Google Cloud release notes

Stay organized with collections Save and categorize content based on your preferences.

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

October 01, 2022

Container Registry

New pricing for Cloud Storage takes effect October 1, 2022. Since the cost of Container Registry storage and network egress is based on Cloud Storage pricing, this new pricing applies to Container Registry usage.

The most relevant change for Container Registry is the new network egress pricing for Cloud Storage:

  • Reading data in a Cloud Storage bucket located in a multi-region from a Google Cloud service located in a region on the same continent is no longer free. Instead, such moves are priced the same as general data moves between different locations on the same continent. Since Container Registry only runs in multi-regions, egress to services that only run in regions like Cloud Run and Google Kubernetes Engine (GKE) is always charged.

  • Network egress within Google Cloud no longer depends on the monthly egress traffic you have from your bucket. Instead, pricing is only determined by the locations involved.

Artifact Registry does not currently charge for network egress from a multi-regional repository to a Google Cloud service in a region on the same continent. Learn about transitioning to Artifact Registry.

September 30, 2022

Cloud Logging

Cloud Logging now uses one service account and writer identity for all the sinks in a resource container that route logs to an external resource. Cloud Logging creates the service account the first time a log sink in the resource container is created or updated.

Cloud Monitoring

The set of pre-configured Monitoring dashboards now includes a Microservices gRPC Overview dashboard. If apps in your project emit gRPC metrics, then this dashboard is automatically added to your list of available dashboards.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL supports in-place major version upgrades in GA. You can upgrade your instance's major version to a more recent version. For more information, see Upgrade the database major version in-place.

Firestore in Datastore mode

In the Google Cloud console, updated the pages for editing an entity. See Edit an entity in the console.

Google Kubernetes Engine

You can now run GPU-based workloads in Preview in Autopilot clusters that use GKE version 1.24.2-gke.1800 and later. For more information, see the Google Cloud blog post.

In Autopilot clusters running GKE version 1.24.1-gke.1400 and later, you can now use the Balanced compute class to schedule your workloads that require very high memory or CPU requests.

Issuer switch

The payment operations console of the Payment Gateway is now available in preview. The payment operations console provides a user interface that lets a bank's business operations users quickly and easily access the relevant issuer switch functionality.

For more information about the payment operations console features and functionalities, see the Payment operations console overview.

Security Command Center

Sensitive Actions Service, a built-in service of Security Command Center Premium, is now available in Preview.

Sensitive Actions Service detects when actions are taken in your Google Cloud organization, folders, and projects that could be damaging to your business if they were to be taken by a malicious actor.

For more information, see Sensitive Actions Service overview.

Container Threat Detection, a built-in service of Security Command Center Premium, has launched a new detector, Malicious URL Observed, in Preview.

The detector checks URLs observed in arguments passed by executables against known phishing and malware URLs to determine if they are malicious.

Full details for this findings are available in the Security Command Center dashboard only if you upgrade to the refreshed findings display.

For more information, see:

Sovereign Controls by Partners

Sovereign Controls by Partners offerings are now available from two partners: T-Systems International (TSI) and S3NS.

Sovereign Controls by TSI, part of T-Systems Sovereign Cloud, remains generally available.

Local Controls by S3NS is now in Preview. To learn more and get started, see:

Video Stitcher API

The Video Stitcher API now supports CDN keys created for Media CDN. See Create and manage CDN keys for more information.

September 29, 2022

Access Approval

Access Approval supports Dataproc in the GA stage.

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions:

  • 1.24.3-gke.2100
  • 1.23.9-gke.2100
  • 1.22.12-gke.2300

Kubernetes 1.21 versions are no longer supported. To upgrade to a supported version, see Upgrade your AWS cluster version.

You can now use the Google Cloud console to update, upgrade, and delete clusters on AWS.

Creating Arm node pools is now a preview feature. To learn more, see Run Arm workloads in Anthos clusters on AWS.

If you have legacy workloads that don't support Workload Identity directly, you can now use the IMDS emulator to access IMDS data. To learn more, see Enable the IMDS emulator.

In Kubernetes version 1.24 and later, Google Cloud Managed Service for Prometheus (GMP) is available as an invite only private preview. GMP lets you monitor and alert on workloads, using Prometheus, without having to manually manage and operate Prometheus at scale.

Anthos clusters on AWS now supports Cloud Monitoring for Windows node pools from Kubernetes version 1.24 and later. To learn more about monitoring in Anthos Clusters on AWS, see Cloud monitoring.

In Kubernetes version 1.24 and later, Anthos clusters on AWS supports EFS dynamic provisioning in preview mode. To use this feature, you must add the following permissions to the control plane role:

  • ec2:DescribeAvailabilityZones
  • elasticfilesystem:DescribeAccessPoints
  • elasticfilesystem:DescribeFileSystems
  • elasticfilesystem:DescribeMountTargets
  • elasticfilesystem:CreateAccessPoint
  • elasticfilesystem:DeleteAccessPoint

To learn more, see Update your AWS cluster parameters.

In Kubernetes version 1.24 and later, there are now checks to the API to ensure that users aren't making inconsistent or erroneous requests.

Go 1.18 stops accepting certificates signed with the SHA-1 hash algorithm by default. Admission and conversion webhooks or aggregated server endpoints using these insecure certificates will break by default starting from Kubertnetes version 1.24.

The environment variable GODEBUG=x509sha1=1 is set in Anthos on AWS clusters as a temporary workaround to let these insecure certificates continue to work. However, the Go team is anticipated to remove support on this workaround. You should check and ensure there aren't any admission or conversion webhooks or aggregated server endpoints that are using such insecure certificates before upgrading to the upcoming breaking version.

Anthos Service Mesh doesn't work on Anthos Clusters on AWS when Anthos Service Mesh has the Istio Container Network Interface (CNI) enabled. To use Anthos Service Mesh with this product, disable CNI in Anthos Service Mesh.

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions:

  • 1.24.3-gke.2100
  • 1.23.9-gke.2100
  • 1.22.12-gke.2300

Kubernetes 1.21 versions are no longer supported. To upgrade to a supported version, see Upgrade your Azure cluster version.

You can now use the Google Cloud console to update, upgrade, and delete clusters on Azure.

In Kubernetes version 1.24 and later, Google Cloud Managed Service for Prometheus (GMP) is available as an invite only private preview. GMP lets you monitor and alert on workloads, using Prometheus, without having to manually manage and operate Prometheus at scale.

Anthos clusters on Azure now supports Cloud Monitoring for Windows node pools from Kubernetes version 1.24 and later. To learn more about monitoring in Anthos clusters on Azure, see Cloud monitoring.

Starting from Kubernetes version 1.24, virtual machines launched by Anthos clusters on Azure support System Assigned Managed Identities.

In Kubernetes version 1.24 and later, there are now checks to the API to ensure that users aren't making inconsistent or erroneous requests.

Starting from Kubernetes version 1.24, Anthos clusters on Azure switches to the external cloud provider. To learn more about this provider, see Cloud provider for Azure on GitHub.

Go 1.18 stops accepting certificates signed with the SHA-1 hash algorithm by default. Admission and conversion webhooks or aggregated server endpoints using these insecure certificates will break by default starting from Kubertnetes version 1.24.

The environment variable GODEBUG=x509sha1=1 is set in Anthos on AWS clusters as a temporary workaround to let these insecure certificates continue to work. However, the Go team is anticipated to remove support on this workaround. You should check and ensure there aren't any admission or conversion webhooks or aggregated server endpoints that are using such insecure certificates before upgrading to the upcoming breaking version.

Anthos clusters on VMware

Anthos clusters on VMware 1.13.0-gke.525 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.0-gke.525 runs on Kubernetes 1.24.2-gke.1900.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

vSphere versions below 7.0 Update 1 are no longer supported in Anthos clusters on VMware. You must upgrade vSphere (both ESXi and vCenter) to version 7.0 Update 1 or above before you can upgrade to Anthos clusters on VMware 1.13.0. If you want to use the vSphere Container Storage Interface driver or NFSv3, then you must upgrade to vSphere 7.0 Update 2 or a later update of version 7.0.

Cluster life-cycle Improvements:

  • GA: A new asynchronous variation of the user cluster upgrade is now supported. With this variation, the gkectl upgrade cluster command starts the upgrade and completes. You don't need to watch the output of the command for the entire duration of the upgrade. For more details, see Upgrade a user cluster.
  • Preview: You can now update node pools either sequentially or maintain the default parallel behavior by specifying the value of maximumConcurrentNodePoolUpdate in your user cluster configuration file. Setting the value to 1 will configure the node pool update to be sequential, which can potentially avoid two issues — resource quota limit issue and PDB deadlock issue.
  • Introduced an admin cluster controller for managing the admin cluster lifecycle.
  • Added new preflight checks:
    • Check that node IPs are in the subnet for IPAM.
    • A new preflight check was added to validate the clusterLocation field under stackdriver and cloudAuditLogging. This preflight check requires the component access service account to have the compute.viewer role, and the compute.googleapis.com to be allowlisted in the HTTP proxy and firewall settings. If you use an invalid value in the clusterLocation, the preflight check will fail. You can correct the invalid clusterLocation by removing the stackdriver and/or cloudAuditLogging configurations from the admin or user cluster configuration files, applying the changes with gkectl update, and then add the corrected configurations back. Or, you can use --skip-validation-gcp to skip the check. Note that having an invalid clusterLocation will cause a failure to export logs and metrics.
    • For a cluster in static IP mode, you need to have one IP address for each node and an additional IP address. This additional IP address will be used for a temporary node during cluster update, upgrade and auto-repair.
    • Validate that IP addresses are not in docker IP range in IPAM mode.
    • Check to make sure there is no node port collision among different user clusters in manual load balancing mode.
    • Check datastore size to ensure it has enough capacity for surge machine.
    • Check for an available IP address for creating Windows VM template in IPAM mode.
    • PDB preflight check to prevent multiple PDBs from matching with the same pod.

Platform enhancements:

  • GA: Support for cos OS image type in admin cluster nodes is now generally available. You can update the admin node image type with the gkectl update admin command.
  • Preview: A new user cluster deployment model with support for multi-vCenter deployments is available as a preview feature. For more details on how to create a user cluster with this new model, see Create a user cluster with a new installation model.
  • Preview: vSphere CSI volume snapshot is now available as a preview feature. This feature provides the ability to create volume snapshots and restore volumes from snapshots using VMware Cloud Native Storage. To use this feature, you must update both vCenter Server and ESXi to version 7.0 Update 3 or later.

Security enhancements:

  • GA: Support for storing credentials for user clusters as Kubernetes Secrets is generally available.

    • With this feature, users can prepare credentials for the user cluster, and store them as Kubernetes Secrets in the admin cluster before a user cluster is created. After credential preparation, users can delete the Secrets configuration file which contains the user cluster credentials from the admin workstation. When creating a user cluster, the prepared credentials will be used. For more details, see Configure prepared credentials for user clusters.
  • Kubernetes service account (KSA) Signing Key rotation is supported on user clusters. For more details, see Rotate KSA signing keys.

  • GA: Component access SA key rotation for both admin and user clusters is generally available.

  • GA: You can set up Connect gateway to use Google Group membership for authorization. For more information, see Set up the Connect gateway with Google Groups.

Simplify day-2 operations:

  • Preview: Added support of multi-line parsing for Go and Java logs.
  • GA: Launched the enablement of Google Cloud Managed Service for Prometheus to track metrics in Anthos on vSphere clusters, and introduced two separate flags to enable logging and monitoring for user applications separately: EnableCloudLoggingForApplications and EnableGMPForApplications. You can monitor and alert on the applications using Prometheus with Google-managed Prometheus without managing and operating Prometheus. You can set enableGMPForApplications in the Stackdriver spec to enable Google Managed Prometheus for application metrics without any other manual steps, and the Google Managed Prometheus components are then set up automatically. See Enable Managed Service for Prometheus for user applications for details.

  • Added a new Anthos Utilization Metering dashboard in Cloud Monitoring to monitor cluster health. The dashboard shows CPU and memory utilization in the clusters by namespace and Pod labels.

  • connectgateway.googleapis.com API is now required to create new clusters in 1.13.0.
  • Updated the gcloud version in the admin workstation to 401.0.0.
  • Increased the default boot disk size for the admin workstation to 100GB.
  • SImplified the gkectl diagnose snapshot scenario usage. The --scenario flag is no longer needed for the admin cluster snapshot. Use system (default) or all values to specify scenarios for the user cluster snapshot. For more details, see Diagnosing cluster issues.
  • Improved gkectl diagnose cluster to detect and diagnose two general issues:
    • Node draining issues can block cluster upgrade
    • Kubernetes Cluster API resource managed by an Anthos clusters on VMware bundle might be accidentally modified which can cause failure of system components, or cluster upgrade or update failure.
  • Enforced admin cluster registration with preflight checks.

    • This also applies to admin clusters to be upgraded to 1.13. You can run gkectl update admin to register existing 1.12 admin clusters.
    • You can skip this check with the --skip-validation-config flag if you cannot register admin clusters for certain reasons.
  • Configuration for Logging and Monitoring is now enforced in admin and user cluster configuration files during creation preflight checking. You can run gkectl update cluster and gkectl update admin to enable Logging and Monitoring in existing 1.12 user or admin clusters before upgrading to 1.13. Otherwise, upgrade preflight checks will emit a warning. You can skip these checks with the --skip-validation-stackdriver flag if you cannot enable Logging and Monitoring for certain reasons. However, enabling Logging and Monitoring is strongly recommended to get better Google support, and there is no charge for this service on Anthos.

  • When Logging and Monitoring is enabled, the values of the gkeConnect.projectID field, stackdriver.projectID field, and cloudAuditLogging.projectID field must all be the same in the cluster configuration files. Otherwise, cluster creation preflight checks would fail with an error, and upgrade preflight checks would emit a warning. You can also skip these checks with the --skip-validation-stackdriver flag, but this is not recommended as using different project IDs for stackdriver and gkeconnect may cause friction during support and fleet management. Note you can still send logs and metrics to a different project through Cloud Logging sinks and metric viewer scoping.

  • Migrated metrics-server and addon-resizer to a new namespace: gke-managed-metrics-server.

  • Refined kube-state-metrics so that only core metrics are collected by default. Fewer resources are needed to collect this optimized set of metrics, which improves overall performance and scalability.

  • Fixed the issue of cloud-init log not showing in the serial console for Ubuntu.
  • Fixed the issue where user cluster check-config fails when the admin cluster uses cos as the osImageType.
  • Updated virtual hardware version to version 15 for creating VMs in Anthos cluster on VMware 1.13.0.
  • Fixed the issue of two missing metrics, scheduler and controller-manager, in the admin and user cluster.
  • Fixed the issue of an empty CPU readiness chart in OOTB dashboards that was caused by deprecated metrics.
  • Fixed the issue where you may not be able to add a new user cluster if a user cluster is stuck in the deletion process, and your admin cluster is set up with a MetalLB load balancer configuration.
  • Fixed the following vulnerabilities:
  • In the configuration file template generated by gkectl create-config cluster, the pre-populated value for the commented field kubeception is shown as false, while the default value is true.
  • In the configuration file template generated by gkectl create-config admin, gkeConnect is shown as an optional section, however it is actually a required section.
Anthos clusters on bare metal

Release 1.13.0

Anthos clusters on bare metal 1.13.0 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.0 runs on Kubernetes 1.24.

The dockershim component in Kubernetes enables cluster nodes to use the Docker Engine container runtime. However, Kubernetes 1.24 removed the dockershim component. Since Anthos clusters on bare metal version 1.13 runs on Kubernetes 1.24, version 1.13 and higher clusters can no longer use Docker Engine as a container runtime. All clusters must use the default container runtime containerd.

Improved cluster lifecycle functionalities:

  • Upgraded from Kubernetes version 1.23 to 1.24:

    • Reverted some of the changes Kubernetes and the kubeadm tool made to certain labels and taints on control plane nodes. Changes were reverted so that older versions of Anthos clusters on bare metal remain supported. As a result, control plane nodes have the following labels and taints:

      • node-role.kubernetes.io/master label
      • node-role.kubernetes.io/control-plane label
      • node-role.kubernetes.io/master:NoSchedule taint
    • Upgraded from kubeadm.k8s.io/v1beta2 to kubeadm.k8s.io/v1beta3 since the former is deprecated.

    • Stopped automatic generation of Secret API objects containing service account tokens for every Service Account. For more information, see the LegacyServiceAccountTokenNoAutoGeneration section of the upgrade notes.

  • Breaking change: Version 1.12 clusters that use Docker Engine can upgrade to 1.13 only if the new container runtime is specified as containerd. Blocked the creation of new 1.13 clusters that use Docker Engine as the container runtime.

  • Preview: Added feature so that upgrades of an admin/hybrid/standalone cluster can proceed without a bootstrap cluster. Management of Anthos clusters on bare metal is now fully conformant to the Kubernetes Resource Model.

  • Added support of Red Hat Enterprise Linux (RHEL) 8.6.

  • Removed an erroneous CustomResourceDefinition (app.k8s.io.Application) from inclusion in the cluster creation process.

  • Fixed vulnerability to YAML injection by switching to safetext/yamltemplate.

  • GA: Added support for installing Anthos clusters on bare metal, using your own registry service, instead of gcr.io. For instructions and additional information, see Use a registry mirror to create clusters.

  • Eliminated false error messaging when the bmctl create cluster is run. The message erroneously reported an Invalid value in the spec.labels field of NodePool specifications.

  • Added feature so that resetting a user cluster doesn't require the cluster configuration file.

  • Reduced containerd disk usage by having containerd store just the uncompressed layers of an image rather than both the compressed and uncompressed layers.

  • Upgraded containerd to version 1.6.6.

Networking:

  • GA: Enabled Dynamic Flat IP with Border Gateway Protocol (BGP) support. This feature lets you configure flat mode using BGP in clusters by leveraging Network Gateway Group and BGP. In this mode the Pod's IP address is visible and routable without masquerading across multiple subdomains. Currently supports advertising IPv4 and IPv6 routes over IPv4 sessions.

  • GA: Added BGP-based Load Balancer support for IPv6. Added ability to disable the Bundled Ingress feature. Customers should disable this feature if they are using full Anthos Service Mesh (ASM) instead. (Bundled Ingress is unnecessary when full ASM is installed).

Observability:

  • Preview: Added support of multi-line parsing for Go and Java logs.

  • GA: Added support for Google Cloud Managed Service for Prometheus (GMP) for application metrics.

  • Refined kube-state-metrics so that only core metrics are collected by default.

Security:

  • GA: Added Google Groups support for Connect Gateway.

  • Switched distroless base image for Node Problem Detector.

  • Changed anet-operator/cilium-operator to run as non-root container.

  • Secured communication between metrics-server and api-server using the Transport Layer Security (TLS) protocol.

VM Runtime:

  • Fixed a memory leak in libvirt-go, which caused unbounded memory growth and risked crashing long-running VMs.

  • Provided guaranteed compute support so that customers can get Guaranteed Quality of Service (QoS)for the VM when needed.

  • Preview: Enabled Anthos VM to be allocated dedicated host cores. Each VM virtual core can be pinned to a dedicated host core.

  • Separated GPU installation and deletion logic. If only the container GPU workload is needed, customers can enable the GPU without having to enable VM Runtime.

  • Added support for the T4 GPU card.

  • Enabled automatic use of the VirtualMachineDisk name as the disk serial number. This change makes it easier for customers to identify the disk in the VM.

  • Enabled KubeVM cloud-init API and startup script API.

  • Added new CLI command (Virtctl) for resetting Windows VM password.

  • Fixed the following container image security vulnerability: CVE-2022-1798

  • Added feature that stops NVIDIA device plugins from crashing if a GPU card hasn't been allocated to a container.

  • Added support for automatic VM restarts after a configuration update. Previously, customers needed to stop the VM, apply the change, and then re-start the VM. To use the feature, set the autoRestartOnConfigurationChange flag to true in the VirtualMachine custom resource.

  • Improved the Kubernetes audit log of VM operations so that it contains detailed VM configuration and update information.

  • Fixed flooding of logs with cluster events that arise when a VM encounters disk I/O errors.

  • Added KubeVM roles. By binding with these roles, customers are granted permission to resources that manage VMs.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee hybrid

hybrid v1.8.1

On September 29, 2022 we released an updated version of the Apigee hybrid software, v1.8.1.

For information on upgrading, see Upgrading Apigee hybrid to version 1.8.

Bug ID Description
249144084 Reuse existing target IPs if DNS resolution fail on DNS cache refresh.
243880171 Upgrade from Apigee hybrid v1.7 to v1.8 could fail when http_proxy was configured to DENY internal network traffic.
243717191 Container restart no longer conflicts with the existing certificates.
243599452 Fixed indentation issue with ingress gateway annotations.
243167389 Apigee now validates the length of ingressGateways[].name in overrides.yaml.
TThe value of ingressGateways:name must meet the following requirements:
  • Have a maximum length of 17 characters
  • Contain only lowercase alphanumeric characters, '-' or '.'
  • Start with an alphanumeric character
  • End with an alphanumeric character
See ingressGateways[].name in the Configuration property reference.
241959053 Fixed apigeectl parsing error for serviceaccountRef.
232529030 Replaced the Logging fluentbit container environment variable http_proxy with HTTP__PROXY to maintain compatibility with fluentbit 1.8.
227212728 Cassandra scripts now avoid writing data to the Pod Filesystem.
Bug ID Description
222772470, 220169963, 210116413 Security fix for CVE-2021-38297: Updated Go language version.
222772341, 222772333, 222772261, 222771839 Security fix for CVE-2022-23806: Updated Go language version.
202174499 Fixed Vulnerability for protobuf-java and protobuf-java-util packages.
BigQuery

In addition to standard rounding, BigQuery now supports the rounding mode ROUND_HALF_EVEN for parameterized NUMERIC or BIGNUMERIC columns. The ROUND() function also accepts the rounding mode as an optional argument. This feature is now in preview.

Chronicle

The following changes are available in the Unified Data Model:

For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.

Cloud Bigtable

The Cloud Bigtable observability metric high-granularity CPU utilization of hottest node is now generally available (GA). Because of more frequent sampling, this metric is more accurate than CPU utilization of hottest node. For more information on using Bigtable metrics, see Monitoring.

Cloud Composer

Cloud Composer 1.19.11 and 2.0.28 release started on September 29, 2022. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

Airflow 2.3.3 is available in Cloud Composer images.

Cloud Composer 1.19.11 and 2.0.28 images are available:

  • composer-1.19.11-airflow-1.10.15 (default)
  • composer-1.19.11-airflow-2.1.4
  • composer-1.19.11-airflow-2.2.5
  • composer-1.19.11-airflow-2.3.3
  • composer-2.0.28-airflow-2.1.4
  • composer-2.0.28-airflow-2.2.5
  • composer-2.0.28-airflow-2.3.3

Cloud Composer versions 1.17.1 and 2.0.0-preview.2 have reached their end of full support period.

Cloud Interconnect

Dedicated Interconnect support is available in the following colocation facilities:

  • True IDC - North Muang Thong, Bangkok

For more information, see the Locations table.

Cloud SQL for MySQL

Query insights is now generally available. Query insights helps you detect, diagnose, and prevent query performance problems for Cloud SQL databases. It provides self-service, intuitive monitoring, and diagnostic information that goes beyond detection to help you to identify the root cause of performance problems. To learn more, see Use Query insights to improve query performance.

Cloud SQL for MySQL now supports high-availability for self-service migration. Before starting replication, check the outgoing IP addresses of the Cloud SQL instance and make sure that the appropriate IP addresses are allowlisted on the external source. For more information, see Start replication on the Cloud SQL instance.

Data Catalog

Public tags are now generally available (GA). For more information, see Public tags.

Deep Learning Containers

M97 Release

  • Regular package updates.
Deep Learning VM Images

M97 Release

  • Improved the startup time for Ubuntu GPU images.
  • Regular package updates.
Document AI

This launch upgrades the lifecycle stage of the Custom Document Extractor (CDE) component of the DocAI Workbench from Private Preview to Public Preview. CDE covers essential workflows for developing custom document extraction processors with E2E UI support:

  • Data import
  • Schema creation and annotation
  • Processor model training
  • Evaluation and troubleshooting
  • Model deployment and version management
  • Human-in-the-loop (HITL) integration for "last-mile" processor quality assurance

Notable new Public Preview Custom Document Extractor (CDE) features include:

  • Progressive data import
  • Direct import of annotated .json files as training or test datasets
  • Data labeling platform integration
  • Dataset export with metadata preserved
  • Auto-labeling using a trained processor version at import to minimize manual annotation efforts
  • Tabular entity end-to-end support
  • Checkbox boolean annotation, training, and extraction
  • Fuzzy matching for more flexible model evaluation
  • Exportable / downloadable model evaluation metrics

The following features have been upgraded:

  • Data import
  • Schema creation and annotation
  • Processor model training
  • Evaluation and troubleshooting
  • Model deployment and version management
  • Human-in-the-loop (HITL) integration for "last-mile" processor quality assurance

Known issues

  • During labeling, checkboxes default to a state that does not reflect the selected or unselected states in the corresponding documents.

    Workaround: Label all checkboxes within a schema, regardless of whether they are selected or unselected,  for optimal checkbox extraction quality and accurate evaluation. When annotating a checkbox by drawing its bounding box, all checkboxes in the CDE annotation user interface will default to an unselected state, and you must manually update the selected or unselected state as necessary.

  • If a processor is deleted when there is an active labeling task ongoing, the task does not stop automatically. Labelers and Labeler Managers will still see the task in their labeling and manager consoles.

    Workaround: Cancel the active labeling task before you delete the processor. Otherwise, navigate to the manager console to pause or delete the corresponding task queue. Any documents labeled from that task after the processor is deleted will be unretrievable.

  • Some discrepancies might exist between pretrained and uptrained versions of a processor.

  • On the Evaluate & Test tab, the evaluation does not show as complete until you click Refresh Table.

  • If you cannot choose a specialist pool due to no chooser for the specialists, clicking Continue causes an error.

    Workaround: Click Task Details to go back and fill in remaining details.

  • Support for nested entities is limited to data arranged in a tabular format. Other layouts are currently not supported.

    Any mention of "nested entities" in previous versions of the Document AI Workbench documentation have been replaced with "tabular entities" to reflect the table-based nesting capabilities for this launch.

  • If you see this message, "This processor does not currently support uptraining or evaluation capabilities" on a processor in the Processor gallery, this means that only the prediction endpoint is available at this time.

  • In some cases, required_once and optional_once entities appear multiple times in a document, with the same value copied to multiple locations. While one annotation is s sufficient when annotating a test set for evaluation, all copies should be annotated to ensure higher recall for trained models.

    Workaround: Annotate all instances of an entity within a doc. This will support both Evaluation and Training without any infrastructure changes.

  • Existing Human in the Loop (HITL) configurations for Label-level filters do not automatically populate to new processor configurations.

    Workaround: If you require changes to the configuration, navigate to the Human-In-The-Loop tab. Under Set filters, select Label-level filters and click Set Label Filters. A Label-level filters page opens. Manually edit this table to configure all of the labels needed for validation and review.

  • Support for handwritten entity detection such as signatures, dates, and initials are limited and may require additional configuration for proper evaluation.

    Workaround: When evaluating pretrained processors, the Value should be manually updated to YES if the entity is present, or NO otherwise. For uptrained processor versions, the Value should be kept as detected by OCR. This issue affects W9, HUD92900B, SSA-1099, and VBA26-0551 processors.

Network Intelligence Center

Connectivity Tests now includes a feature that verifies connectivity from a Cloud Function (1st gen) to a VM or public IP address. For more information, see Create and run Connectivity Tests.

Pub/Sub

The Kafka Connector library for Pub/Sub and Pub/Sub Lite is now in preview.

Pub/Sub Lite

The Kafka Connector library for Pub/Sub and Pub/Sub Lite is now in preview.

September 28, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.12.2-gke.21 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.2-gke.21 runs on Kubernetes 1.21.4-gke.200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

  • Fixed the issue where you may not be able to add a new user cluster if a user cluster is stuck in the deletion process, and your admin cluster is set up with a MetalLB load balancer configuration.
  • Fixed an issue where istiod starts up very slowly when connectivity to the Google Cloud metadata service is partially broken.
  • Fixed the issue where the admin control plane VM template is deleted after a resumed admin cluster upgrade attempt.
  • Fixed the issue where user cluster check-config fails when the admin cluster uses cos as the osImageType.
  • Fixed the following vulnerabilities:
Apigee X

On September 28, 2022, we released an updated version of Apigee X (1-9-0-apigee-3).

Bug ID Description
218567150 X-request-id headers modified at 14th character.
246774745 io.timeout.millis not honored, causing 504 Gateway timeout for dynamic targets.
173566787 Reuse existing target IPs if DNS resolution fails on DNS cache refresh. If a DNS server fails to resolve a hostname that has successfully resolved before, use the earlier resolved IP address for one keep-alive interval to prevent an outage.
N/A Upgraded infrastructure and libraries
BigQuery

With Datastream for BigQuery, you can now replicate data and schema updates from operational databases directly into BigQuery. This feature is now in preview.

Cloud Monitoring

You can now collect additional Elasticsearch metrics from the Ops Agent, starting with version 2.21.0. For more information, see Monitoring third-party applications: Elasticsearch.

You can now collect additional PostgreSQL metrics from the Ops Agent, starting with version 2.21.0. For more information, see Monitoring third-party applications: PostgreSQL.

Cloud Spanner

The following SPANNER_SYS statistical tables have been enhanced with new columns:

Cloud Storage

New buckets created using the Cloud Console now have public access prevention enabled by default.

  • During the bucket creation process, you can choose to change this setting.
Google Cloud Armor

The rule source for Cloud Armor preconfigured rules now includes ModSecurity Core Rule Set (CRS) 3.3 in General Availability. For more information, see Tuning Google Cloud Armor WAF rules.

Google Cloud Marketplace Partners

When you create a private offer for a customer, the offer expires at 11:45 PM US and Canadian Pacific Time (UTC-8) on the offer acceptance deadline, instead of 12:00 AM UTC-8.

Google Kubernetes Engine

The Calico CNI authentication errors that caused pods to get stuck in Terminating or Pending state (see August 19, 2022 release notes) are fixed in the following GKE versions in the Rapid release channel:

  • 1.24.4-gke.500 or later
  • 1.23.11-gke.300 or later
  • 1.22.14-gke.300 or later

To fix the issue, upgrade your control plane to any of these versions. If you prefer not to use the Rapid channel, open a Google Cloud Support ticket to have your cluster patched internally.

GKE control plane metrics is now available for clusters running Kubernetes control plane version 1.22.13 or later.

Security Command Center

The parentDisplayName attribute was added to the Finding object of the Security Command Center API.

The parentDisplayName attribute provides the display name of the Security Command Center service or source that produced a finding.

For more information, see the Security Command Center API documentation for the Finding object.

September 27, 2022

Cloud Logging

Using Log Analytics, you can run SQL queries that analyze your log data to generate useful insights. Log Analytics also let you use BigQuery to query your log data. For more information, see Log Analytics.

Cloud Spanner

The number of mutations per commit that Cloud Spanner supports has increased from 20,000 to 40,000. For more information, see Quotas and limits.

The ARRAY_SLICE function is now available to use in Google Standard SQL. This function returns an ARRAY containing zero or more consecutive elements from an input array.

Cloud Translation

Support for 24 new languages is Generally Available (GA). Glossaries aren't supported when translating to or from these languages.

  • Assamese
  • Aymara
  • Bambara
  • Bhojpuri
  • Dhivehi
  • Dogri
  • Ewe
  • Guarani
  • Ilocano
  • Konkani
  • Krio
  • Kurdish(Sorani)
  • Lingala
  • Luganda
  • Maithili
  • Meiteilon(Manipuri)
  • Mizo
  • Oromo
  • Quechua
  • Sanskrit
  • Sepedi(Pedi)
  • Tigrinya
  • Tsonga
  • Twi (Akan)
Config Connector

Config Connector version 1.95.0 is now available.

Added support for DLPDeidentifyTemplate resource.

Added enableServiceLinks: false to all the Pod configurations in Config Connector installation bundle. This is to fix the potential issue standard_init_linux.go:228: exec user process caused: argument list too long in Config Connector Pods.

Config Controller

Config Controller now uses the following versions of its included products:

Dataproc

Dataproc Auto Zone Placement now takes ANY reservation into account by default.

Memorystore for Memcached

Added new Memorystore for Memcached region: Dallas (us-south1).

Memorystore for Redis

Added new Memorystore for Redis region: Dallas (us-south1).

Retail API

The Monitoring & Analytics page has been split into two separate pages. The contents of the old Monitoring tab appear on the new Monitoring page, and the contents for the old Analytics tab appear on the new Analytics page.

September 26, 2022

Anthos clusters on bare metal

Release 1.11.6

Anthos clusters on bare metal 1.11.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.6 runs on Kubernetes 1.22.

Fixes:

  • Updated the container image to resolve a yaml text/template vulnerability.

  • The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee API hub

On September 26, 2022 Apigee API hub released a new version of the software.

Bug ID Description
248598430 Scorecard display did not select the latest spec by default when the recommended deployment pointed to a spec with no scorecard.
Apigee X

Availability of scripts to recreate Apigee instances created before January 25, 2022.

If you have an Apigee instance that was created before January 25, 2022, Apigee recommends that you replace it with a new instance. If you do not recreate the older instance, you may experience scaling issues and the number of environments you can add to an instance will continue to be limited to 10.

For more information and detailed instructions, see Recreating an Apigee instance with zero downtime

BigQuery

The totalItems field returned by the projects.list API method now returns the number of items per page, rather than an approximate total number of projects across all pages.

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.42.0 (2022-09-21)

Features
  • bigquery/analyticshub: Start generating apiv1 (#6707) (feb7d7d)
  • bigquery/datapolicies: Start generating apiv1beta1 (#6697) (f5443e8)
  • bigquery/reservation/apiv1beta1: add REST transport (f7b0822)
  • bigquery/storage/managedwriter: Define append retry predicate (#6650) (478b8dd)
  • bigquery/storage: add proto annotation for non-ascii field mapping (ec1a190)
  • bigquery: Add reference file schema option for federated formats (#6693) (3d26091)
  • bigquery: Add support for explicit query parameter type (#6596) (d59b5b2), refs #4704
Bug Fixes
  • bigquery/connection: integrate gapic-generator-python-1.4.1 and enable more py_test targets (ec1a190)

In the Explorer pane, you can now open tables in Connected Sheets. This feature is now generally available (GA).

Chronicle

Context Aware Detections - Risk Dashboard

The Context Aware Detections - Risk dashboard provides insight into the current threat status of assets and users in your enterprise.

Contextual enrichment in events and entities

To enable a security investigation, Chronicle provides additional context about artifacts in a customer environment by calculating prevalence statistics, enriching events with geolocation data based on IP address, and ingesting data from Safe Browsing threat lists related to file hashes. For more information, see:

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.11.3 (2022-09-22)

Dependencies
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.14 (#1079) (c08c4da)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.14 (#1080) (50c979b)

3.11.2 (2022-09-21)

Dependencies
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.1 (#1075) (d38e9e0)
Cloud Monitoring

You can now use Prometheus Query Language (PromQL) when creating charts and dashboards in Cloud Monitoring. For more information, see PromQL in Cloud Monitoring.

Cloud Spanner

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/spanner

6.2.0 (2022-09-16)

Features
  • Add custom instance configuration operations (#1712) (4b7716b)
Bug Fixes
  • Allow passing gax instance to client constructor (#1698) (588c1a2)
  • deps: Use grpc-gcp v1.0.0 (#1710) (12eab9d)
  • Move runtime dependencies from dev dependencies to dependencies (#1704) (b2c1c0f)
  • Preserve default values in x-goog-request-params header (#1711) (f1ae513)

Go

Changes for spanner/admin/database/apiv1

1.39.0 (2022-09-21)

Features
  • spanner/admin/database: Add custom instance configuration operations (ec1a190)
  • spanner/admin/instance: Add custom instance configuration operations (ef2b0b1)
  • spanner/spannersql: Add backticks when name contains a hypen (#6621) (e88ca66)
  • spanner/spansql: Add support for create, alter, and drop change streams (#6669) (cc4620a)
  • spanner: Retry spanner transactions and mutations when RST_STREAM error is returned (#6699) (1b56cd0)
Bug Fixes
  • spanner/admin/database: Revert add custom instance configuration operations (change broken client libraries; revert before any are released) (ec1a190)
  • spanner: Destroy session when client is closing (#6700) (a1ce541)
  • spanner: Spanner sessions will be cleaned up from the backend (#6679) (c27097e)

Java

Changes for google-cloud-spanner

6.30.2 (2022-09-21)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.4.5 (#2022) (0536962)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.1 (#2023) (3fb4235)

6.30.1 (2022-09-20)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.4.4 (#2014) (9cebad4)
  • Update dependency com.google.cloud:google-cloud-trace to v2.3.3 (#2004) (54f9095)

Python

Changes for google-cloud-spanner

3.21.0 (2022-09-16)

Features
  • Add custom instance configurations operations (#810) (f07333f)
Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.7.0 (2022-09-21)

Features
  • dataflow: rewrite signatures in terms of new types for betas (9f303f9)

0.6.0 (2022-09-19)

Features
  • dataflow: start generating proto message types (563f546)
Dataproc

Dataproc Serverless for Spark now uses runtime version 1.0.19 and 2.0.0-RC4, which also upgrades both runtimes to Cloud Storage Connector to 2.2.8.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

3.2.0 (2022-09-22)

Features
  • Add support for exactly once subscriptions (#1572) (998de35)
Bug Fixes

Java

Changes for google-cloud-pubsub

1.120.18 (2022-09-21)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.8.13 (#1288) (708a1df)
  • Update dependency com.google.cloud:google-cloud-core to v2.8.14 (#1291) (1c479de)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.1 (#1289) (216ba7d)

1.120.17 (2022-09-20)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.16.1 (#1281) (aca8ee9)
  • Update dependency com.google.cloud:google-cloud-core to v2.8.12 (#1278) (4ae1156)
  • Update dependency com.google.protobuf:protobuf-java-util to v3.21.6 (#1277) (a5aa281)

Python

Changes for google-cloud-pubsub

2.13.7 (2022-09-22)

Bug Fixes
SAP on Google Cloud

BigQuery Connector for SAP version 2.5

Version 2.5 of BigQuery Connector for SAP is now generally available (GA).

For more information, see What's new with BigQuery Connector for SAP.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.7.0 (2022-09-21)

Features
  • secretmanager: remove beta client that no longer has source protos (9f303f9)

1.6.0 (2022-09-19)

Features
  • secretmanager: start generating proto message types (563f546)

Java

Changes for google-cloud-secretmanager

2.3.7 (2022-09-22)

Dependencies
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.14 (#846) (f2985b5)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.14 (#847) (27f5fa8)

2.3.6 (2022-09-21)

Dependencies
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.1 (#842) (4bec542)

2.3.5 (2022-09-20)

Dependencies
  • Update dependency com.google.protobuf:protobuf-java-util to v3.21.6 (#832) (a2595c8)

Node.js

Changes for @google-cloud/secret-manager

4.1.3 (2022-09-22)

Bug Fixes
  • Preserve default values in x-goog-request-params header (#403) (af162f0)
Vertex AI

Vertex AI Model Monitoring

Vertex AI Model Monitoring now offers Preview support for batch prediction jobs. For more details, see Vertex AI Model Monitoring for batch predictions.

Vertex AI Feature Store

Feature value monitoring is now generally available (GA).

Virtual Private Cloud

General Availability: You can monitor the following Private Service Connect producer metrics using Cloud Monitoring:

  • Connected consumer forwarding rules
  • Used NAT IP addresses

For more information, see Monitor Private Service Connect published services.

September 23, 2022

Cloud Run

You can now configure an HTTP liveness healthcheck probe.

Compute Engine

Generally available: View the VM placement topology information to determine how close a VM is located in relation to another VM. For more information, see View VM placement topology.

Dataproc Metastore

Metadata federation now supports BigQuery datasets as a metadata source (in preview).

Google Cloud VMware Engine

Dell PowerScale is now available for in-guest file share access for Google Cloud VMWare Engine VMs:

  • NFS and SMB shares supported
  • PowerScale file shares may be accessed across Google Cloud VMWare Engine and other Google Cloud services
  • Private connection configured via the VMware Engine UI

Learn more about PowerScale for Google Cloud VMWare Engine.

Google Distributed Cloud Edge

This is a patch release of Google Distributed Cloud Edge (version 1.1.2).

The following changes have been introduced in this release of Google Distributed Cloud Edge:

  • cgroups has been reverted to v1 to retain compatibility with legacy workloads.
  • The Kubernetes control plane has been updated to version 1.22.8-gke.204.
  • The Kubernetes container daemon (containerd) has been updated to version 1.5.13-gke.0.
  • The Kubernetes worker node agent (kubelet) has been updated to version 1.22.8-gke.200.
Google Kubernetes Engine

(2022-R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.12-gke.2300 is now the default version.
  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.14-gke.700
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

Stable channel

  • Version 1.22.12-gke.1200 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.21.14-gke.700
    • 1.22.12-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

Regular channel

  • Version 1.22.12-gke.2300 is now the default version in the Regular channel.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.2300 with this release.

Rapid channel

  • Version 1.24.3-gke.2100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.2100 with this release.

(2022-R23) Version updates

  • Version 1.22.12-gke.2300 is now the default version.
  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.14-gke.700
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

(2022-R23) Version updates

  • Version 1.22.12-gke.1200 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.21.14-gke.700
    • 1.22.12-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

(2022-R23) Version updates

  • Version 1.22.12-gke.2300 is now the default version in the Regular channel.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.2300 with this release.

(2022-R23) Version updates

  • Version 1.24.3-gke.2100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.2100 with this release.

2022-09-22 update: Updated new default versions for the 2022-R22 release in the Stable channel.

Retail API

Recommendations AI now provides a Page-Level Optimization model. This extends Recommendations AI from optimizing for a single recommendation panel at a time to optimizing for an entire page with multiple panels. When creating a Page-Level Optimization model, you specify existing serving configurations that this model can use as candidates for each recommendation panel. Page-Level Optimization model then automates the decision process for coordinating model combinations and layouts by automatically selecting the contents for each panel and determining the panel order on your page.

For more information about the Page-Level Optimization model, see the Page-Level Optimization documentation. For how to create this model, see Create models.

SAP on Google Cloud

Terraform configuration for SAP NetWeaver high-availability cluster configuration on RHEL

Terraform configuration to automate the deployment of SAP NetWeaver high-availability cluster configuration on RHEL, on Google Cloud, is now generally available (GA).

For more information, see Terraform: HA cluster configuration guide for SAP NetWeaver on RHEL.

Traffic Director

Traffic Director now supports outlier detection for proxyless service mesh deployments. Outlier detection lets you identify and temporarily eject unhealthy hosts from the load-balancing pool. gRPC evaluates hosts based on success rate—the frequency with which a host successfully handles requests. When you configure outlier detection through Traffic Director, you can fine-tune how gRPC assesses hosts and how it handles outliers.

Virtual Private Cloud

VPC Service Controls ingress and egress rules are no longer required to establish Private Service Connect connections from inside a VPC Service Controls perimeter.

Establishing a Private Service Connect connection between consumer and producer projects that are not in the same VPC Service Controls perimeter does not require explicit authorization with egress policies. However, all communication to VPC Service Controls-supported services through the Private Service Connect endpoint is protected by the VPC Service Controls perimeter.

For more information, see VPC Service Controls.

September 22, 2022

Anthos Service Mesh

1.14.4-asm.0 is now available.

Anthos Service Mesh 1.14.4-asm.0 includes the features of Istio 1.14.4 subject to the list of Anthos Service Mesh supported features.

1.13.8-asm.1 is now available.

Anthos Service Mesh 1.13.8-asm.1 includes the features of Istio 1.13.8 subject to the list of Anthos Service Mesh supported features.

Compute Engine

Generally available: Reduce licensing costs by customizing the number of visible CPU cores.

Google Cloud Deploy

Google Cloud Deploy now provides the ability to verify your deployment, supported in preview.

Google Kubernetes Engine

The a2-ultragpu machine family is available in Preview for node pools in clusters running GKE version 1.24 and later. To select the machine family, use the --machine-type flag in your create command.

Vertex AI

Vertex AI Matching Engine

Vertex AI Matching Engine now offers Preview support for updating your indices using Streaming Update, which is real-time indexing for the Approximate Nearest Neighbor (ANN) service.

September 21, 2022

Batch

The Quotas and limits are now documented for Batch.

BigQuery

BigQuery Omni has introduced support for on-demand pricing model (GA) for a limited duration. For more information, see BigQuery Omni Pricing.

You can now view shuffle usage ratios in the admin resource charts. This feature is now in preview.

Cloud Composer

The Monitoring Dashboard of an environment now displays periods of maintenance operations and other environment operations such as creating snapshots and updating environment configuration.

Improved file synchronization performance in Airflow workloads. This change fixes OOM issues observed in some environments.

(Available without upgrading) Fixed a problem that caused package 'namespecifier' could not be found errors when installing PyPI packages in private IP environments.

The apache-airflow-providers-google package was upgraded to 2022.9.6+composer. Changes compared to version 2022.8.26+composer:

  • Fix the Triggerer's async thread was blocked error in the deferrable mode for Composer Operators. (#25951)
  • Fix a delay in Dataproc CreateBatch operator (#26126)
  • Show better log for Datafusion operators when the response is empty (#26202)

Cloud Composer 1.19.10 and 2.0.27 images are available:

  • composer-1.19.10-airflow-1.10.15 (default)
  • composer-1.19.10-airflow-2.1.4
  • composer-1.19.10-airflow-2.2.5
  • composer-2.0.27-airflow-2.1.4
  • composer-2.0.27-airflow-2.2.5

Cloud Composer versions 1.17.0, and 2.0.0-preview.1 have reached their end of full support period.

Cloud SQL for MySQL

Cloud SQL allows the re-use of an instance name immediately after the instance is deleted. For more information, see the Cloud SQL for MySQL FAQ.

Cloud SQL for PostgreSQL

Cloud SQL allows the re-use of an instance name immediately after the instance is deleted. For more information, see the Cloud SQL for PostgreSQL FAQ.

Cloud SQL for SQL Server

Cloud SQL allows the re-use of an instance name immediately after the instance is deleted. For more information, see the Cloud SQL for SQL Server FAQ.

Compute Engine

Generally Available: E2 shared-core custom VMs are now generally available. See VM instance pricing for details.

Google Cloud Armor

Google Cloud Armor Threat Intelligence (Threat Intel) is generally available. Threat Intelligence lets you secure your traffic by allowing or blocking traffic to your HTTP(S) load balancers based on threat intelligence data. For more information, see Configuring Threat Intelligence.

September 20, 2022

Cloud CDN

Cloud CDN support for dynamic compression is now Generally Available. Cloud CDN supports dynamic compression using Brotli and gzip algorithms, which can reduce data sent over the network by 60-80% for compressible content. Enabling dynamic compression can help you achieve faster page load times, speed up playback speed for video content, and optimize egress costs. For more information, see Dynamic Compression.

Cloud Load Balancing

Regional internal and external HTTP(S) load balancers now support Shared VPC configurations where the load balancer's forwarding rule, target proxy, and URL map, can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing. Cross-project backend services can be referenced from a single URL map.

Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.

For details, see:

You can use organization policy constraints to limit how Shared VPC is used across a project, folder, or organization. For details, see Organization policy constraints for Cloud Load Balancing.

This feature is available in General Availability.

Cloud Logging

The Cloud Logging API now supports the following region:

  • Israel: me-west1.
Cloud Router

You can now use the Google Cloud Console to configure MD5 authentication for BGP sessions. The MD5 authentication feature is available in Preview. For more information, see Use MD5 authentication.

Compute Engine

The quota limits displayed in the Cloud console might be incorrect in the me-west1 region. For more information, see Known issues.

Dataproc

Dataproc Serverless for Spark: You can now use the spark.dynamicAllocation.executorAllocationRatio property to configure how aggressively to scale up Serverless workloads. A value of 1.0 provides maximum scale up.

Dataproc Serverless for Spark: Reduced the latency between batch workload completion and when a batch is marked SUCCEEDED.

Dataproc Serverless for Spark: Increased initial and maximum Spark executor limits to 500 and 2,000, respectively.

Dataproc Serverless for Spark: Sets a maximum limit of 500 workers per scale up or scale down operation.

Dataproc on Compute Engine: Stop all master and worker VMs when starting a cluster fails due to stockout or insufficient quota.

Deep Learning Containers

M96 Release

  • TensorFlow 2.10.0 is now available.
  • TensorFlow patch updates for 2.9.2 and 2.8.3 are now available.
  • The PyTorch patch update for 1.12.1 is now available.
  • Miscellaneous bug fixes.
Deep Learning VM Images

M96 Release

  • TensorFlow 2.10.0 is now available.
  • TensorFlow patch updates for 2.9.2 and 2.8.3 are now available.
  • The PyTorch patch update for 1.12.1 is now available.
  • The Diagnostic tool supports DNS resolution check.
  • Docker is updated to 20.10.
  • Miscellaneous bug fixes.
Identity and Access Management

Conceptual and reference information for IAM basic and predefined roles has been improved. You can now filter the predefined roles table, expand abbreviated permissions to see all included permissions, and quickly identify owner permissions.

Pub/Sub

Pub/Sub introduces new monitoring dashboards for topics and subscriptions which you can access from the Topics and Subscriptions console pages. See Monitor topics and Monitor subscriptions.

VPC Service Controls

General availability for the following integration:

Vertex AI Workbench

M96 Release

The M96 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed a problem where users were not able to save large Notebooks.
  • Fixed a display issue when using JupyterLab's simple interface.
  • Improved timeout behavior switch hardware operations.
  • Improved error messaging when a service account cannot access the Runtime.
  • Security fixes.
  • Regular package refreshment and bug fixes.

Learn more about managed notebooks versions.

September 19, 2022

Apigee API hub

On September 19, 2022 Apigee API hub released a new version of the software.

Scorecard added to Apigee API hub API overview page

The scorecard allows you to display score or health information about your APIs on the API overview page.

The default scorecard configuration uses OpenAPI v2 and OpenAPI v3 specs and is analyzed using the Spectral linter to generate a Lint summary.

Specify whether the scorecard is displayed or hidden on the Settings page.

Help links added to Apigee API hub blank APIs list page

If there are no APIs registered, the APIs list page will display links pointing to API registration documentation.

Assured Workloads

You can now perform an analysis for hypothetically moving a workload. This Preview feature analyzes the source (a project or project-based workload) and the destination (a folder-based workload) to indicate any potential incompatibilities related to the move.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.41.0 (2022-09-14)

Features
  • bigquery/storage: add location to WriteStream and add WriteStreamView support (6a0080a)
Bug Fixes
  • bigquery/storage/managedwriter: Fix incorrect error retention (#6659) (dc02bca)
  • bigquery: Parse timestamp query parameter with RFC3339 (#6653) (aabd2d6)

Java

Changes for google-cloud-bigquery

2.16.1 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#2274) (4c9952b)

2.16.0 (2022-09-12)

Features
  • Add preserveAsciiControlCharacters to CsvOptions (#2143) (856893f)
  • Add reference file schema option for federated formats (#2269) (8c488e6)
Bug Fixes
  • Socket-timeout at bigquery.it.ITNightlyBigQueryTest: testForTableNotFound (#2260) (a9b5fb2)
Dependencies
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20220827-2.0.0 (#2261) (3c67d21)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.9.3 (#2259) (5e30a04)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#2267) (8472fe5)
Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

4.0.4 (2022-09-14)

Bug Fixes

4.0.3 (2022-09-09)

Bug Fixes

Java

Changes for google-cloud-bigtable

2.12.0 (2022-09-15)

Features
  • generated: Publish CBT deletion_protection field in Table, UpdateTableRequest, and UpdateTable API (f1f3f05)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.3 (#1386) (f460373)
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.3 (#1387) (e339cb1)
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.4 (#1395) (a2db183)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#1384) (ee3b256)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#1393) (df6c6c7)
Cloud Billing

Non-USD accounts can now view more cost information with the Commitment Analysis Dashboard

Customers with non-USD billing accounts now have additional information (including local currency cost data) available to them within the committed use discount dashboard and have been granted access to the Commitments Analysis Dashboard.

View all on-demand spend applicable for committed use discounts (CUDs)

You can now view all CUD-eligible usage without any active commitments within the Commitment Analysis Dashboard for further cost optimization opportunities.

Cloud Interconnect

Dedicated Interconnect support is available in the following colocation facilities:

  • Telecom Italia Rozzano Data Center, Milan
  • Bulk Oslo Internet Exchange - OS-IX, Oslo

For more information, see the Locations table.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

10.1.9 (2022-09-09)

Bug Fixes

10.1.10 (2022-09-14)

Bug Fixes
  • Preserve default values in x-goog-request-params header (#1337) (87c8d1f)

Java

Changes for google-cloud-logging

3.11.1 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#1067) (6d36ffc)

3.11.0 (2022-09-14)

Features
Bug Fixes
  • Fix a couple linter issues on my stderr update (#1061) (fa1a18f)
Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-dataflow-client

0.6.0 (2022-09-13)

Features

Java

Changes for google-cloud-dataflow

0.7.4 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#216) (54999e7)
Dataproc

Dataproc Serverless for Spark now uses runtime version 1.0.18 and 2.0.0-RC3.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.120.16 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#1279) (654ea40)

1.120.15 (2022-09-13)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.16.0 (#1271) (439215a)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-secretmanager

2.3.4 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#833) (a462455)
Traffic Director

The Traffic Director service routing APIs are now in General Availability. The APIs simplify routing and service mesh configuration with new Mesh, Gateway, and Route resources.

September 16, 2022

BigQuery

BigQuery Omni now supports the following quota and limit:

  • The quota for total query result sizes for a project is now 1 TB per day. For more information, see Query jobs.
  • The limit for maximum result size for a query has been increased from 2 MB to 10 GB (preview).

For more information, see Limitations.

Compute Engine

Generally available: A new machine type for the memory-optimized-machine family called m2-hypermem-416 with 416 vCPUs and 8832 GB of memory. This new machine type is now generally available in the same regions as the other M2 machine types.

For more information, see Memory-optimized-machine family.

Google Cloud Armor

The following four libinjection signatures have been added to the sqli-v33-stable and xss-v33-stable rules:

  • owasp-crs-v030301-id942100-sqli: SQL Injection Attack Detected via libinjection
  • owasp-crs-v030301-id942101-sqli: SQL Injection Attack Detected via libinjection
  • owasp-crs-v030301-id941100-xss: XSS Attack Detected via libinjection
  • owasp-crs-v030301-id941101-xss: XSS Attack Detected via libinjection

Advanced rule tuning features for preconfigured WAF rules is now available in public preview. For more information about the new tuning features, see Tune Google Cloud Armor preconfigured WAF rules.

SAP on Google Cloud

New SAP HANA certification: 9 TB m2-hypermem-416 VMs certified for OLTP workloads

SAP has certified the Compute Engine 9 TB m2-hypermem-416 machine type for SAP HANA OLTP workloads in scale-up or scale-out configurations with up to 4 nodes. SAP workload-based sizing methods must be used.

For more information, see Certified Compute Engine VMs for SAP HANA.

September 15, 2022

AlloyDB for PostgreSQL

Datastream, Google Cloud's change data capture (CDC) and replication service, supports PostgreSQL for source databases. This means that you can use an AlloyDB database as a Datastream source.

Google Cloud Database Migration Service has added support for AlloyDB. This service can make it easier to migrate your existing PostgreSQL data and workloads to an AlloyDB cluster.

Anthos Config Management

On October 31, 2022, we will introduce a new billing SKU for Policy Controller which is a part of Anthos Config Management. However, we won't make any changes to the pricing or billing model.

Customers who use Policy Controller do not need to take any action.

Non-Anthos customers will see a new SKU appear on their monthly bill, but there is no change in pricing. The SKU "Anthos Configuration Management" (81D5-A275-98BF) will be replaced with the SKU "Anthos Policy Controller" (6707-0251-B8E2).

Anthos customers will not see a change as their usage of Policy Controller is covered by their Anthos license.

Anthos Config Management release 1.10 is no longer supported with the release of Anthos Config Management 1.13. For reference, see Get support.

The Config Sync feature to sync configurations stored as OCI images in Google Artifact Registry or Container Registry is generally available (GA). To learn more, see Sync OCI artifacts from Artifact Registry.

Config Sync is open sourced. We are open to contributions and bug fixes if you want to get involved in development of Config Sync. You can also use the repository to track ongoing work, or build from source to try out bleeding-edge functionalities.

Config Sync supports syncing from private Helm repositories (including OCI-based ones) as a preview feature. Google Artifact Registry is the preferred Helm registry. To learn more, see Sync Helm charts from Artifact Registry.

The Google Cloud Console now shows the sync status for all syncs in clusters registered to fleet. It also allows for drilling down to see the reconciliation status for individual resources. To learn more, see View Config Sync status in the Google Cloud console.

Config Sync now supports user-provided CA certificates for verifying HTTPS connections to Git servers. To learn more, see Configuration of the Git Repository.

The constraint template library includes a new template: K8sStorageClass. Requires Anthos Config Management version 1.12.1 or higher. For reference see Constraint template library.

The contraint template library's K8sEmptyDirHasSizeLimit template now supports regular expression matching of exempt volume names by using the new exemptVolumesRegex parameter. For reference see Constraint template library.

The contraint template library's K8sMemoryRequestEqualsLimit template now supports regular expression matching of exempt container names by using the new exemptContainersRegex parameter. For reference see Constraint template library.

Increased the resource-group-controller container memory request to 200Mi to avoid OOMKilled on Autopilot clusters.

Stopped the nomos command line tool from panicing when nomos status is unable to fetch ResourceGroups.

Fixed an issue that could cause accidental pruning when API resource discovery requests failed.

Added optimizations to the reconciler and reconciler-manager to reduce API requests by avoiding unnecessary resource object updates.

Config Sync now handles empty initContainers fields in managed configs correctly.

BigQuery

The BigQuery Data Transfer Service for Google Ads now supports the new Google Ads API. This feature is now in preview.

BigQuery is now available in the Madrid (europe-southwest1), Milan (europe-west8), and Paris (europe-southwest1) regions. The Madrid and Paris regions have the lowest carbon impact.

BigQuery ML

BigQuery ML is now available in the Madrid (europe-southwest1), Milan (europe-west8), and Paris (europe-southwest1) regions. The Madrid and Paris regions have the lowest carbon impact.

Cloud Build

Users can now use Cloud Build's GitHub Issues notifier to create issues in their GitHub repository in response to build events. The GitHub Issues notifier is available as an experimental release. To learn more, see Configuring GitHub Issue notifications.

Cloud Database Migration Service

Database Migration Service now supports migrating PostgreSQL workloads into AlloyDB for PostgreSQL. Click here to access the documentation.

Cloud Logging

Support for adding custom indexed LogEntry fields to your Cloud Logging buckets is now Generally Available. These indexes make querying your logs data faster.

Cloud SQL for MySQL

Cloud SQL read replicas now follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

Cloud SQL for PostgreSQL

Cloud SQL read replicas now follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

Cloud SQL for SQL Server

Cloud SQL read replicas now follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

Cloud Spanner

Fine grained access control for Spanner is now available in public preview. Fine-grained access control lets you secure your Spanner databases at the table and column level by using new RDBMS-style roles and GRANT/REVOKE SQL statements. With fine-grained access control, you can protect your transactional data and ensure that the right controls are in place when granting access to data. For more information, see About fine-grained access control.

The Spanner Golang database/sql driver is now generally available. Add the driver to your application to enable the use of the database/sql package with Spanner. For more information, see the Spanner blog and the package documentation.

Datastream

Datastream now supports BigQuery as a destination. Click here to access the documentation.

Datastream now supports PostgreSQL as source. Click here to access the documentation.

We have introduced changes to Datastream pricing. For more information, see the Pricing page.

Document AI

Schema support for checkboxes and nested entitites

  • Customers using Document AI Workbench, and processors for Purchase Order (PO), Invoice, or Expense, now have access to a new schema. This schema enables customers to label checkboxes, if they are defined in the schema, and to accurately represent nested entities, such as parent-child relationships, on the HITL annotation and review console. As additional processors adapt the new schema, these release notes will be updated to include those.

Nested entities

  • The Annotation console now supports labeling for nested entities. The left panel is refreshed with a new look for nested rows to represent nested entities. The value of "parent" will now be the concatenation of all its "children". The parent is effectively a container for all of its children.
Google Cloud Deploy

Google Cloud Deploy is now available in the following regions:

  • asia-northeast2 (Osaka)
  • asia-south1 (Mumbai)
  • asia-south2 (Delhi)
  • asia-southeast1 (Singapore)
  • asia-southeast2 (Jakarta)
  • australia-southeast2 (Melbourne)
  • europe-central2 (Warsaw)
  • europe-north1 (Finland)
  • europe-west4 (Netherlands)
  • europe-west6 (Zurich)
  • northamerica-northeast2 (Toronto)
  • southamerica-west1 (Santiago)
  • us-west3 (Salt Lake City)
  • us-west4 (Las Vegas)
Google Cloud Marketplace Partners

You can now provide Private Offers with more granular discounts on specific usage metrics to your customers by enabling metric discounts.

Google Kubernetes Engine

CVE-2022-2068 has been patched in the Filestore CSI driver for GKE clusters running version 1.23 or later.

Starting from GKE version 1.25 and gke-metrics-agent version 1.0.0, we increase the memory request and limit of gke-metrics-agent to 100 MiB. This change makes the system metrics collection more stable and reliable.

Retail API

Bulk importing of historical Google Analytics 4 user events with BigQuery is generally available. You can use this feature to import user events to the Retail API if you have integrated Google Analytics 4 with BigQuery and use Enhanced Ecommerce.

See the new documentation: Import Google Analytics 4 user events with BigQuery

September 14, 2022

Access Approval

Access Approval supports Secret Manager in the GA stage.

Apigee X

On September 14, 2022 we released an updated version of the Apigee X software.

When using local development with Apigee in VS Code, the following pre-release features are available as part of the Insiders build (v1.21.0 and higher):

Batch

Preview: Data Access audit logs are now available for Batch. For more information, see Batch audit logging information.

BigQuery

The Merge is coming! You may experience disruptions in the Ethereum public datasets in BigQuery.

The is_case_insensitive schema option, which allows you to make a dataset and its table names case-insensitive, is now in preview.

JDBC driver update, release 1.3.0 1001

  • You can now configure the connector to authenticate the connection using an external account (workforce or workload identity federation).
  • You can now configure the connector to use Private Service Connect URLs.
  • The connector now supports JDBC transaction APIs. BigQuery supports multi-statement transactions inside a single query, or across multiple queries, when using sessions.
  • The connector is now verified to use a default project for datasets. To do this, set the dataset_project_id property in QueryProperties of the connection string to the desired project.
  • MATERIALIZED_VIEW has been added to the list of table types when using the getTableTypes function.
  • The connector now supports the JSON data type.

ODBC driver update, release 2.5.0 1001

  • You can now configure the connector to authenticate the connection using an external account (workforce or workload identity federation), with limited support, using Azure AD and Okta identity providers.
  • You can now configure the connector to use Private Service Connect URLs.
  • The connector now supports ODBC transaction APIs. BigQuery supports multi-statement transactions inside a single query, or across multiple queries, when using sessions.
  • The connector is now verified to use a default project for datasets. To do this, set the dataset_project_id property in QueryProperties of the connection string to the desired project.
  • MATERIALIZED_VIEW has been added to the list of table types. To retrieve these table types, configure SQLTables to TABLE_TYPES_ONLY.
  • The connector now supports the JSON data type.
Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Apache (APACHE)
  • Barracuda WAF (BARRACUDA_WAF)
  • Bluecat DDI (BLUECAT_DDI)
  • Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • CloudGenix SD-WAN (CLOUDGENIX_SDWAN)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • FortiGate (FORTINET_FIREWALL)
  • GCP Cloud Audit (N/A)
  • Google Cloud Identity Context (CLOUD_IDENTITY_CONTEXT)
  • IBM Guardium (GUARDIUM)
  • IBM z/OS (IBM_ZOS)
  • Infoblox DNS (INFOBLOX_DNS)
  • Ipswitch SFTP (IPSWITCH_SFTP)
  • Kubernetes auth proxy logs (KUBERNETES_AUTH_PROXY)
  • Linux DHCP (LINUX_DHCP)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • NGINX (NGINX)
  • OSSEC (OSSEC)
  • pfSense (PFSENSE)
  • Ribbon Analytics Platform (RIBBON_ANALYTICS_PLATFORM)
  • Ruckus Networks (RUCKUS_WIRELESS)
  • Salesforce (SALESFORCE)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne Deep Visibility (SENTINEL_DV)
  • SentinelOne EDR (SENTINEL_EDR)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • VMware AirWatch (AIRWATCH)
  • VMware ESXi (VMWARE_ESX)
  • VMware Workspace ONE (VMWARE_WORKSPACE_ONE)
  • Zscaler (ZSCALER_WEBPROXY)

For details about changes in each parser, see Supported default parsers.

Cloud Run

Startup CPU boost for revisions is now available to provide additional CPU during container instance startup time.

Config Connector

Config Connector version 1.94.0 is now available.

Added spec.memberFrom.sqlInstanceRef field to IAMPolicyMember (Issue #689).

Added spec.bindings[].members[].memberFrom.sqlInstanceRef field to IAMPartialPolicy (Issue #689).

Removed the validation on spec.cluster.numNodes > 0 in BigtableInstance (Issue #673).

Added support for major version upgrades to SQLInstance (spec.databaseVersion is now mutable).

Added spec.nodeConfig.reservationAffinity to ContainerCluster.

Added spec.nodePoolAutoConfig to ContainerCluster.

Added spec.nodeConfig.reservationAffinity to ContainerNodePool.

Extended support for value absent in state-into-spec annotation to most Config Connector resources.

Added spec.placement.managedCluster.config.gceClusterConfig.shieldedInstanceConfig to DataprocWorkflow.

In NetworkServicesGateway (alpha), updated spec.authorizationPolicy to spec.authorizationPolicyRef, and updated spec.serverTlsPolicy to spec.serverTlsPolicyRef.

Removed spec.routers in NetworkServicsGRPCRoute (alpha) and NetworkServicsTCPRoute (alpha).

Removed spec.routers and spec.rules.action.originalDestination in NetworkServicsHTTPRoute (alpha).

Eventarc

Eventarc support for direct events from Cloud IoT is available in Preview.

Google Kubernetes Engine

1.25 is now available in the Rapid channel

Kubernetes 1.25 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.25 Release Notes, especially the action required and deprecation sections.

Notable changes

Support for the deprecated quobyte and storageOS volume types is removed in 1.25.

Deprecated API versions

These APIs are still served in version 1.25 but are in a deprecation period:

  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
      • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)
  • The following Beta versions of graduated APIs will be removed in 1.27 in favor of newer versions:
    • storage.k8s.io/v1beta1 CSIStorageCapacity, deprecated since 1.24

Removed API versions

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 and removed in 1.25.
    • 1.24 is the last version supporting the beta PodSecurityPolicy feature. Use of this feature must be discontinued before clusters will upgrade to 1.25. See PodSecurityPolicy deprecation for more information.
  • The following Beta versions of graduated APIs are removed in 1.25 in favor of their newer versions:
    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta1 RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler
Pub/Sub

BigQuery subscriptions support writing string fields in a Pub/Sub message to TIMESTAMP, DATETIME, DATE, or TIME columns in a BigQuery table. For more information about schema compatibility between a Pub/Sub topic and a BigQuery table, see Schema compatibility.

Transfer Appliance

Users can now review data that successfully transferred and failed to transfer in log files that auto-generate after a transfer is completed. Learn more about data verification log files here.

September 13, 2022

Artifact Registry

Artifact Registry is now available in the me-west1 region (Tel Aviv, Israel).

BigQuery

In Cloud Monitoring, you can view metrics for quota usage and limits of the Storage Write API's concurrent connections and throughput quotas. This feature is now generally available (GA).

Cloud Bigtable

Cloud Bigtable is available in the me-west1 (Tel Aviv) region. For more information, see Bigtable locations.

Cloud Build

Users can now use Cloud Console to configure a trigger to send build logs to GitHub or GitHub Enterprise. For more information, see Building repositories from GitHub and Building repositories from GitHub Enterprise.

gcloud support for manual triggers is now available. To learn more, see Manually build code in source repositories.

Cloud Monitoring

You can now configure public uptime checks to send ICMP pings as part of the check. The results of the pings are sent to Cloud Logging to help you troubleshoot failed checks. For more information, see Use ICMP pings.

Cloud Run

The following new region is now available: me-west1.

Startup healthcheck probes are now available (Preview).

Cloud SQL for MySQL

Support for me-west1 (Tel Aviv).

MySQL 5.7.37 has been upgraded to 5.7.38. For more information, see MySQL 5.7 release notes.

Cloud SQL for PostgreSQL

Support for me-west1 (Tel Aviv).

Cloud SQL for SQL Server

Support for me-west1 (Tel Aviv).

Cloud Spanner

You can create Cloud Spanner regional instances in Tel Aviv, Israel (me-west1).

Cloud Storage

Cloud Storage is now available in Tel Aviv, Israel (me-west1 region).

gcloud storage is now in GA

  • gcloud storage provides faster uploading and downloading performance when compared to the gsutil command line tool.
Cloud TPU

Cloud TPU now supports Tensorflow 2.10.0. For more information see TensorFlow 2.10 release notes.

Cloud VPN

Cloud VPN is now available in region me-west1 (Tel Aviv, Israel).

Pricing is available on the Cloud VPN pricing page.

Compute Engine

Generally available: NVIDIA® T4 GPUs are now available in the following region and zones in Middle East:

  • Tel Aviv, Israel: me-west1-b,c.

For more information about using GPUs on Compute Engine, see GPU platforms.

Generally available: Tel Aviv, Israel, Middle East me-west1-a,b,c has launched with E2 and N2 VMs available in all three zones, and M1 VMs in zones a and c.

See VM instance pricing for details.

Google Cloud Deploy Google Kubernetes Engine

(2022-R22) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.12-gke.300 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:

    • 1.20.15-gke.11400
    • 1.20.15-gke.12800
    • 1.20.15-gke.13400
    • 1.20.15-gke.13700
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

Stable channel

  • Version 1.22.12-gke.500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.20.15-gke.11400
    • 1.21.13-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

Regular channel

  • Version 1.22.12-gke.300 is now the default version in the Regular channel.

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.12800
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.300 with this release.

Rapid channel

  • Version 1.24.3-gke.900 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.20.15-gke.13700
    • 1.21.14-gke.3000
    • 1.22.12-gke.1200
    • 1.23.9-gke.2100
    • 1.24.3-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.10-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.0-gke.1100 with this release.

The me-west1 region in Tel Aviv, Israel is now available.

On GKE Standard clusters using control plane version 1.24.2-gke.300 or later, you can configure the cluster and node pools to deploy an alternative version of the Logging agent designed to maximize logging throughput. The default Logging agent running in each GKE cluster guarantees at least 100 KB per second log throughput per node for system and workload logs. This Logging agent variant provides a 100x improvement, allowing for throughput as high as 10 MB per second on nodes that have at least 2 unused CPU cores.

Additionally, all GKE clusters with system metrics enabled now export a new metric (kubernetes.io/node/logs/input_bytes), which indicates the number of log bytes generated on a node. Using this metric can help you decide which variant of the logging agent makes sense to deploy in your cluster or node pools.

(2022-R22) Version updates

  • Version 1.22.12-gke.300 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:

    • 1.20.15-gke.11400
    • 1.20.15-gke.12800
    • 1.20.15-gke.13400
    • 1.20.15-gke.13700
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

(2022-R22) Version updates

  • Version 1.22.12-gke.500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.20.15-gke.11400
    • 1.21.13-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

(2022-R22) Version updates

  • Version 1.22.12-gke.300 is now the default version in the Regular channel.

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.12800
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.300 with this release.

(2022-R22) Version updates

  • Version 1.24.3-gke.900 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.20.15-gke.13700
    • 1.21.14-gke.3000
    • 1.22.12-gke.1200
    • 1.23.9-gke.2100
    • 1.24.3-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.10-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.0-gke.1100 with this release.

Media CDN

Media CDN now supports token-based client authentication and private external origin authentication for enhanced content protection and improved interoperability with multi-CDN and multi-cloud architectures in Preview.

Token-based authentication enables signing arbitrary data (like custom user identifiers), HMAC-based cryptography, and dual token exchange for token propagation through the duration of a playback session. For more information, see Prevent unauthorized distribution.

Private external origin authentication allows Media CDN to support private S3-compatible origins by dynamically generating signed requests with AWS Signature Version 4.

Pub/Sub

Pub/Sub is now available in me-west1 (Tel Aviv, Israel).

Pub/Sub Lite

Pub/Sub Lite is now available in Tel Aviv (me-west1).

Virtual Private Cloud

For auto mode VPC networks, added a new subnet 10.208.0.0/20 for the Tel Aviv me-west1 region. For more information, see Auto mode IP ranges.

Workflows

Execution results include the current or final step of the workflow execution.

September 12, 2022

Apigee Integrated Portal

On September 12, 2022 we released an updated version of Apigee integrated portal.

Bug ID Description
237412458 Fixed an issue where some SMTP settings were not migrated to an upgraded portal.
235634994 Implemented a minor security fix to block content spoofing in the API search page.
233407912 When creating a new App key for products that have been set to manual approval, but have already been approved, the new key will "auto" approve and not have to go through the approval process again.
Batch

The documentation page Get started with Batch has been rewritten. Information that was previously on that page has been relocated to the following new pages:

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

6.0.3 (2022-08-23)

Bug Fixes

Go

Changes for bigquery/storage/apiv1beta1

1.40.0 (2022-09-08)

⚠ BREAKING CHANGES
  • bigquery/dataexchange: update BigQuery Analytics Hub API v1beta1 client BREAKING CHANGE: refresh current dataexchange/v1beta1/* directory to include recent change in protos. Removed common directory and use local enum Category fix!: refactor references to Category message docs: improve proto documentation.
Features
  • bigquery/dataexchange: update BigQuery Analytics Hub API v1beta1 client BREAKING CHANGE: refresh current dataexchange/v1beta1/* directory to include recent change in protos. Removed common directory and use local enum Category fix!: refactor references to Category message docs: improve proto documentation. (e45ad9a)
  • bigquery/storage/managedwriter: Augment reconnection logic (#6609) (6b0ac0c)
  • bigquery: Add trace instrumentation support for individual rpcs (#6493) (eedc632)
  • bigquery: Improve error when reading null values (#6566) (e9a94c2), refs #2612
Documentation
  • bigquery: Add numeric and bignumeric to RowIterator docs (#6560) (bea4028)
Miscellaneous Chores
Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.11.2 (2022-09-07)

Bug Fixes
  • Make cloud-monitoring a runtime dependency (#1371) (930d043)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.2 (#1373) (43b8052)
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.2 (#1374) (4174f0d)
Cloud Billing

You can now estimate the cost of your workloads using the Cost Estimation API (Preview). The Cost Estimation API provides customer-specific estimates that include all your discounts, such as those negotiated as part of a contract and those based on committed usage. These cost estimates can help you make more informed business decisions.

Cloud Build

Cloud Build now supports Supply chain Levels for Software Artifacts (SLSA) level 3 assurance. Taking steps to reach SLSA level 3 can help you protect your build pipeline. To learn more, see Viewing build provenance.

Cloud Composer

Encryption with customer-managed encryption keys (CMEK) now applies to the persistent disk of the environment's Redis queue.

(Available without upgrading) Fixed a problem where the termination grace period for Airflow worker Pods in Cloud Composer 2 was set to 30 seconds (from 3600 seconds) after updating an environment. If your environment is impacted, this fix will apply automatically on the next update (or upgrade) operation. To apply the fix immediately, you can override and then delete a non-existing environment variable in your environment.

(Available without upgrading) When an environment is deleted, Cloud Composer automatically deletes the persistent disk of the environment's Redis queue.

Set the logging level of Airflow's DeprecationWarning messages to Warning.

(Available without upgrading) Cloud Composer now makes several attempts to create an environment when the Cloud Composer connection subnetwork is locked by another operation. This change improves the reliability when creating environments with Public Service Connect.

Fixed a potential race condition in Airflow workers that could cause new tasks to be executed on a worker that is scheduled to be scaled down. This fix prevents Airflow tasks from being stuck in the running state.

Adjusted CPU limits for the FluentD environment component (responsible for uploading task logs to Cloud Logging), to avoid potential problems that might result in missing logs in Cloud Logging.

The apache-airflow-providers-google package was upgraded to 2022.8.26+composer. Changes compared to version 2022.8.23+composer:

  • Added deferrable option to Dataproc operators to run the task asynchronously. (#25302)

    Cloud Composer team plans to add support for Deferrable operators in October, 2022.

Cloud Composer 1.19.9 and 2.0.26 images are available:

  • composer-1.19.9-airflow-1.10.15 (default)
  • composer-1.19.9-airflow-2.1.4
  • composer-1.19.9-airflow-2.2.5
  • composer-2.0.26-airflow-2.1.4
  • composer-2.0.26-airflow-2.2.5

Cloud Composer versions 1.17.0.preview.12, and 2.0.0-preview.0 have reached their end of full support period.

Cloud Functions

Cloud Functions has added support for a new runtime, .NET Core 6.0, at the Preview release level.

Cloud Key Management Service

Cloud KMS is available in the following region:

  • me-west1

For more information, see Cloud KMS locations.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.10.8 (2022-09-09)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#1060) (b5dea1b)

3.10.7 (2022-09-07)

Bug Fixes
  • Apply Google Java Code Clarity suggestions (#1044) (79e9d8d)
Cloud SQL for MySQL

The In-place Major Version Upgrade feature is now generally available for Cloud SQL for MySQL.

Cascading Replicas is now generally available for Cloud SQL. Customers can now configure PostgreSQL and MySQL for Cloud SQL read replicas to have read replicas under them.

Cloud SQL for PostgreSQL

Cascading Replicas is now generally available for Cloud SQL. Customers can now configure PostgreSQL and MySQL for Cloud SQL read replicas to have read replicas under them.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-dataflow

0.7.3 (2022-09-09)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#211) (20b1918)
Dataproc

Dataproc Serverless for Spark now uses runtime version 1.0.17 and 2.0.0-RC2.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

3.1.1 (2022-09-01)

Bug Fixes

Java

Changes for google-cloud-pubsub

1.120.14 (2022-09-10)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.15.0 (#1259) (257cb8f)
  • Update dependency com.google.cloud:google-cloud-core to v2.8.10 (#1258) (37e0034)
  • Update dependency com.google.cloud:google-cloud-core to v2.8.11 (#1264) (a19bc7a)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#1265) (52da9da)
Secret Manager

Cloud Secret Manager is now available in the following region:

  • me-west1

For more information, see Secret Manager locations.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-secretmanager

2.3.3 (2022-09-09)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#827) (b2162a7)

2.3.2 (2022-09-06)

Dependencies
  • Update dependency com.google.protobuf (6bf4745)

Node.js

Changes for @google-cloud/secret-manager

4.1.2 (2022-09-01)

Bug Fixes
  • Allow passing gax instance to client constructor (#399) (02d820f)
  • Do not import the whole google-gax from proto JS (#1553) (#398) (e16be85)

September 09, 2022

Apigee X

On September 09, 2022, we released an updated version of Apigee X.

With this release, Apigee support for Private Service Connect (PSC) is GA. PSC allows you to privately connect Apigee to target services running across VPC networks in addition to the peered network. For more information, see Southbound networking patterns.

Backup and DR

Announcing Google Cloud Backup and DR Service, a managed backup and disaster recovery (DR) service for centralized, application-consistent data protection. Protect workloads running in Google Cloud and on-premises by backing them up to Google Cloud.

Coming late September, 2022.

BigQuery ML

The following features are now generally available for ARIMA_PLUS models:

  • The HOLIDAY_REGION option can now take more than one region string as input. If you include more than one region string, the union of the holidays in all of the provided regions will be taken into the modeling.
  • You can use the new TREND_SMOOTHING_WINDOW_SIZE option to smooth the trend component of the time series by applying a center moving average.
Cloud Build

The Cloud Build script field is now generally available. This allows users to specify build steps using their scripting language of choice rather than as arguments to Docker. To learn more, see Running bash scripts.

Cloud Spanner

Query Optimizer version 5 is generally available, and is the default optimizer version.

Compute Engine

Generally available: Compute Engine supports importing a virtual disk with an UEFI bootloader. Learn more about using the --guest-os-features flag to enable UEFI booting for the imported disk.

Transfer Appliance

Remote Wipe is an optional step in the appliance return process that allows customers to erase data on their appliance before returning it to Google.

Learn more about how to wipe an appliance.

September 08, 2022

Anthos Service Mesh

Managed Anthos Service Mesh support for GKE Autopilot is now generally available in the Regular and Rapid channels. For more information, see Configure managed Anthos Service Mesh with fleet API or Configure managed Anthos Service Mesh with asmcli.

Anthos clusters on VMware

Anthos clusters on VMware 1.10.7-gke.15 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.7-gke.15 runs on Kubernetes 1.21.14-gke.2100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

Fixed for v1.10.7

Anthos clusters on VMware 1.11.3-gke.45 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.3-gke.45 runs on Kubernetes 1.22.8-gke.204.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

The gkectl diagnose cluster command automatically runs when gkectl diagnose snapshot is run, and the output is saved in a new folder in the snapshot called /diagnose-report.

Fixed for v1.11.3

Cloud Healthcare API

A demo for the Healthcare Natural Language API is now available. For more information, see Try the Healthcare Natural Language API.

Cloud Logging

Cloud Audit Logging no longer redacts the principal email associated with service accounts in audit logs. For more information, see Caller identities in audit logs.

Cloud Spanner

Cloud Spanner free trial instances are now generally available. With a free trial instance, you can learn and explore Spanner for 90 days at no cost. You can create Google Standard SQL or PostgreSQL-dialect databases and store up to 10 GB of data, with the option to upgrade at any time. For more information, see About Cloud Spanner free trial instances.

Compute Engine

The incorrect quota limits displayed in the Cloud console in the us-east5 region have been resolved.

Dataproc

Avoid using the following image versions when creating new clusters:

  • 2.0.31-debian10, 2.0.31-ubuntu18, 2.0.31-rocky8
  • 2.0.32-debian10, 2.0.32-ubuntu18, 2.0.32-rocky8
  • 2.0.33-debian10, 2.0.33-ubuntu18, 2.0.33-rocky8
  • 1.5.57-debian10, 1.5.57-ubuntu18, 1.5.57-rocky8
  • 1.5.58-debian10, 1.5.58-ubuntu18, 1.5.58-rocky8
  • 1.5.59-debian10, 1.5.59-ubuntu18, 1.5.59-rocky8

If your cluster uses one of these image versions, there is a small chance that the cluster might enter an ERROR_DUE_TO_UPDATE state while being updated, either manually or as a result of autoscaling. If that happens, contact support. You can avoid future occurrences by creating new clusters with a newer image version.

Google Kubernetes Engine

The Calico issue link included in the August 19, 2022 release notes issue was updated to the Calico issue #4857.

September 07, 2022

Anthos Service Mesh

Automatically configuring managed Anthos Service Mesh using the Fleet Feature API is now generally available in the rapid, regular, and stable release channels. With this feature, Google will automatically configure your control plane, data plane, and multi-cluster endpoint visibility. This is the preferred method to provision managed Anthos Service Mesh on GKE. For more information, see Configure managed Anthos Service Mesh with fleet API.

The Google-managed data plane is now generally available (GA) as a part of managed Anthos Service Mesh. The managed data plane helps you upgrade data plane proxies automatically. For more information see Configure managed Anthos Service Mesh.

Batch

Batch is now available in the following regions: asia-southeast1 and europe-west6. For more information, see Locations.

Compute Engine

Generally available: To reduce image licensing cost, you can now bring your Red Hat Enterprise Linux subscriptions to Google Cloud. For more information, see Create a VM using a RHEL BYOS image.

Preview: Accelerator-optimized (A2 ultraGPU) machine types with their attached A100 80GB GPUs are now available in the following region:

  • Iowa, North America: us-central1-c

Generally available: Archive snapshots are now available for more cost-efficient data retention as compared to regular snapshots, which are best suited for long-term back up and disaster recovery. For more information, see Archive snapshots.

Google Cloud Armor

Adaptive Protection suggested rules can now be deployed automatically in public preview. For more information, see Automatically deploy Adaptive Protection suggested rules.

Google Kubernetes Engine

The ip-masq-agent is not able to boot up on Arm nodes in GKE clusters with control planes running the following versions:

  • 2022-R18: 1.23.8-gke.1900, 1.24.2-gke.1900

  • 2022-R19: 1.24.3-gke.200

  • 2022-R20: 1.23.9-gke.900, 1.24.3-gke.900

This regression has been fixed. Please upgrade your control plane to versions included in the 2022-R21 release.

CVE-2021-4160, CVE-2022-1664, CVE-2022-1292, and CVE-2022-29155 have been patched in the Filestore CSI driver for newly created clusters.

Storage Transfer Service

Storage Transfer Service now offers Preview support for moving data from S3-compatible storage to Cloud Storage. This feature builds on recent Cloud Storage launches, namely support for Multipart upload and List Object V2, which makes Cloud Storage suitable for running applications written for the S3 API. With this new feature, customers can seamlessly copy data from self-managed object storage to Google Cloud Storage. For customers moving data from AWS S3 to Cloud Storage, this feature provides an option to control network routes to Google Cloud, resulting in considerably lower egress charges.

See Transfer from S3-compatible sources for details.

September 06, 2022

Apigee API hub

On September 6, 2022 Apigee hub released a new version of the software.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.5.6 on GitHub for details.

Bug ID Description
N/A Multiple fixes as listed at v0.5.6 Changelog on GitHub.
BigQuery

Cloud console updates: Improvements that are related to query execution include the following:

  • For long-running queries, the Execution details tab is automatically displayed with the timing details of each stage of the query.

  • In the query editor, you can now see the query validation message when your query is completed or canceled.

Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.30. To upgrade your existing instance to the new version, see Upgrade the database minor version.

VPC Service Controls

Beta stage support for the following integration:

Workflows

Support for connectors for Google Forms and Google Sheets is available in Preview.

September 05, 2022

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

4.0.2 (2022-08-27)

Bug Fixes

Java

Changes for google-cloud-bigtable

2.11.1 (2022-08-26)

Bug Fixes
  • Reset a measure map every time the stats are recorded (#1364) (1683365)
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

10.1.8 (2022-09-03)

Bug Fixes
  • Correction for timestamp and instrumentation record severity fields format (#1328) (057431b)

10.1.7 (2022-09-02)

Bug Fixes

10.1.6 (2022-08-31)

Bug Fixes
  • use _gaxModule when accessing gax for bundling (#1322) (9cd207d)

Java

Changes for google-cloud-logging

3.10.6 (2022-08-29)

Dependencies
  • use error_prone_annotation via shared deps (#1049) (0998b9b)
Cloud Run

Cloud Run now allows up to 4,000 serving revisions and 2,000 tagged revisions per region and project.

Secret Manager

Secret Manager now supports using annotations to define custom metadata about the secret. The metadata in an annotation can be small or large, structured or unstructured, and can include characters. You can add annotations to secrets when you create a new secret or when you edit an existing secret. For information, see Creating and managing annotations.

VPC Service Controls

General availability support for the following integration:

September 02, 2022

Apigee hybrid

hybrid v1.7.4

On September 2, 2022 we released an updated version of the Apigee hybrid software, v1.7.4.

For information on upgrading, see Upgrading Apigee hybrid to version 1.7.

Bug ID Description
232529030 Replaced the Logging fluentbit container environment variable http_proxy with HTTP_PROXY to maintain compatibility with fluentbit 1.8.
Bug ID Description
240833499 Security fix for gopkg.in/yaml.v3.
230369447 Security fix for commons-codec
230368838 Security fix for CVE-2018-10237, auto-value:guava.
230366823 Security fix for jackson-databind.
230366589 Security fix for CVE-2021-22696-cxf in cxf.
230366276 Security fix for CVE-2021-22569.
229804717 Security fix for apigee-envoy.
N/A Miscellaneous Security updates and fixes.
Chronicle

GetLog

The GetLog API method is now available as part of the Chronicle Search API. Use GetLog to retrieve a specific raw log using an event's UID.

Google Kubernetes Engine

(2022-R21) Version updates

  • The following versions are now available in the Rapid channel:

  • Version 1.24.3-gke.200 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.2700
    • 1.22.12-gke.500
    • 1.23.9-gke.900
    • 1.24.2-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.3000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.200 with this release.

(2022-R21) Version updates

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.21.14-gke.700
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.11-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

(2022-R21) Version updates

  • The following versions are now available in the Stable channel:

  • Version 1.21.14-gke.700 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.2200
    • 1.22.10-gke.600
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

(2022-R21) Version updates

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

(2022-R21) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.21.14-gke.700 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.2200
    • 1.22.10-gke.600
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.21.14-gke.700
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.11-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • Version 1.24.3-gke.200 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.2700
    • 1.22.12-gke.500
    • 1.23.9-gke.900
    • 1.24.2-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.3000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.200 with this release.

Transfer Appliance

The lock/unlock feature allows you to securely move an appliance between data centers while ensuring that the data is encrypted and not accessible when the appliance comes in contact with third-party shipping services or people outside of your organization.

Learn more about the guide here.

September 01, 2022

Agent Assist

Agent Assist now offers the new Summarization (Preview) feature. Summarization allows you to automatically provide your agents with summaries after each conversation has ended. See the Summarization documentation for details.

Agent Assist now offers regionalized data residency. When you specify a region, your data-at-rest will be confined to the specified geographic region or location. See the regionalization and data residency documentation for a list of supported regions and more information.

Anthos Service Mesh

1.13.7-asm.3 is now available.

This patch release contains a fix for an issue where istiod starts up very slowly when connectivity to the Google Cloud metadata service is partially broken. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

Anthos Service Mesh 1.13.7-asm.3 includes the features of Istio 1.13.7 subject to the list of Anthos Service Mesh supported features.

Apigee Integration

On September 01, 2022 we released an updated version of the Apigee Integration software.

Region support for integration endpoint

BigQuery

The slot recommender creates recommendations for customers using on-demand billing and is now generally available (GA).

BigQuery ML

The Random Forest model is now generally available (GA). For more information, see the random forest sections in the end-to-end user journey page.

Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Arcsight CEF (ARCSIGHT_CEF)
  • Aruba (ARUBA_WIRELESS)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • Azure AD (AZURE_AD)
  • BeyondTrust (BOMGAR)
  • Bitdefender (BITDEFENDER)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Bluecat DDI (BLUECAT_DDI)
  • CA LDAP (CA_LDAP)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco ACS (CISCO_ACS)
  • Cisco Router (CISCO_ROUTER)
  • Cisco UCM (CISCO_UCM)
  • Cisco Umbrella IP (UMBRELLA_IP)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco VPN (CISCO_VPN)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • CrowdStrike Falcon (CS_EDR)
  • Falco IDS (FALCO_IDS)
  • FireEye HX (FIREEYE_HX)
  • Forcepoint CASB (FORCEPOINT_CASB)
  • FortiGate (FORTINET_FIREWALL)
  • GCP Load Balancing (GCP_LOADBALANCING)
  • GCP Cloud Audit (N/A)
  • HP Aruba Clearpass (CLEARPASS)
  • Infoblox DNS (INFOBLOX_DNS)
  • Linux DHCP (LINUX_DHCP)
  • Microsoft Intune (AZURE_MDM_INTUNE)
  • Office 365 (OFFICE_365)
  • Open LDAP (OPENLDAP)
  • Ordr IoT (ORDR_IOT)
  • Palo Alto Networks Traps (PAN_EDR)
  • Pivotal (PIVOTAL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Red Hat OpenShift (REDHAT_OPENSHIFT)
  • Sophos Firewall Next Gen (SOPHOS_FIREWALL)
  • Sourcefire (SOURCEFIRE_IDS)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Event export (SYMANTEC_EVENT_EXPORT)
  • Tanium Comply (TANIUM_COMPLY)
  • Vectra Detect (VECTRA_DETECT)
  • VMware ESXi (VMWARE_ESX)
  • Windows Event (WINEVTLOG)

For details about changes in each parser, see Supported default parsers.

The following changes are available in the Unified Data Model:

  • The ip_location field was added to Noun type.
  • The day_max_sub_domains field was added to the Prevalence type.
  • The source_type field was added to the EntityMetadata type.

For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.

Cloud Run

Terraform samples are now available in many of the Cloud Run tutorials and guides, such as:

and many other pages. You can also find a full list of Terraform samples in GitHub.

Compute Engine

The following changes have been introduced to how your resource usage is calculated to determine applicable sustained use discounts:

  • Usage will be calculated on an hourly basis instead of a per microsecond basis.
  • Usage will be calculated collectively for a billing account instead of on a per project basis.
Config Connector

Config Connector version 1.93.0 is now available.

Config Connector will deprecate GameServicesRealm on November 15, 2022 due to the deprecation of Google Cloud Game Servers on June 30, 2023. This means that Config Connector will stop reconciling GameServicesRealm resources. If you have any questions or require assistance, please contact Google Cloud Support.

Added support for "reconcile resource immediately once its dependency is ready" feature for CloudFunctionsFunction, EventarcTrigger, MonitoringUptimeCheckConfig, ServiceDirectoryEndpoint, and ServiceDirectoryService.

Increased webhook timeout to 10s.

Added spec.cdnPolicy.bypassCacheOnRequestHeaders and spec.cdnPolicy.requestCoalescing fields to ComputeBackendBucket.

Added spec.scheduling.instanceTerminationAction field to ComputeInstance.

Added spec.scheduling.instanceTerminationAction field to ComputeInstanceTemplate.

Added spec.networkRef and spec.subnetworkRef fields to ComputeRegionNetworkEndpointGroup.

Added spec.certificateMapRef field to ComputeTargetHTTPSProxy.

Added spec.binaryAuthorization, spec.clusterAutoscaling.autoProvisioningDefaults.bootDiskKMSKeyRef, and spec.meshCertificates fields to ContainerCluster.

Deprecated spec.enableBianryAuthorization field in ContainerCluster.

Added spec.binaryAuthorization.evaluationMode field in ContainerCluster.

Added spec.conditions.conditionMonitoringQueryLanguage.evaluationMissingData, and spec.conditions.conditionThreshold.evaluationMissingData fields to MonitoringAlertPolicy.

Added spec.bigqueryConfig field to PubSubSubscription.

Added spec.customerManagedKeyRef field to RedisInstance.

Added spec.versionRetentionPeriod field to SpannerDatabase.

Fixed the mutability of spec.settings.collation in SQLInstance, as it is actually immutable.

Added spec.settings.locationPreference.secondaryZone, spec.settings.passwordValidationPolicy, and spec.settings.sqlServerAuditConfig fields to SQLInstance.

Added spec.lifecycleRule.condition.matchesPrefix and spec.lifecycleRule.condition.matchesSuffix fields to StorageBucket.

Dataproc

Fixed issue where gcloud dataproc batches list hangs when a large number of batches is present.

Document AI

We are standarding our release processes and naming conventions for processor versions. For more information, see Manage processor versions.

Text-to-Speech

Text-to-Speech now offers these new voices. See the supported voices page for a complete list of voices and audio samples.

cloud-ta-IN-Wavenet-C cloud-ta-IN-Standard-C cloud-ta-IN-Wavenet-D cloud-ta-IN-Standard-D

August 31, 2022

Cloud Load Balancing

External TCP and SSL proxy load balancers now allow you to specify a forwarding rule with a global anycast IP address and any port from 1-65535. The target TCP or SSL proxy terminates IPv4 or IPv6 client traffic at the specified port and then proxies the traffic to backend instances.

For more information, see the following:

This feature is available in General Availability.

Cloud Translation

Cloud Translation - Advanced (v3) support for a multi-regional US endpoint is now Generally Available (GA).

Google Cloud Armor

The Google Cloud Armor custom rules language now supports URL, URL Unicode and utf-8 decoding.

August 30, 2022

Anthos clusters on bare metal

Release 1.11.5

Anthos clusters on bare metal 1.11.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.5 runs on Kubernetes 1.22.

Fixes:

  • Increased the default storage size limit of etcd to 6 GiB.

  • The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee X

On August 30, 2022, Apigee announced the GA launch of Pay-as-you-go pricing, a consumption-based model for Google's Apigee Platform.

When you use Pay-as-you-go pricing for Apigee, you are charged for the following:

  • The number of Apigee gateway nodes in the Apigee organization
  • The number of API requests processed by Apigee Analytics services
  • The amount of network usage

For more information, see the Pay-as-you-go overview and the Pay-as-you-go Example pricing.

With this release, the Apigee Pay-as-you-go pricing model includes a maximum Apigee gateway node count of 1,000 across all environments in a region.

Cloud Monitoring

You can now collect additional MongoDB metrics from the Ops Agent, starting with version 2.19.0. For more information, see Monitoring third-party applications: MongoDB.

Datastream

You can now set the number of maximum concurrent CDC tasks for a stream using the Datastream API. To learn more, see Manage streams.

Policy Intelligence

The user interface for Policy Troubleshooter in the Cloud console has been updated to improve usability. To view the new user interface, visit the Policy Troubleshooter page in the Cloud console.

Storage Transfer Service

Storage Transfer Service now offers preview support for multipart uploads for transfers originating from a file system, if the destination or intermediate bucket uses the Standard storage class.

Multipart uploads can speed up transfers that include large files. You must grant additional permissions on the destination or intermediate bucket; see Permissions for file system transfers for details.

August 29, 2022

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions:

  • 1.21.14-gke.2900
  • 1.22.12-gke.1100
  • 1.23.9-gke.800
Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions:

  • 1.21.14-gke.2900
  • 1.22.12-gke.1100
  • 1.23.9-gke.800
BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.39.0 (2022-08-23)

Features
  • bigquery/storage: allow users to set Apache Avro output format options through avro_serialization_options param in TableReadOptions message Through AvroSerializationOptions, users can set enable_display_name_attribute, which populates displayName for every avro field with the original column name Improved documentation for selected_fields, added example for clarity. (41ab4ec)
  • bigquery: add PreserveAsciiControlCharacters support for CSV (#6448) (b7bac2f)
  • bigquery: add preview support for default values (#6464) (edc3be5)

Java

Changes for google-cloud-bigquery

2.14.7 (2022-08-23)

Bug Fixes
  • table-not-found issue with executeSelect while running long queries (#2222) (4876569)

2.15.0 (2022-08-25)

Features

Community contributed UDFs are now generally available in the bigquery-utils GitHub repository and the bigquery-public-data.persistent_udfs public dataset.

Cloud console updates: In the query editor, when you select a function signature from the autocomplete list, you can remove the parameter names quickly by pressing the Backspace or Delete key.

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.11.0 (2022-08-17)

Features
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.1 (#1352) (f8d97e5)
Cloud Composer

The apache-airflow-providers-google package was upgraded to 2022.8.23+composer. Changes compared to version 2022.8.16+composer:

  • Added missing google-cloud-dataform package.

Cloud Composer uses a custom version of the apache-airflow-providers-google package. This custom version is based on the public version 6.8.0. For information about other changes compared to version 6.8.0, see release notes for the previous versions of this package.

Cloud Composer now generates an error message if an environment label matches internal environment labels used by Cloud Composer.

(Available without upgrading) It is no longer possible to set environment variables with names http_proxy and https_proxy.

(Cloud Composer 1) Fixed a transient issue that caused environment creation operations to fail with the Couldn't bring up ['composer-fluentd-daemon', 'airflow-worker'] in time message.

Cloud Composer 1.19.8 and 2.0.25 images are available:

  • composer-1.19.8-airflow-1.10.15 (default)
  • composer-1.19.8-airflow-2.1.4
  • composer-1.19.8-airflow-2.2.5
  • composer-2.0.25-airflow-2.1.4
  • composer-2.0.25-airflow-2.2.5

Cloud Composer versions 1.16.15 and 1.17.0.preview.11 have reached their end of full support period.

Cloud Data Loss Prevention

The PERSON_NAME infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.10.5 (2022-08-25)

Bug Fixes
  • resource detection for 2nd gen of Cloud Functions works incorrectly (#1045) (dda1d0a)
Cloud Monitoring

You can now manage Monitoring-specific roles by using the Cloud Monitoring pages in the Google Cloud console. For more information, see Grant access to Cloud Monitoring.

Filestore

Filestore is now available in Madrid, Spain (europe-southwest1 region).

Filestore is now available in Paris, France (europe-west9 region).

Filestore is now available in Milan, Italy (europe-west8 region).

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.25.1 (2022-08-24)

Bug Fixes

1.25.0 (2022-08-23)

Features
Documentation

Java

Changes for google-cloud-pubsub

1.120.13 (2022-08-24)

Dependencies
  • update dependency com.google.cloud:google-cloud-bigquery to v2.14.7 (#1254) (775c993)
SAP on Google Cloud

New SAP certification for operating system

SAP has certified the operating system Red Hat Enterprise Linux 8.6 for SAP HANA and SAP NetWeaver on Google Cloud.

For more information about SAP certified operating systems, see:

Monitoring agent for SAP HANA version 2.7

Version 2.7 of the monitoring agent for SAP HANA is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring agent for SAP HANA.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-secret-manager

2.12.4 (2022-08-24)

Documentation
  • samples: Added sample for creating Secret with UserManaged replication (#328) (c5fe7ff)
Workflows

Added support to deploy a workflow using a cross-project service account through the Google Cloud console.

August 26, 2022

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for PostgreSQL

The following extensions in Cloud SQL for PostgreSQL are generally available:

  • pgRouting. Enhances geospatial processing, through network routing and analysis, for PostGIS.
  • plv8. Provides a procedural language for enabling the use of JavaScript.
  • amcheck. Enables the use of the pg_amcheck application to check for corruption in PostgreSQL databases.
Cloud Scheduler

Support for using VPC Service Controls with Cloud Scheduler is now generally available (GA). To get started, check out the documentation on how to secure cron jobs with VPC Service Controls.

Google Distributed Cloud Edge

This is a patch release of Google Distributed Cloud Edge (version 1.1.1).

The following changes have been introduced in this release of Google Distributed Cloud Edge:

  • Google Distributed Cloud Edge worker nodes have been updated to Kubernetes 1.22.

The following issues have been resolved in this release of Google Distributed Cloud Edge:

  • The SR-IOV interface no longer fails to start after a Google Distributed Cloud Edge worker node has been rebooted.

August 25, 2022

Access Approval

Access Approval supports Dataproc in the Preview stage.

AlloyDB for PostgreSQL

AlloyDB supports customer-managed encryption keys (CMEK), an alternative to its default Google-managed encryption. CMEK is especially useful for AlloyDB users who need to manage their own data encryption keys in order to satisfy specific compliance or regulatory requirements.

Anthos clusters on AWS (previous generation)

Anthos clusters on AWS (previous generation) aws-1.12.2-gke.1 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.21.14-gke.2900
  • 1.22.12-gke.1100
  • 1.23.9-gke.800
Anthos clusters on VMware

Anthos clusters on VMware 1.12.1-gke.57 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.1-gke.57 runs on Kubernetes 1.23.5-gke.1505.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

  • GA: You can now have your GKE clusters in separate vSphere clusters. With this feature, you can deploy the admin cluster in one vSphere cluster, and a user cluster in a different vSphere cluster.
  • Fixed the issue where mounting emptyDir volume with exec option on Container-Optimized OS (COS) nodes fails with permission error.
  • Fixed the issue where enabling and disabling cluster autoscaler sometimes prevents nodepool replicas from being updated.
  • Fixed the manual node repair issue where manually adding the onprem.cluster.gke.io/repair-machine Machine annotation can trigger VM recreation without deleting the Machine object.
  • Switched back to cgroup v1 (hybrid) for Container Optimized OS (COS) nodes because cgroup v2 (unified) could potentially cause instability for your workloads in a COS cluster.
  • Fixed the issue where running gkectl repair admin-master after a failed admin cluster upgrade attempt caused subsequent admin upgrade attempts to fail. A preflight check has been added for gkectl repair admin-master to prevent the process from using a template that doesn't match the admin cluster checkpoint.
  • Fixed the issue where kubectl describe might error or timeout if resource number is too high during a cluster snapshot.
  • Fixed the following vulnerabilities:

Anthos clusters on bare metal

Release 1.12.2

Anthos clusters on bare metal 1.12.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.2 runs on Kubernetes 1.23.

Features:

  • Added –use-disk flag to bmctl backup cluster command to use the disk instead of the in-memory buffer to back up a cluster. Use this option when available RAM is limited on your admin workstation.
  • Added --quiet flag to bmctl check cluster -- snapshot command to suppress logging to the console during the snapshot creation.

Fixes:

  • Added caching for the Cloud Audit Logging feature status to avoid unnecessary checks and improve performance.
  • Increased the etcd default DB size to 6GiB by default to address NO_SPACE_ALARM in high-scale clusters.
  • Fixed a libseccomp package incompatibility issue.
  • Fixed an issue with the machine-reset job getting stuck.
  • Fixed an issue that caused continuous, unneeded cluster reconciliation operations.
  • Fixed an issue that prevented the node problem detector from running after a cluster upgrade.

The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee API hub

On August 25, 2022 Apigee hub released a new version of the software.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.5.5 on GitHub for details.

Bug ID Description
N/A Multiple fixes as listed at v0.5.5 Changelog on GitHub.
Artifact Registry

Container Analysis automatic scanning for Java and Go vulnerabilities in container images is now in Preview. If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry for Java and Go vulnerabilities, in addition to operating system vulnerabilities.

Container Analysis returns Java and Go vulnerability results for images that have a supported or unsupported operating system. When you push new versions of images to the registry, you might see more successful vulnerability scans and corresponding charges against images without a supported operating system.

For more information, see the Types of scanning in the Container Analysis documentation.

Cloud Monitoring

There are new filtering capabilities for the projects.uptimeCheckConfig.list API method. For more information, see UptimeCheckConfig.

Compute Engine

Preview: You can double the default size limit for a managed instance group (MIG): Zonal MIGs now support up to 2,000 VMs and regional MIGs support up to 4,000 VMs. For more information, see Increase the group's size limit

Dataflow

Dataflow now uses Regional Managed Instance Groups (MIGs). Previously, Dataflow used zonal MIGs.

If this change causes you to exceed your quota, set your Regional managed instance groups quota to the same limit assigned to your Managed instance groups quota. For more information, see Working with quotas.

Transcoder API

Deinterlace configurations are now supported.

August 24, 2022

AlloyDB for PostgreSQL

You can view which zones host a primary instance's active or standby VMs.

Cloud Storage

The restrict authentication types organization policy constraint is now generally available (GA). This constraint allows you to restrict the authentication types that can be used in requests for Cloud Storage resources.

Data Catalog

Data Catalog search now supports filtering results based on tag values. For more information see Filters for search results.

Dataproc

Announcing the Preview release of Dataproc custom constraints, which can be used to allow or deny specific operations on Dataproc clusters.

Migrate to Virtual Machines

Issue: Linux repositories that use Yum as their package management may have Yum configurations set explicitly to minor versions. For example, a Yum configuration may point to specific repositories holding 7.6 packages. This is not currently supported by Google. Only repositories holding the latest versions are supported. This may cause a failure to install the Google guest environment after the VM is detached.

Workaround: Update your Yum configuration to refer to the available repositories. For RHEL 7.x, verify that the variable $releasever holds the value 7Server, and not a specific release version number (7.6 for example) by running echo 7Server > /etc/yum/vars/releasever.

Resource Manager

Organization Policy custom constraints has launched into public preview. Custom constraints can allow or restrict access to API calls in the same way that predefined constraints do, but allow administrators to configure conditions based on request parameters and other metadata. For more information, see Creating and managing custom constraints.

SAP on Google Cloud

Monitoring agent for SAP HANA version 2.6

Version 2.6 of the monitoring agent for SAP HANA is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring agent for SAP HANA.

Google Cloud monitoring agent for SAP NetWeaver version 2.6

Version 2.6 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring SAP NetWeaver on Google Cloud.

August 23, 2022

Anthos clusters on bare metal

Release 1.10.8

Anthos clusters on bare metal 1.10.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.8 runs on Kubernetes 1.21.

Fixes

The following container image security vulnerability has been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Anthos VM Runtime

Anthos VM Runtime is Generally Available (GA). Some features and capabilities are available for Preview only, as indicated in the following descriptions:

  • Upgraded Kubevirt to version 0.49.
  • Upgraded Containerized Data Importer (CDI) to version 1.43.0.
  • Added bmctl command to enable or disable Anthos VM Runtime on user clusters.
  • Added automatic upgrade of Anthos VM Runtime when upgrading Anthos clusters on bare metal.
  • Preview: Added ability to configure an eviction policy that controls how VMs automatically migrate to other hosts during maintenance events.
  • Preview: Added non-disruptive upgrading of VM runtime during live migration (that is, when VMs are unobtrusively migrated from one node to another).

VM APIs:

Observability:

Guest OS support:

Added support for the following guest OS versions running on a Virtual Machine:

  • Windows Server 2019
  • Windows Server 2016
  • Windows 10
  • Red Hat Enterprise Linux (RHEL) 8
  • RHEL 7
  • CentOS 8
  • CentOS 7
  • Ubuntu 20.04
  • Ubuntu 18.04

VM networking features:

  • IPAMv4: Static IP Allocation for VM interfaces.
  • IP and MAC Stickiness for VM interfaces.
  • IPAMv4: DHCP for VM interfaces.
  • VLAN tagging support for VM Interfaces.
  • Multi-NIC for VM interfaces through native Dataplane V2 support (macvtap + Dataplane V2).
  • Static routes and DNS configurations at per-network basis.
  • NetworkPolicy enforcement at per-network basis.
  • Validating admission webhooks for Network and NetworkInterface object.
  • Network Mutation, allow the mutations of Gateway, DNS and the customized network routes in the network custom resource. The parent interface for the VM and the VLAN ID are not mutable. VMs that were already running before the network configuration change need to be restarted to pick up the change.
  • Added command to restart all VMs in a network.
  • Graceful IP release for VMs:

    • During VM migration, the IP isn't released.
    • IP addresses are released for VMs that are deleted or stopped.

    For more information on networking, see Create and use virtual networks for Anthos VM Runtime.

VM Runtime issues:

  • When kubevirt is configured, customers should ensure that TOR switches have MAC learning enabled.

  • If you choose to manually run a DHCP ipconfig /renew command in a Windows VM, you should first perform a DHCP release, using theipconfig /release command. In other words, the sequence for manually performing a DHCP renewal in a Windows environment is the following:

    ipconfig /release
    ipconfig /renew
    
Apigee API hub

On August 23, 2022 Apigee hub released a new version of the software.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.5.4 on GitHub for details.

Bug ID Description
N/A Multiple fixes as listed at v0.5.4 Changelog on GitHub.
Apigee UI

On August 23, 2022, we released an updated version of the Apigee UI.

Note: Rollouts of this release will begin today and may take several weeks to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.

With this release, the Apigee UI will display the new version of the Proxy Editor by default.

In this release, you can view both the visual editor and the text editor at the same time in the Develop view, without having to manually switch between the two. You can also resize the display area of either editor to view it more easily. See Change the target endpoint for a description of the changes to the editor layout.

Carbon Footprint

The carbon_footprint_kgCO2e.scope2.market_based and carbon_offsets_kgCO2e fields of the exported carbon data are set to NULL instead of 0, to better reflect that the fields are not yet populated.

Google Kubernetes Engine

CVE-2022-24675 CVE-2022-2068 CVE-2022-28327 have been patched in the PD CSI driver in 1.23 for newly created clusters.

For VPC-native clusters, the user-managed secondary range for Services can now be shared among clusters in the same subnet. The Services range no longer needs to be unique for clusters on the same subnet. Shared Services ranges are backwards-compatible with all GKE versions.

Kf

Added limits to containers.

Fixed set-env slowness.

SAP on Google Cloud

Terraform configurations for SAP deployments on Google Cloud

Terraform configurations to automate the deployment of the following SAP solutions on Google Cloud are now generally available (GA):

  • SAP HANA single-host scale-up or multi-host scale-out
  • SAP HANA scale-out with host auto-failover
  • SAP HANA scale-up in a Linux high-availability cluster
  • SAP NetWeaver on RHEL or SLES
  • SAP NetWeaver high-availability cluster configuration on SLES

For more information, see Automating SAP deployments on Google Cloud with Terraform.

Transcoder API

Audio-only outputs are now supported. For more information, see the Pricing page and the sample configuration.

Labels are now supported. Labels are key-value pairs you can use to organize resources.

August 22, 2022

API Keys API

API Keys API is now available in GA.

Apigee X

On August 22, 2022, we released an updated version of Apigee X (1-8-0-apigee-33).

Bug ID Description
N/A Upgraded infrastructure and libraries

Value of io.timeout.millis is not honored when used with multiple dynamic targets.

If a proxy sets two or more io.timeout.millis values in two or more flows using the same target host, only one io.timeout.millis value is honored.

Apigee hybrid

hybrid v1.8.0

On August 22, 2022 we released an updated version of the Apigee hybrid software, v1.8.0.

For information on upgrading, see Upgrading Apigee hybrid to version 1.8.

Apigee Ingress gateway

Starting in version 1.8, Apigee hybrid offers a new feature to manage the ingress gateway for your hybrid installation, Apigee ingress gateway. Anthos Service Mesh is no longer a prerequisite for hybrid installation. With Apigee ingress gateway, Apigee will stop supplying routing configuration to Anthos Service Mesh. See Managing Apigee ingress.

ORG-level UDCA

Apigee hybrid now supports setting UDCA at the org level instead of at the environment level. See orgScopedUDCA in the Configuration property reference.

Support for newer versions of Anthos, Anthos Service Mesh, and Kubernetes

Starting in version 1.8, Apigee hybrid supports Anthos version 1.12, Anthos Service Mesh version 1.13, and Kubernetes version 1.23 on specific platforms. See Apigee hybrid supported platforms and versions for details.

KVM pagination

Apigee hybrid now supports KVM pagination (introduced in Apigee X on March 10, 2022). See REST Resource: organizations.keyvaluemaps and REST Resource: v1.organizations.environments.keyvaluemaps.

apigeectl now supports the --v option to set the log verbosity level

Starting in version 1.8, apigeectl includes a --v option to set log verbosity levels in the format --v=int, for example apigeectl apply --v=5. This option replaces the --verbose option (now deprecated). This is the same as the kubectl --v option. See apigeectl for details.

tools/apigee-pull-push.sh includes a –list option to list all images

Starting in version 1.8, The tools/apigee-pull-push.sh utility has a --list or -l option that will list all images in the gcr repo. See apigee-pull-push.sh for details.

Bug ID Description
239854141 apigee-pull-push.sh now uses gcr source repositories. (Fixed in Apigee hybrid v1.8.0)
238370197 Fixed an issue where the timeTaken variable's value could sometimes be calculated incorrectly. (Fixed in Apigee hybrid v1.7.3)
236399482 Added support for ASM v1.13. (Fixed in Apigee hybrid v1.7.2)
236129944 Fixed the controller crashloopbackoff due to null pointer issue. (Fixed in Apigee hybrid v1.6.9)
236129944 Fixed the controller crashloopbackoff resulting from null pointer. (Fixed in Apigee hybrid v1.7.2)
234620567 Fix logger issue in Anthos BareMetal with CentOS. (Fixed in Apigee hybrid v1.6.9)
234355351 Fixed issue with message processor pods restarting frequently. Added backoff polling task for Cloud KMS key listener. The listener is paused only when the flush policy is met. (Fixed in Apigee X, June 21, 2022)
233349518 Fixed "Invalid Resource" error generated for job/apigee-resources-install. (Fixed in Apigee hybrid v1.7.1)
233094108 Fixed Stacktrace truncation in runtime containers to support proxy diagnosis. (Fixed in Apigee hybrid v1.7.2)
232977937 Fixed an issue where deployment would become stuck on "Applying routing changes on" for multiple ingress gateways. (Fixed in Apigee hybrid v1.7.1)
231313050 Fixed issue causing Apigee logger pod to remain in crashloopbackoff state. (Fixed in Apigee hybrid v1.7.2)
229824389 Fixed an issue in hybrid 1.7.0 where the output apigeectl init could be generated in the wrong order. (Fixed in Apigee hybrid v1.7.1)
229804717 Fixed upgrade envoy to use distroless v1.22.0. (Fixed in Apigee hybrid v1.7.1)
229639530 Fixed an error harmonizing the container process ID to use Apigee ID for Hybrid on OpenShift. (Fixed in Apigee hybrid v1.7.1)
228855520 Upgraded support for ASM version 1.13. (Fixed in Apigee X, May 9, 2022)
227600373 Fixed an installation issue with Cassandra. (Fixed in Apigee hybrid v1.6.7)
227538469 Fixed an issue where configuration actions would write logs to the pod file system. (Fixed in Apigee hybrid v1.7.1)
226964206 MART, runtime and synchronizer would write to the pod file system. (Fixed in Apigee hybrid v1.7.1)
226464960 Apigee hybrid fresh installations on OpenShift 4.6 and 4.8 would fail. (Fixed in Apigee hybrid v1.6.7)
225939342 Fixed an error where deployment status would show as "Applying routing changes on {env}". (Fixed in Apigee hybrid v1.7.1)
225198475 Fixed an issue where resource reference changes could not be detected. (Fixed in Apigee hybrid v1.7.1)
225169066 Cassandra database backup and restore was not working when http_proxy is enabled under certain circumstances. (Fixed in Apigee hybrid v1.5.10)
225081332 Fixed allow privileged pods issue. (Fixed in Apigee hybrid v1.7.1)
224620542 On some Kubernetes platforms, logging would fail without adding an empty directory for the logs. (Fixed in Apigee hybrid v1.6.7)
223081301 Fixed organization-level UDCA incorrect http-proxy secret name. (Fixed in Apigee hybrid v1.6.7)
222649295 Organization-level UDCA would hang. (Fixed in Apigee hybrid v1.6.7)
221885751 Hybrid logging functionality has been reworked. This should resolve issues with excessive log volume generation, frequent logger restarts, and ensure correct logger functionality with both docker and containerd runtimes. (Fixed in Apigee hybrid v1.5.8)
221292104 Fix to address failure to capture requests in Debug sessions involving PostClientFlow ServiceCallouts. (Fixed in Apigee X, May 9, 2022)
221266789 Hybrid logging functionality has been reworked. This should resolve issues with excessive log volume generation, frequent logger restarts, and ensure correct logger functionality with both docker and containerd runtimes. (Fixed in Apigee hybrid v1.6.7)
219622478 Fixed the CPS property token so that when set to true, it will allow the instance to shutdown and reboot when cassandra connection failures occur. (Fixed in Apigee hybrid v1.7.3)
216018530 Fixed an issue where the apigee-logger-apigee-telemetry DaemonSet could still be left running after turning off logger. (Fixed in Apigee hybrid v1.7.1)
213261445 Fixed reliance on keystore generated by cert manager for metrics endpoint and removed the need for a custom generate_cert script. (Fixed in Apigee hybrid v1.6.7)
211716827 Fixed an issue where a non-default gateway could cause routing errors in certain circumstances. (Fixed in Apigee hybrid v1.7.1)
205616792 Fixed core dump on running user schema setup. (Fixed in Apigee hybrid v1.7.1)
202950533 Remove the server header from all responses. This will be consistent with CG SaaS and OPDK. (Fixed in Apigee hybrid v1.8.0)
202403896 Upgrade to Apigee hybrid v1.6 from v1.5 could fail due to annotation size. (Fixed in Apigee hybrid v1.5.8)
Bug ID Description
230369447 Security fix for commons-codec (Fixed in Apigee hybrid v1.8)
230368838 Security fix for CVE-2018-10237, auto-value:guava (Fixed in Apigee hybrid v1.8)
230366823 Security fix for jackson-databind (Fixed in Apigee hybrid v1.8)
230366589 Security fix for CVE-2021-