CRM pop-up settings.

Agent status translation

You can translate the default, system, and custom agent statuses for the languages supported by Google Cloud Contact Center as a Service (CCaaS). Google Cloud CCaaS provides automatic translation of default and system statuses. It also lets you do translations manually. For more information, see Agent status translation.

Generative session summarization using Agent Assist

Agent Assist now supports generative session summarization for chat and voice sessions. Agents can view information about a customer's previous support interactions in the agent adapter, including generative session summaries, agent notes, and transcripts. This helps give agents the context they need for a customer and can improve overall handling times. Supervisors can view generative session summarizations for ongoing and completed sessions in the session monitoring pages.

Generative session summarizations are generated for an entire session and for segments of a session. Session segments are generated when a session is handled by multiple human or virtual agents.

Generative session summarization requires you to enable Agent Assist and configure external storage.

Generative knowledge assist using Agent Assist

Agents can now view knowledge articles while on a call or chat. These knowledge articles appear as clickable tiles in the agent adapter and are generated based on the ongoing conversation between the agent and end-user. Agents can click a tile to open the article in a browser tab. Agents can also search for knowledge articles using a search field in the agent adapter.

Queue transfer restrictions

You can control which queues or teams that agents can transfer sessions to. This provides more granular control over call flows and helps prevent improper transfers. For more information, see Restrict queue transfers.

Support for direct SIP REFER in virtual agent call transfers

Virtual assistant call transfers now support the direct SIP REFER method. This means you can pass useful information in the call transfer, such as caller intent and account information. Call transfer data is recorded as Planned Transfers in virtual assistant metrics. For more information, see Transfer a call to a SIP endpoint using the SIP REFER method.

Alvaria WFM for chat

Customers with Alvaria integrations can now receive chat session data. For more information, see Alvaria Workforce integration.

Clear the voicemails in a queue

You can now clear the voicemails in any queue from the Call settings page. For more information, see Clear voicemails from queues.

Queue status API

We added two new API endpoints that let you check whether a queue is in After Hours (AH) or Overcapacity (OC) status.

SDK parameters in the custom CRM lookup flow

You can now use SDK data parameters in the CRM lookup flow. For more information, see CRM lookup URLs.

Use the admin user for CRM API calls with Salesforce

Using Salesforce, you can now use the admin user for all CRM API calls for record creation and updating, while still allowing agents to retain ownership of CRM-specific actions.

New Agent_Assist_Started event

A new Agent_Assist_Added event is now available. This event contains the conversation ID for a specific agent assist session. For more information, see Agent Assist started.

Chat transcripts download

You can now download a chat transcript using the web SDK.

Display email session ID in the email adapter and email subject

You can now display the session ID in the email adapter and in the subject line of an email thread.

Clickable authentication icon

The authentication icon in the agent adapter can now be clicked by the agent to mark the customer as either authenticated or unauthenticated. For more information, see User profile flags for calls and User profile tags for chat.

Fixed an issue where the session summary wouldn't automatically scale with the height of the chat adapter.

Fixed an issue where wrap-up and disposition settings were not following destination queue settings when calls and chats were transferred.

Fixed an issue where transferring calls to a parent queue sometimes caused calls to drop.

Fixed an issue that sometimes prevented agents from going into Available status after wrapping up a call while still in a chat session.

Fixed an issue where the wait time for transferred sessions sometimes displayed incorrectly on the "Queued Calls" and "Queued Chats" dashboards.

Improved the user interface for the email transcript capability.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.1200-gke.83 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.1200-gke.83 runs on Kubernetes v1.28.14-gke.700.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issue is fixed in 1.28.1200-gke.83:

  • Fixed the issue that additional manual steps are needed after disabling always-on secrets encryption with gkectl update cluster.

The following vulnerabilities are fixed in 1.28.1200-gke.83:

Container-optimized OS vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.28.1200-gke.83

Google Distributed Cloud for bare metal 1.28.1200-gke.83 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1200-gke.83 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.

  • Fixed the issue where non-root users can't run bmctl restore to restore quorum.

The following container image security vulnerabilities have been fixed in 1.28.1200-gke.83:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

GKE clusters running version 1.28 or later now support automatic application monitoring in public preview. Enabling this feature automatically deploys PodMonitoring configurations to capture key metrics for supported workloads like Apache Airflow, Istio, and RabbitMQ. These metrics are integrated with Cloud Monitoring dashboards for observability. To learn more, see Configure automatic application monitoring for workloads.

Looker

Looker 24.20 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, November 11, 2024

  • Expected Looker (original) final deployment and download available: Thursday, November 21, 2024

  • Expected Looker (Google Cloud core) deployment start: Thursday, November 7, 2024

  • Expected Looker (Google Cloud core) final deployment: Thursday, November 14, 2024

In the Looker application API, for methods that include a query_id field, or, in the case of Query APIs, an id field, the query_id and id fields no longer accept a numeric value and now require a query slug value. This change will be released in phases:

  • Looker 24.20: December 4, 2024 for Americas Early (Note: This information was updated on November 12, 2024.)

  • Looker 25.0: Americas Mid

  • Looker 25.2: General Availability (GA) (Note: This information was updated on November 15, 2024.)

Users no longer need the download_without_limit permission to select the All Results option when they schedule Looks and dashboards.

The Chart Config Editor now supports creating a Dependency Wheel visualization.

The Chart Config Editor now supports creating an Item visualization.

The New Project page in Looker has been replaced with the Create a Model page. However, you can still access the New Project page if you are using a Looker (original) instance and your Looker admin has enabled the Use Legacy Project Creation Page legacy feature or through the informational banner at the top of the Create a Model page.

Looker has released version 1.4.0 of the Looker–Power BI Connector. See the Looker–Power BI Connector change log for details about the version 1.4.0. Note: This item was added on November 11, 2024.

An issue has been fixed where renaming a project using a bare repository could prevent deploying to production for that project. This feature now performs as expected.

An issue has been fixed where editing a model set could take a long time to load. This feature now performs as expected.

An issue has been fixed where the Actions page could fail to reflect recently saved settings. This feature now performs as expected.

An issue has been fixed where Sankey charts could ignore series values if they matched other series values.

An issue has been fixed where conditional formatting could fail to apply to total rows if the value was zero. This feature now performs as expected.

An issue has been fixed where Looker could generate datagroup names with dashes even though dashes aren't allowed in datagroup names. This feature now performs as expected.

An issue has been fixed where certain System Activity queries could time out. This feature now performs as expected.

The PDF and PNG rendering software has been upgraded to the latest stable version.

An issue has been fixed where visualizations that were created with the Chart Config Editor could fail to be displayed in an embedded context. This feature now performs as expected.

An issue has been fixed where the LookML Validator would not display an error message if the convert_tz parameter was used in an invalid context. This feature now performs as expected.

An issue has been fixed where selecting the word cloud visualization could cause Looker to display a blank page. This feature now performs as expected.

Tooltips have been added for truncated progress values in single value visualizations.

An issue has been fixed where progress values in single value visualizations were unnecessarily truncated. This feature now performs as expected.

An issue has been fixed where modifying dashboard filters after deleting a tile could cause Looker to display an error. This feature now performs as expected.

An issue has been fixed where progress bars in single value visualizations could disappear when the visualization was resized. This feature now performs as expected.

An issue has been fixed where relative date filters could misinterpret numbers with more than three digits (such as "in the last 1000 minutes") as dates. This feature now performs as expected.

An issue has been fixed where killing queries on BigQuery Standard SQL could be unnecessarily expensive. This feature now performs as expected.

An issue has been fixed where special characters (such as < and >) in pivoted dimension values could cause Looker to incorrectly truncate legend labels. This feature now performs as expected.

An issue has been fixed where downloading a dashboard tile with an invalid hex color code as an Excel spreadsheet could cause the download to fail. Looker now applies a default font color instead.

An issue has been fixed where location type fields could not be used in custom filter expressions. This feature now performs as expected.

An issue has been fixed where invalid "set" or "when" LookML fields could cause the LookML Validator to fail with a 500 error. The LookML Validator now displays a more informative error message.

An issue has been fixed where a locale value of fr would fall back to fr-CA instead of fr-FR, which was causing text to be translated incorrectly. This feature now performs as expected.

An issue has been fixed where the LookML IDE did not persist line wrap settings. This feature now performs as expected.

Upon upgrade to Looker 24.20, support access will be disabled on Looker (original) instances. To enable it, set a duration and a support access role on the Support Access page of the Admin panel.

Looker (original) deployments can now use the Redshift 2.1.0.30 driver.

A new Labs feature is available, New Database Connection Setup. When enabled, this feature updates the Add/Edit Connection page with a modernized UI, enhanced validation and connection testing capabilities, and a comprehensive configuration summary.

Google Cloud Technical Support access has updated duration settings of 0 to 48 hours. Admins may choose to grant all Support users either a Support Basic Editor role or a Support Advanced Editor role.

A new Labs feature is available, Tiered Support Access, which defaults to enabled. When this feature is disabled, Looker uses the legacy version of support access.

A new legacy feature is available, Use Legacy Project Creation Page. When this feature is enabled, it hides the Create a Model page and displays the deprecated New Project page.

A new Labs feature is available, Complex Filters UI Configuration for Explores. When this feature is enabled, matches (advanced) filters no longer update to simpler filter types when a comma is entered into the filter expression until the page is reloaded. This feature resolves a few stability issues with matches (advanced) filters.

Google Cloud Technical Support access is now available for Looker (Google Cloud core) instances.

An issue has been fixed where logging in to an instance using IP Allowlist could take a long time. This feature now performs as expected.

Memorystore for Redis Cluster

Added support for multiple VPC networks (Preview). For more details, see About multiple VPC networking.

Security Command Center

The v2 Security Command Center API is generally available (GA).

To migrate from an earlier version, see Migrate to v2 of the Security Command Center API.

November 06, 2024

BigQuery

BigQuery now offers the following Gemini-enhanced SQL translation features:

Cloud Composer

(Cloud Composer 3) Fixed an issue that affected the speed of PyPI package installation. PyPI packages are now installed slightly faster.

(Airflow 2.9.3 and 2.7.3) The docutils package was removed from preinstalled packages.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.6 (default)
  • composer-3-airflow-2.7.3-build.22

New images are available in Cloud Composer 2:

  • composer-2.9.10-airflow-2.9.3 (default)
  • composer-2.9.10-airflow-2.7.3

Cloud Composer version 2.5.1 has reached its end of support period.

Cloud Composer 2.9.7 is a version with an extended upgrade timeline.

Cloud Service Mesh

1.23.3-asm.1 is now available for in-cluster Cloud Service Mesh.

You can now download 1.23.3-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.23.3 subject to the list of supported features. Cloud Service Mesh version 1.23.3-asm.1 uses envoy v1.31.2.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.22.6-asm.1 is now available for in-cluster Cloud Service Mesh.

You can now download 1.22.6-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.6 subject to the list of supported features. Cloud Service Mesh version 1.22.6-asm.1 uses envoy v1.30.6.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.21.5-asm.10 is now available for in-cluster Cloud Service Mesh.

You can now download 1.21.5-asm.10 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh version 1.21.5-asm.10 uses envoy v1.29.8.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

1.20.8-asm.9 is now available for in-cluster Cloud Service Mesh.

You can now download 1.20.8-asm.9 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh version 1.20.8-asm.9 uses envoy v1.28.6.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.

This release fixes a bug in the following versions where the default user for distroless proxy was changed to root; As a result of this fix, the default user is now back to non-root

  • 1.20.8-asm.6
  • 1.20.8-asm.7
  • 1.21.5-asm.5
  • 1.21.5-asm.7
  • 1.22.3-asm.1
  • 1.22.4-asm.0
  • 1.22.5-asm.1

This change may affect some gateway deployments which rely on the root user to expose a privileged port for ingress or egress. To ensure your gateways continue to work correctly, you may need to apply additional security contexts to your deployments. For details, see the troubleshooting guide.

Patches fixing a bug where the default user for distroless proxy was changed to root will be rolling out to all release channels. As a result of this fix, the default user is changing back to non-root. When you see the release note notifying that this rollout is complete, you must restart each affected workload to make the change effective.

Container Optimized OS

cos-113-18244-236-26

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-50002 in the Linux kernel.

Fixed CVE-2024-49967 in the Linux kernel.

Fixed CVE-2024-50006 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-50001 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-49983 in the Linux kernel.

Fixed CVE-2024-49978 in the Linux kernel.

Fixed CVE-2024-49993 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-47707 in the Linux kernel.

Fixed CVE-2024-49884 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-47710 in the Linux kernel.

Fixed CVE-2024-49870 in the Linux kernel.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Fixed CVE-2024-49875 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-50046 in the Linux kernel.

Fixed CVE-2024-49883 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-47728 in the Linux kernel.

Fixed CVE-2024-47679 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-47682 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-47727 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-47734 in the Linux kernel.

Fixed CVE-2024-47743 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Fixed CVE-2024-49850 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812035 -> 812026

cos-109-17800-372-31

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-50002 in the Linux kernel.

Fixed CVE-2024-49967 in the Linux kernel.

Fixed CVE-2024-50006 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-49881 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-50001 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-49870 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-49983 in the Linux kernel.

Fixed CVE-2024-49978 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Fixed CVE-2024-49993 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-49875 in the Linux kernel.

Fixed CVE-2024-47710 in the Linux kernel.

Fixed CVE-2024-47707 in the Linux kernel.

Fixed CVE-2024-49850 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-49883 in the Linux kernel.

Fixed CVE-2024-47728 in the Linux kernel.

Fixed CVE-2024-49884 in the Linux kernel.

Fixed CVE-2024-47679 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47727 in the Linux kernel.

Fixed CVE-2024-47682 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-47734 in the Linux kernel.

Fixed CVE-2024-47743 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812248

cos-105-17412-495-28

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Updated NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-47705 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Fixed CVE-2024-49993 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-47710 in the Linux kernel.

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-49983 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-49875 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-47679 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-49883 in the Linux kernel.

Fixed CVE-2024-49884 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-50046 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812681

cos-dev-121-18736-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.59 v24.0.9 v1.7.23 See List

Updated the Linux kernel to v6.6.59.

Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-50602 in dev-libs/expat.

Runtime sysctl changes:

  • Changed: fs.file-max: 811799 -> 811822

cos-117-18613-75-7

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Upgraded sys-apps/xemu to v0.0.6

Runtime sysctl changes:

  • Changed: fs.file-max: 811796 -> 811757

Firestore

You can now use the Firestore managed bulk delete service to delete documents in bulk. This feature is in Preview.

For more information, see Bulk delete data.

Firestore in Datastore mode

You can now use the managed bulk delete service to delete entities in bulk. This feature is in Preview.

For more information, see Bulk delete data.

Google Kubernetes Engine

The GKE Volume Populator is generally available on GKE clusters running version 1.31.1-gke.1729000 or later. This feature provides a way to automate data transfer from a Google Cloud Storage bucket source storage to a destination PersistentVolumeClaim backed by a Parallelstore instance. To learn more, see Transfer data from Cloud Storage during dynamic provisioning using GKE Volume Populator.

(2024-R43) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1340000
    • 1.28.15-gke.1015000
    • 1.29.9-gke.1496000
    • 1.29.10-gke.1043000
    • 1.30.5-gke.1443001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1376000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1541000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1628000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1376000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1541000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1628000 with this release.

Regular channel

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

Stable channel

There are no new releases in the Stable channel.

Extended channel

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

No channel

(2024-R43) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1340000
    • 1.28.15-gke.1015000
    • 1.29.9-gke.1496000
    • 1.29.10-gke.1043000
    • 1.30.5-gke.1443001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1376000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1541000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1628000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1376000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1541000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1628000 with this release.

(2024-R43) Version updates

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

(2024-R43) Version updates

There are no new releases in the Stable channel.

(2024-R43) Version updates

  • Version 1.30.5-gke.1443001 is now the default version for cluster creation in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

(2024-R43) Version updates

Pub/Sub

General availability: You can now create Cloud Storage import topics in Pub/Sub that lets you ingest data from Cloud Storage into Pub/Sub. The change is being rolled out in a phased manner over the rest of the week. For more information about Cloud Storage import topics, see Create a Cloud Storage import topic .

General availability: You can now enable Google Cloud platform logs to help you troubleshoot issues when you are using Cloud Storage import topics to ingest data. For more information, see Use platform logs to troubleshoot Cloud Storage import topics.

November 05, 2024

BigQuery

Dataplex automatic discovery lets you scan data in Cloud Storage buckets to extract and catalog metadata. Automatic discovery creates BigLake or external tables and object tables you can use for analytics and AI, and catalogs that data in Dataplex Catalog. This feature is available in public preview.

The BigQuery Data Transfer Service data source change log provides details about upcoming changes to data source schemas and schema mappings.

BigQuery Engine for Apache Flink

For Java jobs, you can use Artifact Registry to store and manage the JAR files for your BigQuery Engine for Apache Flink jobs. For more information, see Use Artifact Registry.

Compute Engine

Generally available: An updated version of the gVNIC driver for Windows offers improved network performance and support for Jumbo frames. For more information, see Update to the latest gVNIC driver for Windows.

Dataplex

Dataplex automatic discovery is available in public preview. Automatic discovery is a feature in BigQuery that lets you scan data in Cloud Storage buckets to extract and catalog metadata. Automatic discovery creates BigLake or external tables and object tables you can use for analytics and AI, and catalogs that data in Dataplex Catalog. For more information, see Discover and catalog Cloud storage data.

Generative AI on Vertex AI

We are extending the availability of Gemini 1.0 Pro 001 and Gemini 1.0 Pro Vision 001 from February 15, 2025 to April 9, 2025. For details, see the Deprecations.

Google Kubernetes Engine

Generally available: In GKE version 1.26 and later, Hyperdisk Balanced volumes can be created in Confidential mode for custom boot disks and persistent volumes and attached to Confidential GKE Nodes.

Cloud TPU v6e machine types are now in public preview for GKE clusters running version 1.30.4-gke.1167000 or later. These TPU VMs (ct6e-standard) are available in the following zones: us-east5-b, europe-west4-a, us-east1-d, asia-northeast1-b, and us-south1-a. To learn more, see Plan TPUs in GKE.

Spanner

Spanner now supports client-side metrics for Java and Go applications. These metrics can be used with server-side metrics to enable faster troubleshooting of performance and latency issues.

These metrics are included in the latest Spanner client libraries for the following languages:

  • Java in version 6.81.0 and later
  • Go in version 1.71.0 and later

For more information, see View and manage client-side metrics.

November 04, 2024

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.64.0 (2024-10-30)

Features
  • bigquery/datatransfer: Add scheduleOptionsV2 and Error fields for TransferConfig (78d8513)
  • bigquery/storage: Add experimental ArrowData type and arrow_data field within AppendRowsRequest (f0b05e2)
Bug Fixes
  • bigquery: Handle null RANGE (#11058) (9979e72), refs #11047
  • bigquery: Parse negative NUMERIC from arrow (#11052) (83352c4)
  • bigquery: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • bigquery: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Documentation

Java

Changes for google-cloud-bigquery

2.43.3 (2024-10-29)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.2 (19fc184)

2.43.2 (2024-10-27)

Dependencies
  • Update actions/checkout action to v4.2.2 (#3541) (c36c123)
  • Update actions/upload-artifact action to v4.4.2 (#3524) (776a554)
  • Update actions/upload-artifact action to v4.4.3 (#3530) (2f87fd9)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.54.0 (#3532) (25be311)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241013-2.0.0 (#3544) (0c42092)
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.0 (0bd3c86)
  • Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.10.1 (c03a63a)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.58.0 (#3533) (cad2643)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#3542) (16448ee)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.39.0 (#3548) (616b2f6)
  • Update github/codeql-action action to v2.26.13 (#3536) (844744f)
  • Update github/codeql-action action to v2.27.0 (#3540) (1616a0f)
Documentation
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.46.0 (2024-10-29)

Features
Bug Fixes
Dependencies
Cloud Load Balancing

Percentage-based request mirroring is now supported for the global and regional external Application Load Balancers (classic is not supported). By default, the mirrored backend service receives all requests, even if the original traffic is being split between multiple weighted backend services. You can now configure the mirrored backend service to receive only a percentage of the requests by using the mirrorPercent flag to specify the percentage of requests to be mirrored expressed as a value between 0 and 100.0.

For an example, see Set up traffic management for regional external Application Load Balancers.

This capability is available in Preview.

Cloud SQL for MySQL

You can now view the size of a backup for a Cloud SQL instance.

Cloud SQL for PostgreSQL

You can now view the size of a backup for a Cloud SQL instance.

Cloud SQL for SQL Server

You can now view the size of a backup for a Cloud SQL instance.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.14.0 (2024-10-29)

Features
  • Add support for restore token (#2548) (8241e91)
  • Adds integration tests for Universe Domain configuration (#2538) (53db6ba)
  • Adds integration tests for Universe Domain configuration with (53db6ba)
  • storage: Add support for 'skipIfExists' option for downloadMany (#2526) (729efb2)

Go

Changes for storage/internal/apiv2

1.46.0 (2024-10-31)

Features
  • storage: Add grpc metrics experimental options (#10984) (5b7397b)
Bug Fixes
  • storage: Skip only specific transport tests. (#11016) (d40fbff)
  • storage: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • storage: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
Miscellaneous Chores
  • storage/internal: Remove notification, service account, and hmac RPCS. These API have been migrated to Storage Control and are available via the JSON API. (#11008) (e0759f4)
Cloud Translation

The translation LLM now supports Polish, Turkish, Indonesian, Dutch, Vietnamese, Thai and Czech. For the full list of supported languages, see the Translate text page.

Compute Engine

Preview: You can create GPU VMs all at once in a regional managed instance group (MIG) by using resize requests. This feature was previously available only for zonal MIGs. For more information, see About resize requests in a MIG.

Dataplex

Project-based semantic search offered by Dataplex Search is available in Preview. Semantic search, powered by Gemini, simplifies the search process without the need for complex search syntax. It supports natural language queries. For more information, see Discover data using semantic search.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/datastore

9.2.0 (2024-10-30)

Features
Bug Fixes
  • Add excludeFromIndexes in the proper places for large properties of nested fields (#1266) (9c7730a)
  • Query object description (#1340) (ad2c6c0)

Go

Changes for datastore/admin/apiv1

1.20.0 (2024-10-29)

Features
  • datastore: Add FindNearest API to the stable branch (#10980) (f0b05e2)
  • datastore: Support for field update operators in the Datastore API and resolution strategies when there is a conflict at write time (78d8513)
Bug Fixes
  • datastore: Bump dependencies (2ddeb15)
  • datastore: Do not delay on final transaction attempt (#10824) (0d732cc)
  • datastore: Remove namespace from Key.String() (40229e6)
  • datastore: Remove namespace from Key.String() (#10684) (#10823) (40229e6)
  • datastore: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • datastore: Use local retryer in transactions (#11050) (3ef61a2)
  • datastore: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)

Java

Changes for google-cloud-datastore

2.24.1 (2024-10-28)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.39.0 (#1640) (fe61f66)
  • Update googleapis/sdk-platform-java action to v2.49.0 (#1638) (57598d7)
Generative AI on Vertex AI

The translation LLM now supports Polish, Turkish, Indonesian, Dutch, Vietnamese, Thai and Czech. For the full list of supported languages, see the Translate text page.

The Anthropic Claude Haiku 3.5 is Generally Available on Vertex AI. To learn more, view the Claude Haiku 3.5 model card in Model Garden.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.134.1 (2024-10-26)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.39.0 (#2251) (083cc7c)
  • Update googleapis/sdk-platform-java action to v2.49.0 (#2250) (af0f194)

Python

Changes for google-cloud-pubsub

2.27.0 (2024-11-02)

Features
Bug Fixes
  • Mark test_streaming_pull_max_messages flaky (#1288) (d6635a0)
Sensitive Data Protection

You can configure discovery to save sample findings to a BigQuery table. This feature is useful if you want to evaluate whether your inspection configuration is correctly matching the type of information that you want to flag as sensitive. To enable this feature, create or edit the scan configuration for the data resource that you want to profile.

November 02, 2024

Google SecOps SOAR

Release 6.3.24 is currently in Preview.

You can now use custom integrations in prompts when creating a playbook with Gemini.

Release 6.3.23 is now in General Availability.

From now on, only new features and changes will be written up for the Release Notes. Please use the customer portal to track progress of your support tickets or reach out to Customer Support for more information.

November 01, 2024

Apigee hybrid

hybrid v1.12.3

On November 1, 2024 we released an updated version of the Apigee hybrid software, 1.12.3.

Bug ID Description
368646378 Fixed an issue affecting control Plane connectivity testing in Guardrails.
361044374 Fixes assign message not correctly highlighting the set payload action in the debug trace.
335357961 Fixed an issue where Apigee hybrid could claim uploads of backups with the Cloud provider when no bucket had been configured
181569113 Fixed an issue in new debug session creation.
Bug ID Description
376104926 Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
Cloud TPU

Creating a Multislice TPU environment is now available in the Google Cloud Console. You can use Multislice to run training jobs using multiple TPU slices within a single Pod or on slices in multiple Pods. You must use a queued resource request to create a Multislice environment. For more information, see Cloud TPU Multislice overview.

You can now request Cloud TPUs as queued resources in the Google Cloud Console. Queuing your request for TPU resources can help alleviate stockout issues. If the resources you request are not immediately available, your request is added to a queue until the request succeeds or you delete it. You can also specify a time range in which you want to fulfill the resource request. For more information, see Manage queued resources.

Google Cloud Architecture Center

(New guide) Migrate from AWS Lambda to Cloud Run: Describes how to design, implement, and validate a plan to migrate from AWS Lambda to Cloud Run.

October 31, 2024

Anti Money Laundering AI

A new major engine version is available for Retail and Commercial lines of business, within the v4 tuning version. These engine versions:

  • Introduce a new feature area within the unusual-counterparty-activity feature family focused on surfacing suspicious parties through their inbound and outbound transactions with exited parties.

  • Apply a new data validation to ensure there are no periods in the required time range without any valid entries in the Party, Transaction, or AccountPartyLink table.

The retail engine version also has more reliable tuning performance, in particular for small datasets. This improvement was already present in commercial engine versions.

App Engine flexible environment Java

Java 11 has reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Java.

App Engine standard environment Java

Java 11 has reached end of support. Your existing Java 11 applications using will continue to run and receive traffic. However, App Engine might block re-deployments of applications that use runtimes after their end of support date. We recommend that you upgrade to the latest supported version of Java.

Cloud CDN

You can also use the Google Cloud Console to enable private origin authentication for Amazon Simple Storage Service (Amazon S3) and compatible object stores.

Cloud Load Balancing

Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb) is available in Preview.

Container Optimized OS

cos-117-18613-75-4

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Update R550, latest driver to v550.90.12.

Update NVIDIA GPU drivers to v535.216.01 for default/R535 and v550.127.05 for R550 for all GPUs. This resolves CVE-2024-0126.

Fixed CVE-2024-50039 in the Linux kernel.

Fixed CVE-2024-50023 in the Linux kernel.

Fixed CVE-2024-50019 in the Linux kernel.

Fixed CVE-2024-50045 in the Linux kernel.

Fixed CVE-2024-50000 in the Linux kernel.

Fixed CVE-2024-49975 in the Linux kernel.

Fixed CVE-2024-50015 in the Linux kernel.

Fixed CVE-2024-49889 in the Linux kernel.

Fixed CVE-2024-49936 in the Linux kernel.

Fixed CVE-2024-47696 in the Linux kernel.

Fixed CVE-2024-47728 in the Linux kernel.

Fixed CVE-2024-47679 in the Linux kernel.

Fixed CVE-2024-49851 in the Linux kernel.

Fixed CVE-2024-50035 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47701 in the Linux kernel.

Fixed CVE-2024-47706 in the Linux kernel.

Fixed CVE-2024-47737 in the Linux kernel.

Fixed CVE-2024-50064 in the Linux kernel.

Fixed CVE-2024-49858 in the Linux kernel.

Fixed CVE-2024-50033 in the Linux kernel.

Fixed CVE-2024-47688 in the Linux kernel.

Fixed CVE-2024-47675 in the Linux kernel.

Fixed CVE-2024-47745 in the Linux kernel.

Fixed CVE-2024-47700 in the Linux kernel.

Fixed CVE-2024-50055 in the Linux kernel.

Fixed CVE-2024-47660 in the Linux kernel.

Fixed CVE-2024-50047 in the Linux kernel.

Fixed CVE-2024-47678 in the Linux kernel.

Fixed CVE-2024-49860 in the Linux kernel.

Fixed CVE-2024-47742 in the Linux kernel.

Fixed CVE-2024-50046 in the Linux kernel.

Fixed CVE-2024-47739 in the Linux kernel.

Fixed CVE-2024-47668 in the Linux kernel.

Fixed CVE-2024-47682 in the Linux kernel.

Fixed CVE-2024-47692 in the Linux kernel.

Fixed CVE-2024-47727 in the Linux kernel.

Fixed CVE-2024-47693 in the Linux kernel.

Fixed CVE-2024-47734 in the Linux kernel.

Fixed CVE-2024-47744 in the Linux kernel.

Fixed CVE-2024-47743 in the Linux kernel.

Fixed CVE-2024-47684 in the Linux kernel.

Fixed CVE-2024-50058 in the Linux kernel.

Fixed CVE-2024-49850 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811706 -> 811796

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.125-debian10, 2.0.125-rocky8, 2.0.125-ubuntu18
  • 2.1.73-debian11, 2.1.73-rocky8, 2.1.73-ubuntu20, 2.1.73-ubuntu20-arm
  • 2.2.39-debian12, 2.2.39-rocky9, 2.2.39-ubuntu22

Note: When using Dataproc version 2.0.125 with the ranger-gcs-plugin, please create a customer support request for your project to use the enhanced version of the plugin prior to its GA release. This note does not apply Dataproc on Compute Engine image versions 2.1 and 2.2.

Disabled HiveServer2 Ranger policy synchronization in non-HA clusters for latest image version 2.1 and later. Policy synchronization is causing instability of the HiveServer2 process while trying to connect to ZooKeeper, which is not active by default in non-HA clusters.

Eventarc

Eventarc is available in Preview in a new edition: Eventarc Advanced lets you receive, filter, transform, route, and deliver messages between different services, apps, and systems.

Eventarc Standard continues to deliver events from provider to destination by letting you define triggers that filter events.

Firestore

The Google Cloud console now includes a monitoring dashboard for each database. For more information, see Use the Cloud Monitoring dashboard.

Google Cloud Architecture Center

Google Cloud Architecture Framework: Operational excellence: Major update to align the recommendations with core principles of operational excellence.

Google Kubernetes Engine

For GKE clusters running version 1.31.1-gke.1146000 or later, Cloud Tensor Processing Unit (TPU) v3 machine types are generally available. These TPU VMs (ct3-hightpu-4t and ct3p-hightpu-4t) are currently available in us-east1-d, europe-west4-a, us-central1-a, us-central1-b, and us-central1-f. To learn more, see TPUs in GKE.

GKE control plane authority is now generally available with version 1.31.1-gke.1846000 or later. GKE control plane authority provides enhanced visibility, security controls, and customization of the GKE control plane. For more information, see the About GKE control plane authority.

Clusters that are experiencing stale endpoint resources and stale kube-dns entries are likely affected by Kubernetes issue #126578. Your cluster is most likely affected if endpoint resources consistently have incorrect Pod IPs. This issue has been fixed in the following GKE versions or later:

  • 1.28.14-gke.1115000
  • 1.29.9-gke.1207000
  • 1.30.5-gke.1171000
  • 1.31.1-gke.1414000
Identity Platform

Support for SMS-based authentication flows in the Identity Platform integration with reCAPTCHA Enterprise API is now in Preview. In addition, the integration now supports reCAPTCHA's SMS toll fraud protection and the ability to bring your own reCAPTCHA keys.

For more information, see the following pages:

Looker Studio

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Text wrapping for pivot table row headers

You can now choose to wrap row header text in pivot table charts by enabling the Wrap text option in the Style tab.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.69.0 (2024-10-03)

Features
  • spanner: Add x-goog-spanner-end-to-end-tracing header for requests to Spanner (#10241) (7f61cd5)
Bug Fixes
Performance Improvements
  • spanner: Use passthrough with emulator endpoint (#10947) (9e964dd)

1.70.0 (2024-10-14)

Features
  • spanner/admin/instance: Define ReplicaComputeCapacity and AsymmetricAutoscalingOption (78d8513)
  • spanner: Add INTERVAL API (78d8513)
  • spanner: Add new QueryMode enum values (WITH_STATS, WITH_PLAN_AND_STATS) (78d8513)
Documentation
  • spanner/admin/instance: A comment for field node_count in message spanner.admin.instance.v1.Instance is changed (78d8513)
  • spanner/admin/instance: A comment for field processing_units in message spanner.admin.instance.v1.Instance is changed (78d8513)
  • spanner: Update comment for PROFILE QueryMode (78d8513)

Java

Changes for google-cloud-spanner

6.77.0 (2024-10-02)

Features
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.52.0 (#3291) (9241063)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.52.0 (#3292) (da27a19)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.52.0 (#3293) (c6dbdb2)
  • Update dependency com.google.cloud:google-cloud-trace to v2.51.0 (#3294) (a269747)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#3355) (5191e71)
  • Update dependency com.google.cloud.opentelemetry:exporter-metrics to v0.32.0 (#3371) (d5b5ca0)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.32.0 (#3372) (aa9a71d)
  • Update dependency commons-io:commons-io to v2.17.0 (#3349) (7c21164)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.42.1 (#3323) (95dfc02)
  • Update dependency ubuntu to v24 (#3356) (042c294)
  • Update googleapis/sdk-platform-java action to v2.46.1 (#3354) (378f5cf)
  • Update junixsocket.version to v2.10.1 (#3367) (5f94915)
  • Update opentelemetry.version to v1.42.1 (#3330) (7b05e43)
Documentation
  • Update comment for PROFILE QueryMode (c078ac3)

6.78.0 (2024-10-11)

Features
  • Define ReplicaComputeCapacity and AsymmetricAutoscalingOption (f46a6b3)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (139a715)
Dependencies
  • Update dependency com.google.cloud:google-cloud-trace to v2.52.0 (#3393) (79453f9)

6.79.0 (2024-10-11)

Features
  • Support DML auto-batching in Connection API (#3386) (a1ce267)
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.53.0 (#3390) (a060e92)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.53.0 (#3391) (7f0927d)
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.53.0 (#3392) (fd3e92d)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (#3395) (8ecb1a9)
  • Update dependency com.google.cloud.opentelemetry:exporter-metrics to v0.33.0 (#3388) (26aa51d)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#3389) (6e34c5a)
  • Update googleapis/sdk-platform-java action to v2.47.0 (#3383) (4f0d693)

6.80.0 (2024-10-25)

Features
  • Enabling endToEndTracing support in Connection API (#3412) (16cc6ee)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#3424) (b727453)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.43.0 (#3399) (a755c6c)
  • Update dependency io.opentelemetry:opentelemetry-sdk-testing to v1.43.0 (#3398) (693243a)
  • Update googleapis/sdk-platform-java action to v2.48.0 (#3422) (d5d1f55)
Documentation
  • Fix tracing sample to exit when completed, and use custom monitored resource for export (#3287) (ddb65b1)
Vertex AI

PSC-I Egress is supported for Ray clusters Vertex AI. PSC-I is recommended for private connectivity since it reduces the chance of IP exhaustion, and allows for transitive peering. Check out Private Service Connect interface for Ray on Vertex AI. This feature is available in Preview.

Private Service Connect interface (PSC-I) is now supported for ML pipeline runs in Vertex AI Pipelines. PSC-I is recommended for private connectivity, since it reduces the chance of IP exhaustion, and allows for transitive peering.

For more information, see Configure Private Service Connect interface for a pipeline. This feature is available in Preview.

Vertex AI Agent Builder

Vertex AI Search: Stream answers (GA with allowlist)

The answer streaming method can return generated answers in sequential parts. This reduces the perception of latency. As the end users read the first part of the answer, the subsequent parts of the answer are being generated.

The answer streaming method also includes many of the features of the original answer method.

This feature is Generally available to select Google customers (GA with allowlist). For more information, see Stream answers.

Virtual Private Cloud

Support for IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb) is available in Preview.

October 30, 2024

Cloud Composer

(Cloud Composer 3) Airflow workers now generate a proper OpenID Connect (OIDC) token.

(Airflow 2.9.3 and 2.7.3) The dbt-common package was downgraded from 1.11.0 to 1.10.0.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.5 (default)
  • composer-3-airflow-2.7.3-build.21

Cloud Composer 2.9.9 images are available:

  • composer-2.9.9-airflow-2.9.3 (default)
  • composer-2.9.9-airflow-2.7.3

Cloud Composer version 2.5.0 has reached its end of support period.

Cloud Interconnect

Dedicated Interconnect and Cross-Cloud Interconnect now support network traffic differentiation through application awareness on Cloud Interconnect in Preview. For more information, see "Configure traffic differentiation" for Dedicated Interconnect and Cross-Cloud Interconnect.

Cloud Load Balancing

Service Extensions plugins are available for Google Cloud Application Load Balancers, excluding Classic, in Preview.

Service Extensions plugins help you insert WebAssembly (Wasm) plugins in a fully managed serverless environment directly into the data path of Application Load Balancers.

For details, see Plugins for Cloud Load Balancing.

Compute Engine

Generally available: General purpose C4A Arm VMs on Google's custom-built Axiom processors. C4A VMs are available as predefined configurations in sizes ranging from 1 vCPU to 72 vCPUs and up to 576 GB of DDR5 memory. C4A uses Google Cloud's latest generation storage options including Hyperdisk Balanced and Hyperdisk Extreme.

C4A VMs are available in the following regions and zones:

  • Singapore - asia-southeast1-a,b,c
  • Belgium - europe-west1-b,c,d
  • Frankfurt - europe-west3-a,b,c
  • Netherlands - europe-west4-a,b,c
  • Iowa - us-central1-a,b,c
  • South Carolina - us-east1-b,c,d
  • Virginia - us-east4-a,b,c

Generally available: You can autoscale a regional MIG with a BALANCED target distribution shape. With the BALANCED shape, the autoscaler is aware of the capacity in each zone and creates VMs in zones that have resource availability. For more information, see Autoscaling a regional MIG.

Google Kubernetes Engine

Weighted load balancing for GKE External LoadBalancer Services is now available in Preview. Weighted load balancing is a more efficient way to distribute traffic to nodes based on the number of serving Pods they have backing the Service. To learn more, see About LoadBalancer Services.

(2024-R42) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1846000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
    • 1.31.1-gke.2008000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1846000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

Regular channel

  • Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014001
    • 1.30.5-gke.1014003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.

Stable channel

  • Version 1.30.5-gke.1014003 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
    • 1.30.5-gke.1014001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.

Extended channel

  • Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1712000
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014001
    • 1.30.5-gke.1014003
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.

No channel

(2024-R42) Version updates

  • Version 1.31.1-gke.1846000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1217000
    • 1.29.9-gke.1341000
    • 1.30.5-gke.1355000
    • 1.31.1-gke.1678000
    • 1.31.1-gke.2008000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1846000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1340000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1496000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1443001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1846000 with this release.

(2024-R42) Version updates

  • Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014001
    • 1.30.5-gke.1014003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.

(2024-R42) Version updates

  • Version 1.30.5-gke.1014003 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
    • 1.30.5-gke.1014001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014003 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014003 with this release.

(2024-R42) Version updates

  • Version 1.30.5-gke.1355000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1712000
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1014001
    • 1.30.5-gke.1014003
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.

(2024-R42) Version updates

Network Security Integration

You can use Packet Mirroring, an "out-of-band" Network Security Integration, to analyze your workloads' network traffic at scale. This feature is available in Preview. For more information, see Network Security Integration overview.

For Preview, Network Security Integration resources are available free of charge. For other Google Cloud resources, see the product-specific pricing documentation.

Service Extensions

Service Extensions plugins help you insert WebAssembly (Wasm) plugins in a fully managed serverless environment directly into the data path of most Cloud Load Balancing Application Load Balancers. This feature is in Preview.

For details, see Plugins for Cloud Load Balancing.

Text-to-Speech

Studio Voices now support synthesis with multiple speakers to generate audios for interviews, interactive storytelling, video games, e-learning platforms, and accessibility solutions.

October 29, 2024

Cloud Load Balancing

All the Application Load Balancers, except the classic Application Load Balancer, now support stateful cookie-based session affinity. When you use stateful cookie-based affinity, the load balancer includes an HTTP cookie in the Set-Cookie header in response to the initial HTTP request. With stateful session affinity, customers can preserve stickiness to the selected backend.

For details, see Stateful cookie-based session affinity.

This capability is in General Availability.

Cloud Logging

You can now create and manage log scopes by using the Google Cloud CLI, in addition to using the Cloud Console and Terraform. Log scopes are in Public Preview. For more information, see

Cloud Storage

Data Access logs are now compatible with all authenticated browser downloads.

  • When an authenticated browser download occurs outside of the Google Cloud console, a resulting Data Access log has its principalEmail and callerIp fields redacted.
Google Kubernetes Engine

Three new metrics are added for measuring node and workload startup latency:

  • kubernetes.io/node/latencies/startup: The total startup latency of a node, from the GCE instance's CreationTimestamp to Kubernetes Node Ready for the first time.

  • kubernetes.io/pod/latencies/pod_first_ready: The Pod end-to-end startup latency (from Pod Created to Ready), including image pulls. This metric is available for clusters with GKE version 1.31.1-gke.1678000 or later.

  • kubernetes.io/autoscaler/latencies/per_hpa_recommendation_scale_latency_seconds: Horizontal Pod Autoscaling (HPA) scaling recommendation latency (the time between metrics being created and the corresponding scaling recommendation being applied to the API server) for the HPA target. This metric is available for clusters running the following versions or later:

    • 1.30.4-gke.1348001
    • 1.31.0-gke.1324000

Instance Group Managers for node pools created with version 1.30.5-gke.1523000 or later and 1.31.1-gke.1869000 or later will now have update on repair enabled by default. This will allow labels to persist upon Spot VM preemption.

Memorystore for Redis

Added support for the databases configuration. For more details, see the entry for databases in Supported Redis configurations.

Resource Manager

Organization Policy managed constraints are a set of constraints built on the custom organization policy platform. You can use managed constraints in place of certain predefined constraints to perform dry-run tests and simulate changes to your policies using Policy Intelligence tools. This feature is now in General Availability.

SAP on Google Cloud

BigQuery Connector for SAP version 2.8

Version 2.8 of the BigQuery Connector for SAP is generally available (GA). This version offers several enhancements and bug fixes, including the record compression option at field level, a transaction to view the version of BigQuery Connector for SAP, and an enhancement spot for HTTP error handling.

For more information, see What's new with BigQuery Connector for SAP.

October 28, 2024

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL now supports in-place major version upgrade in Preview. You can upgrade your cluster that is compatible with PostgreSQL version 14 to 15. For more information, see Upgrade a database in-place major version.

Application Integration

Add failure policy (Generally available (GA))

You can now configure more complicated retry strategies for tasks, such as retries based on the error codes or the variable values during the execution:

  • Configure multiple ordered conditional failure policies for each task.
  • Configure a default failure policy that will be applied if no conditional failure policies matches.
  • Use system auto-generated variables in the failure policies. For example, ExecutionMode and ErrorInfo.

For more information, see Example for error handling.

Batch

Dynamic Workload Scheduler for Batch is available in Preview. We recommend using Dynamic Workload Scheduler to improve resource availability for jobs that run on A3 GPU VMs when you don't intend to use a reservation. For more information, see Create and run a job that uses GPUs.

Cloud Data Fusion

The Oracle plugin version 1.11.4 is available in Cloud Data Fusion versions 6.10.1 and later. This release includes the following change:

  • Fixed an issue causing pipelines with an Oracle sink that has date columns in the input schema to fail (PLUGIN-1812).
Cloud Load Balancing

To take advantage of the new features of the global external Application Load Balancer, you can now migrate your classic Application Load Balancer resources to the global external Application Load Balancer infrastructure.

To migrate to the global external Application Load Balancer, you change the load balancing scheme of your load balancing resources—specifically, the backend services and forwarding rules—from EXTERNAL to EXTERNAL_MANAGED. You can also rollback resources to the classic Application Load Balancer infrastructure, as long as you do so within 90 days of changing the load balancing scheme.

For more details on the migration process, see the following pages:

This capability is available in Preview.

Cloud Logging

You can now use tags to annotate your log buckets and use the tags to manage access to the log buckets. For more information, see Manage log buckets by using tags.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.6 (2024-10-26)

Dependencies

3.20.5 (2024-10-23)

Dependencies
Cloud Monitoring

The capabilities for dashboard-level filtering has been enhanced. You can now configure pinned filters and variables to have multiple default values and support selection of multiple values. You can also create value-only variables and generate the list of possible values for a variable by running a SQL query. These features are in Public Preview. For more information, see the following documents:

Cloud Storage

Additional functionality is now available for the Object Retention Lock and Bucket Lock features:

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.44.1 (2024-10-25)

Dependencies

2.44.0 (2024-10-23)

Features
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (c517798)
  • Fix createFrom resumable upload retry offset calculation (#2771) (1126cdc), closes #2770
  • Update gRPC ReadObject retry to avoid double retry (#2765) (1fc57b9)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20241008-2.0.0 (#2776) (0545b5e)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#2787) (a470e88)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.48.0 (#2781) (8fa013e)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.49.0 (#2782) (a7baffb)
  • Update googleapis/sdk-platform-java action to v2.48.0 (#2786) (2893e61)

You can now use the Google Cloud console to get soft delete recommendations for buckets. Soft delete recommendations help you determine when it's best to enable or disable the soft delete feature on a bucket based on impact to cost and security.

Container Optimized OS

cos-105-17412-495-13

Date Kernel Docker Containerd GPU Drivers
Oct 28, 2024 COS-5.15.167 v23.0.3 v1.7.23 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded app-containers/cni-plugins to v1.5.1.

Updated R550, latest driver to v550.90.12.

Fixed CVE-2024-8096 and CVE-2024-7264 in net-misc/curl.

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-27017 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Fixed CVE-2024-39463 in the Linux kernel.

Fixed CVE-2024-47674 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812700 -> 812685

cos-117-18613-0-99

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-44991 in the Linux kernel.

Fixed CVE-2024-47674 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811768 -> 811706

cos-113-18244-236-9

Date Kernel Docker Containerd GPU Drivers
Oct 28, 2024 COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812035

cos-109-17800-372-12

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Fixed CVE-2024-47685 in the Linux kernel.

Fixed CVE-2024-38632 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812253

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.10.2 (2024-10-23)

Bug Fixes
  • dataflow: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • dataflow: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.24.0 (2024-10-24)

Features
  • Add FindNearest API to the stable branch (3512ba2)
Bug Fixes
  • sample: Change update entity sample to use transaction (#1633) (c44f17a)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.38.0 (#1632) (6453f1e)
  • Update googleapis/sdk-platform-java action to v2.48.0 (#1628) (d3bce79)
Generative AI on Vertex AI

You can now fine-tune the following models from the Cloud console:

The Whisper large v3 and Whisper large v3 turbo models have been added to Model Garden.

Updated the fine-tuning notebooks for Gemma 2, Llama 3.1, Mistral, and Mixtral with the following enhancements:

  • The notebooks use an updated high-performance container for single host multi-GPU LoRA fine-tuning.
    • Better throughput and GPU utilization with well-tested max-sequence-lengths.
    • Support for input token masking.
    • No out of memory (OOM) error during fine-tuning.
  • Added a custom dataset example that uses a template and format validation.
  • Support for a default accelerator pool with quota checks.
  • Improved documentation.
Google Kubernetes Engine

The A3 Edge (a3-edgegpu-8g) machine type with H100 80GB GPUs attached is now available on GKE Standard clusters. To learn more, see About GPUs.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • AIX system (OS)
  • Apache Tomcat (Web server)
  • Apigee (Google Cloud Specific)
  • Aqua Security (IaaS Applications)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS GuardDuty (IDS/IPS)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD (LDAP)
  • Azure AD Sign-In (Misc Windows Specific)
  • Azure VPN (VPN)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Checkpoint Audit (AUDIT)
  • Chrome Management (Browser)
  • Cisco ASA (firewall)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco IronPort (Gateway Security)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Switch (Switches, Routers)
  • Cisco UCM (Communication Manager)
  • Cisco Unity Connection (Administration and Management)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloudflare (SaaS Application)
  • CommVault (Alert System)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • Darktrace (NDR)
  • Dell Switch (Switches, Routers)
  • Druva Backup (Security)
  • Entrust nShield HSM (Hardware Security Module)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • Fidelis Network (NDR)
  • FireEye (Alerts)
  • FireEye HX (EDR)
  • FireEye NX (NDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • GitGuardian Enterprise (SaaS Applications)
  • Guardicore Centra (Deception Software)
  • Halcyon Anti Ransomware (AV and endpoint logs)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Linux (OS)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • IBM Security QRadar SOAR (Security)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Audit Trail (IT infrastructure)
  • Infoblox DHCP (DHCP)
  • INTEL471 Watcher Alerts (Data Security)
  • Jamf Protect Alerts (Endpoint Security)
  • Juniper (Firewall)
  • KnowBe4 PhishER (Email server log types.)
  • Kubernetes Node (Kubernetes Container)
  • Linux Auditing System (AuditD) (OS)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD (LDAP)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Defender for Office 365 (Email server log types.)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Netlogon (Authentication)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Netscope Client (CASB)
  • Office 365 (SaaS Application)
  • Okta User Context (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opswat Metadefender (Threat Protection)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • pfSense (FIREWALL)
  • Ping Federate (Authentication)
  • Proofpoint Observeit (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Pure Storage (Data Storage)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Salesforce (SaaS Application)
  • Salesforce Commerce Cloud (SaaS Application)
  • Security Command Center Threat (Google Cloud Specific)
  • ServiceNow CMDB (Policy Management)
  • Sophos UTM (Unified Threat Management)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Sysdig (Security)
  • Tanium Threat Response (Tanium Specific)
  • ThreatX WAF (WAF)
  • Thycotic (Identity and Access Management)
  • Tines (Data Security)
  • Trend Micro (SMS, UNITY_ONE)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Twingate (VPN)
  • Unix system (OS)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • Windows Defender ATP (AV / Endpoint)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Local Administrator Password Solution (Local Administrator Password Solution)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace Alerts (Google Cloud Specific)
  • Zscaler (Web Proxy)
  • Zscaler Tunnel (N/A)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adobe I/O Runtime (ADOBE_IO_RUNTIME)
  • Amazon VPC Transit Gateway Flow Logs (AWS_VPC_TRANSIT_GATEWAY)
  • Appsentinels (APPSENTINELS)
  • Asset Panda (ASSET_PANDA)
  • AstriX (ASTRIX)
  • Atlan (ATLAN)
  • Azure Container Registry (AZURE_CONTAINER_REGISTRY)
  • Backbase Engagement Banking Platform (BACKBASE)
  • Barracuda Incident Response (BARRACUDA_INCIDENTRESPONSE)
  • Cloudflare Access (CLOUDFLARE_ACCESS)
  • Control D DNS (CONTROL_D)
  • Digicert (DIGICERT)
  • Elastic Defend (ELASTIC_DEFEND)
  • FingerprintJS (FINGERPRINT_JS)
  • Hashicorp Nomad (HASHICORP_NOMAD)
  • IBM NS1 (IBM_NS1)
  • Intel 471 Malware Intelligence (INTEL471_MALWARE_INTEL)
  • MacStadium (MACSTADIUM)
  • N-Able N-Central RMM (N_ABLE_N_CENTRAL_RMM)
  • Opentext Exstream (OPENTEXT_EXSTREAM)
  • OVHcloud (OVHCLOUD)
  • OX Security (OX_SECURITY)
  • Pharos (PHAROS)
  • ReliaQuest (RELIAQUEST)
  • Rublon (RUBLON)
  • Snyk Group level audit/issues logs (SNYK_ISSUES)
  • SolarWinds Network Performance Monitor (SOLARWINDS_NPM)
  • StackHawk (STACKHAWK)
  • Tencent Cloud Firewall (TENCENT_CLOUD_FIREWALL)
  • Tencent Cloud Waf (TENCENT_CLOUD_WAF)
  • Tencent Cloud Workload Protection (TENCENT_CLOUD_WORKLOAD_PROTECTION)
  • Trend Micro Server Protect (TRENDMICRO_SERVER_PROTECT)
  • UKG (UKG)
  • Uptivity (UPTIVITY)
  • USBAV Koramis (USBAV_KORAMIS)
  • Virtual Network Flow Logs (VIRTUAL_NETWORK_FLOW_LOGS)
  • Windows Performance Monitor (MS_PERFMON)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • AIX system (OS)
  • Apache Tomcat (Web server)
  • Apigee (Google Cloud Specific)
  • Aqua Security (IaaS Applications)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS GuardDuty (IDS/IPS)
  • AWS RDS (Database)
  • AWS Route 53 DNS (AWS Specific)
  • AWS VPC Flow (AWS Specific)
  • Azure AD (LDAP)
  • Azure AD Sign-In (Misc Windows Specific)
  • Azure VPN (VPN)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Checkpoint Audit (AUDIT)
  • Chrome Management (Browser)
  • Cisco ASA (firewall)
  • Cisco Internetwork Operating System (Network Infrastructure)
  • Cisco IronPort (Gateway Security)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Switch (Switches, Routers)
  • Cisco UCM (Communication Manager)
  • Cisco Unity Connection (Administration and Management)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloudflare (SaaS Application)
  • CommVault (Alert System)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • Darktrace (NDR)
  • Dell Switch (Switches, Routers)
  • Druva Backup (Security)
  • Entrust nShield HSM (Hardware Security Module)
  • F5 ASM (WAF)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • Fidelis Network (NDR)
  • FireEye (Alerts)
  • FireEye HX (EDR)
  • FireEye NX (NDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • GitGuardian Enterprise (SaaS Applications)
  • Guardicore Centra (Deception Software)
  • Halcyon Anti Ransomware (AV and endpoint logs)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Linux (OS)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • IBM Security QRadar SOAR (Security)
  • Imperva (WAF)
  • Imperva Advanced Bot Protection (Bot Protection)
  • Imperva Audit Trail (IT infrastructure)
  • Infoblox DHCP (DHCP)
  • INTEL471 Watcher Alerts (Data Security)
  • Jamf Protect Alerts (Endpoint Security)
  • Juniper (Firewall)
  • KnowBe4 PhishER (Email server log types.)
  • Kubernetes Node (Kubernetes Container)
  • Linux Auditing System (AuditD) (OS)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD (LDAP)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Defender for Office 365 (Email server log types.)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Netlogon (Authentication)
  • Microsoft SQL Server (Database)
  • Microsoft System Center Endpoint Protection (Malware Detection)
  • Netscope Client (CASB)
  • Office 365 (SaaS Application)
  • Okta User Context (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opswat Metadefender (Threat Protection)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • pfSense (FIREWALL)
  • Ping Federate (Authentication)
  • Proofpoint Observeit (Email Server)
  • ProofPoint Secure Email Relay (Email server)
  • Pure Storage (Data Storage)
  • Red Hat Directory Server LDAP (Identity and Access Management)
  • Salesforce (SaaS Application)
  • Salesforce Commerce Cloud (SaaS Application)
  • Security Command Center Threat (Google Cloud Specific)
  • ServiceNow CMDB (Policy Management)
  • Sophos UTM (Unified Threat Management)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Sysdig (Security)
  • Tanium Threat Response (Tanium Specific)
  • ThreatX WAF (WAF)
  • Thycotic (Identity and Access Management)
  • Tines (Data Security)
  • Trend Micro (SMS, UNITY_ONE)
  • Trend Micro Deep Security (AV / Endpoint)
  • Trend Micro Vision One (AV and endpoint logs)
  • Twingate (VPN)
  • Unix system (OS)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • Windows Defender ATP (AV / Endpoint)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Local Administrator Password Solution (Local Administrator Password Solution)
  • Windows Sysmon (DNS)
  • Workday Audit Logs (Audit And Compliance)
  • Workspace Activities (Google Cloud Specific)
  • Workspace Alerts (Google Cloud Specific)
  • Zscaler (Web Proxy)
  • Zscaler Tunnel (N/A)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adobe I/O Runtime (ADOBE_IO_RUNTIME)
  • Amazon VPC Transit Gateway Flow Logs (AWS_VPC_TRANSIT_GATEWAY)
  • Appsentinels (APPSENTINELS)
  • Asset Panda (ASSET_PANDA)
  • AstriX (ASTRIX)
  • Atlan (ATLAN)
  • Azure Container Registry (AZURE_CONTAINER_REGISTRY)
  • Backbase Engagement Banking Platform (BACKBASE)
  • Barracuda Incident Response (BARRACUDA_INCIDENTRESPONSE)
  • Cloudflare Access (CLOUDFLARE_ACCESS)
  • Control D DNS (CONTROL_D)
  • Digicert (DIGICERT)
  • Elastic Defend (ELASTIC_DEFEND)
  • FingerprintJS (FINGERPRINT_JS)
  • Hashicorp Nomad (HASHICORP_NOMAD)
  • IBM NS1 (IBM_NS1)
  • Intel 471 Malware Intelligence (INTEL471_MALWARE_INTEL)
  • MacStadium (MACSTADIUM)
  • N-Able N-Central RMM (N_ABLE_N_CENTRAL_RMM)
  • Opentext Exstream (OPENTEXT_EXSTREAM)
  • OVHcloud (OVHCLOUD)
  • OX Security (OX_SECURITY)
  • Pharos (PHAROS)
  • ReliaQuest (RELIAQUEST)
  • Rublon (RUBLON)
  • Snyk Group level audit/issues logs (SNYK_ISSUES)
  • SolarWinds Network Performance Monitor (SOLARWINDS_NPM)
  • StackHawk (STACKHAWK)
  • Tencent Cloud Firewall (TENCENT_CLOUD_FIREWALL)
  • Tencent Cloud Waf (TENCENT_CLOUD_WAF)
  • Tencent Cloud Workload Protection (TENCENT_CLOUD_WORKLOAD_PROTECTION)
  • Trend Micro Server Protect (TRENDMICRO_SERVER_PROTECT)
  • UKG (UKG)
  • Uptivity (UPTIVITY)
  • USBAV Koramis (USBAV_KORAMIS)
  • Virtual Network Flow Logs (VIRTUAL_NETWORK_FLOW_LOGS)
  • Windows Performance Monitor (MS_PERFMON)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.45.1 (2024-10-24)

Bug Fixes
  • pubsub: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • pubsub: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (8bb87d5)
Documentation
  • pubsub: Add doc links to top level package doc (#11029) (fe2ec56)

1.45.0 (2024-10-22)

Features
  • pubsub: Add IngestionFailureEvent to the external proto (f0b05e2)
  • pubsub: Add support for ingestion platform logging settings (#10969) (c60241f)

Java

Changes for google-cloud-pubsub

1.134.0 (2024-10-23)

Features
  • Add IngestionFailureEvent to the external proto (6c67798)
  • Track batch size using serialized size of PublishRequest (#2113) (be78e64)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.43.1 (#2202) (acaf5f2)
  • Update dependency com.google.cloud:google-cloud-core to v2.46.0 (#2238) (dc06d54)
  • Update dependency com.google.cloud:google-cloud-storage to v2.43.2 (#2226) (eb87c04)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#2225) (cc1b072)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.28.3 (#2237) (75abe83)
  • Update dependency org.apache.avro:avro to v1.11.4 security (31f276b)
  • Update sdk platform java dependencies (#2239) (8f4f855)
Documentation
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.2 (2024-10-23)

Bug Fixes
  • secretmanager: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • secretmanager: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see https://togithub.com/googleapis/google-cloud-go/issues/11020. (2b8ca4b)
Sensitive Data Protection

The ITALY_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Workflows

Two standard library functions to support common hashing algorithms have been added: compute_checksum and compute_hmac.

October 26, 2024

Google SecOps SOAR

Release 6.3.23 is currently in Preview.

Custom SMTP Configuration does not send emails with send_mail function in monitoring jobs (ID #52614371)

Unexpected behavior between system wide and user preference localization time zone settings. Following this bug fix, the default time zone is now set to UTC + 1. This does not override the user local settings. The admin needs to change the default timezone to the required timezone if needed. (ID #51914939, #52558921)

October 25, 2024

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for MySQL

When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. This parameter contains the maximum number of bytes that you can be charged for a backup.

Cloud SQL for PostgreSQL

When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. This parameter contains the maximum number of bytes that you can be charged for a backup.

Cloud SQL for SQL Server

When you run the backupRuns.GET API or the gcloud sql backups describe command, the maxChargeableBytes parameter now appears in the response. This parameter contains the maximum number of bytes that you can be charged for a backup.

Colab Enterprise

Colab Enterprise is now available in the following regions:

  • Hamina, Finland (europe-north1)
  • Milan, Italy (europe-west8)
  • Tel Aviv, Israel (me-west1)
  • Warsaw, Poland (europe-central2)

See Colab Enterprise locations.

Compute Engine

Generally available: The A3 Edge accelerator-optimized machine type is now available. The A3 Edge machine type has NVIDIA® H100 80GB GPUs attached and provides up to 800 Gbps of network bandwidth speed depending on the region. A3 Edge VMs are ideal for inference or training ML workloads that require a single node. The A3 Edge machine type is available in the following regions and zones:

  • APAC
    • Tokyo, Japan: asia-northeast1-c
    • Seoul, South Korea: asia-northeast3-a,c
    • Mumbai, India: asia-south1-c
  • Europe
    • London, England: europe-west2-b
    • Frankfurt, Germany: europe-west3-a
    • Eemshaven, Netherlands: europe-west4-b
    • Milan, Italy: europe-west8-c
    • Paris, France: europe-west9-c
    • Turin, Italy: europe-west12-b
  • North America
    • Toronto, Ontario: northamerica-northeast2-c

To get started with A3 Edge VMs, see Create an A3 VM.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.124-debian10, 2.0.124-rocky8, 2.0.124-ubuntu18
  • 2.1.72-debian11, 2.1.72-rocky8, 2.1.72-ubuntu20, 2.1.72-ubuntu20-arm
  • 2.2.38-debian12, 2.2.38-rocky9, 2.2.38-ubuntu22

Dataproc Serverless for Spark: The Hadoop Google Secret Manager Credential Provider feature is now available in the Dataproc Serverless for Spark 1.2 and 2.2 runtimes.

Dataproc Serverless for Spark: Added common AI/ML Python packages by default to Dataproc Serverless for Spark 1.2 and 2.2 runtimes.

Dataproc Serverless for Spark: Upgraded Cloud Storage connector to 3.0.3 version in the latest 1.2 and 2.2 runtimes.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.700-gke.110 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.700-gke.110 runs on Kubernetes v1.29.8-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.29.700-gke.110:

  • Fixed the known issue that caused gkectl to display false warnings on admin cluster version skew.
  • Fixed the known issue that caused migrating a user cluster to Controlplane V2 to fail if secrets encryption has ever been enabled on the user cluster, even if it's already disabled.
  • Fixed the known issue that caused migrating an admin cluster from non-HA to HA to fail if the admin cluster had enabled secret encryption at 1.14 or earlier, and upgraded all the way from that version.

The following vulnerabilities are fixed in 1.29.700-gke.110:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Google Kubernetes Engine

(2024-R41) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1678000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1145000
    • 1.31.1-gke.1146000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1678000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1678000 with this release.

Regular channel

Stable channel

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

Extended channel

No channel

(2024-R41) Version updates

  • Version 1.31.1-gke.1678000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.14-gke.1099000
    • 1.29.9-gke.1177000
    • 1.30.5-gke.1145000
    • 1.31.1-gke.1146000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1678000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1217000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1341000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1355000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1678000 with this release.

(2024-R41) Version updates

(2024-R41) Version updates

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

(2024-R41) Version updates

(2024-R41) Version updates

Security Command Center

Event Threat Detection's Outgoing DoS finding has been shut down and is no longer available.

Sensitive Data Protection

The PARAGUAY_TAX_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The sensitive data discovery service can now detect the presence of secrets, such as passwords and authentication tokens, in your Cloud Run service revision environment variables. Sensitive Data Protection sends any findings to Security Command Center as vulnerability findings. For more information, see Report secrets in environment variables to Security Command Center.

Vertex AI Agent Builder

Vertex AI Search: Get grounding scores for answers with summaries and follow-ups (GA)

The answer method can return aggregated grounding scores for answers and individual grounding scores for claims.

This feature is Generally available (GA). For more information, see Return grounding support scores.

Vertex AI Search: Return only well-grounded answers with summaries and follow-ups (GA)

With the answer method, you can choose to filter out poorly-grounded answers. There are two filter levels: choose to return only answers with high grounding scores (at the risk of losing some helpful answers) or choose a lower filter to get more answers.

This feature is Generally available (GA). For more information, see Show only well-grounded answers.

Vertex AI Search: Advanced autocomplete (Public preview)

Use advanced autocomplete to enable autocomplete on blended search apps. Also, advanced autocomplete supports:

  • Access control
  • Language boosting
  • Rich suggestions, which return document suggestions or recent search suggestions

For more information, see Configure advanced autocomplete. This feature is in Public preview.

October 24, 2024

BigQuery

BigQuery provides context-aware transformation recommendations from Gemini for cleansing data for analysis. Data preparation is available in Preview.

Cloud Data Fusion

Using Dataproc version 2.2 in your Cloud Data Fusion pipeline can fail in some cases with the following error: ERROR [Driver:o.a.s.d.y.ApplicationMaster@97] - User class threw exception: java.lang.NoSuchMethodError: 'org.apache.spark.sql.catalyst.encoders.ExpressionEncoder org.apache.spark.sql.catalyst.encoders.RowEncoder.apply(org.apache.spark.sql.types.StructType)' at io.cdap.cdap.etl.spark.batch.OpaqueDatasetCollection.toDataframeCollection(OpaqueDatasetCollection.java:111).
To avoid this issue, change the Dataproc image to 2.1 (CDAP-21075).

Cloud Load Balancing

Global external Application Load Balancers and global external proxy Network Load Balancers can now load balance IPv6 traffic. The following backends have dual-stack support:

  • VM instance groups
  • Zonal NEGs (GCE_VM_IP_PORT endpoints)

You can also convert your existing single-stack load balancers from IPv4-only to dual stack (IPv4 and IPv6) deployments.

For details, see the following pages:

This feature is available in General Availability.

Cloud Logging

You can now create alerting policies that monitor the results of your SQL queries. For more information about SQL-based alerting policies, see the following documents:

Cloud Monitoring

You can now create alerting policies that monitor the results of your SQL queries. For more information about SQL-based alerting policies, see the following documents:

Cloud Service Mesh

The rollout of managed Cloud Service Mesh version 1.19 to the stable channel has completed.

In future releases, managed Cloud Service Mesh will use the GKE release channel to determine the data plane component and Istio API versions. For more information, see Provision managed Cloud Service Mesh Requirements.

Contact Center AI Insights

You can now use Quality AI as a GA feature within the Insights console to evaluate contact center conversations and agent performance more efficiently. Quality AI automates conversation scoring so that all conversations are taken into account. See the Overview, Basics, Setup Guide, and Best Practices pages for more details.

Container Optimized OS

cos-109-17800-372-7

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded app-containers/docker-credential-gcr to v2.1.23.

Upgraded app-containers/containerd, app-containers/containerd-test to v1.7.20.

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded dev-python/jsonpatch to v1.33.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded dev-lang/python-exec to v2.4.10.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded dev-python/six to v1.16.0-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.2.

Upgraded dev-python/jinja to v3.1.4.

Upgraded sys-libs/libcap to v2.70.

Upgraded app-arch/pigz to v2.8.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded dev-python/pyserial to v3.5-r2.

Upgraded sys-libs/zlib to v1.3.1-r1.

Upgraded dev-python/configobj to v5.0.8.

Upgraded sys-libs/gdbm to v1.24.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded app-arch/unzip to v6.0_p27-r1.

Upgraded dev-libs/nss to v3.103.

Upgraded sys-apps/acl to v2.3.2-r1.

Updated R550, latest driver to v550.90.12.

Upgraded app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Runtime sysctl changes:

  • Changed: fs.file-max: 812253 -> 812259

Upgraded app-containers/containerd to 1.7.23.

Dialogflow

Dialogflow CX & ES: In order to increase the stability of Cloud Text-to-speech, out-of-quota requests for Journey Voices will now be fulfilled with a fallback voice of the same speaker persona. To opt out, contact your Google account team.

Dialogflow CX & ES: Dialogflow now supports A-law encoding in addition to Mu-law encoding for input and output audio. A-law and Mu-law are the two available formats in G.711.

Google Distributed Cloud (software only) for bare metal

Release 1.29.700-gke.113

Google Distributed Cloud for bare metal 1.29.700-gke.113 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.700-gke.113 runs on Kubernetes 1.29.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.
  • Fixed an issue where bmctl restore fails due to etcd containers not starting correctly.
  • Fixed an issue where the registry mirror reachability check fails for a single unreachable registry mirror. Now the reachability check applies to configured registry mirrors only, instead of all registry mirrors.

The following container image security vulnerabilities have been fixed in 1.29.700-gke.113:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Looker Studio

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

October 23, 2024

Agent Assist

(Proactive) Generative knowledge assist offers additional functions and supports more languages.

AlloyDB for PostgreSQL

Database server compatibility with PostgreSQL version 16 is generally available (GA). You can create AlloyDB clusters using PostgreSQL 16. Database Migration Service also supports homogeneous migrations from PostgreSQL to AlloyDB for PostgreSQL version 16.

Apigee X

On October 23, 2024, we released an updated version of Apigee (1-14-0-apigee-1).

Bug ID Description
N/A Updates to security infrastructure and libraries.
Cloud Run

GPU support (Preview) is now available in the following region: europe-west4.

Cloud SQL for PostgreSQL

PostgreSQL version 17 is now generally available.

When using the CLI/API to create an instance, if the database version for the instance or replica that you're creating is PostgreSQL 16 and later, then the default Cloud SQL edition is Enterprise Plus.

When using the CLI/API to create an instance, If you either don't specify a database version or you specify a version other than PostgreSQL 16 and later, then the default Cloud SQL edition is Enterprise.

The following information applies to flags and extensions for PostgreSQL 17:

Flags

These flags are deprecated for PostgreSQL 17:

  • old_snapshot_threshold
  • trace_recovery_messages

For more information, see Configure database flags.

Extensions

Cloud SQL for PostgreSQL version 17 doesn't support these extensions:

  • ip4r
  • oracle_fdw
  • orafce
  • pg_background
  • pg_bigm
  • pgfincore
  • pg_hint_plan
  • pg_partman
  • pg_proctab
  • pgrouting
  • pg_similarity
  • pg_squeeze
  • pgtap
  • pgtt
  • pg_wait_sampling
  • PL/Proxy
  • plv8
  • postgresql_anonymizer
  • postgresql_hll
  • prefix
  • rdkit
  • temporal_tables

To start using PostgreSQL 17, see Create instances.

Cloud Storage

Announced billing changes for BigQuery users who are accessing Cloud Storage will now take effect February 1, 2025. These changes were originally set to take effect November 1, 2024.

Compute Engine

Generally available: You can extend the term lengths of your resource-based commitments beyond the preset 1 or 3 years and choose custom term lengths such as 2, 3.5, or 5.5 years. Term extensions let you tailor commitments to match your resource usage needs and keep receiving committed use discounts (CUDs) for a longer time.

For more information, see Extend the term length of commitments.

Datastream

Datastream is now available in the europe-southwest1 (Madrid) region. For the list of all available regions, see IP allowlists and regions.

October 22, 2024

Apigee X

On October 22, 2024, we released a new version of Apigee.

With this release, the following limits for Apigee organizations have changed:

  • The maximum number of deployed API proxies and shared flows per (non-hybrid) organizations is 6000.
  • The maximum number of proxy deployment units per Apigee instance is 6000.
  • The maximum number of API base paths per Apigee organization is 6000.

For more information, see the Apigee Limits page.

Cloud Composer

(Only new Cloud Composer 2 environments, all versions) If a GKE Control Plane IP range is specified for an environment, GKE creates a new subnetwork in this range to provision the IP address for communication with the GKE Control Plane. Otherwise, the subnetwork specified in the Cloud Composer connection subnetwork range is used (this range defaults to the environment's subnetwork). For more information about IP ranges used by Cloud Composer environments, see Configure private IP networking.

(Airflow 2.9.3) The apache-airflow-providers-google package was upgraded to version 10.24.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.23.0 to version 10.24.0.

(Airflow 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 9.0.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 8.4.2 to version 9.0.0.

(Airflow 2.9.3 and 2.7.3) Changes in preinstalled packages:

  • The grpcio package was downgraded from 1.66.2 to 1.65.5.
  • The js2py package was removed from dependencies.
  • The pyjsparser package was removed from dependencies.
  • The tzlocal package was removed from dependencies.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.4 (default)
  • composer-3-airflow-2.7.3-build.20

Cloud Composer 2.9.8 images are available:

  • composer-2.9.8-airflow-2.9.3 (default)
  • composer-2.9.8-airflow-2.7.3

Cloud Composer version 2.4.6 has reached its end of support period.

Cloud Storage

Connecting to Cloud Storage using gRPC is generally available (GA). You can use gRPC to interact with Cloud Storage.

You can now emit client-side metrics for gRPC. To learn which metrics are supported and how to emit them, see Use gRPC client-side metrics.

Document AI

The Document AI section of the Google Cloud console now allows you to configure property descriptions as part of the Custom extractor processor-creation process.

Property description allows you to provide additional context, insights, and prior knowledge for each entity to improve extraction accuracy.

Property descriptions can be edited after schema creation. After you update the property descriptions, you will need to either call the pretrained models or create or fine-tune a new processor version for the changes to take effect.

Generative AI on Vertex AI

The Anthropic Claude Sonnet 3.5 v2 is Generally Available. To learn more, view the Claude Sonnet 3.5 v2 model card in Model Garden.

Google Cloud Architecture Center

Design an optimal storage strategy for your cloud workload: Added information about Parallelstore. Updated NetApp Volumes availability capabilities and capacity limits.

October 21, 2024

Artifact Registry

Artifact Analysis now supports scanning for vulnerabilities in the following types of operating systems:

  • AlmaLinux OS
  • Chainguard
  • Google Distroless
  • Red Hat Universal Base Image (UBI)
  • Rocky Linux
  • SUSE Linux Enterprise Server (SLES)
  • Wolfi

If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry addressing these new operating systems, in addition to already supported operating system and language package vulnerabilities.

These capabilities are Generally Available.

For more information, see Container scanning overview, or enable Container Scanning API.

Artifact Analysis now supports manual scans for vulnerabilities in the following types of packages:

  • AlmaLinux OS
  • Chainguard
  • .NET
  • Google Distroless
  • NPM
  • PHP
  • Python
  • Ruby
  • Rust
  • Red Hat Universal Base Image (UBI)
  • Rocky Linux
  • SUSE Linux Enterprise Server (SLES)
  • Wolfi

You can use the On-Demand Scanning API to manually scan container images locally on your computer or in your registry. Artifact Analysis scans for vulnerabilities in these new packages types, in addition to already supported package types.

These capabilities are Generally Available (GA).

For more information, see Container scanning overview.

Assured Workloads

The IRS Publication 1075 control package is now generally available. Additionally, it now supports the following products:

  • Binary Authorization
  • Cloud Logging

See the supported products page for a complete list.

Backup and DR

Backup and DR service added support to deploy new management console without the need to create private services access. You can also deploy backup/recovery appliances in any VPC available within the management console project.

BigQuery

You can now view, trigger, and pause Airflow DAGs in BigQuery. This feature is in Preview.

You can now manage notebook schedules on the Orchestration page. Notebook scheduling is in Preview.

Custom organization policies let you allow or deny specific operations on BigQuery Data Transfer Service transfer configurations to meet your organization's compliance and security requirements. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.45.1 (2024-10-14)

Dependencies
  • Update sdk-platform-java dependencies (#2378) (2499a3c)
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (cdc2cc7)
Cloud Database Migration Service

You can now use additional concurrency settings for heterogeneous Oracle migration jobs with Database Migration Service. This lets you adjust the migration process to better align with your scenario.

For information about creating migration jobs using the new full dump configuration and maximum concurrent connection settings, see:

Cloud Load Balancing

Internal and external passthrough Network Load Balancers now support connection draining for UDP and other non-TCP protocol traffic.

For details, see Enable connection draining.

This feature is available in Preview.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for logging/apiv2

1.12.0 (2024-10-16)

Features
  • logging: Add support for Go 1.23 iterators (84461c0)
Bug Fixes
  • logging: Bump dependencies (2ddeb15)
  • logging: Fixed input validation for X-Cloud-Trace-Context; encoded spanID from XCTC header into hex string. (#10979) (a157558)
  • logging: Update google.golang.org/api to v0.191.0 (5b32644)

Python

Changes for google-cloud-logging

3.11.3 (2024-10-15)

Bug Fixes
  • 16-bit hexadecimal formatting for XCTC span IDs (#946) (1f2b190)
Cloud Run

You can now create custom organization policies and apply them to projects, folders, or organizations (GA).

Cloud Run integrations are discontinued from the Google Cloud console and Google Cloud CLI for new users. If you are an existing user, you will continue to have access until January 2025. No action is required, your deployed services that use these integrations will continue to work. We recommend transitioning to use the individual product experiences for each integration you have deployed. For more information about configuring resources for your services to connect to other Google Cloud products, see Connect to Google Cloud services.

Cloud SQL for MySQL

You can now create a read replica for an instance that has private services access configured for it and connector enforcement enabled for it. For more information, see Connect using Cloud SQL Language Connectors.

Cloud SQL for PostgreSQL

You can now create a read replica for an instance that has private services access configured for it and connector enforcement enabled for it. For more information, see Connect using Cloud SQL Language Connectors.

Cloud SQL for SQL Server

You can now create a read replica for an instance that has private services access configured for it and connector enforcement enabled for it. For more information, see Connect using Cloud SQL Language Connectors.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.45.0 (2024-10-17)

Features
  • storage/internal: Adds support for restore token (70d82fe)
  • storage: Adding bucket-specific dynamicDelay (#10987) (a807a7e)
  • storage: Dynamic read request stall timeout (#10958) (a09f00e)
Documentation
  • storage: Remove preview wording from NewGRPCClient (#11002) (40c3a5b)
Confidential Space

A new Confidential Space image (241000) is now available. This image version adds IPv6 ingress traffic support.

The following Confidential Space images were also previously released:

  • September 2, 2024 (240900):
    • Added tmpfs mount support for Confidential Space workloads
    • Added configurable /dev/shm size for Confidential Space workloads
    • Added retry capability to the container signature fetch.
    • Minor bug fixes.
  • August 5, 2024 (240800):
    • Moved to COS-113 as the base image.
    • Patched OpenSSH vulnerability CVE-2024-6387 in the debug image.
Config Controller

Config Controller now uses the following versions of its included products:

Container Optimized OS

cos-113-18244-236-5

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.23 See List

Updated app-containers/containerd to 1.7.23.

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded app-containers/docker-credential-gcr to v2.1.23.

Upgraded dev-python/jinja to v3.1.4.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded sys-libs/libcap to v2.70.

Upgraded sys-process/procps to v4.0.4-r1.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded sys-libs/gdbm to v1.24.

Upgraded dev-libs/double-conversion to v3.3.0.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded app-arch/gzip to v1.13-r1.

Upgraded sys-apps/acl to v2.3.2-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Added NVIDIA GPU drivers R560 branch - Updated the R560 and latest drivers to v560.35.03.

Updated the R550 and latest drivers to v550.90.12.

Identify GPU drivers before installation.

Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

cos-105-17412-495-4

Kernel Docker Containerd GPU Drivers
COS-5.15.167 v23.0.3 v1.7.23 See List

This is an LTS Refresh release.

Updated app-containers/containerd to 1.7.23.

Upgraded net-libs/libnetfilter_cttimeout to v1.0.1.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded app-arch/pigz to v2.8.

Upgraded net-libs/libnetfilter_queue to v1.0.5.

Upgraded sys-libs/libcap to v2.70.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded sys-libs/zlib to v1.3.1-r1.

Upgraded net-libs/libmnl to v1.0.5.

Upgraded net-nds/rpcbind to v1.2.6.

Upgraded sys-libs/gdbm to v1.24.

Upgraded net-libs/libnetfilter_cthelper to v1.0.1-r1.

Upgraded dev-libs/nss to v3.103.

Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812681 -> 812700

cos-dev-121-18718-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.23 See List

Updated app-containers/containerd to 1.7.23.

Updated the Linux kernel to v6.6.56.

Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Runtime sysctl changes:

  • Changed: fs.file-max: 811780 -> 811799

cos-109-17800-309-93

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812261 -> 812253

cos-101-17162-528-64

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Updated app-arch/libarchive to version 3.7.6. This fixed CVE-2024-48957, CVE-2024-48958.

Fixed CVE-2024-44958 in the Linux kernel.

Fixed CVE-2024-43892 in the Linux kernel.

Cortex Framework

Release 6.0.1

  • Quickstart demo updates for permissions with legacy accounts.
  • CATGAP Python library vulnerability updates.
Dataproc

Announcing the General Availability (GA) release of Spark UI for Dataproc Serverless Batches and Interactive sessions which allows you to monitor and debug your serverless Spark workloads. Spark UI is available by default and free of cost for all Dataproc Serverless workloads.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.23.0 (2024-10-14)

Features
  • Support for field update operators in the Datastore API and resolution strategies when there is a conflict at write time (b299266)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.46.1 (678eee2)
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (b299266)
Dependencies
Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.8.0 (2024-10-15)

Features
  • Add ingestion Cloud Storage fields and Platform Logging fields to Topic (#1974) (afec9a1)
  • Return listing information for subscriptions created via Analytics Hub (afec9a1)

Python

Changes for google-cloud-pubsub

2.26.1 (2024-10-10)

Documentation
VPC Service Controls

General availability support for the following integration:

October 20, 2024

Google SecOps SOAR

Release 6.3.22 is now in General Availability.

October 18, 2024

Apigee API hub

On October 18, 2024, Apigee announced the an update to Apigee API hub.

In addition to us-central1 and europe-west1, Apigee API hub now supports the following new hosting regions:

Region Description Region name
Northern Virginia us-east4
Oregon us-west1
London europe-west2
Singapore asia-southeast1
Mumbai asia-south
Sao Paulo southamerica-east1
Sydney australia-southeast1

See Provision API hub.

Artifact Registry

Artifact Registry remote repositories support setting standard Artifact Registry repositories as upstreams for supported formats.

To learn more about how remote repositories work, read the Remote repository overview.

Cloud Key Management Service

You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud KMS resources. For more information, see Create custom organization policy constraints for Cloud KMS.

Cloud Load Balancing

You can now use the Google Cloud Console to create the following load balancers in Premium Tier:

  • Regional external Application Load Balancer
  • Regional external proxy Network Load Balancer

Previously, only Standard Tier support was available in the Console.

Previously, the classic external Application Load Balancer had lenient HTTP/2 request parsing that did not reject requests containing certain invalid characters in the request path. The same requests would have been rejected if they had arrived over HTTP/1 or HTTP/3.

Now, all HTTP requests, including HTTP/2 requests, are rejected if the path contains a character that isn't one of the following:

  • An allowed ASCII character specified in RFC 3986, sections 3.3 and 3.4.

  • One of the following special allowed characters: [ ] { } | ^

All other characters must be properly URL encoded.

You can identify rejected requests in the proxy logs by looking for the following:

  • responseCode: 400
  • response_code_details: invalid_http2_client_header_format
Data Catalog

Data lineage is available in the following Google Cloud regions:

  • Berlin (europe-west10)
  • Dammam (me-central2)
  • Doha (me-central1)
  • Johannesburg (africa-south1)
  • Turin (europe-west12)

Data lineage is available in the following BigQuery Omni regions:

  • AWS - Asia Pacific (Sydney) (aws-ap-southeast-2)
  • AWS - Europe (Ireland) (aws-eu-west-1)
  • AWS - Europe (Frankfurt) (aws-eu-central-1)
  • AWS - US West (Oregon) (aws-us-west-2)
Dataplex

Data lineage is available in the following Google Cloud regions:

  • Berlin (europe-west10)
  • Dammam (me-central2)
  • Doha (me-central1)
  • Johannesburg (africa-south1)
  • Turin (europe-west12)

Data lineage is available in the following BigQuery Omni regions:

  • AWS - Asia Pacific (Sydney) (aws-ap-southeast-2)
  • AWS - Europe (Ireland) (aws-eu-west-1)
  • AWS - Europe (Frankfurt) (aws-eu-central-1)
  • AWS - US West (Oregon) (aws-us-west-2)
Dataproc
Datastream

Datastream is now available in the us-south1 (Dallas) region. For the list of all available regions, see IP allowlists and regions.

Generative AI on Vertex AI

The Llama 3.1 405B model that is managed on Vertex AI is now Generally Available.

Security Command Center

The VMTD disabled finding category from Virtual Machine Threat Detection is no longer available. For more information about the finding categories that this built-in service provides, see Virtual Machine Threat Detection overview.

Spanner

Spanner Graph now supports the following functions:

Spanner now supports customer-managed encryption keys (CMEK) to protect databases in custom, dual-region, and multi-region instance configurations. For more information, see Customer-managed encryption keys (CMEK) overview.

Text-to-Speech

Journey Voices and streaming synthesis now support the de-de, en-gb, en-in, es-us, fr-ca, fr-fr, and it-it locales.

VPC Service Controls

Updated the correct support status for the following integration in the Supported products and limitations page:

October 17, 2024

Anthos Config Management

Improved the security of the git-sync container by upgrading the base image to address known vulnerabilities.

App Hub Backup and DR

Backup and DR Service 11.0.13.278 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.

Backup and DR Service added support to view connector version logs in Cloud Logging.

Backup and DR Service added support to view connector version reports in BigQuery.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Dataproc Google Cloud VMware Engine

Stretched private clouds using `ve2' node types are now available in the following region:

  • Frankfurt, Germany, Europe (europe-west3)
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.28.1100-gke.91 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.1100-gke.91 runs on Kubernetes v1.28.14-gke.200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issue is fixed in 1.28.1100-gke.91:

Fixed the known issue that caused gkectl to display false warnings on admin cluster version skew.

The following vulnerabilities are fixed in 1.28.1100-gke.91:

Critical container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.28.1100-gke.94

Google Distributed Cloud for bare metal 1.28.1100-gke.94 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1100-gke.94 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

You can now use NVIDIA H100 80GB GPUs on GKE in the following smaller machine types:

  • a3-highgpu-1g (1 GPU)
  • a3-highgpu-2g (2 GPUs)
  • a3-highgpu-4g (4 GPUs)

These machine types are available through Dynamic Workload Scheduler Flex Start mode, Spot VMs in GKE Standard mode clusters, or Spot Pods in GKE Autopilot mode clusters. You can only provision these machine types if there's available capacity in your region.

GKE continues to support the 8 GPU H100 80GB machine types: a3-highgpu-8g and a3-megagpu-8g.

The new release of the GKE Gateway controller (2024-R2) is now generally available. With this release, the GKE Gateway controller provides the following new capabilities:

Conformance:

To learn more about our GKE Gateway controller capabilities, see the supported capabilities per GatewayClass.

In GKE clusters with the control plane running version 1.29.1-gke.1425000 or later, TPU slice nodes support SIGTERM signals that alert the node of an imminent shutdown. The imminent shutdown notification is configurable up to five minutes in TPU nodes. To configure GKE to terminate your workloads gracefully within this notification timeframe, see Manage GKE node disruption for GPUs and TPUs.

(2024-R40) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.

Stable channel

  • Version 1.30.4-gke.1348001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969002
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.4-gke.1348001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.4-gke.1348001 with this release.

Extended channel

  • Version 1.27.16-gke.1681000 is now available in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1576000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.

No channel

  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1049000
    • 1.28.14-gke.1175000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.4-gke.1348001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.4-gke.1348001 with this release.

(2024-R40) Version updates

(2024-R40) Version updates

  • The following versions are no longer available in the Regular channel:
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.

(2024-R40) Version updates

  • Version 1.30.4-gke.1348001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969002
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.4-gke.1348001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.4-gke.1348001 with this release.

(2024-R40) Version updates

  • Version 1.27.16-gke.1681000 is now available in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1576000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1278000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.

(2024-R40) Version updates

  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1049000
    • 1.28.14-gke.1175000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.4-gke.1348001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.4-gke.1348001 with this release.
Policy Controller

Policy Controller version 1.19.2 is now available.

Spanner

Spanner now offers usage statistics for database splits along with the associated System insights dashboard to help you identify hotspots on affected rows in your database.

Directed reads are Generally Available. This feature provides the flexibility to route read-only transactions and single reads to a specific replica type or region in a multi-region instance configuration. For more information, see Directed reads.

Vertex AI Agent Builder

Vertex AI Search: CMEK for US and EU (GA) and CMEK with EKM and HSM (GA with allowlist)

Customer-managed encryption keys (CMEK) are Generally available (GA) in the US and the EU. You no longer need to be added to an allowlist to use CMEK. If you store your data in a US or EU multi-region data store, you can provide your own encryption key to protect your data at rest.

Using external key manager (EKM) or hardware security module (HSM) with CMEK is in GA with allowlist.

For information, see Customer-managed encryption keys.

October 16, 2024

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Dataproc API
    • dataproc.googleapis.com/Session
  • Identity Platform
    • identitytoolkit.googleapis.com/DefaultSupportedIdpConfig
    • identitytoolkit.googleapis.com/InboundSamlConfig
    • identitytoolkit.googleapis.com/OauthIdpConfig
    • identitytoolkit.googleapis.com/Tenant
  • Vertex AI
    • aiplatform.googleapis.com/TuningJob
Cloud Composer

Fixed a bug where upgrading a private IP environment could fail because of an invalid CIDR range.

The default version of Airflow is changed to 2.9.3.

Airflow 2.9.1 is no longer included in Cloud Composer images and builds.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.3 (default)
  • composer-3-airflow-2.7.3-build.19

Cloud Composer 2.9.7 images are available:

  • composer-2.9.7-airflow-2.9.3 (default)
  • composer-2.9.7-airflow-2.7.3
Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.39. To upgrade your existing MySQL 8.0 instance to the new version, see Upgrade the database minor version.

Compute Engine

End of life: On October 31, 2024, SLES 12 SP5 and SLES 12 SP5 for SAP are reaching end of life and the images will be deprecated on Google Cloud. If you use SLES 12 SP5 or SLES 12 SP5 for SAP images in your project, review Long Term Service Support Pack (LTSS) options.

Config Connector

Config Connector version 1.124.0 is now available.

The direct resource development guide is now available for contributors

To improve the Config Connector resource development process, we have a new development guide to contributing resources to Config Connector with the direct reconciliation process. This new approach makes contributing more reliable and consistent with Kubernetes development practices. For more information, read the new Direct resource development guide.

RedisCluster is promoted from alpha to beta (Direct Reconciler).

CertificateManagerDNSAuthorization

  • Add the spec.Location field.

ComputeForwardingRule

  • Added spec.target.googleApisBundle field (allowed values are all-apis or vpc-sc). Note, when configuring this field, the resource will use direct reconciliation.

CertificateManagerDNSAuthorization is migrated from the Terraform-based to the new Direct controller to enhance reliability and performance. The resource CRD is unchanged.

New Alpha Resources (Direct Reconciler)

  • PrivilegedAccessManagerEntitlement
  • BigQueryAnalyticsHubDataExchange
Google Cloud Deploy

You can now automatically retry failed rollouts, and automatically roll back to the most recent successful rollout, in preview.

Google Cloud VMware Engine

Added missing release notes for stretched private cloud availability using ve2 node types in Sydney, Australia, APAC (australia-southeast1-b)

Google Kubernetes Engine

In GKE version 1.31.1-gke.1621000 and later, the kube_pod_resource_request metric and the kube_pod_resource_limit metric are exported as part of the the scheduler metrics package.

Security Command Center

Toxic combination findings are generally available. This includes the following updates:

  • Support for toxic combination findings on AWS resources. This feature is available in Preview.
  • Addition of a new Toxic Combination Cases TTR and Trend widget on the Posture overview page of the Google Security Operations console. The widget details the trends for open and closed toxic combination cases for a specific time range.

October 15, 2024

Artifact Registry

Organization policy constraints for Artifact Registry is available in General Availability.

For more information, see Use custom organization policies.

Cloud Storage

Hierarchical namespace for Cloud Storage buckets is generally available (GA). With hierarchical namespace, you can store your data in a logical file system structure.

Compute Engine

Generally available: In addition to the A3 High machine type that has 8 NVIDIA H100 GPUs attached, we now have smaller machine types available that have 1, 2, or 4 NVIDIA H100 GPUs attached. These smaller machine types are ideal for workloads such as inference, simulations, and small-scale training.

To get started, review A3 High machine types.

Dataplex

Some of the BigQuery metadata that is stored in Dataplex Catalog is changing. If you have workloads that depend on BigQuery metadata, you must adjust them to preserve continuity. For more information about the scope of this change and what you need to do, see Changes to BigQuery metadata stored in Dataplex Catalog.

Dataplex is available in Dammam (me-central2). For more information, see Locations and Pricing.

Google Cloud Contact Center as a Service

Version 3.27 is released

All release notes published on this date are part of version 3.27.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Spelling and grammar check

The agent adapter now provides spelling and grammar checking. Agents can choose from spelling and grammar suggestions while entering text in the agent adapter. You can enable spelling and grammar check globally or at the queue level. For more information, see Check spelling and grammar.

Voice detection for auto-answer

You can now configure auto-answer to listen for an agent's voice after a call is connected. If no voice is detected after the specified time, the call is considered missed by the agent. For more information, see Auto answer.

New destinations for incoming SIP header data

You can now pass incoming SIP header data to session metadata files and CRM records. For more information, see Capture data parameters from inbound SIP headers.

Emergency calling

Agents in the US and Canada can now make calls to emergency services. Agents in Canada can make calls to other special services. You can set up queues for callback from emergency or special services. For more information, see Set up emergency and special services calling (US and Canada only).

Conversational Agents (Dialogflow CX) is supported in additional regions

Conversational Agents (Dialogflow CX) is now supported in additional regions. This can help you optimize performance by keeping your support agents closer to your services and end-users. For more information, see Regionalization and location settings.

Fixed an issue where queue-level caller announcements were not working properly.

Fixed an issue where multiple contacts could be created for the same contact.

Google Kubernetes Engine

On GKE Autopilot clusters running version 1.30 and later, partner workloads that set AppArmor profiles might unexpectedly be rejected at admission. This might include installations of Prisma Defender, Wiz Runtime Sensor, Sentinel One Agent, Checkpoint CloudGuard, Aqua Security Enforcer and Splunk OTEL Collector.

The following GKE versions contain a fix for this issue:

  • 1.30.5-gke.1355000 and later
  • 1.31.1-gke.1621000 and later

Clusters in any release channel can be created on or upgraded to these versions. For details, see Manually upgrading the control plane.

For newly-created VPC Peering-based clusters running version 1.27 or later, traffic from the kube-apiserver to nodes routes through the Konnectivity service. For existing VPC Peering-based clusters, GKE gradually migrates your cluster to use the Konnectivity service.

You can now create workloads with multiple network interfaces in GKE Autopilot clusters running version 1.29.5-gke.1091000 and later or version 1.30.1-gke.1280000 and later. For more information, see Setup multi-network support for Pods.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (Email Server)
  • AIX system (OS)
  • Akamai DNS (DNS)
  • Akamai WAF (WAF)
  • Apache (Security)
  • Apigee (Google Cloud Specific)
  • Apple macOS (AV / Endpoint)
  • Archer Integrated Risk Management (Risk Management Solution)
  • Area1 Security (Email server)
  • Aruba (Wireless)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS CloudFront (CDN)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS CloudWatch (Cloud service monitoring)
  • AWS EMR (AWS Specific)
  • AWS VPN (VPN)
  • Azure AD (LDAP)
  • Azure AD Directory Audit (Audit)
  • Azure Firewall (Azure Firewall Application Rule)
  • Azure Key Vault logging (Audit)
  • Barracuda Firewall (Firewall)
  • Barracuda WAF (Firewall)
  • BeyondTrust Endpoint Privilege Management (Privileged Account Activity)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Check Point (Firewall)
  • Chrome Management (Browser)
  • Cisco IronPort (Gateway Security)
  • Cisco ISE (Identity and Access Management)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Stealthwatch (Log Aggregator)
  • Cisco Switch (Switches, Routers)
  • Cisco TACACS+ (Authentication)
  • Cisco Umbrella Web Proxy (Web Proxy)
  • Cisco WLC/WCS (Wireless)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloud Data Loss Prevention (Google Cloud Specific)
  • Cloud SQL (Google Cloud Specific)
  • Cohesity (Backup Software)
  • Corelight (NDR)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • CrushFTP (Application server)
  • Darktrace (NDR)
  • Delinea Secret Server (Privileged Account Activity)
  • Dell EMC Data Domain (Storage system)
  • Druva Backup (Security)
  • Duo Activity Logs (Activity)
  • Duo Administrator Logs (Authentication)
  • Elastic Windows Event Log Beats (Log Aggregator)
  • Ergon Informatik Airlock IAM (Application Whitelisting)
  • F5 BIGIP Access Policy Manager (Access Policy Manager)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • FireEye HX (EDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • Fortinet FortiAuthenticator (Security)
  • Fortinet FortiEDR (EDR)
  • Fortinet Fortimanager (Network Management and Optimization software)
  • GitHub (SaaS Application)
  • GMV Checker ATM Security (ATM Audit)
  • Guardicore Centra (Deception Software)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Aruba (ClearPass) (Identity and Access Management)
  • IBM Cloud Activity Tracker (Security Log)
  • IBM DB2 (Database)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • Imperva (WAF)
  • Imperva CEF (CEF)
  • Imperva DRA (Data Security)
  • Infoblox (DHCP, DNS)
  • Infoblox DNS (DNS)
  • JAMF Pro (Mac Endpoint Management System)
  • Keycloak (Identity and Access Management)
  • Lacework Cloud Security (Cloud Security)
  • Linux Auditing System (AuditD) (OS)
  • Linux DHCP (DHCP)
  • ManageEngine Log360 (Alert Log)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD FS (LDAP)
  • Microsoft Azure Activity (Misc Windows Specific)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender For Cloud (Automation and DevOps Tools)
  • Microsoft Defender for Endpoint (EDR)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Graph API Alerts (Gateway to data and intelligence)
  • Microsoft Intune Context (Mobile Device Management)
  • Microsoft SQL Server (Database)
  • Mimecast URL Logs (Email server log types)
  • MISP Threat Intelligence (Cybersecurity)
  • Mobile Endpoint Security (Mobile Endpoint Security)
  • NetApp ONTAP (Rest api)
  • Netskope V2 (Cloud Security)
  • Office 365 (SaaS Application)
  • Okta (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opengear Remote Management (Secure Remote Access)
  • Oracle (DATABASE)
  • Oracle Cloud Infrastructure VCN Flow Logs (Oracle Cloud Infrastructure)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Panorama (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Proofpoint CASB (CASB)
  • Proofpoint Email Filter (Email Server)
  • Proofpoint On Demand (Email Server)
  • Proofpoint Threat Response (Email Server)
  • Pulse Secure (VPN)
  • Radware Web Application Firewall (Firewall)
  • SailPoint IAM (Identity and Access Management)
  • Saiwall VPN (VPN)
  • Salesforce (SaaS Application)
  • Sentinelone Alerts (Endpoint Security)
  • SonicWall (Firewall)
  • Sophos Central (AV / Endpoint)
  • Sophos Firewall (Next Gen) (Firewall)
  • Squid Web Proxy (Web Proxy)
  • STIX Threat Intelligence (Cybersecurity Threats)
  • Suricata EVE (IPS IDS)
  • Symantec DLP (DLP)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Symantec Web Security Service (Web Proxy)
  • TINTRI (Data Security)
  • Trend Micro Apex one (Endpoint Security)
  • TrendMicro Apex Central (Endpoint)
  • UberAgent (Security)
  • Veeam (Backup software)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • VMware NSX (Network and Security Virtualization)
  • VMware vCenter (Server)
  • WatchGuard (Syslog and KV)
  • Wazuh (Log Aggregator)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Sysmon (DNS)
  • Workday User Activity (N/A)
  • Workspace Activities (Google Cloud Specific)
  • XAMS by Xiting (Log Aggregator)
  • ZeroFox Platform (Database)
  • Zscaler (Web Proxy)
  • Zywall (Network infrastructure)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adaptive Shield (ADAPTIVE_SHIELD)
  • Agiloft (AGILOFT)
  • Airwatch Context (AIRWATCH_CONTEXT)
  • Attack IQ (ATTACK_IQ)
  • AWS PY Tools (AWS_PY_TOOLS)
  • Bindplane Agent (BINDPLANE_AGENT)
  • BindPlane Audit Logs (BINDPLANE)
  • Bitsight (BITSIGHT)
  • Bitvise SFTP (BITVISE_SFTP)
  • Ciena Router logs (CIENA_ROUTER)
  • Cisco Viptela (CISCO_VIPTELA)
  • Colinet Trotta GAUS SEGUROS (CT_GAUS_SEGUROS)
  • Conductor One (CONDUCTOR_ONE)
  • Crowdstrike Endpoint Security API (CS_ENDPOINT_SECURITY_API)
  • Fiserv SecureNow (SECURE_NOW)
  • Greenhouse Harvest (GREENHOUSE_HARVEST)
  • Harness IO (HARNESS_IO)
  • Hashicorp Boundary (HASHICORP_BOUNDARY)
  • HP Linux (HP_LINUX)
  • IBM Security Guardium Insights (IBM_INSIGHTS)
  • Imperva Attack Analytics (IMPERVA_ATTACK_ANALYTICS)
  • INTEL471 Watcher Alerts (INTEL471_WATCHER_ALERTS)
  • JAMF Security Cloud (JAMF_SECURITY_CLOUD)
  • JBoss Web (JBOSS_WEB)
  • Kandji Context (KANDJI_CONTEXT)
  • Lenels2 Elements Secure (LENELS2_ELEMENTS_SECURE)
  • ManageEngine OpUtils (MANAGE_ENGINE_OPUTILS)
  • Microsoft Graph Incident (MICROSOFT_GRAPH_INCIDENT)
  • Miro (MIRO)
  • Open Policy Agent (OPA)
  • Oracle Access Manager (ORACLE_AM)
  • Oracle Enterprise Manager (ORACLE_OEM)
  • Perception Point XRay (PERCEPTION_POINT_XRAY)
  • RedSift BrandTrust (REDSIFT_BRANDTRUST)
  • Riverbed (RIVERBED)
  • SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
  • Sharefile Logs (SHAREFILE_LOGS)
  • Smartsheet (SMARTSHEET)
  • Statusgator (STATUSGATOR)
  • Titan MFT (TITAN_MFT)
  • Upwind (UPWIND)
  • Vanta Context (VANTA_CONTEXT)
  • Varnish Cache (VARNISH_CACHE)
  • Vercel WAF (VERCEL_WAF)
  • Veriato Cerebral (VERIATO_CEREBRAL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Abnormal Security (Email Server)
  • AIX system (OS)
  • Akamai DNS (DNS)
  • Akamai WAF (WAF)
  • Apache (Security)
  • Apigee (Google Cloud Specific)
  • Apple macOS (AV / Endpoint)
  • Archer Integrated Risk Management (Risk Management Solution)
  • Area1 Security (Email server)
  • Aruba (Wireless)
  • Aruba Switch (Network Infrastructure)
  • Auth0 (Authentication log)
  • AWS CloudFront (CDN)
  • AWS Cloudtrail (Cloud Log Aggregator)
  • AWS CloudWatch (Cloud service monitoring)
  • AWS EMR (AWS Specific)
  • AWS VPN (VPN)
  • Azure AD (LDAP)
  • Azure AD Directory Audit (Audit)
  • Azure Firewall (Azure Firewall Application Rule)
  • Azure Key Vault logging (Audit)
  • Barracuda Firewall (Firewall)
  • Barracuda WAF (Firewall)
  • BeyondTrust Endpoint Privilege Management (Privileged Account Activity)
  • Blue Coat Proxy (Web Proxy)
  • BMC Client Management (Security)
  • Check Point (Firewall)
  • Chrome Management (Browser)
  • Cisco IronPort (Gateway Security)
  • Cisco ISE (Identity and Access Management)
  • Cisco Meraki (Wireless)
  • Cisco Router (Switches, Routers)
  • Cisco Stealthwatch (Log Aggregator)
  • Cisco Switch (Switches, Routers)
  • Cisco TACACS+ (Authentication)
  • Cisco Umbrella Web Proxy (Web Proxy)
  • Cisco WLC/WCS (Wireless)
  • Citrix Netscaler (Load Balancer, Traffic Shaper, ADC)
  • Claroty Continuous Threat Detection (IoT)
  • Cloud Audit Logs (Google Cloud Specific)
  • Cloud Data Loss Prevention (Google Cloud Specific)
  • Cloud SQL (Google Cloud Specific)
  • Cohesity (Backup Software)
  • Corelight (NDR)
  • CrowdStrike Detection Monitoring (EDR)
  • CrowdStrike Falcon (EDR)
  • CrushFTP (Application server)
  • Darktrace (NDR)
  • Delinea Secret Server (Privileged Account Activity)
  • Dell EMC Data Domain (Storage system)
  • Druva Backup (Security)
  • Duo Activity Logs (Activity)
  • Duo Administrator Logs (Authentication)
  • Elastic Windows Event Log Beats (Log Aggregator)
  • Ergon Informatik Airlock IAM (Application Whitelisting)
  • F5 BIGIP Access Policy Manager (Access Policy Manager)
  • F5 BIGIP LTM (Load Balancer, Traffic Shaper, ADC)
  • FireEye HX (EDR)
  • FortiGate (Firewall)
  • Fortinet FortiAnalyzer (Fortinet FortiAnalyzer)
  • Fortinet FortiAuthenticator (Security)
  • Fortinet FortiEDR (EDR)
  • Fortinet Fortimanager (Network Management and Optimization software)
  • GitHub (SaaS Application)
  • GMV Checker ATM Security (ATM Audit)
  • Guardicore Centra (Deception Software)
  • Hashicorp Vault (Privileged Account Activity)
  • HP Aruba (ClearPass) (Identity and Access Management)
  • IBM Cloud Activity Tracker (Security Log)
  • IBM DB2 (Database)
  • IBM Mainframe Storage (Monitoring)
  • IBM OpenPages (Data Security)
  • Imperva (WAF)
  • Imperva CEF (CEF)
  • Imperva DRA (Data Security)
  • Infoblox (DHCP, DNS)
  • Infoblox DNS (DNS)
  • JAMF Pro (Mac Endpoint Management System)
  • Keycloak (Identity and Access Management)
  • Lacework Cloud Security (Cloud Security)
  • Linux Auditing System (AuditD) (OS)
  • Linux DHCP (DHCP)
  • ManageEngine Log360 (Alert Log)
  • McAfee ePolicy Orchestrator (Policy Management)
  • Microsoft AD FS (LDAP)
  • Microsoft Azure Activity (Misc Windows Specific)
  • Microsoft Azure Resource (Log Aggregator)
  • Microsoft Defender For Cloud (Automation and DevOps Tools)
  • Microsoft Defender for Endpoint (EDR)
  • Microsoft Defender for Identity (EDR)
  • Microsoft Graph Activity Logs (AUDIT)
  • Microsoft Graph API Alerts (Gateway to data and intelligence)
  • Microsoft Intune Context (Mobile Device Management)
  • Microsoft SQL Server (Database)
  • Mimecast URL Logs (Email server log types)
  • MISP Threat Intelligence (Cybersecurity)
  • Mobile Endpoint Security (Mobile Endpoint Security)
  • NetApp ONTAP (Rest api)
  • Netskope V2 (Cloud Security)
  • Office 365 (SaaS Application)
  • Okta (Identity and Access Management)
  • One Identity Identity Manager (unified identity security)
  • Opengear Remote Management (Secure Remote Access)
  • Oracle (DATABASE)
  • Oracle Cloud Infrastructure VCN Flow Logs (Oracle Cloud Infrastructure)
  • Palo Alto Networks Firewall (Firewall)
  • Palo Alto Panorama (Firewall)
  • Palo Alto Prisma Cloud Alert payload (Cloud Security)
  • Proofpoint CASB (CASB)
  • Proofpoint Email Filter (Email Server)
  • Proofpoint On Demand (Email Server)
  • Proofpoint Threat Response (Email Server)
  • Pulse Secure (VPN)
  • Radware Web Application Firewall (Firewall)
  • SailPoint IAM (Identity and Access Management)
  • Saiwall VPN (VPN)
  • Salesforce (SaaS Application)
  • Sentinelone Alerts (Endpoint Security)
  • SonicWall (Firewall)
  • Sophos Central (AV / Endpoint)
  • Sophos Firewall (Next Gen) (Firewall)
  • Squid Web Proxy (Web Proxy)
  • STIX Threat Intelligence (Cybersecurity Threats)
  • Suricata EVE (IPS IDS)
  • Symantec DLP (DLP)
  • Symantec Endpoint Protection (AV / Endpoint)
  • Symantec Web Security Service (Web Proxy)
  • TINTRI (Data Security)
  • Trend Micro Apex one (Endpoint Security)
  • TrendMicro Apex Central (Endpoint)
  • UberAgent (Security)
  • Veeam (Backup software)
  • Velo Firewall (FIREWALL)
  • VMware AirWatch (Wireless)
  • VMware NSX (Network and Security Virtualization)
  • VMware vCenter (Server)
  • WatchGuard (Syslog and KV)
  • Wazuh (Log Aggregator)
  • Windows Event (Endpoint)
  • Windows Event (XML) (AV / Endpoint)
  • Windows Sysmon (DNS)
  • Workday User Activity (N/A)
  • Workspace Activities (Google Cloud Specific)
  • XAMS by Xiting (Log Aggregator)
  • ZeroFox Platform (Database)
  • Zscaler (Web Proxy)
  • Zywall (Network infrastructure)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Adaptive Shield (ADAPTIVE_SHIELD)
  • Agiloft (AGILOFT)
  • Airwatch Context (AIRWATCH_CONTEXT)
  • Attack IQ (ATTACK_IQ)
  • AWS PY Tools (AWS_PY_TOOLS)
  • Bindplane Agent (BINDPLANE_AGENT)
  • BindPlane Audit Logs (BINDPLANE)
  • Bitsight (BITSIGHT)
  • Bitvise SFTP (BITVISE_SFTP)
  • Ciena Router logs (CIENA_ROUTER)
  • Cisco Viptela (CISCO_VIPTELA)
  • Colinet Trotta GAUS SEGUROS (CT_GAUS_SEGUROS)
  • Conductor One (CONDUCTOR_ONE)
  • Crowdstrike Endpoint Security API (CS_ENDPOINT_SECURITY_API)
  • Fiserv SecureNow (SECURE_NOW)
  • Greenhouse Harvest (GREENHOUSE_HARVEST)
  • Harness IO (HARNESS_IO)
  • Hashicorp Boundary (HASHICORP_BOUNDARY)
  • HP Linux (HP_LINUX)
  • IBM Security Guardium Insights (IBM_INSIGHTS)
  • Imperva Attack Analytics (IMPERVA_ATTACK_ANALYTICS)
  • INTEL471 Watcher Alerts (INTEL471_WATCHER_ALERTS)
  • JAMF Security Cloud (JAMF_SECURITY_CLOUD)
  • JBoss Web (JBOSS_WEB)
  • Kandji Context (KANDJI_CONTEXT)
  • Lenels2 Elements Secure (LENELS2_ELEMENTS_SECURE)
  • ManageEngine OpUtils (MANAGE_ENGINE_OPUTILS)
  • Microsoft Graph Incident (MICROSOFT_GRAPH_INCIDENT)
  • Miro (MIRO)
  • Open Policy Agent (OPA)
  • Oracle Access Manager (ORACLE_AM)
  • Oracle Enterprise Manager (ORACLE_OEM)
  • Perception Point XRay (PERCEPTION_POINT_XRAY)
  • RedSift BrandTrust (REDSIFT_BRANDTRUST)
  • Riverbed (RIVERBED)
  • SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
  • Sharefile Logs (SHAREFILE_LOGS)
  • Smartsheet (SMARTSHEET)
  • Statusgator (STATUSGATOR)
  • Titan MFT (TITAN_MFT)
  • Upwind (UPWIND)
  • Vanta Context (VANTA_CONTEXT)
  • Varnish Cache (VARNISH_CACHE)
  • Vercel WAF (VERCEL_WAF)
  • Veriato Cerebral (VERIATO_CEREBRAL)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

VPC Service Controls

Preview stage support for the following integration:

October 14, 2024

Anti Money Laundering AI

The API is now available in the australia-southeast1 region. For more information on supported regions, see AML AI locations.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.43.1 (2024-10-09)

Dependencies
  • Update actions/checkout action to v4.2.1 (#3520) (ad8175a)
  • Update actions/upload-artifact action to v4.4.1 (#3521) (dc21975)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240919-2.0.0 (#3514) (9fe3829)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (bf4d37a)
  • Update github/codeql-action action to v2.26.11 (#3517) (ac736bb)
  • Update github/codeql-action action to v2.26.12 (#3522) (fdf8dc4)

You can now use fine-grained DML to optimize the execution of UPDATE, DELETE, and MERGE statements on tables. This feature is in Preview.

Cloud Data Fusion

The SAP ODATA batch source plugin version 0.11.5 is available in Cloud Data Fusion version 6.8.0 and later. This release includes the following changes:

  • Fixed an issue causing pipelines to fail when the source plugin contained nested fields (an array of records): ERROR [Executor task launch worker for task 0.0 in stage 0.0 (TID 0):o.a.s.u.Utils@98] - Aborting task io.cdap.cdap.api.data.format.UnexpectedFormatException: Schema must be a record with at least one field.

  • Added a Read Timeout plugin property, which lets you configure the read timeout value for long-running pipelines.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.4 (2024-10-07)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (90b88ee)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (#1702) (1f7da17)
Cloud Monitoring

You can now use the Monitoring API to configure a metric-based alerting policy to send notifications when incidents are closed. For more information, see AlertStrategy in the Monitoring API documentation.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.43.2 (2024-10-08)

Bug Fixes
  • Plumb list blobs match glob option for grpc transport (#2759) (207abd1)
Dependencies
  • Update dependency com.google.api:gapic-generator-java to v2.47.0 (#2750) (9041f24)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240924-2.0.0 (#2719) (7b19831)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (#2751) (003d6fa)
  • Update googleapis/sdk-platform-java action to v2.47.0 (#2749) (befa415)
Container Optimized OS

cos-113-18244-151-100

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Fixed CVE-2024-43853 in the Linux kernel.

Fixed CVE-2024-45003 in the Linux kernel.

Fixed CVE-2024-46855 in the Linux kernel.

Fixed CVE-2024-46848 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-44970 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812026

cos-109-17800-309-88

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Fixed CVE-2024-43853 in the Linux kernel.

Fixed CVE-2024-45003 in the Linux kernel.

Fixed CVE-2024-46848 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-44970 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Fixed CVE-2024-46855 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812261

cos-dev-121-18712-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.54 v24.0.9 v1.7.22 See List

Updated the Linux kernel to v6.6.54.

Update R535, default driver to v535.183.06.

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Disabled MGLRU by default due to integration issues with Kubernetes.

Runtime sysctl changes:

  • Changed: fs.file-max: 811792 -> 811780

cos-105-17412-448-66

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Update sosreport to v4.5.4

Fixed CVE-2024-45003 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812685 -> 812681

cos-101-17162-528-61

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2024-45003 in the Linux kernel.

Fixed CVE-2024-44965 in the Linux kernel.

Fixed CVE-2024-46829 in the Linux kernel.

Dataproc

Dataproc Clusters created with image versions 2.0.57+, 2.1.5+, or 2.2+: Secondary workers' control plane operations are made by the Dataproc Service Agent service account (service-<project-number>@dataproc-accounts.iam.gserviceaccount.com). They will no longer use the Google APIs Service Agent service account (<project-number>@cloudservices.gserviceaccount.com).

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.44.0 (2024-10-08)

Features
  • pubsub: Add ingestion Cloud Storage fields and Platform Logging fields to Topic (7250d71)
  • pubsub: Add support for cloud storage ingestion topics (#10959) (1a11675)
  • pubsub: Return listing information for subscriptions created via Analytics Hub (fdb4ea9)
Documentation
  • pubsub: Update documentation for 31 day subscription message retention (#10845) (9b4b2fa)

Java

Changes for google-cloud-pubsub

1.133.1 (2024-10-07)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.47.0 (ccd23af)
Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.45.0 (#2213) (5ee969b)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.37.0 (#2214) (d938709)
  • Update googleapis/sdk-platform-java action to v2.47.0 (#2212) (6a9723d)
Documentation
  • Add ingestion from GCS sample (#2211) (ddb7391)
  • Update emulator sample to create a topic and publish to it (#2039) (21d5cfc)

Python

Changes for google-cloud-pubsub

2.26.0 (2024-10-09)

Features
  • Add ingestion Cloud Storage fields and Platform Logging fields to Topic (#1248) (a7a4caa)
SAP on Google Cloud

New SAP certification for operating system: SLES 15 SP6 for SAP

For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system SUSE Linux Enterprise Server (SLES) 15 SP6 for SAP.

For more information, see:

Secret Manager

Creating regional secrets using Secret Manager is now in Generally Availability (GA). Regional secrets let you store your sensitive data within a specific geographic location, ensuring it remains in that region at all times – whether at rest, in use, or in transit. Regional secrets are crucial for meeting data residency requirements and complying with regulatory mandates.

For information about all tasks related to creating and managing regional secrets, see the Regional service documentation.

Spanner

Query Optimizer version 7 is generally available and is the default optimizer version.

Vertex AI Agent Builder

Vertex AI Search: Answers with summaries and follow-ups for blended search apps (GA with allowlist)

The answer method can be used to query blended search apps. You can apply the answer method to blended search apps in the same way that you apply the method to search apps that are connected to only one data store.

This feature is Generally available to select Google customers (GA with allowlist). For more information, see Get answers and follow-ups.

October 13, 2024

Google SecOps SOAR

Release 6.3.22 is currently in Preview.

Gemini Case Summary has been added as a placeholder to playbook actions. You can now use this to show the AI-generated case summary in a playbook action. Note that the playbook will only include this summary if it is available.

NOTE: This bug fix did not get fixed in 6.3.22 but was moved to 6.3.23. Unexpected behavior between system-wide and user preference localization time zone settings. Following this bug fix, the default time zone is now set to UTC + 1. This does not override the user local settings. The admin needs to change the default time zone to the required time zone if needed. (ID #51914939, #52558921)

The Remote Agent page doesn't display all the integrations and connectors. (ID #53428660)

Advanced Reports not displaying all the information. (ID #52923225, #00298032, #52553071)

Vw Dashboard Alerts HasPlaybook column shows incorrect information. (ID #53304589)

Issue with Siemplify Create or Update Entity action. (ID #53053446)

The search_everything database is displaying incorrect entity values. (ID #52746256)

SDK _get_case_by_id function does not return case tags, even though the case has tags.

Case Close Root Causes may cause errors when removed from playbook. (ID #50942408)

CaseSearchEverything API time zone discrepancies. (ID #52558921)

Playbook errors remain in the Pending Actions widget even after re-running their playbook. (ID #00274123)

Parallel action name changes are not reflecting the subsequent actions in a playbook. (ID #352725736)

October 11, 2024

Apigee UI

On October 11, 2024, we released an updated version of the Apigee UI.

Bug ID Description
357165778 VerifyIAM policy selection removed for hybrid organizations.

The VerifyIAM policy is not supported for hybrid-enabled Apigee organizations. It has been removed as an option in the Proxy Editor.

372224845 Offline debug page not loading

Fixed issue where the offline debug page would not load if a debug session was loaded elsewhere in the UI previously.

BigQuery

Use the BigQuery migration assessment for Oracle to assess the complexity of migrating data from your Oracle data warehouse to BigQuery. This feature is in preview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Video Stitcher API
    • videostitcher.googleapis.com/CdnKey
    • videostitcher.googleapis.com/LiveConfig
    • videostitcher.googleapis.com/Slate
    • videostitcher.googleapis.com/VodConfig
Dataproc Datastream

Datastream is now available in the me-central2 (Dammam) region. For the list of all available regions, see IP allowlists and regions.

Google Cloud Architecture Center

(New series) Architecture Framework: AI and ML perspective: Describes principles and recommendations that are specific to AI and ML, for each pillar of the Architecture Framework: operational excellence, security, reliability, cost optimization, and performance optimization.

Google Kubernetes Engine

(2024-R39) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1146000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1373000
    • 1.27.16-gke.1478000
    • 1.29.8-gke.1278000
    • 1.30.5-gke.1014000
    • 1.31.1-gke.1000000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1145000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1146000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1145000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1146000 with this release.

Regular channel

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1342000
    • 1.27.16-gke.1373000
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

Stable channel

  • Version 1.30.3-gke.1969002 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.3-gke.1969002 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.3-gke.1969002 with this release.

Extended channel

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

No channel

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.27.16-gke.1287000
    • 1.27.16-gke.1342000
    • 1.27.16-gke.1373000
    • 1.27.16-gke.1478000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1057000
    • 1.30.2-gke.1587003
    • 1.30.5-gke.1014000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.3-gke.1969002 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1969002 with this release.

(2024-R39) Version updates

  • Version 1.31.1-gke.1146000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1373000
    • 1.27.16-gke.1478000
    • 1.29.8-gke.1278000
    • 1.30.5-gke.1014000
    • 1.31.1-gke.1000000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1145000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1146000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.9-gke.1177000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1145000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1146000 with this release.

(2024-R39) Version updates

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1342000
    • 1.27.16-gke.1373000
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.5-gke.1014001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

(2024-R39) Version updates

  • Version 1.30.3-gke.1969002 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1057000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.3-gke.1969002 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.3-gke.1969002 with this release.

(2024-R39) Version updates

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.28.13-gke.1119000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.30.4-gke.1348001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.5-gke.1014001 with this release.

(2024-R39) Version updates

  • Version 1.30.5-gke.1014001 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.16-gke.1148001
    • 1.27.16-gke.1258000
    • 1.27.16-gke.1287000
    • 1.27.16-gke.1342000
    • 1.27.16-gke.1373000
    • 1.27.16-gke.1478000
    • 1.28.13-gke.1024000
    • 1.29.8-gke.1057000
    • 1.30.2-gke.1587003
    • 1.30.5-gke.1014000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.3-gke.1969002 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.14-gke.1004000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1969002 with this release.
Security Command Center

Working with findings and resources in the Security Operations console

The ability to work with findings and resources using the Security Operations console is now in General Availability. This feature is available only to Security Command Center Enterprise customers.

The following capabilities were added since the Preview release of this feature:

Sensitive Data Protection

The KOREA_DRIVERS_LICENSE_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

October 10, 2024

AlloyDB for PostgreSQL

AlloyDB lets you restart one or more nodes of a read pool. For more information, see Restart specific nodes of a read pool.

Apigee X

On October 10, 2024, we released an updated version of Apigee.

Apigee no longer limits the number of Cloud projects that can connect to an Apigee instance. Previously, the limit was 50 projects. For each project, you can now create up to 100 Private Service Connect Network Endpoint Groups. The previous limit was 20. For any Apigee instances created before October 10, 2024, you must perform an update to the consumer accept list for an Apigee instance if you want to take advantage of these new limits. See Updating the consumer accept list for an Apigee instance. See also Limits.

BigQuery

BigQuery tables for Apache Iceberg bring the convenience of BigQuery storage optimization to Apache Iceberg tables that reside in your own cloud buckets. BigQuery tables for Apache Iceberg let you use BigQuery without moving data out of buckets that you control. This feature is now in preview.

You can now export and load Parquet files that include GeoParquet metadata. This feature is generally available (GA).

Cloud Database Migration Service

Database Migration Service for homogeneous MySQL to Cloud SQL for MySQL migrations now supports MySQL version 8.4. See Supported source and destination databases in Cloud SQL for MySQL migrations.

Cloud Run

You can now deploy and configure a multi-region service from a single gcloud CLI command (in Preview).

Cloud Run functions

You can now manage function resources using custom constraints that get enforced at the project level. This support is at the General Availability release level.

Data Catalog

In the data lineage list view, you can filter lineage information based on the time that lineage occurred. For more information, see About data lineage.

Dataform

Dataform is available in the following regions:

  • asia-northeast2
  • asia-south2
  • australia-southeast2
  • europe-central2
  • europe-north1
  • europe-west8
  • europe-west9
  • europe-west10
  • me-west1
  • northamerica-northeast2
  • southamerica-west1
  • us-west3

For more information, see Locations.

Dataplex

In the data lineage list view, you can filter lineage information based on the time that lineage occurred. For more information, see About data lineage.

Dialogflow

Conversational Agents: The gemini-1.5-flash-001 model is generally available (GA) for data store handlers as of August 20, 2024. The gemini-1.5-flash-002 model remains public Preview.

Google Cloud Deploy

You can now block rollouts during a specified time window, using deploy policies, in preview.

Cloud Deploy now uses Skaffold 2.13 as the default Skaffold version, as of October 4, 2024, for all target types.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.200-gke.101 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.200-gke.101 runs on Kubernetes v1.30.4-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.

The following issues are fixed in 1.30.200-gke.101:

  • Fixed the known issue that caused migrating a user cluster to Controlplane V2 to fail if secrets encryption had ever been enabled.
  • Fixed the known issue that caused migrating an admin cluster from non-HA to HA to fail if secret encryption was enabled.
  • Fixed the issue that caused the Pre-upgrade tool to block upgrading a user cluster to version 1.30 or higher because of an incorrect storage driver validator check.

The following vulnerabilities are fixed in 1.30.200-gke.101:

Critical container vulnerabilities:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.200-gke.101

Google Distributed Cloud for bare metal 1.30.200-gke.101 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.200-gke.101 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Updated the bmctl update command to identify differences (if any) between the preview feature annotations in the cluster configuration file and the annotations in the deployed Cluster resource.

Fixes:

  • Fixed an issue where the control plane VIP might become unavailable because Keepalived didn't check correctly that the VIP is on a node with a responsive HAProxy.

  • Fixed Cloud Audit Logging failure due to allowlisting issue with multiple project IDs.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Looker Studio

Cart conversion fields

The following cart conversion are now available in the New Search Ads 360 connector:

  • Orders (Cart)
  • Avg. cart size
  • Avg. order value
  • Cross-sell cost of goods sold
  • Cross-sell gross profit
  • Cross-sell revenue
  • Cross-sell units sold
  • Lead cost of goods sold
  • Lead gross profit
  • Lead revenue
  • Lead units sold
  • Cost of goods sold
  • Gross profit
  • Revenue (Cart)
  • Units sold (Cart)
Sensitive Data Protection

The INDONESIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

Spanner now lets you create incremental backups through a backup schedule. You can specify when and how often backups are created, and how long they're retained.

An incremental backup contains only the data that has changed since the previous backup. Incremental backups typically consume less storage, and can help reduce your storage costs.

Incremental backups are available on the Enterprise and Enterprise Plus editions.

For more information about incremental backups, see Backups overview.

Spanner is now available on Database Center in Preview. You can track your Spanner resources in the fleet inventory section and the resource table in the Database Center. You can also use Database Center to monitor the following health issues for your Spanner resources:

  • Short backup retention
  • Last backup older than 24h
  • Not replicating across regions

For more information about Database Center, see Database Center overview. For more information about health issues supported for Spanner, see Supported health issues.

An open-source Cassandra to Spanner proxy adapter is now available. You can use it to migrate workloads from Cassandra or DataStax Enterprise (DSE) to Spanner without making any changes to your application logic. For more information, see Cassandra to Spanner proxy adapter.

reCAPTCHA

reCAPTCHA Mobile SDK v18.7.0-beta01 is now available for Android.

This version contains a dependency on com.google.android.gms:play-services-recaptchabase for enhanced detection.

October 09, 2024

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL minor versions are upgraded to 15.7 and 14.12. For more information, see AlloyDB and AlloyDB Omni version policies.

App Hub

You can now view system metrics for your App Hub applications on App Hub and using the Metrics Explorer. You can also create charts to monitor specific metrics using App Hub metadata labels. These features are now available in Preview.

Artifact Registry

Artifact Registry artifact download rules are in Preview.

Download rules let you restrict downloads at the repository and package level. To learn more, see Restrict artifact downloads. To configure download rules, follow the instructions in Restrict artifact downloads with download rules.

Assured Workloads

You can now view and apply workload updates to ensure that your workloads are using the most recent control package configuration. This feature is available in the Preview stage.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Network Services API
    • networkservices.googleapis.com/WasmPlugin
    • networkservices.googleapis.com/WasmPluginVersion
  • Artifact Registry
    • artifactregistry.googleapis.com/Rule
Cloud Logging

Ops Agent release 2.51.0 adds support for Compute Engine Arm VMs that are running Rocky Linux 8.

Cloud Monitoring

With the Ops Agent version 2.51.0, you can now collect a set of observability metrics from NVIDIA Data Center GPU Manager (DCGM). For more information, see NVIDIA Data Center GPU Manager (DCGM).

Your App Hub applications are now writing metadata labels. You can use these labels to filter the data displayed by a chart or monitored by an alerting policy. App Hub labels have the prefix of apphub_.

From the context of an App Hub host, you can now view system metrics for your applications. To view system metrics stored in multiple projects, configure the metrics scope of the App Hub host project. For more information, see the following documents:

Ops Agent release 2.51.0 adds support for Compute Engine Arm VMs that are running Rocky Linux 8.

Cloud SQL for SQL Server

Cloud SQL configures the max server memory (mb) flag based on the instance size automatically by limiting the amount of memory that SQL Server can allocate for its internal pools. For more information, see Configure database flags.

You can export the transaction logs for point-in-time recovery (PITR) that Cloud SQL stores in Cloud Storage. This feature is in Preview.

Compute Engine

Public preview: Instance flexibility in a managed instance group (MIG) lets you configure multiple machine types in the group. This can improve resource availability for applications that require large-scale capacity and high-demand hardware. For more information, see About instance flexibility in MIGs.

Generative AI on Vertex AI

The Vertex AI Gemini API SDK supports tokenization capabilities for local token counting and computation. This is a streamlined way to compute tokens locally, ensuring compatibility across different Gemini models and their tokenizers. Supported models include gemini-1.5-flash and gemini-1.5-pro . To learn more, see Count tokens.

Google Cloud Armor

Cloud Armor support for IP address groups is Generally Available.

Cloud Armor support for regional internal Application Load Balancers is Generally Available. You can use the regional backend security policy type with this load balancer. For more information, see types of security policies.

Google Cloud VMware Engine

VMware Engine ve2 nodes are available in Frankfurt, Germany, Europe (europe-west3-b).

VMware Engine ve1 nodes are available in Jurong West, Singapore, APAC (asia-southeast1-b).

Looker

Looker 24.18 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, October 14, 2024

  • Expected Looker (original) final deployment and download available: Thursday, October 24, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, October 14, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, October 28, 2024

As of Looker 24.18, Google Maps is the only visualization engine for all map visualizations. The Legacy Maps chart type has been removed from Looker. The Allow Legacy Maps Legacy feature has been removed. Please reach out to Looker Support if you encounter any issues.

Note: As of October 17, 2024, this feature has been disabled to resolve an issue. When the feature is available, this release note will be updated. In Looker application API methods that include a query_id field, or, in the case of Query APIs, an id field, the query_id and id fields no longer accept a numeric value and now require a query slug value.

The LookML validator will now return an error if an Explore name contains the % character. The % character will also be highlighted as an invalid character for object names in the Looker IDE.

The Studio in Looker feature is now available to preview for most Looker-hosted and Looker (Google Cloud core) instances. This opt-in feature lets you create, view, and edit Looker Studio reports in your Looker instance, including both governed and ad hoc data. You can share and manage your reports in Looker folders and see your recent reports and the reports that you have marked as favorites from the Looker Home page.

For more information, see the Studio in Looker Public Preview documentation:

Both Looker (Google Cloud core) customers and Looker (original) customers who use Google OAuth for authentication must sign up for the preview using the Sign-up for Looker Cloud Core form. Looker (Google Cloud core) customers who use Google OAuth authentication only need to submit the form once.

Looker (original) customers who use authentication methods other than Google OAuth do not need to submit the sign-up form.

Note: This release notes item was updated on October 10, 2024 to include the list of Public Preview documents. This release note was also updated on October 15, 2024 to clarify which customers are required to submit the sign-up form.

The Chart Config Editor now lets you change the data label color.

The Chart Config Editor now supports a {log} variable, which returns all available data values for an attribute. We recommend that you use this feature only while building and testing visualizations, as it can affect visualization performance.

Improved search now returns more complete results for folders and Explores.

The Home page now displays updated Favorites and Recently Viewed sections.

The Explore query tracker is now generally available. The query tracker includes a progress bar that appears in the Explore UI when a query is running and that tracks the phases of the query. The GA release includes a new sidebar with a detailed breakdown of times for each query stage as well as a new System Activity dashboard for query performance that enables deeper exploration. Note: This item was added to the release notes on October 10, 2024.

An issue has been fixed where the model_fieldname_suggestions API failed to generate suggestions when a suggest_explore and suggest_dimension were defined. This feature now performs as expected.

When a field is referenced in a SQL field that does not allow field references, such as sql_table_name, the LookML validator message that is returned is now more descriptive.

Previously, interacting with chart legends could impact visualization performance. This feature now performs as expected.

The Get Async Query Results API now returns a string rather than a QueryTask object.

An issue that was preventing users from downloading or scheduling dashboards without any tiles has been resolved. This feature now performs as expected.

An issue has been fixed where heatmaps would not render data when switching from a legacy map to a Google Maps visualization. This feature now performs as expected. Note: As of Looker 24.18, Google Maps is the only visualization engine for all map visualizations.

Previously, drilling on values with ampersands would return incomplete results. This feature now performs as expected.

The filters tab in the Save to Dashboard dialog in an Explore now scrolls when there are many filters present.

Looker now loads projects faster when a user first enters dev mode for a project.

Cloud Audit Log is now generally available for Looker (Google Cloud Core) instances.

You can use the BigQuery Quickstart connection to create a default BigQuery connection that can leverage Application Default Credentials.

The principal_subject attribute in the Cloud audit logs now includes the Looker user ID.

The Propose to switch to google map if mapbox fails within the dashboard Looker Labs feature has been removed. All map visualizations are now rendered with Google Maps.

The Dashboard in Drill Menus Looker Labs feature has been removed. Use the LookML link parameter instead.

SAP on Google Cloud

SAP HANA: support for deploying striped disk to host the data directory

To enable you to deploy striped disks for hosting the /hana/data directory, we have done the following:

  • Updated our documentation with the minimum sizes for SSD-based Persistent Disk and Hyperdisk volumes.

    For more information, see Minimum sizes for SSD-based persistent disks and Hyperdisks in the SAP HANA planning guide.

  • Introduced deployment automation support through the enable_data_striping Terraform argument. You can use this argument to provision a striped disk to host the /hana/data directory while deploying SAP HANA scale-up, scale-up HA, and scale-out HA systems with Terraform.

    This argument is available from version 1.3.674800406 of the Terraform modules sap_hana and sap_hana_ha, provided by Google Cloud. For more information, see the deployment guide for your SAP HANA scenario.

Google Cloud's Agent for SAP version 3.6

Version 3.6 of Google Cloud's Agent for SAP is generally available (GA). This version introduces striped disk support for SAP HANA backup and recovery by using the disk snapshot feature, metric enhancements for monitoring SAP HANA, and other minor enhancements.

For more information, see What's new with Google Cloud's Agent for SAP.

Security Command Center

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date October 9, 2024, introduces a new widget, an updated ingestion logic, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, October 2024.

Spanner

Spanner now supports a subset of pg_system_catalog tables and views. For more information, see pg_system_catalog tables and pg_system_catalog views.

October 08, 2024

Apigee Advanced API Security

On October 8, 2024 we released an updated version of Advanced API Security.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

New features added to the Risk Assessment v2 preview

This release introduces new features to the Risk Assessment v2 preview:

  • Support for custom security profiles. You can create your own security profiles, with unique combinations of risk assessment checks and weights, to use for proxy risk assessment.
  • New assessment checks. We've added additional checks you can use when assessing proxy risk.
  • Assess proxies across multiple profiles. You can now switch between security profiles to see differences in scoring across profiles.

For usage information and a list of all features in Risk Assessment v2, see the Risk Assessment v2 customer documentation.

Apigee X

On October 8, 2024, we released an updated version of Apigee (1-13-0-apigee-6).

This release addresses the security concerns in GCP-2024-052 from Google Anthos Service Mesh.

Bug ID Description
361714906 Fixed synchronization issue with Cloud KMS keys

Implemented recovery mechanism for the Apigee dataplane in the event of an extended disruption in the CloudKMS key service.

361044374 Resolved issue with incorrect payloads shown in debug trace

When using debug trace with the AssignMessage policy, the UI now displays the correct request and response payloads.

N/A Updates to security infrastructure and libraries.
Application Integration

Build integrations with Gemini Code Assist (GA)

Building integrations with Gemini Code Assist is now generally available (GA).

Additionally, if you have API Hub enabled in your project, then Gemini can assist you to provide contextually appropriate Call REST Endpoint tasks and task configuration recommendations based on the logical flow of your existing integration. For more information see, Configure Call REST API tasks.

BigQuery

You can now use pipe syntax anywhere you write GoogleSQL. Pipe syntax supports a linear query structure designed to make your queries easier to read, write, and maintain. This feature is in Preview.

Bigtable

Hot backups, optimized backups to restore your data to production performance availability more efficiently, are now generally available (GA). For more information, see Backups overview.

Cloud Composer

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.3-build.2
  • composer-3-airflow-2.9.1-build.9 (default)
  • composer-3-airflow-2.7.3-build.18

Cloud Composer 2.9.6 images are available:

  • composer-2.9.6-airflow-2.9.3
  • composer-2.9.6-airflow-2.9.1 (default)
  • composer-2.9.6-airflow-2.7.3

Cloud Composer version 2.4.5 has reached its end of support period.

Cloud Database Migration Service

Database Migration Service for homogeneous PostgreSQL migrations to Cloud SQL does not automatically enable point-in-time recovery (PITR) for the destination instance when you promote the migration job. You can enable PITR after the migration is complete.

For more information, see Promote a migration and Known limitations.

Compute Engine

Preview: An updated version of the gVNIC driver for Windows offers improved network performance and support for Jumbo frames. For more information, see Update to the latest gVNIC driver for Windows.

Dataproc
Security Command Center

Vulnerability management dashboard released to Preview

The new Vulnerability management dashboard lets you investigate CVE vulnerabilities identified in your Google Cloud and AWS environments.

This feature is available in Preview.

Vertex AI

Vector Search Private Service Connect automation

Deploying an index with Private Service Connect automation is generally available (GA). You can set up a service connection policy so that you don't have to manually create a compute address and forwarding rule after each index deployment.

For more information, see Set up Vector Search with Private Service Connect.

October 07, 2024

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.63.1 (2024-10-01)

Bug Fixes
  • bigquery/storage: Increase method timeout to 240s for BigQuery Metastore Partition Service API version v1alpha (fdb4ea9)
  • bigquery: Create read session with client or job projectID (#10932) (f98396e)
  • bigquery: Missing schema for empty result set on stateless queries (#10935) (28a069a)

Java

Changes for google-cloud-bigquery

2.43.0 (2024-10-01)

Features
  • Add max staleness to ExternalTableDefinition (#3499) (f1ebd5b)

2.42.4 (2024-09-30)

Dependencies
  • Update actions/checkout action to v4.2.0 (#3495) (b57fefb)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.51.0 (#3480) (986b036)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.53.0 (#3504) (57ce901)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240905-2.0.0 (#3483) (a6508a2)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.55.0 (#3481) (8908cfd)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.57.0 (#3505) (6e78f56)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.0 (#3490) (a72c582)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#3496) (8f2e5c5)
  • Update dependency ubuntu to v24 (#3498) (4f87ade)
  • Update github/codeql-action action to v2.26.10 (#3506) (ca71294)
  • Update github/codeql-action action to v2.26.7 (#3482) (e2c94b6)
  • Update github/codeql-action action to v2.26.8 (#3488) (a6d75de)
  • Update github/codeql-action action to v2.26.9 (#3494) (8154043)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.45.0 (2024-10-03)

Features
  • Add support for Cloud Bigtable Node Scaling Factor for CBT Clusters (caf879c)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.46.1 (caf879c)
  • Support override monitoring endpoint (#2364) (a341eb8)
Dependencies
  • Downgrade grpc to 1.67.1 (#2366) (1baecb3)
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.45.0 (#2363) (9d24c45)
Cloud Logging

You can now include pipe syntax in the SQL queries you run on the Log Analytics page. For more information, see the BigQuery documentation about pipe syntax.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.3 (2024-10-01)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#1698) (9491512)
  • Update dependency org.apache.maven.plugins:maven-deploy-plugin to v3.1.3 (2b6ea70)
Cloud Monitoring

The user interface for configuring which events to show on a dashboard has been simplified. For more information, see Show events on a dashboard.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.44.0 (2024-10-03)

Features
  • storage/dataflux: Add dataflux interface (#10748) (cb7b0a1)
  • storage/dataflux: Add range_splitter #10748 (#10899) (d49da26)
  • storage/dataflux: Add worksteal algorithm to fast-listing (#10913) (015b52c)
  • storage/internal: Add managed folder to testIamPermissions method (2f0aec8)
  • storage/transfermanager: Add option to StripPrefix on directory download (#10894) (607534c)
  • storage/transfermanager: Add SkipIfExists option (#10893) (7daa1bd)
  • storage/transfermanager: Checksum full object downloads (#10569) (c366c90)
  • storage: Add direct google access side-effect imports by default (#10757) (9ad8324)
  • storage: Add full object checksum to reader.Attrs (#10538) (245d2ea)
  • storage: Add support for Go 1.23 iterators (84461c0)
  • storage: Add update time in bucketAttrs (#10710) (5f06ae1), refs #9361
  • storage: GA gRPC client (#10859) (c7a55a2)
  • storage: Introduce gRPC client-side metrics (#10639) (437bcb1)
  • storage: Support IncludeFoldersAsPrefixes for gRPC (#10767) (65bcc59)
Bug Fixes
  • storage/transfermanager: Correct Attrs.StartOffset for sharded downloads (#10512) (01a5cbb)
  • storage: Add retryalways policy to encryption test (#10644) (59cfd12), refs #10567
  • storage: Add unknown host to retriable errors (#10619) (4ec0452)
  • storage: Bump dependencies (2ddeb15)
  • storage: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • storage: Check for grpc NotFound error in HMAC test (#10645) (3c8e88a)
  • storage: Disable grpc metrics using emulator (#10870) (35ad73d)
  • storage: Retry gRPC DEADLINE_EXCEEDED errors (#10635) (0018415)
  • storage: Update dependencies (257c40b)
  • storage: Update google.golang.org/api to v0.191.0 (5b32644)
Performance Improvements
Documentation
  • storage/internal: Clarify possible objectAccessControl roles (2f0aec8)
  • storage/internal: Update dual-region bucket link (2f0aec8)
Container Optimized OS

cos-113-18244-151-96

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Update R535, default driver to v535.183.06.

Updated the GPU installer to v2.4.1.

Disabled MGLRU by default due to integration issues with Kubernetes.

Fixed CVE-2024-46744 in the Linux kernel.

Fixed CVE-2024-46750 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812030

cos-105-17412-448-61

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Update R535 default driver to v535.183.06.

Updated the GPU installer to v2.4.1.

Fixed CVE-2024-46744 in the Linux kernel.

Fixed CVE-2024-46750 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812662 -> 812685

cos-109-17800-309-84

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.22 See List

Update R535, default driver to v535.183.06.

Updated the GPU installer to v2.4.1.

Fixed CVE-2024-46744 in the Linux kernel.

Fixed CVE-2024-46750 in the Linux kernel.

cos-101-17162-528-57

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Updated the GPU installer to v2.4.1.

Fixed CVE-2024-46750 in the Linux kernel.

Updated the GPU installer to v2.4.1.

Fixed CVE-2024-46750 in the Linux kernel.

cos-dev-121-18699-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.52 v24.0.9 v1.7.22 See List

Upgraded chromeos-base/shill-client to v0.0.1-r4695.

Runtime sysctl changes:

  • Changed: fs.file-max: 811711 -> 811792

Datastream

The maximum row size that Datastream supports when streaming data to Cloud Storage is now increased to 100 MB.

Filestore

Deletion protection is now generally available for Filestore instances.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.22.0 (2024-09-26)

Features
  • Add sample code for multiple inequalities indexing consideration query (#1579) (1286792)
  • Introducing Tracing with OpenTelemetry API #1537 (#1576) (5440c22)
Bug Fixes
  • Update opentelemetry-sdk dependency to be test-only (#1595) (9d719e8)
  • Update opentelemetry.version to 1.42.1 to match the BOM version (#1598) (23c5c26)
Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.43.0 (#1584) (fae3b74)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.0 (#1590) (2db9e43)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.36.1 (#1602) (e1b7d4b)
  • Update dependency com.google.guava:guava-testlib to v33.3.1-jre (#1592) (5d078a4)
  • Update dependency com.google.testparameterinjector:test-parameter-injector to v1.17 (#1585) (8f74a49)
Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.133.0 (2024-10-01)

Features
  • Add OpenTelemetry tracing to the Publisher and Subscriber (#2086) (db522b6)
Dependencies
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.32.0 (#2205) (76f17e4)
  • Update dependency org.assertj:assertj-core to v3.26.3 (#2204) (71c2e76)

1.132.4 (2024-09-30)

Dependencies
  • Update dependency com.google.cloud:google-cloud-storage to v2.43.1 (#2194) (979e420)
  • Update dependency ubuntu to v24 (#2193) (f295b01)

Python

Changes for google-cloud-pubsub

2.25.2 (2024-09-30)

Documentation
  • Add command line args for OpenTelemetry Subscribe sample (#1265) (0ff7f2a)
Spanner

Full-text search overview is now generally available.

Spanner now lets you create and manage backup schedules. You can use backup schedules to meet your organization's data protection and compliance needs. You can specify the following when creating a backup schedule:

  • When and how often your databases are backed up.
  • The retention duration of the backups created.
  • The encryption type of the backups created.

For more information about backup schedules, see Backups overview.

Speech-to-Text

Speech-to-Text has updated the Generally Available Chirp 2 model, further enhancing its ASR accuracy and multilingual capabilities. Under the existing chirp_2 model flag, you can experience significant improvements in accuracy and speed, as well as support for word-level timestamps, model adaptation, and speech translation. Finally, Chirp 2 can support Streaming Recognizer requests, in addition to the already supported Sync and Batch Recognition requests, allowing its use in realtime applications.

Explore the new chirp_2 model's capabilities and learn how to leverage its full potential by visiting our updated documentation and tutorials.

Workload Manager

Preview: Workload Manager now supports deploying Microsoft SQL Server workloads on Google Cloud. You can configure and deploy a SQL Server system using the Guided Deployment Automation tool in Workload Manager. For more information, see Overview of SQL Server deployment.

October 06, 2024

Application Integration

Local logging in async mode (Generally available (GA))

By default, local logging for new integrations is now enabled in async mode. With this change, the log data is persisted (written) at fixed intervals or after the completion of the integration's execution, whichever is earlier. You can change the default settings by editing the integration details.

For more information, see Local logging.

Test cases (Preview)

You can now test if your integration is working as intended by creating and running test cases on your complex integrations.

For information about test case, see Introduction to test cases. Learn how to do the following:

Diagram mode in the Data Transformer Task (Preview)

The Diagram mode provides a console-based experience to select the input and output variables and perform transformations in the data transformation editor. For more information, see the Data Transformer task.

Replay execution (Preview)

You can now rerun a failed integration with the same parameters as the previous execution. For more information, see Replay executions.

Cancel execution (Preview)

If you have executions that are suspended due to an approval task or a technical issue, you can now choose to cancel those executions. For more information, see Cancel executions.

Google SecOps

When performing a search on entities in the SOAR search page, you can now focus on more precise results by using the new condition Equals, in addition to the default condition Contains.

Google SecOps SOAR

Release 6.3.20 is now in General Availability.

Remote Agents 2.2.0 is now in General Availability.

October 05, 2024

Google SecOps SOAR

Release 6.3.21 is currently in Preview.

When performing a search on entities in the SOAR search page, you can now focus on more precise results by using the new condition Equals, in addition to the default condition Contains.

October 04, 2024

Apigee Advanced API Security

On October 4, 2024 we released an updated version of Advanced API Security.

Fixed: Delay in score generation for Risk Assessment v2 with VPC-SC-enabled organizations only

In Risk Assessment v2, which is in preview, this issue has been resolved:

With VPC-SC-enabled organizations only, when generating scores for new organizations or scoring changes to included proxies, shared flows, and target server configurations, score generation could have take as much as three hours.

See the Risk Assessment v2 customer documentation for information on the functionality.

Risk Assessment v2 is now available in the me-central2 region. See Available Apigee API Analytics Regions for region information.

Apigee hybrid

hybrid v1.13.1

On October 4, 2024 we released an updated version of the Apigee hybrid software, 1.13.1.

Cassandra credential rotation in Vault

Starting in version v1.3.1, You can set up automatic Cassandra credential rotation when your credentials are stored in Hashicorp Vault. See Rotating Cassandra credentials in Hashicorp Vault.

New analytics and debug data pipeline for data residency-enabled orgs

Newly created Apigee hybrid v1.13.1 orgs created with data residency enabled can use a new data pipeline to collect analytics and debug data and allow various runtime components to write data directly to our control plane. You cannot use the new data pipeline with non data residency-enabled orgs; only new orgs created on hybrid v1.13.1 can use this new feature. For details, see Using data residency with Apigee hybrid.

Bug ID Description
364282883 Remove check for dc-expansion flag and add timeout to multi-region seed host connection test.
362305438 You can now add additional env variables to the runtime component.
353527851 WebSocket connection drops when using VerifyJwt or OAuthV2 VerifyJWTAccessToken operations.
351440306 An issue was fixed where trace could not be viewed in the UI for orgs with DRZ enabled.
338638343 An ID is now added at the end of apigee-env and virtualhost guardrails pods to make the pod names unique.
Bug ID Description
N/A Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
Channel Services

Partners selling Workspace and ChromeOS products can now import customers who currently work with a different reseller or Google.

To import a customer, you must have the purchase consent from the customer for the product group that you want to buy for them.

Learn how to change a reseller's purchase consent.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Dataproc Generative AI on Vertex AI

The AI assistant in Vertex AI Studio can help you refine and generate prompts. This feature is in Preview. To learn more, see Use AI-powered prompt writing tools.

Prompt Guard and Flux were added to Model Garden.

You can deploy Hugging Face models on Google Cloud that have text embedding inference enabled or pytorch inference enabled. For more information, see the Hugging Face model deployment in the console.

Added multiple deployment settings (with A100-80G and H100) and sample requests for some popular models, including Llama 3.1, Gemma 2, and Mixtral.

Added dynamic LoRA serving for Llama 3.1 and Stable Diffusion XL.

Google Kubernetes Engine

The following beta APIs were added in Kubernetes 1.31 and are available in GKE version 1.31.1-gke.1361000 and later:

  • networking.k8s.io/v1beta1/ipaddresses
  • networking.k8s.io/v1beta1/servicecidrs

Enabling both APIs at the same time enables the Multiple Service CIDRs Kubernetes feature in a GKE cluster. For more information, see the following resources:

During the beta phase, you can only create Service CIDRs in the 34.118.224.0/20 reserved IP address range to avoid possible issues with overlapping IP address ranges.

Ray Operator on GKE is now generally available on 1.29 and later. Ray Operator is a GKE add-on that lets you manage and scale Ray applications. To learn more, see the Ray Operator documentation.

CVE-2024-45016 was discovered in the Linux kernel, which can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more details, see the GCP-2024-057 security bulletin.

Security Command Center

Manage security postures using the Google Cloud console

You can now create, deploy, update, and delete security postures using the Google Cloud console. This feature is available in Preview.

For more information, see Manage a security posture.

Spanner

Spanner now supports the SAFE_TO_JSON function in GoogleSQL-dialect databases. You can use this function to convert SQL objects to JSON objects. Unlike TO_JSON, this function converts invalid JSON types to JSON null values, rather than errors.

October 03, 2024

Access Context Manager

Generally available: App allowlist support for context-aware access

You can now create an access binding with a map of applications to access levels to apply access levels to specific applications, avoiding unintended effects on other applications. For more information, see Create an access binding with a map of applications to access levels.

Apigee UI

On October 3, 2024, we released an updated version of the Apigee UI.

Bug ID Description
369647749 Proxy deployment units counts include shared flows

Fixed issue where proxy deployment unit counts in the UI did not take into account shared flow deployments.

369385955 Fixed the display of the Apigee apps list

Resolved an issue causing Apigee apps to display incorrectly in the Apps list when the search bar is used for filtering.

361497390 Updated the description and calculation of Apigee deployment quotas

The deployment quota displayed on the Apigee overview page now correctly describes and calculates the value of all proxy deployment units, including both API proxy and shared flow deployments across all environments./p>

Artifact Registry

Artifact Registry support for OCI specifications v1.1 is generally available in Docker format repositories.

You can upload containerized metadata about another container image to Artifact Registry as an attachment. To learn more, see Manage container metadata.

Assured Workloads

The following products are now supported by the following control packages. See supported products for more information:

  • Access Context Manager, Eventarc, GKE Hub, and Speech-to-Text
    • Australia Regions
    • Australia Regions with Assured Support
    • Brazil Regions
    • Canada Regions
    • Canada Regions and Support
    • Chile Regions
    • EU Regions
    • EU Regions and Support
    • India Regions
    • Indonesia Regions
    • Israel Regions
    • Israel Regions and Support
    • Japan Regions
    • Singapore Regions
    • South Korea Regions
    • Switzerland Regions
    • Taiwan Regions
    • UK Regions
    • US Regions
    • US Regions and Support
  • Secret Manager
    • EU Regions and Support
    • Israel Regions and Support
    • US Regions and Support

Cloud Run and Filestore are now supported by the following control packages. See supported products for more information:

BigQuery

You can now create an external dataset in BigQuery that links to an existing database in Spanner. This feature is in preview.

ODBC driver update, release 3.0.7 1016

  • [New] Connector authentication on Google Cloud VMs: The connector now supports authentication through Application Default Credentials using the Google internal metadata server, eliminating the need for a keyfile. This feature works only on Google Cloud Compute Engine VMs.
  • [Resolved] The output for PrimaryKeys previously denoted the Key Sequence as a 0-indexed value. This has been corrected to a 1-indexed value, indicating the sequential order of the primary key's column within the primary key itself.
Cloud SQL for MySQL

You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. With server CA mode, you have two options:

  • Per-instance CA: this is the default configuration. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance.
  • Shared CA: with this option, the Cloud SQL instance uses a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service). The subordinate server CAs in a region sign the server certificates and are shared across instances in the region. This option can be used only with MySQL 8.0.30 and later.

For more information about each option, see Certificate authority (CA) hierarchies. This feature is in Preview.

Cloud SQL for PostgreSQL

The pg_ivm extension, version 1.9, is generally available. This extension enables you to make materialized views up-to-date in which only incremental changes are computed and applied on views rather than recomputing the contents from scratch.

Cloud SQL for PostgreSQL, version 16, now supports the pgRouting extension. This extension extends PostGIS and enhances geospatial processing through network routing and analysis.

For more information on these extensions, see Configure PostgreSQL extensions.

The rollout of the following minor versions, extension versions, and plugin versions is underway:

Minor versions

  • 12.19 is upgraded to 12.20.
  • 13.15 is upgraded to 13.16.
  • 14.12 is upgraded to 14.13.
  • 15.7 is upgraded to 15.8.
  • 16.3 is upgraded to 16.4.

Extension and plugin versions

  • google_ml_integration is upgraded from 1.2 to 1.4.2.
  • pgvector is upgraded from 0.7.0 to 0.7.4.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20240910.01.00_02. To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. With server CA mode, you have two options:

  • Per-instance CA: this is the default configuration. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance.
  • Shared CA: with this option, the Cloud SQL instance uses a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service). The subordinate server CAs in a region sign the server certificates and are shared across instances in the region.

For more information about each option, see Certificate authority (CA) hierarchies. This feature is in Preview.

Cloud SQL for SQL Server

You can now configure server certificate authority (CA) mode when you create a Cloud SQL instance. With server CA mode, you have two options:

  • Per-instance CA: this is the default configuration. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance.
  • Shared CA: with this option, the Cloud SQL instance uses a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service). The subordinate server CAs in a region sign the server certificates and are shared across instances in the region.

For more information about each option, see Certificate authority (CA) hierarchies. This feature is in Preview.

Colab Enterprise

Gemini in Colab Enterprise, which is a product in the Gemini for Google Cloud portfolio, is generally available. Gemini in Colab Enterprise helps you write code by suggesting code as you type. You can also use the Help me code tool to generate code from a description of what you want.

Gemini in Colab Enterprise is available to try at no cost through December 31, 2024.

To learn how to enable and activate Gemini in Colab Enterprise features, see Set up Gemini in Colab Enterprise.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.600-gke.109 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.600-gke.109 runs on Kubernetes v1.29.8-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Removed TLS/SSL weak message authentication code cipher suites in the vSphere cloud controller manager.

Fixed the following vulnerabilities in 1.29.600-gke.109:

Critical container vulnerabilities:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Kubernetes Engine

(2024-R38) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.1-gke.1000000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1342000
    • 1.28.13-gke.1119000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.31.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1000000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1000000 with this release.

Regular channel

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

Stable channel

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1057000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1057000 with this release.

Extended channel

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

No channel

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.

(2024-R38) Version updates

  • Version 1.31.1-gke.1000000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1342000
    • 1.28.13-gke.1119000
    • 1.28.14-gke.1004000
    • 1.29.8-gke.1211000
    • 1.30.4-gke.1348000
    • 1.31.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.1-gke.1000000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1373000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.14-gke.1099000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1278000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.5-gke.1014000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.1-gke.1000000 with this release.

(2024-R38) Version updates

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.4-gke.1348000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

(2024-R38) Version updates

  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.8-gke.1057000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.8-gke.1057000 with this release.

(2024-R38) Version updates

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1287000
    • 1.28.13-gke.1049000
    • 1.29.8-gke.1096000
    • 1.30.3-gke.1969001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.4-gke.1348000 with this release.

(2024-R38) Version updates

  • Version 1.30.4-gke.1348000 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.13-gke.1006000
    • 1.29.8-gke.1031000
    • 1.30.3-gke.1639000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.8-gke.1211000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1119000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.8-gke.1211000 with this release.
Network Connectivity Center

Producer VPC Spokes is now available in public preview.

If you have a VPC network that consumes a service offered through private services access, you can use a Network Connectivity Center producer VPC spoke to make the service reachable by other spokes on a hub.

Security Command Center

GKE Security Posture vulnerability findings now support attack exposure scores

GKE runtime OS vulnerability findings detected by GKE Security Posture in Google Cloud are now scored by attack path simulations. Use these attack exposure scores on vulnerabilities to help secure the resources that are the most valuable to your business and to address the most significant vulnerabilities in your GKE clusters. For more information, see Attack exposure scores.

Sovereign Controls by Partners Spanner

You can now create an external dataset in BigQuery that links to an existing database in Spanner. This feature is in Preview.

October 02, 2024

Agent Assist

Agent Assist offers a native UI Connector with Twilio Flex to integrate with voice conversations.

AlloyDB for PostgreSQL

The alloydb_scann extension (previously named postgres_scann) is generally available (GA) for the AlloyDB service in Google Cloud. For more information about storing vector embeddings, creating indexes, and tuning indexes to achieve faster query performance and better recall, see Work with vectors.

AlloyDB Omni is in Limited Availability on the Aiven Platform. Aiven provides managed AlloyDB Omni as a service on multiple public clouds. For more information, see Store your data on any major cloud.

Apigee X

On October 2, 2024, we released an updated version of Apigee.

With this release, all remaining Apigee API Management organizations with Subscription 2021 contracts have been upgraded to introduce standard and extensible API proxy features.

To learn more about:

Subscription Apigee organizations (without hybrid entitlements) upgraded in this release will see changes to the user experience in the Classic Apigee UI. To support management of the upgraded functionality now available to these organizations, a number of feature administration pages are now only available in the Apigee UI in Cloud console.

For more information, see Apigee UI in Cloud console navigation.

Cloud Logging

You can now use Terraform commands to a create or update a log scope. For more information, see Create a log scope.

Firestore in Datastore mode

You can now use property transforms like increment in the REST API. This feature is in Preview.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.100-gke.96 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.100-gke.96 runs on Kubernetes v1.30.4-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Fixed the following issues in 1.30.100-gke.96:

  • Fixed the known issue where updating dataplaneV2.forwardMode didn't automatically trigger anetd DaemonSet restart.

Fixed the following vulnerabilities in 1.30.100-gke.96:

Memorystore for Valkey

Added support for Valkey version 8.0 (Preview). For more information, see Supported versions.

Spanner

You can perform vector similarity search using the now Generally Available K-nearest neighbors (KNN) vector distance functions:

  • COSINE_DISTANCE()
  • EUCLIDEAN_DISTANCE()
  • DOT_PRODUCT()

For more information, see Perform vector similarity search in Spanner by finding the K-nearest neighbors.

The FLOAT32 (GoogleSQL) and float4/real (PostgreSQL) data types are Generally Available.