Google Cloud release notes

Stay organized with collections Save and categorize content based on your preferences.

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

September 28, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.12.2-gke.21 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.2-gke.21 runs on Kubernetes 1.21.4-gke.200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

  • Fixed the issue where you may not be able to add a new user cluster if a user cluster is stuck in the deletion process, and your admin cluster is set up with a MetalLB load balancer configuration.
  • Fixed an issue where istiod starts up very slowly when connectivity to the Google Cloud metadata service is partially broken.
  • Fixed the issue where the admin control plane VM template is deleted after a resumed admin cluster upgrade attempt.
  • Fixed the issue where user cluster check-config fails when the admin cluster uses cos as the osImageType.
  • Fixed the following vulnerabilities:
Apigee X

On September 28, 2022, we released an updated version of Apigee X (1-9-0-apigee-3).

Bug ID Description
218567150 X-request-id headers modified at 14th character.
246774745 io.timeout.millis not honored, causing 504 Gateway timeout for dynamic targets.
173566787 Reuse existing target IPs if DNS resolution fails on DNS cache refresh. If a DNS server fails to resolve a hostname that has successfully resolved before, use the earlier resolved IP address for one keep-alive interval to prevent an outage.
N/A Upgraded infrastructure and libraries
BigQuery

With Datastream for BigQuery, you can now replicate data and schema updates from operational databases directly into BigQuery. This feature is now in preview.

Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Apache (APACHE)
  • Aruba (ARUBA_WIRELESS)
  • AWS GuardDuty (GUARDDUTY)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • BeyondTrust (BOMGAR)
  • Box (BOX)
  • Cisco Application Centric Infrastructure (CISCO_ACI)
  • Cisco Application Control Engine (CISCO_ACE)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CrowdStrike Falcon (CS_EDR)
  • Crowdstrike IOC (CROWDSTRIKE_IOC)
  • F5 ASM (F5_ASM)
  • Fluentd Logs (FLUENTD)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • GCP Cloud Audit (N/A)
  • GCP DNS (N/A)
  • GCP Load Balancing (GCP_LOADBALANCING)
  • HCNET Account Adapter Plus (HCNET_ACCOUNT_ADAPTER)
  • Kong API Gateway (KONG_GATEWAY)
  • Linux Auditing System (AuditD) (AUDITD)
  • ManageEngine AD360 (MANAGE_ENGINE_AD360)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • McAfee Web Gateway (MCAFEE_WEBPROXY)
  • McAfee Web Protection (MCAFEE_WEB_PROTECTION)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Mongo Database (MONGO_DB)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • OSQuery (OSQUERY_EDR)
  • OSSEC (OSSEC)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Red Canary (REDCANARY_EDR)
  • Snort (SNORT_IDS)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • Symantec Endpoint Protection (SEP)
  • Tanium Asset (TANIUM_ASSET)
  • Tanium Stream (TANIUM_TH)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Workday (WORKDAY)
  • Zeek JSON (BRO_JSON)

For details about changes in each parser, see Supported default parsers.

Cloud Monitoring

You can now collect additional Elasticsearch metrics from the Ops Agent, starting with version 2.21.0. For more information, see Monitoring third-party applications: Elasticsearch.

You can now collect additional PostgreSQL metrics from the Ops Agent, starting with version 2.21.0. For more information, see Monitoring third-party applications: PostgreSQL.

Cloud SQL for MySQL

Query Insights is now generally available. Query Insights helps you detect, diagnose, and prevent query performance problems for Cloud SQL databases. It provides self-service, intuitive monitoring, and diagnostic information that goes beyond detection to help you to identify the root cause of performance problems.

To learn more, see Use Query insights to improve query performance.

Cloud Spanner

The following SPANNER_SYS statistical tables have been enhanced with new columns:

Cloud Storage

New buckets created using the Cloud Console now have public access prevention enabled by default.

  • During the bucket creation process, you can choose to change this setting.
Google Cloud Armor

The rule source for Cloud Armor preconfigured rules now includes ModSecurity Core Rule Set (CRS) 3.3 in General Availability. For more information, see Tuning Google Cloud Armor WAF rules.

Google Kubernetes Engine

The Calico CNI authentication errors that caused pods to get stuck in Terminating or Pending state (see August 19, 2022 release notes) are fixed in the following GKE versions in the Rapid release channel:

  • 1.24.4-gke.500 or later
  • 1.23.11-gke.300 or later

To fix the issue, upgrade your control plane to any of these versions. If you prefer not to use the Rapid channel, open a Google Cloud Support ticket to have your cluster patched internally.

GKE control plane metrics is now available for clusters running Kubernetes control plane version 1.22.13 or later.

September 27, 2022

Cloud Logging

Using Log Analytics, you can run SQL queries that analyze your log data to generate useful insights. Log Analytics also let you use BigQuery to query your log data. For more information, see Log Analytics.

Cloud Spanner

The number of mutations per commit that Cloud Spanner supports has increased from 20,000 to 40,000. For more information, see Quotas and limits.

Cloud Translation

Support for 24 new languages is Generally Available (GA). Glossaries aren't supported when translating to or from these languages.

  • Assamese
  • Aymara
  • Bambara
  • Bhojpuri
  • Dhivehi
  • Dogri
  • Ewe
  • Guarani
  • Ilocano
  • Konkani
  • Krio
  • Kurdish(Sorani)
  • Lingala
  • Luganda
  • Maithili
  • Meiteilon(Manipuri)
  • Mizo
  • Oromo
  • Quechua
  • Sanskrit
  • Sepedi(Pedi)
  • Tigrinya
  • Tsonga
  • Twi (Akan)
Config Connector

Config Connector version 1.95.0 is now available.

Added support for DLPDeidentifyTemplate resource.

Added enableServiceLinks: false to all the Pod configurations in Config Connector installation bundle. This is to fix the potential issue standard_init_linux.go:228: exec user process caused: argument list too long in Config Connector Pods.

Config Controller

Config Controller now uses the following versions of its included products:

Dataproc

Dataproc Auto Zone Placement now takes ANY reservation into account by default.

Memorystore for Memcached

Added new Memorystore for Memcached region: Dallas (us-south1).

Memorystore for Redis

Added new Memorystore for Redis region: Dallas (us-south1).

Retail API

The Monitoring & Analytics page has been split into two separate pages. The contents of the old Monitoring tab appear on the new Monitoring page, and the contents for the old Analytics tab appear on the new Analytics page.

September 26, 2022

Anthos clusters on bare metal

Release 1.11.6

Anthos clusters on bare metal 1.11.6 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.6 runs on Kubernetes 1.22.

Fixes:

  • Updated the container image to resolve a yaml text/template vulnerability.

  • The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee API hub

On September 26, 2022 Apigee API hub released a new version of the software.

Bug ID Description
248598430 Scorecard display did not select the latest spec by default when the recommended deployment pointed to a spec with no scorecard.
Apigee X

Availability of scripts to recreate Apigee instances created before January 25, 2022.

If you have an Apigee instance that was created before January 25, 2022, Apigee recommends that you replace it with a new instance. If you do not recreate the older instance, you may experience scaling issues and the number of environments you can add to an instance will continue to be limited to 10.

For more information and detailed instructions, see Recreating an Apigee instance with zero downtime

BigQuery

The totalItems field returned by the projects.list API method now returns the number of items per page, rather than an approximate total number of projects across all pages.

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.42.0 (2022-09-21)

Features
  • bigquery/analyticshub: Start generating apiv1 (#6707) (feb7d7d)
  • bigquery/datapolicies: Start generating apiv1beta1 (#6697) (f5443e8)
  • bigquery/reservation/apiv1beta1: add REST transport (f7b0822)
  • bigquery/storage/managedwriter: Define append retry predicate (#6650) (478b8dd)
  • bigquery/storage: add proto annotation for non-ascii field mapping (ec1a190)
  • bigquery: Add reference file schema option for federated formats (#6693) (3d26091)
  • bigquery: Add support for explicit query parameter type (#6596) (d59b5b2), refs #4704
Bug Fixes
  • bigquery/connection: integrate gapic-generator-python-1.4.1 and enable more py_test targets (ec1a190)

In the Explorer pane, you can now open tables in Connected Sheets. This feature is now generally available (GA).

Chronicle

Context Aware Detections - Risk Dashboard

The Context Aware Detections - Risk dashboard provides insight into the current threat status of assets and users in your enterprise.

Contextual enrichment in events and entities

To enable a security investigation, Chronicle provides additional context about artifacts in a customer environment by calculating prevalence statistics, enriching events with geolocation data based on IP address, and ingesting data from Safe Browsing threat lists related to file hashes. For more information, see:

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.11.3 (2022-09-22)

Dependencies
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.14 (#1079) (c08c4da)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.14 (#1080) (50c979b)

3.11.2 (2022-09-21)

Dependencies
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.1 (#1075) (d38e9e0)
Cloud Monitoring

You can now use Prometheus Query Language (PromQL) when creating charts and dashboards in Cloud Monitoring. For more information, see PromQL in Cloud Monitoring.

Cloud Spanner

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/spanner

6.2.0 (2022-09-16)

Features
  • Add custom instance configuration operations (#1712) (4b7716b)
Bug Fixes
  • Allow passing gax instance to client constructor (#1698) (588c1a2)
  • deps: Use grpc-gcp v1.0.0 (#1710) (12eab9d)
  • Move runtime dependencies from dev dependencies to dependencies (#1704) (b2c1c0f)
  • Preserve default values in x-goog-request-params header (#1711) (f1ae513)

Go

Changes for spanner/admin/database/apiv1

1.39.0 (2022-09-21)

Features
  • spanner/admin/database: Add custom instance configuration operations (ec1a190)
  • spanner/admin/instance: Add custom instance configuration operations (ef2b0b1)
  • spanner/spannersql: Add backticks when name contains a hypen (#6621) (e88ca66)
  • spanner/spansql: Add support for create, alter, and drop change streams (#6669) (cc4620a)
  • spanner: Retry spanner transactions and mutations when RST_STREAM error is returned (#6699) (1b56cd0)
Bug Fixes
  • spanner/admin/database: Revert add custom instance configuration operations (change broken client libraries; revert before any are released) (ec1a190)
  • spanner: Destroy session when client is closing (#6700) (a1ce541)
  • spanner: Spanner sessions will be cleaned up from the backend (#6679) (c27097e)

Java

Changes for google-cloud-spanner

6.30.2 (2022-09-21)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.4.5 (#2022) (0536962)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.1 (#2023) (3fb4235)

6.30.1 (2022-09-20)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.4.4 (#2014) (9cebad4)
  • Update dependency com.google.cloud:google-cloud-trace to v2.3.3 (#2004) (54f9095)

Python

Changes for google-cloud-spanner

3.21.0 (2022-09-16)

Features
  • Add custom instance configurations operations (#810) (f07333f)
Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.7.0 (2022-09-21)

Features
  • dataflow: rewrite signatures in terms of new types for betas (9f303f9)

0.6.0 (2022-09-19)

Features
  • dataflow: start generating proto message types (563f546)
Dataproc

Dataproc Serverless for Spark now uses runtime version 1.0.18 and 2.0.0-RC3.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

3.2.0 (2022-09-22)

Features
  • Add support for exactly once subscriptions (#1572) (998de35)
Bug Fixes

Java

Changes for google-cloud-pubsub

1.120.18 (2022-09-21)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.8.13 (#1288) (708a1df)
  • Update dependency com.google.cloud:google-cloud-core to v2.8.14 (#1291) (1c479de)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.1 (#1289) (216ba7d)

1.120.17 (2022-09-20)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.16.1 (#1281) (aca8ee9)
  • Update dependency com.google.cloud:google-cloud-core to v2.8.12 (#1278) (4ae1156)
  • Update dependency com.google.protobuf:protobuf-java-util to v3.21.6 (#1277) (a5aa281)

Python

Changes for google-cloud-pubsub

2.13.7 (2022-09-22)

Bug Fixes
SAP on Google Cloud

BigQuery Connector for SAP version 2.5

Version 2.5 of BigQuery Connector for SAP is now generally available (GA).

For more information, see What's new with BigQuery Connector for SAP.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.7.0 (2022-09-21)

Features
  • secretmanager: remove beta client that no longer has source protos (9f303f9)

1.6.0 (2022-09-19)

Features
  • secretmanager: start generating proto message types (563f546)

Java

Changes for google-cloud-secretmanager

2.3.7 (2022-09-22)

Dependencies
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.14 (#846) (f2985b5)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.14 (#847) (27f5fa8)

2.3.6 (2022-09-21)

Dependencies
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.9.1 (#842) (4bec542)

2.3.5 (2022-09-20)

Dependencies
  • Update dependency com.google.protobuf:protobuf-java-util to v3.21.6 (#832) (a2595c8)

Node.js

Changes for @google-cloud/secret-manager

4.1.3 (2022-09-22)

Bug Fixes
  • Preserve default values in x-goog-request-params header (#403) (af162f0)
Vertex AI

Vertex AI Model Monitoring

Vertex AI Model Monitoring now offers Preview support for batch prediction jobs. For more details, see Vertex AI Model Monitoring for batch predictions.

Vertex AI Feature Store

Feature value monitoring is now generally available (GA).

Virtual Private Cloud

General Availability: You can monitor the following Private Service Connect producer metrics using Cloud Monitoring:

  • Connected consumer forwarding rules
  • Used NAT IP addresses

For more information, see Monitor Private Service Connect published services.

September 23, 2022

Cloud Run

You can now configure an HTTP liveness healthcheck probe.

Compute Engine

Generally available: View the VM placement topology information to determine how close a VM is located in relation to another VM. For more information, see View VM placement topology.

Dataproc Metastore

Metadata federation now supports BigQuery datasets as a metadata source (in preview).

Google Cloud VMware Engine

Dell PowerScale is now available for in-guest file share access for Google Cloud VMWare Engine VMs:

  • NFS and SMB shares supported
  • PowerScale file shares may be accessed across Google Cloud VMWare Engine and other Google Cloud services
  • Private connection configured via the VMware Engine UI

Learn more about PowerScale for Google Cloud VMWare Engine.

Google Distributed Cloud Edge

This is a patch release of Google Distributed Cloud Edge (version 1.1.2).

The following changes have been introduced in this release of Google Distributed Cloud Edge:

  • cgroups has been reverted to v1 to retain compatibility with legacy workloads.
  • The Kubernetes control plane has been updated to version 1.22.8-gke.204.
  • The Kubernetes container daemon (containerd) has been updated to version 1.5.13-gke.0.
  • The Kubernetes worker node agent (kubelet) has been updated to version 1.22.8-gke.200.
Google Kubernetes Engine

(2022-R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.12-gke.2300 is now the default version.
  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.14-gke.700
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

Stable channel

  • Version 1.22.12-gke.1200 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.21.14-gke.700
    • 1.22.12-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

Regular channel

  • Version 1.22.12-gke.2300 is now the default version in the Regular channel.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.2300 with this release.

Rapid channel

  • Version 1.24.3-gke.2100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.2100 with this release.

(2022-R23) Version updates

  • Version 1.22.12-gke.2300 is now the default version.
  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.14-gke.700
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

(2022-R23) Version updates

  • Version 1.22.12-gke.1200 is now the default version in the Stable channel.

  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.21.14-gke.700
    • 1.22.12-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.1200 with this release.

(2022-R23) Version updates

  • Version 1.22.12-gke.2300 is now the default version in the Regular channel.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.2300 with this release.

(2022-R23) Version updates

  • Version 1.24.3-gke.2100 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.2100 with this release.

2022-09-22 update: Updated new default versions for the 2022-R22 release in the Stable channel.

Retail API

Recommendations AI now provides a Page-Level Optimization model. This extends Recommendations AI from optimizing for a single recommendation panel at a time to optimizing for an entire page with multiple panels. When creating a Page-Level Optimization model, you specify existing serving configurations that this model can use as candidates for each recommendation panel. Page-Level Optimization model then automates the decision process for coordinating model combinations and layouts by automatically selecting the contents for each panel and determining the panel order on your page.

For more information about the Page-Level Optimization model, see the Page-Level Optimization documentation. For how to create this model, see Create models.

SAP on Google Cloud

Terraform configuration for SAP NetWeaver high-availability cluster configuration on RHEL

Terraform configuration to automate the deployment of SAP NetWeaver high-availability cluster configuration on RHEL, on Google Cloud, is now generally available (GA).

For more information, see Terraform: HA cluster configuration guide for SAP NetWeaver on RHEL.

Traffic Director

Traffic Director now supports outlier detection for proxyless service mesh deployments. Outlier detection lets you identify and temporarily eject unhealthy hosts from the load-balancing pool. gRPC evaluates hosts based on success rate—the frequency with which a host successfully handles requests. When you configure outlier detection through Traffic Director, you can fine-tune how gRPC assesses hosts and how it handles outliers.

Virtual Private Cloud

VPC Service Controls ingress and egress rules are no longer required to establish Private Service Connect connections from inside a VPC Service Controls perimeter.

Establishing a Private Service Connect connection between consumer and producer projects that are not in the same VPC Service Controls perimeter does not require explicit authorization with egress policies. However, all communication to VPC Service Controls-supported services through the Private Service Connect endpoint is protected by the VPC Service Controls perimeter.

For more information, see VPC Service Controls.

September 22, 2022

Anthos Service Mesh

1.14.4-asm.0 is now available.

Anthos Service Mesh 1.14.4-asm.0 includes the features of Istio 1.14.4 subject to the list of Anthos Service Mesh supported features.

1.13.8-asm.1 is now available.

Anthos Service Mesh 1.13.8-asm.1 includes the features of Istio 1.13.8 subject to the list of Anthos Service Mesh supported features.

Compute Engine

Generally available: Reduce licensing costs by customizing the number of visible CPU cores.

Google Cloud Deploy

Google Cloud Deploy now provides the ability to verify your deployment, supported in preview.

Google Kubernetes Engine

The a2-ultragpu machine family is available in Preview for node pools in clusters running GKE version 1.24 and later. To select the machine family, use the --machine-type flag in your create command.

Vertex AI

Vertex AI Matching Engine

Vertex AI Matching Engine now offers Preview support for updating your indices using Streaming Update, which is real-time indexing for the Approximate Nearest Neighbor (ANN) service.

September 21, 2022

Batch

The Quotas and limits are now documented for Batch.

BigQuery

BigQuery Omni has introduced support for on-demand pricing model (GA) for a limited duration. For more information, see BigQuery Omni Pricing.

You can now view shuffle usage ratios in the admin resource charts. This feature is now in preview.

Cloud Composer

The Monitoring Dashboard of an environment now displays periods of maintenance operations and other environment operations such as creating snapshots and updating environment configuration.

Improved file synchronization performance in Airflow workloads. This change fixes OOM issues observed in some environments.

(Available without upgrading) Fixed a problem that caused package 'namespecifier' could not be found errors when installing PyPI packages in private IP environments.

The apache-airflow-providers-google package was upgraded to 2022.9.6+composer. Changes compared to version 2022.8.26+composer:

  • Fix the Triggerer's async thread was blocked error in the deferrable mode for Composer Operators. (#25951)
  • Fix a delay in Dataproc CreateBatch operator (#26126)
  • Show better log for Datafusion operators when the response is empty (#26202)

Cloud Composer 1.19.10 and 2.0.27 images are available:

  • composer-1.19.10-airflow-1.10.15 (default)
  • composer-1.19.10-airflow-2.1.4
  • composer-1.19.10-airflow-2.2.5
  • composer-2.0.27-airflow-2.1.4
  • composer-2.0.27-airflow-2.2.5

Cloud Composer versions 1.17.0, and 2.0.0-preview.1 have reached their end of full support period.

Cloud SQL for MySQL

Cloud SQL allows the re-use of an instance name immediately after the instance is deleted. For more information, see the Cloud SQL for MySQL FAQ.

Cloud SQL for PostgreSQL

Cloud SQL allows the re-use of an instance name immediately after the instance is deleted. For more information, see the Cloud SQL for PostgreSQL FAQ.

Cloud SQL for SQL Server

Cloud SQL allows the re-use of an instance name immediately after the instance is deleted. For more information, see the Cloud SQL for SQL Server FAQ.

Compute Engine

Generally Available: E2 shared-core custom VMs are now generally available. See VM instance pricing for details.

Google Cloud Armor

Google Cloud Armor Threat Intelligence (Threat Intel) is generally available. Threat Intelligence lets you secure your traffic by allowing or blocking traffic to your HTTP(S) load balancers based on threat intelligence data. For more information, see Configuring Threat Intelligence.

September 20, 2022

Cloud CDN

Cloud CDN support for dynamic compression is now Generally Available. Cloud CDN supports dynamic compression using Brotli and gzip algorithms, which can reduce data sent over the network by 60-80% for compressible content. Enabling dynamic compression can help you achieve faster page load times, speed up playback speed for video content, and optimize egress costs. For more information, see Dynamic Compression.

Cloud Load Balancing

Regional internal and external HTTP(S) load balancers now support Shared VPC configurations where the load balancer's forwarding rule, target proxy, and URL map, can be created in a host or service project, while the backend services and backends can be distributed across multiple service projects in the Shared VPC environment. This is referred to as cross-project service referencing. Cross-project backend services can be referenced from a single URL map.

Cross-project service referencing gives service developers and admins autonomy over the exposure of their services through the centrally managed load balancer.

For details, see:

You can use organization policy constraints to limit how Shared VPC is used across a project, folder, or organization. For details, see Organization policy constraints for Cloud Load Balancing.

This feature is available in General Availability.

Cloud Logging

The Cloud Logging API now supports the following region:

  • Israel: me-west1.
Cloud Router

You can now use the Google Cloud Console to configure MD5 authentication for BGP sessions. The MD5 authentication feature is available in Preview. For more information, see Use MD5 authentication.

Compute Engine

The quota limits displayed in the Cloud console might be incorrect in the me-west1 region. For more information, see Known issues.

Dataproc

Dataproc Serverless for Spark: You can now use the spark.dynamicAllocation.executorAllocationRatio property to configure how aggressively to scale up Serverless workloads. A value of 1.0 provides maximum scale up.

Dataproc Serverless for Spark: Reduced the latency between batch workload completion and when a batch is marked SUCCEEDED.

Dataproc Serverless for Spark: Increased initial and maximum Spark executor limits to 500 and 2,000, respectively.

Dataproc Serverless for Spark: Sets a maximum limit of 500 workers per scale up or scale down operation.

Dataproc on Compute Engine: Stop all master and worker VMs when starting a cluster fails due to stockout or insufficient quota.

Deep Learning Containers

M96 Release

  • TensorFlow 2.10.0 is now available.
  • TensorFlow patch updates for 2.9.2 and 2.8.3 are now available.
  • The PyTorch patch update for 1.12.1 is now available.
  • Miscellaneous bug fixes.
Deep Learning VM Images

M96 Release

  • TensorFlow 2.10.0 is now available.
  • TensorFlow patch updates for 2.9.2 and 2.8.3 are now available.
  • The PyTorch patch update for 1.12.1 is now available.
  • The Diagnostic tool supports DNS resolution check.
  • Docker is updated to 20.10.
  • Miscellaneous bug fixes.
Identity and Access Management

Conceptual and reference information for IAM basic and predefined roles has been improved. You can now filter the predefined roles table, expand abbreviated permissions to see all included permissions, and quickly identify owner permissions.

Pub/Sub

Pub/Sub introduces new monitoring dashboards for topics and subscriptions which you can access from the Topics and Subscriptions console pages. See Monitor topics and Monitor subscriptions.

VPC Service Controls

General availability for the following integration:

Vertex AI Workbench

M96 Release

The M96 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed a problem where users were not able to save large Notebooks.
  • Fixed a display issue when using JupyterLab's simple interface.
  • Improved timeout behavior switch hardware operations.
  • Improved error messaging when a service account cannot access the Runtime.
  • Security fixes.
  • Regular package refreshment and bug fixes.

Learn more about managed notebooks versions.

September 19, 2022

Apigee API hub

On September 19, 2022 Apigee API hub released a new version of the software.

Scorecard added to Apigee API hub API overview page

The scorecard allows you to display score or health information about your APIs on the API overview page.

The default scorecard configuration uses OpenAPI v2 and OpenAPI v3 specs and is analyzed using the Spectral linter to generate a Lint summary.

Specify whether the scorecard is displayed or hidden on the Settings page.

Help links added to Apigee API hub blank APIs list page

If there are no APIs registered, the APIs list page will display links pointing to API registration documentation.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.41.0 (2022-09-14)

Features
  • bigquery/storage: add location to WriteStream and add WriteStreamView support (6a0080a)
Bug Fixes
  • bigquery/storage/managedwriter: Fix incorrect error retention (#6659) (dc02bca)
  • bigquery: Parse timestamp query parameter with RFC3339 (#6653) (aabd2d6)

Java

Changes for google-cloud-bigquery

2.16.1 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#2274) (4c9952b)

2.16.0 (2022-09-12)

Features
  • Add preserveAsciiControlCharacters to CsvOptions (#2143) (856893f)
  • Add reference file schema option for federated formats (#2269) (8c488e6)
Bug Fixes
  • Socket-timeout at bigquery.it.ITNightlyBigQueryTest: testForTableNotFound (#2260) (a9b5fb2)
Dependencies
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20220827-2.0.0 (#2261) (3c67d21)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.9.3 (#2259) (5e30a04)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#2267) (8472fe5)
Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

4.0.4 (2022-09-14)

Bug Fixes

4.0.3 (2022-09-09)

Bug Fixes

Java

Changes for google-cloud-bigtable

2.12.0 (2022-09-15)

Features
  • generated: Publish CBT deletion_protection field in Table, UpdateTableRequest, and UpdateTable API (f1f3f05)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.3 (#1386) (f460373)
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.3 (#1387) (e339cb1)
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.4 (#1395) (a2db183)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#1384) (ee3b256)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#1393) (df6c6c7)
Cloud Billing

Non-USD accounts can now view more cost information with the Commitment Analysis Dashboard

Customers with non-USD billing accounts now have additional information (including local currency cost data) available to them within the committed use discount dashboard and have been granted access to the Commitments Analysis Dashboard.

View all on-demand spend applicable for committed use discounts (CUDs)

You can now view all CUD-eligible usage without any active commitments within the Commitment Analysis Dashboard for further cost optimization opportunities.

Cloud Interconnect

Dedicated Interconnect support is available in the following colocation facilities:

  • Telecom Italia Rozzano Data Center, Milan
  • Bulk Oslo Internet Exchange - OS-IX, Oslo

For more information, see the Locations table.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

10.1.9 (2022-09-09)

Bug Fixes

10.1.10 (2022-09-14)

Bug Fixes
  • Preserve default values in x-goog-request-params header (#1337) (87c8d1f)

Java

Changes for google-cloud-logging

3.11.1 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#1067) (6d36ffc)

3.11.0 (2022-09-14)

Features
Bug Fixes
  • Fix a couple linter issues on my stderr update (#1061) (fa1a18f)
Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-dataflow-client

0.6.0 (2022-09-13)

Features

Java

Changes for google-cloud-dataflow

0.7.4 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#216) (54999e7)
Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.120.16 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#1279) (654ea40)

1.120.15 (2022-09-13)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.16.0 (#1271) (439215a)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-secretmanager

2.3.4 (2022-09-15)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.3 (#833) (a462455)
Traffic Director

The Traffic Director service routing APIs are now in General Availability. The APIs simplify routing and service mesh configuration with new Mesh, Gateway, and Route resources.

September 16, 2022

BigQuery

BigQuery Omni now supports the following quota and limit:

  • The quota for total query result sizes for a project is now 1 TB per day. For more information, see Query jobs.
  • The limit for maximum result size for a query has been increased from 2 MB to 10 GB (preview).

For more information, see Limitations.

Compute Engine

Generally available: A new machine type for the memory-optimized-machine family called m2-hypermem-416 with 416 vCPUs and 8832 GB of memory. This new machine type is now generally available in the same regions as the other M2 machine types.

For more information, see Memory-optimized-machine family.

Google Cloud Armor

The following four libinjection signatures have been added to the sqli-v33-stable and xss-v33-stable rules:

  • owasp-crs-v030301-id942100-sqli: SQL Injection Attack Detected via libinjection
  • owasp-crs-v030301-id942101-sqli: SQL Injection Attack Detected via libinjection
  • owasp-crs-v030301-id941100-xss: XSS Attack Detected via libinjection
  • owasp-crs-v030301-id941101-xss: XSS Attack Detected via libinjection

Advanced rule tuning features for preconfigured WAF rules is now available in public preview. For more information about the new tuning features, see Tune Google Cloud Armor preconfigured WAF rules.

SAP on Google Cloud

New SAP HANA certification: 9 TB m2-hypermem-416 VMs certified for OLTP workloads

SAP has certified the Compute Engine 9 TB m2-hypermem-416 machine type for SAP HANA OLTP workloads in scale-up or scale-out configurations with up to 4 nodes. SAP workload-based sizing methods must be used.

For more information, see Certified Compute Engine VMs for SAP HANA.

September 15, 2022

AlloyDB for PostgreSQL

Datastream, Google Cloud's change data capture (CDC) and replication service, supports PostgreSQL for source databases. This means that you can use an AlloyDB database as a Datastream source.

Google Cloud Database Migration Service has added support for AlloyDB. This service can make it easier to migrate your existing PostgreSQL data and workloads to an AlloyDB cluster.

Anthos Config Management

On October 31, 2022, we will introduce a new billing SKU for Policy Controller which is a part of Anthos Config Management. However, we won't make any changes to the pricing or billing model.

Customers who use Policy Controller do not need to take any action.

Non-Anthos customers will see a new SKU appear on their monthly bill, but there is no change in pricing. The SKU "Anthos Configuration Management" (81D5-A275-98BF) will be replaced with the SKU "Anthos Policy Controller" (6707-0251-B8E2).

Anthos customers will not see a change as their usage of Policy Controller is covered by their Anthos license.

Anthos Config Management release 1.10 is no longer supported with the release of Anthos Config Management 1.13. For reference, see Get support.

The Config Sync feature to sync configurations stored as OCI images in Google Artifact Registry or Container Registry is generally available (GA). To learn more, see Sync OCI artifacts from Artifact Registry.

Config Sync is open sourced. We are open to contributions and bug fixes if you want to get involved in development of Config Sync. You can also use the repository to track ongoing work, or build from source to try out bleeding-edge functionalities.

Config Sync supports syncing from private Helm repositories (including OCI-based ones) as a preview feature. Google Artifact Registry is the preferred Helm registry. To learn more, see Sync Helm charts from Artifact Registry.

The Google Cloud Console now shows the sync status for all syncs in clusters registered to fleet. It also allows for drilling down to see the reconciliation status for individual resources. To learn more, see View Config Sync status in the Google Cloud console.

Config Sync now supports user-provided CA certificates for verifying HTTPS connections to Git servers. To learn more, see Configuration of the Git Repository.

The constraint template library includes a new template: K8sStorageClass. Requires Anthos Config Management version 1.12.1 or higher. For reference see Constraint template library.

The contraint template library's K8sEmptyDirHasSizeLimit template now supports regular expression matching of exempt volume names by using the new exemptVolumesRegex parameter. For reference see Constraint template library.

The contraint template library's K8sMemoryRequestEqualsLimit template now supports regular expression matching of exempt container names by using the new exemptContainersRegex parameter. For reference see Constraint template library.

Increased the resource-group-controller container memory request to 200Mi to avoid OOMKilled on Autopilot clusters.

Stopped the nomos command line tool from panicing when nomos status is unable to fetch ResourceGroups.

Fixed an issue that could cause accidental pruning when API resource discovery requests failed.

Added optimizations to the reconciler and reconciler-manager to reduce API requests by avoiding unnecessary resource object updates.

Config Sync now handles empty initContainers fields in managed configs correctly.

BigQuery

The BigQuery Data Transfer Service for Google Ads now supports the new Google Ads API. This feature is now in preview.

BigQuery is now available in the Madrid (europe-southwest1), Milan (europe-west8), and Paris (europe-southwest1) regions. The Madrid and Paris regions have the lowest carbon impact.

BigQuery ML

BigQuery ML is now available in the Madrid (europe-southwest1), Milan (europe-west8), and Paris (europe-southwest1) regions. The Madrid and Paris regions have the lowest carbon impact.

Cloud Build

Users can now use Cloud Build's GitHub Issues notifier to create issues in their GitHub repository in response to build events. The GitHub Issues notifier is available as an experimental release. To learn more, see Configuring GitHub Issue notifications.

Cloud Database Migration Service

Database Migration Service now supports migrating PostgreSQL workloads into AlloyDB for PostgreSQL. Click here to access the documentation.

Cloud Logging

Support for adding custom indexed LogEntry fields to your Cloud Logging buckets is now Generally Available. These indexes make querying your logs data faster.

Cloud SQL for MySQL

Cloud SQL read replicas now follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

Cloud SQL for PostgreSQL

Cloud SQL read replicas now follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

Cloud SQL for SQL Server

Cloud SQL read replicas now follow the maintenance settings for the primary instance, including the maintenance window, rescheduling, and the deny maintenance period. During the maintenance event, Cloud SQL maintains the replicas before maintaining the primary instance. For more information, see How does maintenance affect read replicas?

Cloud Spanner

Fine grained access control for Spanner is now available in public preview. Fine-grained access control lets you secure your Spanner databases at the table and column level by using new RDBMS-style roles and GRANT/REVOKE SQL statements. With fine-grained access control, you can protect your transactional data and ensure that the right controls are in place when granting access to data. For more information, see About fine-grained access control.

The Spanner Golang database/sql driver is now generally available. Add the driver to your application to enable the use of the database/sql package with Spanner. For more information, see the Spanner blog and the package documentation.

Datastream

Datastream now supports BigQuery as a destination. Click here to access the documentation.

Datastream now supports PostgreSQL as source. Click here to access the documentation.

We have introduced changes to Datastream pricing. For more information, see the Pricing page.

Document AI

Schema support for checkboxes and nested entitites

  • Customers using Document AI Workbench, and processors for Purchase Order (PO), Invoice, or Expense, now have access to a new schema. This schema enables customers to label checkboxes, if they are defined in the schema, and to accurately represent nested entities, such as parent-child relationships, on the HITL annotation and review console. As additional processors adapt the new schema, these release notes will be updated to include those.

Nested entities

  • The Annotation console now supports labeling for nested entities. The left panel is refreshed with a new look for nested rows to represent nested entities. The value of "parent" will now be the concatenation of all its "children". The parent is effectively a container for all of its children.
Google Cloud Deploy

Google Cloud Deploy is now available in the following regions:

  • asia-northeast2 (Osaka)
  • asia-south1 (Mumbai)
  • asia-south2 (Delhi)
  • asia-southeast1 (Singapore)
  • asia-southeast2 (Jakarta)
  • australia-southeast2 (Melbourne)
  • europe-central2 (Warsaw)
  • europe-north1 (Finland)
  • europe-west4 (Netherlands)
  • europe-west6 (Zurich)
  • northamerica-northeast2 (Toronto)
  • southamerica-west1 (Santiago)
  • us-west3 (Salt Lake City)
  • us-west4 (Las Vegas)
Google Cloud Marketplace Partners

You can now provide Private Offers with more granular discounts on specific usage metrics to your customers by enabling metric discounts.

Google Kubernetes Engine

CVE-2022-2068 has been patched in the Filestore CSI driver for GKE clusters running version 1.23 or later.

Starting from GKE version 1.25 and gke-metrics-agent version 1.0.0, we increase the memory request and limit of gke-metrics-agent to 100 MiB. This change makes the system metrics collection more stable and reliable.

Retail API

Bulk importing of historical Google Analytics 4 user events with BigQuery is generally available. You can use this feature to import user events to the Retail API if you have integrated Google Analytics 4 with BigQuery and use Enhanced Ecommerce.

See the new documentation: Import Google Analytics 4 user events with BigQuery

September 14, 2022

Access Approval

Access Approval supports Secret Manager in the GA stage.

Apigee X

On September 14, 2022 we released an updated version of the Apigee X software.

When using local development with Apigee in VS Code, the following pre-release features are available as part of the Insiders build (v1.21.0 and higher):

Batch

Preview: Data Access audit logs are now available for Batch. For more information, see Batch audit logging information.

BigQuery

The Merge is coming! You may experience disruptions in the Ethereum public datasets in BigQuery.

The is_case_insensitive schema option, which allows you to make a dataset and its table names case-insensitive, is now in preview.

JDBC driver update, release 1.3.0 1001

  • You can now configure the connector to authenticate the connection using an external account (workforce or workload identity federation).
  • You can now configure the connector to use Private Service Connect URLs.
  • The connector now supports JDBC transaction APIs. BigQuery supports multi-statement transactions inside a single query, or across multiple queries, when using sessions.
  • The connector is now verified to use a default project for datasets. To do this, set the dataset_project_id property in QueryProperties of the connection string to the desired project.
  • MATERIALIZED_VIEW has been added to the list of table types when using the getTableTypes function.
  • The connector now supports the JSON data type.

ODBC driver update, release 2.5.0 1001

  • You can now configure the connector to authenticate the connection using an external account (workforce or workload identity federation), with limited support, using Azure AD and Okta identity providers.
  • You can now configure the connector to use Private Service Connect URLs.
  • The connector now supports ODBC transaction APIs. BigQuery supports multi-statement transactions inside a single query, or across multiple queries, when using sessions.
  • The connector is now verified to use a default project for datasets. To do this, set the dataset_project_id property in QueryProperties of the connection string to the desired project.
  • MATERIALIZED_VIEW has been added to the list of table types. To retrieve these table types, configure SQLTables to TABLE_TYPES_ONLY.
  • The connector now supports the JSON data type.
Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Apache (APACHE)
  • Barracuda WAF (BARRACUDA_WAF)
  • Bluecat DDI (BLUECAT_DDI)
  • Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • CloudGenix SD-WAN (CLOUDGENIX_SDWAN)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • FortiGate (FORTINET_FIREWALL)
  • GCP Cloud Audit (N/A)
  • Google Cloud Identity Context (CLOUD_IDENTITY_CONTEXT)
  • IBM Guardium (GUARDIUM)
  • IBM z/OS (IBM_ZOS)
  • Infoblox DNS (INFOBLOX_DNS)
  • Ipswitch SFTP (IPSWITCH_SFTP)
  • Kubernetes auth proxy logs (KUBERNETES_AUTH_PROXY)
  • Linux DHCP (LINUX_DHCP)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • NGINX (NGINX)
  • OSSEC (OSSEC)
  • pfSense (PFSENSE)
  • Ribbon Analytics Platform (RIBBON_ANALYTICS_PLATFORM)
  • Ruckus Networks (RUCKUS_WIRELESS)
  • Salesforce (SALESFORCE)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • SentinelOne Deep Visibility (SENTINEL_DV)
  • SentinelOne EDR (SENTINEL_EDR)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • VMware AirWatch (AIRWATCH)
  • VMware ESXi (VMWARE_ESX)
  • VMware Workspace ONE (VMWARE_WORKSPACE_ONE)
  • Zscaler (ZSCALER_WEBPROXY)

For details about changes in each parser, see Supported default parsers.

Cloud Run

Startup CPU boost for revisions is now available to provide additional CPU during container instance startup time.

Config Connector

Config Connector version 1.94.0 is now available.

Added spec.memberFrom.sqlInstanceRef field to IAMPolicyMember (Issue #689).

Added spec.bindings[].members[].memberFrom.sqlInstanceRef field to IAMPartialPolicy (Issue #689).

Removed the validation on spec.cluster.numNodes > 0 in BigtableInstance (Issue #673).

Added support for major version upgrades to SQLInstance (spec.databaseVersion is now mutable).

Added spec.nodeConfig.reservationAffinity to ContainerCluster.

Added spec.nodePoolAutoConfig to ContainerCluster.

Added spec.nodeConfig.reservationAffinity to ContainerNodePool.

Extended support for value absent in state-into-spec annotation to most Config Connector resources.

Added spec.placement.managedCluster.config.gceClusterConfig.shieldedInstanceConfig to DataprocWorkflow.

In NetworkServicesGateway (alpha), updated spec.authorizationPolicy to spec.authorizationPolicyRef, and updated spec.serverTlsPolicy to spec.serverTlsPolicyRef.

Removed spec.routers in NetworkServicsGRPCRoute (alpha) and NetworkServicsTCPRoute (alpha).

Removed spec.routers and spec.rules.action.originalDestination in NetworkServicsHTTPRoute (alpha).

Eventarc

Eventarc support for direct events from Cloud IoT is available in Preview.

Google Kubernetes Engine

1.25 is now available in the Rapid channel

Kubernetes 1.25 is now available in the Rapid channel. Before upgrading, read the Kubernetes 1.25 Release Notes, especially the action required and deprecation sections.

Notable changes

Support for the deprecated quobyte and storageOS volume types is removed in 1.25.

Deprecated API versions

These APIs are still served in version 1.25 but are in a deprecation period:

  • The following Beta versions of graduated APIs will be removed in 1.26 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.23
      • use flowcontrol.apiserver.k8s.io/v1beta2 instead, available since 1.23
    • autoscaling/v2beta2 HorizontalPodAutoscaler
      • deprecated since 1.23
      • use autoscaling/v2 instead, available since 1.23 (or autoscaling/v1)
  • The following Beta versions of graduated APIs will be removed in 1.27 in favor of newer versions:
    • storage.k8s.io/v1beta1 CSIStorageCapacity, deprecated since 1.24

Removed API versions

  • PodSecurityPolicy
    • policy/v1beta1 PodSecurityPolicy
    • Deprecated in 1.21 and removed in 1.25.
    • 1.24 is the last version supporting the beta PodSecurityPolicy feature. Use of this feature must be discontinued before clusters will upgrade to 1.25. See PodSecurityPolicy deprecation for more information.
  • The following Beta versions of graduated APIs are removed in 1.25 in favor of their newer versions:
    • discovery.k8s.io/v1beta1 EndpointSlice, deprecated since 1.21
    • policy/v1beta1 PodDisruptionBudget, deprecated since 1.21
    • batch/v1beta1 CronJob, deprecated since 1.21
    • node.k8s.io/v1beta1 RuntimeClass
    • autoscaling/v2beta1 HorizontalPodAutoscaler
Pub/Sub

BigQuery subscriptions support writing string fields in a Pub/Sub message to TIMESTAMP, DATETIME, DATE, or TIME columns in a BigQuery table. For more information about schema compatibility between a Pub/Sub topic and a BigQuery table, see Schema compatibility.

Transfer Appliance

Users can now review data that successfully transferred and failed to transfer in log files that auto-generate after a transfer is completed. Learn more about data verification log files here.

September 13, 2022

Artifact Registry

Artifact Registry is now available in the me-west1 region (Tel Aviv, Israel).

BigQuery

In Cloud Monitoring, you can view metrics for quota usage and limits of the Storage Write API's concurrent connections and throughput quotas. This feature is now generally available (GA).

Cloud Bigtable

Cloud Bigtable is available in the me-west1 (Tel Aviv) region. For more information, see Bigtable locations.

Cloud Build

Users can now use Cloud Console to configure a trigger to send build logs to GitHub or GitHub Enterprise. For more information, see Building repositories from GitHub and Building repositories from GitHub Enterprise.

gcloud support for manual triggers is now available. To learn more, see Manually build code in source repositories.

Cloud Monitoring

You can now configure public uptime checks to send ICMP pings as part of the check. The results of the pings are sent to Cloud Logging to help you troubleshoot failed checks. For more information, see Use ICMP pings.

Cloud Run

The following new region is now available: me-west1.

Startup healthcheck probes are now available (Preview).

Cloud SQL for MySQL

Support for me-west1 (Tel Aviv).

Cloud SQL for PostgreSQL

Support for me-west1 (Tel Aviv).

Cloud SQL for SQL Server

Support for me-west1 (Tel Aviv).

Cloud Spanner

You can create Cloud Spanner regional instances in Tel Aviv, Israel (me-west1).

Cloud Storage

Cloud Storage is now available in Tel Aviv, Israel (me-west1 region).

gcloud storage is now in GA

  • gcloud storage provides faster uploading and downloading performance when compared to the gsutil command line tool.
Cloud TPU

Cloud TPU now supports Tensorflow 2.10.0. For more information see TensorFlow 2.10 release notes.

Cloud VPN

Cloud VPN is now available in region me-west1 (Tel Aviv, Israel).

Pricing is available on the Cloud VPN pricing page.

Compute Engine

Generally available: NVIDIA® T4 GPUs are now available in the following region and zones in Middle East:

  • Tel Aviv, Israel: me-west1-b,c.

For more information about using GPUs on Compute Engine, see GPU platforms.

Generally available: Tel Aviv, Israel, Middle East me-west1-a,b,c has launched with E2 and N2 VMs available in all three zones, and M1 VMs in zones a and c.

See VM instance pricing for details.

Google Cloud Deploy Google Kubernetes Engine

(2022-R22) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.12-gke.300 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:

    • 1.20.15-gke.11400
    • 1.20.15-gke.12800
    • 1.20.15-gke.13400
    • 1.20.15-gke.13700
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

Stable channel

  • Version 1.22.12-gke.500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.20.15-gke.11400
    • 1.21.13-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

Regular channel

  • Version 1.22.12-gke.300 is now the default version in the Regular channel.

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.12800
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.300 with this release.

Rapid channel

  • Version 1.24.3-gke.900 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.20.15-gke.13700
    • 1.21.14-gke.3000
    • 1.22.12-gke.1200
    • 1.23.9-gke.2100
    • 1.24.3-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.10-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.0-gke.1100 with this release.

The me-west1 region in Tel Aviv, Israel is now available.

On GKE Standard clusters using control plane version 1.24.2-gke.300 or later, you can configure the cluster and node pools to deploy an alternative version of the Logging agent designed to maximize logging throughput. The default Logging agent running in each GKE cluster guarantees at least 100 KB per second log throughput per node for system and workload logs. This Logging agent variant provides a 100x improvement, allowing for throughput as high as 10 MB per second on nodes that have at least 2 unused CPU cores.

Additionally, all GKE clusters with system metrics enabled now export a new metric (kubernetes.io/node/logs/input_bytes), which indicates the number of log bytes generated on a node. Using this metric can help you decide which variant of the logging agent makes sense to deploy in your cluster or node pools.

(2022-R22) Version updates

  • Version 1.22.12-gke.300 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:

    • 1.20.15-gke.11400
    • 1.20.15-gke.12800
    • 1.20.15-gke.13400
    • 1.20.15-gke.13700
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

(2022-R22) Version updates

  • Version 1.22.12-gke.500 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:

  • The following versions are no longer available in the Stable channel:

    • 1.20.15-gke.11400
    • 1.21.13-gke.900
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.22.12-gke.500 with this release.

(2022-R22) Version updates

  • Version 1.22.12-gke.300 is now the default version in the Regular channel.

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.20.15-gke.12800
    • 1.21.14-gke.2100
    • 1.22.11-gke.400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.12-gke.300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.12-gke.300 with this release.

(2022-R22) Version updates

  • Version 1.24.3-gke.900 is now the default version in the Rapid channel
  • The following versions are now available in the Rapid channel:

  • The following versions are no longer available in the Rapid channel:

    • 1.20.15-gke.13700
    • 1.21.14-gke.3000
    • 1.22.12-gke.1200
    • 1.23.9-gke.2100
    • 1.24.3-gke.200
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.4300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.2300 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.10-gke.1000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.900 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.25.0-gke.1100 with this release.

Media CDN

Media CDN now supports token-based client authentication and private external origin authentication for enhanced content protection and improved interoperability with multi-CDN and multi-cloud architectures in Preview.

Token-based authentication enables signing arbitrary data (like custom user identifiers), HMAC-based cryptography, and dual token exchange for token propagation through the duration of a playback session. For more information, see Prevent unauthorized distribution.

Private external origin authentication allows Media CDN to support private S3-compatible origins by dynamically generating signed requests with AWS Signature Version 4.

Pub/Sub

Pub/Sub is now available in me-west1 (Tel Aviv, Israel).

Pub/Sub Lite

Pub/Sub Lite is now available in Tel Aviv (me-west1).

Virtual Private Cloud

For auto mode VPC networks, added a new subnet 10.208.0.0/20 for the Tel Aviv me-west1 region. For more information, see Auto mode IP ranges.

Workflows

Execution results include the current or final step of the workflow execution.

September 12, 2022

Apigee Integrated Portal

On September 12, 2022 we released an updated version of Apigee integrated portal.

Bug ID Description
237412458 Fixed an issue where some SMTP settings were not migrated to an upgraded portal.
235634994 Implemented a minor security fix to block content spoofing in the API search page.
233407912 When creating a new App key for products that have been set to manual approval, but have already been approved, the new key will "auto" approve and not have to go through the approval process again.
Batch

The documentation page Get started with Batch has been rewritten. Information that was previously on that page has been relocated to the following new pages:

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

6.0.3 (2022-08-23)

Bug Fixes

Go

Changes for bigquery/storage/apiv1beta1

1.40.0 (2022-09-08)

⚠ BREAKING CHANGES
  • bigquery/dataexchange: update BigQuery Analytics Hub API v1beta1 client BREAKING CHANGE: refresh current dataexchange/v1beta1/* directory to include recent change in protos. Removed common directory and use local enum Category fix!: refactor references to Category message docs: improve proto documentation.
Features
  • bigquery/dataexchange: update BigQuery Analytics Hub API v1beta1 client BREAKING CHANGE: refresh current dataexchange/v1beta1/* directory to include recent change in protos. Removed common directory and use local enum Category fix!: refactor references to Category message docs: improve proto documentation. (e45ad9a)
  • bigquery/storage/managedwriter: Augment reconnection logic (#6609) (6b0ac0c)
  • bigquery: Add trace instrumentation support for individual rpcs (#6493) (eedc632)
  • bigquery: Improve error when reading null values (#6566) (e9a94c2), refs #2612
Documentation
  • bigquery: Add numeric and bignumeric to RowIterator docs (#6560) (bea4028)
Miscellaneous Chores
Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.11.2 (2022-09-07)

Bug Fixes
  • Make cloud-monitoring a runtime dependency (#1371) (930d043)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.2 (#1373) (43b8052)
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.2 (#1374) (4174f0d)
Cloud Billing

You can now estimate the cost of your workloads using the Cost Estimation API (Preview). The Cost Estimation API provides customer-specific estimates that include all your discounts, such as those negotiated as part of a contract and those based on committed usage. These cost estimates can help you make more informed business decisions.

Cloud Build

Cloud Build now supports Supply chain Levels for Software Artifacts (SLSA) level 3 assurance. Taking steps to reach SLSA level 3 can help you protect your build pipeline. To learn more, see Viewing build provenance.

Cloud Composer

Encryption with customer-managed encryption keys (CMEK) now applies to the persistent disk of the environment's Redis queue.

(Available without upgrading) Fixed a problem where the termination grace period for Airflow worker Pods in Cloud Composer 2 was set to 30 seconds (from 3600 seconds) after updating an environment. If your environment is impacted, this fix will apply automatically on the next update (or upgrade) operation. To apply the fix immediately, you can override and then delete a non-existing environment variable in your environment.

(Available without upgrading) When an environment is deleted, Cloud Composer automatically deletes the persistent disk of the environment's Redis queue.

Set the logging level of Airflow's DeprecationWarning messages to Warning.

(Available without upgrading) Cloud Composer now makes several attempts to create an environment when the Cloud Composer connection subnetwork is locked by another operation. This change improves the reliability when creating environments with Public Service Connect.

Fixed a potential race condition in Airflow workers that could cause new tasks to be executed on a worker that is scheduled to be scaled down. This fix prevents Airflow tasks from being stuck in the running state.

Adjusted CPU limits for the FluentD environment component (responsible for uploading task logs to Cloud Logging), to avoid potential problems that might result in missing logs in Cloud Logging.

The apache-airflow-providers-google package was upgraded to 2022.8.26+composer. Changes compared to version 2022.8.23+composer:

  • Added deferrable option to Dataproc operators to run the task asynchronously. (#25302)

    Cloud Composer team plans to add support for Deferrable operators in October, 2022.

Cloud Composer 1.19.9 and 2.0.26 images are available:

  • composer-1.19.9-airflow-1.10.15 (default)
  • composer-1.19.9-airflow-2.1.4
  • composer-1.19.9-airflow-2.2.5
  • composer-2.0.26-airflow-2.1.4
  • composer-2.0.26-airflow-2.2.5

Cloud Composer versions 1.17.0.preview.12, and 2.0.0-preview.0 have reached their end of full support period.

Cloud Functions

Cloud Functions has added support for a new runtime, .NET Core 6.0, at the Preview release level.

Cloud Key Management Service

Cloud KMS is available in the following region:

  • me-west1

For more information, see Cloud KMS locations.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.10.8 (2022-09-09)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#1060) (b5dea1b)

3.10.7 (2022-09-07)

Bug Fixes
  • Apply Google Java Code Clarity suggestions (#1044) (79e9d8d)
Cloud SQL for MySQL

The In-place Major Version Upgrade feature is now generally available for Cloud SQL for MySQL.

Cascading Replicas is now generally available for Cloud SQL. Customers can now configure PostgreSQL and MySQL for Cloud SQL read replicas to have read replicas under them.

Cloud SQL for PostgreSQL

Cascading Replicas is now generally available for Cloud SQL. Customers can now configure PostgreSQL and MySQL for Cloud SQL read replicas to have read replicas under them.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-dataflow

0.7.3 (2022-09-09)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#211) (20b1918)
Dataproc

Dataproc Serverless for Spark now uses runtime version 1.0.17 and 2.0.0-RC2.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

3.1.1 (2022-09-01)

Bug Fixes

Java

Changes for google-cloud-pubsub

1.120.14 (2022-09-10)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.15.0 (#1259) (257cb8f)
  • Update dependency com.google.cloud:google-cloud-core to v2.8.10 (#1258) (37e0034)
  • Update dependency com.google.cloud:google-cloud-core to v2.8.11 (#1264) (a19bc7a)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#1265) (52da9da)
Secret Manager

Cloud Secret Manager is now available in the following region:

  • me-west1

For more information, see Secret Manager locations.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-secretmanager

2.3.3 (2022-09-09)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.2 (#827) (b2162a7)

2.3.2 (2022-09-06)

Dependencies
  • Update dependency com.google.protobuf (6bf4745)

Node.js

Changes for @google-cloud/secret-manager

4.1.2 (2022-09-01)

Bug Fixes
  • Allow passing gax instance to client constructor (#399) (02d820f)
  • Do not import the whole google-gax from proto JS (#1553) (#398) (e16be85)

September 09, 2022

Apigee X

On September 09, 2022, we released an updated version of Apigee X.

With this release, Apigee support for Private Service Connect (PSC) is GA. PSC allows you to privately connect Apigee to target services running across VPC networks in addition to the peered network. For more information, see Southbound networking patterns.

Backup and DR

Announcing Google Cloud Backup and DR Service, a managed backup and disaster recovery (DR) service for centralized, application-consistent data protection. Protect workloads running in Google Cloud and on-premises by backing them up to Google Cloud.

Coming late September, 2022.

BigQuery ML

The following features are now generally available for ARIMA_PLUS models:

  • The HOLIDAY_REGION option can now take more than one region string as input. If you include more than one region string, the union of the holidays in all of the provided regions will be taken into the modeling.
  • You can use the new TREND_SMOOTHING_WINDOW_SIZE option to smooth the trend component of the time series by applying a center moving average.
Cloud Build

The Cloud Build script field is now generally available. This allows users to specify build steps using their scripting language of choice rather than as arguments to Docker. To learn more, see Running bash scripts.

Cloud Spanner

Query Optimizer version 5 is generally available, and is the default optimizer version.

Compute Engine

Generally available: Compute Engine supports importing a virtual disk with an UEFI bootloader. Learn more about using the --guest-os-features flag to enable UEFI booting for the imported disk.

Transfer Appliance

Remote Wipe is an optional step in the appliance return process that allows customers to erase data on their appliance before returning it to Google.

Learn more about how to wipe an appliance.

September 08, 2022

Anthos Service Mesh

Managed Anthos Service Mesh support for GKE Autopilot is now generally available in the Regular and Rapid channels. For more information, see Configure managed Anthos Service Mesh with fleet API or Configure managed Anthos Service Mesh with asmcli.

Anthos clusters on VMware

Anthos clusters on VMware 1.10.7-gke.15 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.10.7-gke.15 runs on Kubernetes 1.21.14-gke.2100.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

Fixed for v1.10.7

Anthos clusters on VMware 1.11.3-gke.45 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.3-gke.45 runs on Kubernetes 1.22.8-gke.204.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

The gkectl diagnose cluster command automatically runs when gkectl diagnose snapshot is run, and the output is saved in a new folder in the snapshot called /diagnose-report.

Fixed for v1.11.3

Cloud Healthcare API

A demo for the Healthcare Natural Language API is now available. For more information, see Try the Healthcare Natural Language API.

Cloud Logging

Cloud Audit Logging no longer redacts the principal email associated with service accounts in audit logs. For more information, see Caller identities in audit logs.

Cloud Spanner

Cloud Spanner free trial instances are now generally available. With a free trial instance, you can learn and explore Spanner for 90 days at no cost. You can create Google Standard SQL or PostgreSQL-dialect databases and store up to 10 GB of data, with the option to upgrade at any time. For more information, see About Cloud Spanner free trial instances.

Compute Engine

The incorrect quota limits displayed in the Cloud console in the us-east5 region have been resolved.

Dataproc

Avoid using the following image versions when creating new clusters:

  • 2.0.31-debian10, 2.0.31-ubuntu18, 2.0.31-rocky8
  • 2.0.32-debian10, 2.0.32-ubuntu18, 2.0.32-rocky8
  • 2.0.33-debian10, 2.0.33-ubuntu18, 2.0.33-rocky8
  • 1.5.57-debian10, 1.5.57-ubuntu18, 1.5.57-rocky8
  • 1.5.58-debian10, 1.5.58-ubuntu18, 1.5.58-rocky8
  • 1.5.59-debian10, 1.5.59-ubuntu18, 1.5.59-rocky8

If your cluster uses one of these image versions, there is a small chance that the cluster might enter an ERROR_DUE_TO_UPDATE state while being updated, either manually or as a result of autoscaling. If that happens, contact support. You can avoid future occurrences by creating new clusters with a newer image version.

Google Kubernetes Engine

The Calico issue link included in the August 19, 2022 release notes issue was updated to the Calico issue #4857.

September 07, 2022

Anthos Service Mesh

Automatically configuring managed Anthos Service Mesh using the Fleet Feature API is now generally available in the rapid, regular, and stable release channels. With this feature, Google will automatically configure your control plane, data plane, and multi-cluster endpoint visibility. This is the preferred method to provision managed Anthos Service Mesh on GKE. For more information, see Configure managed Anthos Service Mesh with fleet API.

The Google-managed data plane is now generally available (GA) as a part of managed Anthos Service Mesh. The managed data plane helps you upgrade data plane proxies automatically. For more information see Configure managed Anthos Service Mesh.

Batch

Batch is now available in the following regions: asia-southeast1 and europe-west6. For more information, see Locations.

Compute Engine

Generally available: To reduce image licensing cost, you can now bring your Red Hat Enterprise Linux subscriptions to Google Cloud. For more information, see Create a VM using a RHEL BYOS image.

Preview: Accelerator-optimized (A2 ultraGPU) machine types with their attached A100 80GB GPUs are now available in the following region:

  • Iowa, North America: us-central1-c

Generally available: Archive snapshots are now available for more cost-efficient data retention as compared to regular snapshots, which are best suited for long-term back up and disaster recovery. For more information, see Archive snapshots.

Google Cloud Armor

Adaptive Protection suggested rules can now be deployed automatically in public preview. For more information, see Automatically deploy Adaptive Protection suggested rules.

Google Kubernetes Engine

The ip-masq-agent is not able to boot up on Arm nodes in GKE clusters with control planes running the following versions:

  • 2022-R18: 1.23.8-gke.1900, 1.24.2-gke.1900

  • 2022-R19: 1.24.3-gke.200

  • 2022-R20: 1.23.9-gke.900, 1.24.3-gke.900

This regression has been fixed. Please upgrade your control plane to versions included in the 2022-R21 release.

CVE-2021-4160, CVE-2022-1664, CVE-2022-1292, and CVE-2022-29155 have been patched in the Filestore CSI driver for newly created clusters.

Storage Transfer Service

Storage Transfer Service now offers Preview support for moving data from S3-compatible storage to Cloud Storage. This feature builds on recent Cloud Storage launches, namely support for Multipart upload and List Object V2, which makes Cloud Storage suitable for running applications written for the S3 API. With this new feature, customers can seamlessly copy data from self-managed object storage to Google Cloud Storage. For customers moving data from AWS S3 to Cloud Storage, this feature provides an option to control network routes to Google Cloud, resulting in considerably lower egress charges.

See Transfer from S3-compatible sources for details.

September 06, 2022

Apigee API hub

On September 6, 2022 Apigee hub released a new version of the software.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.5.6 on GitHub for details.

Bug ID Description
N/A Multiple fixes as listed at v0.5.6 Changelog on GitHub.
BigQuery

Cloud console updates: Improvements that are related to query execution include the following:

  • For long-running queries, the Execution details tab is automatically displayed with the timing details of each stage of the query.

  • In the query editor, you can now see the query validation message when your query is completed or canceled.

Cloud SQL for MySQL

Cloud SQL for MySQL now supports minor version 8.0.30. To upgrade your existing instance to the new version, see Upgrade the database minor version.

VPC Service Controls

Beta stage support for the following integration:

Workflows

Support for connectors for Google Forms and Google Sheets is available in Preview.

September 05, 2022

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

4.0.2 (2022-08-27)

Bug Fixes

Java

Changes for google-cloud-bigtable

2.11.1 (2022-08-26)

Bug Fixes
  • Reset a measure map every time the stats are recorded (#1364) (1683365)
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

10.1.8 (2022-09-03)

Bug Fixes
  • Correction for timestamp and instrumentation record severity fields format (#1328) (057431b)

10.1.7 (2022-09-02)

Bug Fixes

10.1.6 (2022-08-31)

Bug Fixes
  • use _gaxModule when accessing gax for bundling (#1322) (9cd207d)

Java

Changes for google-cloud-logging

3.10.6 (2022-08-29)

Dependencies
  • use error_prone_annotation via shared deps (#1049) (0998b9b)
Cloud Run

Cloud Run now allows up to 4,000 serving revisions and 2,000 tagged revisions per region and project.

Secret Manager

Secret Manager now supports using annotations to define custom metadata about the secret. The metadata in an annotation can be small or large, structured or unstructured, and can include characters. You can add annotations to secrets when you create a new secret or when you edit an existing secret. For information, see Creating and managing annotations.

VPC Service Controls

General availability support for the following integration:

September 02, 2022

Apigee hybrid

hybrid v1.7.4

On September 2, 2022 we released an updated version of the Apigee hybrid software, v1.7.4.

For information on upgrading, see Upgrading Apigee hybrid to version 1.7.

Bug ID Description
232529030 Replaced the Logging fluentbit container environment variable http_proxy with HTTP_PROXY to maintain compatibility with fluentbit 1.8.
Bug ID Description
240833499 Security fix for gopkg.in/yaml.v3.
230369447 Security fix for commons-codec
230368838 Security fix for CVE-2018-10237, auto-value:guava.
230366823 Security fix for jackson-databind.
230366589 Security fix for CVE-2021-22696-cxf in cxf.
230366276 Security fix for CVE-2021-22569.
229804717 Security fix for apigee-envoy.
N/A Miscellaneous Security updates and fixes.
Chronicle

GetLog

The GetLog API method is now available as part of the Chronicle Search API. Use GetLog to retrieve a specific raw log using an event's UID.

Google Kubernetes Engine

(2022-R21) Version updates

  • The following versions are now available in the Rapid channel:

  • Version 1.24.3-gke.200 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.2700
    • 1.22.12-gke.500
    • 1.23.9-gke.900
    • 1.24.2-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.3000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.200 with this release.

(2022-R21) Version updates

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.21.14-gke.700
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.11-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

(2022-R21) Version updates

  • The following versions are now available in the Stable channel:

  • Version 1.21.14-gke.700 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.2200
    • 1.22.10-gke.600
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

(2022-R21) Version updates

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

(2022-R21) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • The following control plane and node versions are now available:

  • The following control plane versions are no longer available:

    • 1.21.12-gke.2200
    • 1.23.7-gke.1400
    • 1.23.8-gke.400
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Stable channel

  • The following versions are now available in the Stable channel:

  • Version 1.21.14-gke.700 is now the default version in the Stable channel.

  • The following versions are no longer available in the Stable channel:

    • 1.21.12-gke.2200
    • 1.22.10-gke.600
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to version 1.22.12-gke.500 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Regular channel

  • The following versions are now available in the Regular channel:

  • The following versions are no longer available in the Regular channel:

    • 1.21.14-gke.700
    • 1.23.7-gke.1400
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.22.11-gke.400 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to version 1.23.8-gke.1900 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:

  • Version 1.24.3-gke.200 is now the default version in the Rapid channel.

  • The following versions are no longer available in the Rapid channel:

    • 1.21.14-gke.2700
    • 1.22.12-gke.500
    • 1.23.9-gke.900
    • 1.24.2-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.3000 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.22.12-gke.1200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.2100 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.3-gke.200 with this release.

  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.24.3-gke.200 with this release.

Transfer Appliance

The lock/unlock feature allows you to securely move an appliance between data centers while ensuring that the data is encrypted and not accessible when the appliance comes in contact with third-party shipping services or people outside of your organization.

Learn more about the guide here.

September 01, 2022

Agent Assist

Agent Assist now offers the new Summarization (Preview) feature. Summarization allows you to automatically provide your agents with summaries after each conversation has ended. See the Summarization documentation for details.

Agent Assist now offers regionalized data residency. When you specify a region, your data-at-rest will be confined to the specified geographic region or location. See the regionalization and data residency documentation for a list of supported regions and more information.

Anthos Service Mesh

1.13.7-asm.3 is now available.

This patch release contains a fix for an issue where istiod starts up very slowly when connectivity to the Google Cloud metadata service is partially broken. For details on upgrading Anthos Service Mesh, refer to Upgrade Anthos Service Mesh.

Anthos Service Mesh 1.13.7-asm.3 includes the features of Istio 1.13.7 subject to the list of Anthos Service Mesh supported features.

Apigee Integration

On September 01, 2022 we released an updated version of the Apigee Integration software.

Region support for integration endpoint

BigQuery

The slot recommender creates recommendations for customers using on-demand billing and is now generally available (GA).

BigQuery ML

The Random Forest model is now generally available (GA). For more information, see the random forest sections in the end-to-end user journey page.

Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Arcsight CEF (ARCSIGHT_CEF)
  • Aruba (ARUBA_WIRELESS)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • Azure AD (AZURE_AD)
  • BeyondTrust (BOMGAR)
  • Bitdefender (BITDEFENDER)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Bluecat DDI (BLUECAT_DDI)
  • CA LDAP (CA_LDAP)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco ACS (CISCO_ACS)
  • Cisco Router (CISCO_ROUTER)
  • Cisco UCM (CISCO_UCM)
  • Cisco Umbrella IP (UMBRELLA_IP)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco VPN (CISCO_VPN)
  • Cisco WLC/WCS (CISCO_WIRELESS)
  • CrowdStrike Falcon (CS_EDR)
  • Falco IDS (FALCO_IDS)
  • FireEye HX (FIREEYE_HX)
  • Forcepoint CASB (FORCEPOINT_CASB)
  • FortiGate (FORTINET_FIREWALL)
  • GCP Load Balancing (GCP_LOADBALANCING)
  • GCP Cloud Audit (N/A)
  • HP Aruba Clearpass (CLEARPASS)
  • Infoblox DNS (INFOBLOX_DNS)
  • Linux DHCP (LINUX_DHCP)
  • Microsoft Intune (AZURE_MDM_INTUNE)
  • Office 365 (OFFICE_365)
  • Open LDAP (OPENLDAP)
  • Ordr IoT (ORDR_IOT)
  • Palo Alto Networks Traps (PAN_EDR)
  • Pivotal (PIVOTAL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Red Hat OpenShift (REDHAT_OPENSHIFT)
  • Sophos Firewall Next Gen (SOPHOS_FIREWALL)
  • Sourcefire (SOURCEFIRE_IDS)
  • Suricata EVE (SURICATA_EVE)
  • Symantec Event export (SYMANTEC_EVENT_EXPORT)
  • Tanium Comply (TANIUM_COMPLY)
  • Vectra Detect (VECTRA_DETECT)
  • VMware ESXi (VMWARE_ESX)
  • Windows Event (WINEVTLOG)

For details about changes in each parser, see Supported default parsers.

The following changes are available in the Unified Data Model:

  • The ip_location field was added to Noun type.
  • The day_max_sub_domains field was added to the Prevalence type.
  • The source_type field was added to the EntityMetadata type.

For a list of all fields in the Unified Data Model, and their descriptions, see the Unified Data Model field list.

Cloud Run

Terraform samples are now available in many of the Cloud Run tutorials and guides, such as:

and many other pages. You can also find a full list of Terraform samples in GitHub.

Compute Engine

The following changes have been introduced to how your resource usage is calculated to determine applicable sustained use discounts:

  • Usage will be calculated on an hourly basis instead of a per microsecond basis.
  • Usage will be calculated collectively for a billing account instead of on a per project basis.
Config Connector

Config Connector version 1.93.0 is now available.

Config Connector will deprecate GameServicesRealm on November 15, 2022 due to the deprecation of Google Cloud Game Servers on June 30, 2023. This means that Config Connector will stop reconciling GameServicesRealm resources. If you have any questions or require assistance, please contact Google Cloud Support.

Added support for "reconcile resource immediately once its dependency is ready" feature for CloudFunctionsFunction, EventarcTrigger, MonitoringUptimeCheckConfig, ServiceDirectoryEndpoint, and ServiceDirectoryService.

Increased webhook timeout to 10s.

Added spec.cdnPolicy.bypassCacheOnRequestHeaders and spec.cdnPolicy.requestCoalescing fields to ComputeBackendBucket.

Added spec.scheduling.instanceTerminationAction field to ComputeInstance.

Added spec.scheduling.instanceTerminationAction field to ComputeInstanceTemplate.

Added spec.networkRef and spec.subnetworkRef fields to ComputeRegionNetworkEndpointGroup.

Added spec.certificateMapRef field to ComputeTargetHTTPSProxy.

Added spec.binaryAuthorization, spec.clusterAutoscaling.autoProvisioningDefaults.bootDiskKMSKeyRef, and spec.meshCertificates fields to ContainerCluster.

Deprecated spec.enableBianryAuthorization field in ContainerCluster.

Added spec.binaryAuthorization.evaluationMode field in ContainerCluster.

Added spec.conditions.conditionMonitoringQueryLanguage.evaluationMissingData, and spec.conditions.conditionThreshold.evaluationMissingData fields to MonitoringAlertPolicy.

Added spec.bigqueryConfig field to PubSubSubscription.

Added spec.customerManagedKeyRef field to RedisInstance.

Added spec.versionRetentionPeriod field to SpannerDatabase.

Fixed the mutability of spec.settings.collation in SQLInstance, as it is actually immutable.

Added spec.settings.locationPreference.secondaryZone, spec.settings.passwordValidationPolicy, and spec.settings.sqlServerAuditConfig fields to SQLInstance.

Added spec.lifecycleRule.condition.matchesPrefix and spec.lifecycleRule.condition.matchesSuffix fields to StorageBucket.

Dataproc

Fixed issue where gcloud dataproc batches list hangs when a large number of batches is present.

Document AI

We are standarding our release processes and naming conventions for processor versions. For more information, see Manage processor versions.

Text-to-Speech

Text-to-Speech now offers these new voices. See the supported voices page for a complete list of voices and audio samples.

cloud-ta-IN-Wavenet-C cloud-ta-IN-Standard-C cloud-ta-IN-Wavenet-D cloud-ta-IN-Standard-D

August 31, 2022

Cloud Load Balancing

External TCP and SSL proxy load balancers now allow you to specify a forwarding rule with a global anycast IP address and any port from 1-65535. The target TCP or SSL proxy terminates IPv4 or IPv6 client traffic at the specified port and then proxies the traffic to backend instances.

For more information, see the following:

This feature is available in General Availability.

Cloud Translation

Cloud Translation - Advanced (v3) support for a multi-regional US endpoint is now Generally Available (GA).

Google Cloud Armor

The Google Cloud Armor custom rules language now supports URL, URL Unicode and utf-8 decoding.

August 30, 2022

Anthos clusters on bare metal

Release 1.11.5

Anthos clusters on bare metal 1.11.5 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.5 runs on Kubernetes 1.22.

Fixes:

  • Increased the default storage size limit of etcd to 6 GiB.

  • The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee X

On August 30, 2022, Apigee announced the GA launch of Pay-as-you-go pricing, a consumption-based model for Google's Apigee Platform.

When you use Pay-as-you-go pricing for Apigee, you are charged for the following:

  • The number of Apigee gateway nodes in the Apigee organization
  • The number of API requests processed by Apigee Analytics services
  • The amount of network usage

For more information, see the Pay-as-you-go overview and the Pay-as-you-go Example pricing.

With this release, the Apigee Pay-as-you-go pricing model includes a maximum Apigee gateway node count of 1,000 across all environments in a region.

Cloud Monitoring

You can now collect additional MongoDB metrics from the Ops Agent, starting with version 2.19.0. For more information, see Monitoring third-party applications: MongoDB.

Datastream

You can now set the number of maximum concurrent CDC tasks for a stream using the Datastream API. To learn more, see Manage streams.

Policy Intelligence

The user interface for Policy Troubleshooter in the Cloud console has been updated to improve usability. To view the new user interface, visit the Policy Troubleshooter page in the Cloud console.

Storage Transfer Service

Storage Transfer Service now offers preview support for multipart uploads for transfers originating from a file system, if the destination or intermediate bucket uses the Standard storage class.

Multipart uploads can speed up transfers that include large files. You must grant additional permissions on the destination or intermediate bucket; see Permissions for file system transfers for details.

August 29, 2022

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions:

  • 1.21.14-gke.2900
  • 1.22.12-gke.1100
  • 1.23.9-gke.800
Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions:

  • 1.21.14-gke.2900
  • 1.22.12-gke.1100
  • 1.23.9-gke.800
BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.39.0 (2022-08-23)

Features
  • bigquery/storage: allow users to set Apache Avro output format options through avro_serialization_options param in TableReadOptions message Through AvroSerializationOptions, users can set enable_display_name_attribute, which populates displayName for every avro field with the original column name Improved documentation for selected_fields, added example for clarity. (41ab4ec)
  • bigquery: add PreserveAsciiControlCharacters support for CSV (#6448) (b7bac2f)
  • bigquery: add preview support for default values (#6464) (edc3be5)

Java

Changes for google-cloud-bigquery

2.14.7 (2022-08-23)

Bug Fixes
  • table-not-found issue with executeSelect while running long queries (#2222) (4876569)

2.15.0 (2022-08-25)

Features

Community contributed UDFs are now generally available in the bigquery-utils GitHub repository and the bigquery-public-data.persistent_udfs public dataset.

Cloud console updates: In the query editor, when you select a function signature from the autocomplete list, you can remove the parameter names quickly by pressing the Backspace or Delete key.

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.11.0 (2022-08-17)

Features
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.4.1 (#1352) (f8d97e5)
Cloud Composer

The apache-airflow-providers-google package was upgraded to 2022.8.23+composer. Changes compared to version 2022.8.16+composer:

  • Added missing google-cloud-dataform package.

Cloud Composer uses a custom version of the apache-airflow-providers-google package. This custom version is based on the public version 6.8.0. For information about other changes compared to version 6.8.0, see release notes for the previous versions of this package.

Cloud Composer now generates an error message if an environment label matches internal environment labels used by Cloud Composer.

(Available without upgrading) It is no longer possible to set environment variables with names http_proxy and https_proxy.

(Cloud Composer 1) Fixed a transient issue that caused environment creation operations to fail with the Couldn't bring up ['composer-fluentd-daemon', 'airflow-worker'] in time message.

Cloud Composer 1.19.8 and 2.0.25 images are available:

  • composer-1.19.8-airflow-1.10.15 (default)
  • composer-1.19.8-airflow-2.1.4
  • composer-1.19.8-airflow-2.2.5
  • composer-2.0.25-airflow-2.1.4
  • composer-2.0.25-airflow-2.2.5

Cloud Composer versions 1.16.15 and 1.17.0.preview.11 have reached their end of full support period.

Cloud Data Loss Prevention

The PERSON_NAME infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.10.5 (2022-08-25)

Bug Fixes
  • resource detection for 2nd gen of Cloud Functions works incorrectly (#1045) (dda1d0a)
Cloud Monitoring

You can now manage Monitoring-specific roles by using the Cloud Monitoring pages in the Google Cloud console. For more information, see Grant access to Cloud Monitoring.

Filestore

Filestore is now available in Madrid, Spain (europe-southwest1 region).

Filestore is now available in Paris, France (europe-west9 region).

Filestore is now available in Milan, Italy (europe-west8 region).

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.25.1 (2022-08-24)

Bug Fixes

1.25.0 (2022-08-23)

Features
Documentation

Java

Changes for google-cloud-pubsub

1.120.13 (2022-08-24)

Dependencies
  • update dependency com.google.cloud:google-cloud-bigquery to v2.14.7 (#1254) (775c993)
SAP on Google Cloud

New SAP certification for operating system

SAP has certified the operating system Red Hat Enterprise Linux 8.6 for SAP HANA and SAP NetWeaver on Google Cloud.

For more information about SAP certified operating systems, see:

Monitoring agent for SAP HANA version 2.7

Version 2.7 of the monitoring agent for SAP HANA is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring agent for SAP HANA.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-secret-manager

2.12.4 (2022-08-24)

Documentation
  • samples: Added sample for creating Secret with UserManaged replication (#328) (c5fe7ff)
Workflows

Added support to deploy a workflow using a cross-project service account through the Google Cloud console.

August 26, 2022

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for PostgreSQL

The following extensions in Cloud SQL for PostgreSQL are generally available:

  • pgRouting. Enhances geospatial processing, through network routing and analysis, for PostGIS.
  • plv8. Provides a procedural language for enabling the use of JavaScript.
  • amcheck. Enables the use of the pg_amcheck application to check for corruption in PostgreSQL databases.
Cloud Scheduler

Support for using VPC Service Controls with Cloud Scheduler is now generally available (GA). To get started, check out the documentation on how to secure cron jobs with VPC Service Controls.

Google Distributed Cloud Edge

This is a patch release of Google Distributed Cloud Edge (version 1.1.1).

The following changes have been introduced in this release of Google Distributed Cloud Edge:

  • Google Distributed Cloud Edge worker nodes have been updated to Kubernetes 1.22.

The following issues have been resolved in this release of Google Distributed Cloud Edge:

  • The SR-IOV interface no longer fails to start after a Google Distributed Cloud Edge worker node has been rebooted.

August 25, 2022

Access Approval

Access Approval supports Dataproc in the Preview stage.

AlloyDB for PostgreSQL

AlloyDB supports customer-managed encryption keys (CMEK), an alternative to its default Google-managed encryption. CMEK is especially useful for AlloyDB users who need to manage their own data encryption keys in order to satisfy specific compliance or regulatory requirements.

Anthos clusters on AWS (previous generation)

Anthos clusters on AWS (previous generation) aws-1.12.2-gke.1 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.21.14-gke.2900
  • 1.22.12-gke.1100
  • 1.23.9-gke.800
Anthos clusters on VMware

Anthos clusters on VMware 1.12.1-gke.57 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.1-gke.57 runs on Kubernetes 1.23.5-gke.1505.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.12, 1.11, and 1.10.

  • GA: You can now have your GKE clusters in separate vSphere clusters. With this feature, you can deploy the admin cluster in one vSphere cluster, and a user cluster in a different vSphere cluster.
  • Fixed the issue where mounting emptyDir volume with exec option on Container-Optimized OS (COS) nodes fails with permission error.
  • Fixed the issue where enabling and disabling cluster autoscaler sometimes prevents nodepool replicas from being updated.
  • Fixed the manual node repair issue where manually adding the onprem.cluster.gke.io/repair-machine Machine annotation can trigger VM recreation without deleting the Machine object.
  • Switched back to cgroup v1 (hybrid) for Container Optimized OS (COS) nodes because cgroup v2 (unified) could potentially cause instability for your workloads in a COS cluster.
  • Fixed the issue where running gkectl repair admin-master after a failed admin cluster upgrade attempt caused subsequent admin upgrade attempts to fail. A preflight check has been added for gkectl repair admin-master to prevent the process from using a template that doesn't match the admin cluster checkpoint.
  • Fixed the issue where kubectl describe might error or timeout if resource number is too high during a cluster snapshot.
  • Fixed the following vulnerabilities:

Anthos clusters on bare metal

Release 1.12.2

Anthos clusters on bare metal 1.12.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.2 runs on Kubernetes 1.23.

Features:

  • Added –use-disk flag to bmctl backup cluster command to use the disk instead of the in-memory buffer to back up a cluster. Use this option when available RAM is limited on your admin workstation.
  • Added --quiet flag to bmctl check cluster -- snapshot command to suppress logging to the console during the snapshot creation.

Fixes:

  • Added caching for the Cloud Audit Logging feature status to avoid unnecessary checks and improve performance.
  • Increased the etcd default DB size to 6GiB by default to address NO_SPACE_ALARM in high-scale clusters.
  • Fixed a libseccomp package incompatibility issue.
  • Fixed an issue with the machine-reset job getting stuck.
  • Fixed an issue that caused continuous, unneeded cluster reconciliation operations.
  • Fixed an issue that prevented the node problem detector from running after a cluster upgrade.

The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee API hub

On August 25, 2022 Apigee hub released a new version of the software.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.5.5 on GitHub for details.

Bug ID Description
N/A Multiple fixes as listed at v0.5.5 Changelog on GitHub.
Artifact Registry

Container Analysis automatic scanning for Java and Go vulnerabilities in container images is now in Preview. If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry for Java and Go vulnerabilities, in addition to operating system vulnerabilities.

Container Analysis returns Java and Go vulnerability results for images that have a supported or unsupported operating system. When you push new versions of images to the registry, you might see more successful vulnerability scans and corresponding charges against images without a supported operating system.

For more information, see the Types of scanning in the Container Analysis documentation.

Cloud Monitoring

There are new filtering capabilities for the projects.uptimeCheckConfig.list API method. For more information, see UptimeCheckConfig.

Compute Engine

Preview: You can double the default size limit for a managed instance group (MIG): Zonal MIGs now support up to 2,000 VMs and regional MIGs support up to 4,000 VMs. For more information, see Increase the group's size limit

Dataflow

Dataflow now uses Regional Managed Instance Groups (MIGs). Previously, Dataflow used zonal MIGs.

If this change causes you to exceed your quota, set your Regional managed instance groups quota to the same limit assigned to your Managed instance groups quota. For more information, see Working with quotas.

Transcoder API

Deinterlace configurations are now supported.

August 24, 2022

AlloyDB for PostgreSQL

You can view which zones host a primary instance's active or standby VMs.

Cloud Storage

The restrict authentication types organization policy constraint is now generally available (GA). This constraint allows you to restrict the authentication types that can be used in requests for Cloud Storage resources.

Dataproc

Announcing the Preview release of Dataproc custom constraints, which can be used to allow or deny specific operations on Dataproc clusters.

Migrate to Virtual Machines

Issue: Linux repositories that use Yum as their package management may have Yum configurations set explicitly to minor versions. For example, a Yum configuration may point to specific repositories holding 7.6 packages. This is not currently supported by Google. Only repositories holding the latest versions are supported. This may cause a failure to install the Google guest environment after the VM is detached.

Workaround: Update your Yum configuration to refer to the available repositories. For RHEL 7.x, verify that the variable $releasever holds the value 7Server, and not a specific release version number (7.6 for example) by running echo 7Server > /etc/yum/vars/releasever.

Resource Manager

Organization Policy custom constraints has launched into public preview. Custom constraints can allow or restrict access to API calls in the same way that predefined constraints do, but allow administrators to configure conditions based on request parameters and other metadata. For more information, see Creating and managing custom constraints.

SAP on Google Cloud

Monitoring agent for SAP HANA version 2.6

Version 2.6 of the monitoring agent for SAP HANA is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring agent for SAP HANA.

Google Cloud monitoring agent for SAP NetWeaver version 2.6

Version 2.6 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring SAP NetWeaver on Google Cloud.

August 23, 2022

Anthos clusters on bare metal

Release 1.10.8

Anthos clusters on bare metal 1.10.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.10.8 runs on Kubernetes 1.21.

Fixes

The following container image security vulnerability has been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Anthos VM Runtime

Anthos VM Runtime is Generally Available (GA). Some features and capabilities are available for Preview only, as indicated in the following descriptions:

  • Upgraded Kubevirt to version 0.49.
  • Upgraded Containerized Data Importer (CDI) to version 1.43.0.
  • Added bmctl command to enable or disable Anthos VM Runtime on user clusters.
  • Added automatic upgrade of Anthos VM Runtime when upgrading Anthos clusters on bare metal.
  • Preview: Added ability to configure an eviction policy that controls how VMs automatically migrate to other hosts during maintenance events.
  • Preview: Added non-disruptive upgrading of VM runtime during live migration (that is, when VMs are unobtrusively migrated from one node to another).

VM APIs:

Observability:

Guest OS support:

Added support for the following guest OS versions running on a Virtual Machine:

  • Windows Server 2019
  • Windows Server 2016
  • Windows 10
  • Red Hat Enterprise Linux (RHEL) 8
  • RHEL 7
  • CentOS 8
  • CentOS 7
  • Ubuntu 20.04
  • Ubuntu 18.04

VM networking features:

  • IPAMv4: Static IP Allocation for VM interfaces.
  • IP and MAC Stickiness for VM interfaces.
  • IPAMv4: DHCP for VM interfaces.
  • VLAN tagging support for VM Interfaces.
  • Multi-NIC for VM interfaces through native Dataplane V2 support (macvtap + Dataplane V2).
  • Static routes and DNS configurations at per-network basis.
  • NetworkPolicy enforcement at per-network basis.
  • Validating admission webhooks for Network and NetworkInterface object.
  • Network Mutation, allow the mutations of Gateway, DNS and the customized network routes in the network custom resource. The parent interface for the VM and the VLAN ID are not mutable. VMs that were already running before the network configuration change need to be restarted to pick up the change.
  • Added command to restart all VMs in a network.
  • Graceful IP release for VMs:

    • During VM migration, the IP isn't released.
    • IP addresses are released for VMs that are deleted or stopped.

    For more information on networking, see Create and use virtual networks for Anthos VM Runtime.

VM Runtime issues:

  • When kubevirt is configured, customers should ensure that TOR switches have MAC learning enabled.

  • If you choose to manually run a DHCP ipconfig /renew command in a Windows VM, you should first perform a DHCP release, using theipconfig /release command. In other words, the sequence for manually performing a DHCP renewal in a Windows environment is the following:

    ipconfig /release
    ipconfig /renew
    
Apigee API hub

On August 23, 2022 Apigee hub released a new version of the software.

API hub has been upgraded to use a later version of the Registry API open-sourced project. See v0.5.4 on GitHub for details.

Bug ID Description
N/A Multiple fixes as listed at v0.5.4 Changelog on GitHub.
Apigee UI

On August 23, 2022, we released an updated version of the Apigee UI.

Note: Rollouts of this release will begin today and may take several weeks to be completed across all Google Cloud zones. Your instances may not have the features and fixes available until the rollout is complete.

With this release, the Apigee UI will display the new version of the Proxy Editor by default.

In this release, you can view both the visual editor and the text editor at the same time in the Develop view, without having to manually switch between the two. You can also resize the display area of either editor to view it more easily. See Change the target endpoint for a description of the changes to the editor layout.

Carbon Footprint

The carbon_footprint_kgCO2e.scope2.market_based and carbon_offsets_kgCO2e fields of the exported carbon data are set to NULL instead of 0, to better reflect that the fields are not yet populated.

Google Kubernetes Engine

CVE-2022-24675 CVE-2022-2068 CVE-2022-28327 have been patched in the PD CSI driver in 1.23 for newly created clusters.

For VPC-native clusters, the user-managed secondary range for Services can now be shared among clusters in the same subnet. The Services range no longer needs to be unique for clusters on the same subnet. Shared Services ranges are backwards-compatible with all GKE versions.

Kf

Added limits to containers.

Fixed set-env slowness.

SAP on Google Cloud

Terraform configurations for SAP deployments on Google Cloud

Terraform configurations to automate the deployment of the following SAP solutions on Google Cloud are now generally available (GA):

  • SAP HANA single-host scale-up or multi-host scale-out
  • SAP HANA scale-out with host auto-failover
  • SAP HANA scale-up in a Linux high-availability cluster
  • SAP NetWeaver on RHEL or SLES
  • SAP NetWeaver high-availability cluster configuration on SLES

For more information, see Automating SAP deployments on Google Cloud with Terraform.

Transcoder API

Audio-only outputs are now supported. For more information, see the Pricing page and the sample configuration.

Labels are now supported. Labels are key-value pairs you can use to organize resources.

August 22, 2022

API Keys API

API Keys API is now available in GA.

Apigee X

On August 22, 2022, we released an updated version of Apigee X (1-8-0-apigee-33).

Bug ID Description
N/A Upgraded infrastructure and libraries

Value of io.timeout.millis is not honored when used with multiple dynamic targets.

If a proxy sets two or more io.timeout.millis values in two or more flows using the same target host, only one io.timeout.millis value is honored.

Apigee hybrid

hybrid v1.8.0

On August 22, 2022 we released an updated version of the Apigee hybrid software, v1.8.0.

For information on upgrading, see Upgrading Apigee hybrid to version 1.8.

Apigee Ingress gateway

Starting in version 1.8, Apigee hybrid offers a new feature to manage the ingress gateway for your hybrid installation, Apigee ingress gateway. Anthos Service Mesh is no longer a prerequisite for hybrid installation. With Apigee ingress gateway, Apigee will stop supplying routing configuration to Anthos Service Mesh. See Managing Apigee ingress.

ORG-level UDCA

Apigee hybrid now supports setting UDCA at the org level instead of at the environment level. See orgScopedUDCA in the Configuration property reference.

Support for newer versions of Anthos, Anthos Service Mesh, and Kubernetes

Starting in version 1.8, Apigee hybrid supports Anthos version 1.12, Anthos Service Mesh version 1.13, and Kubernetes version 1.23 on specific platforms. See Apigee hybrid supported platforms and versions for details.

KVM pagination

Apigee hybrid now supports KVM pagination (introduced in Apigee X on March 10, 2022). See REST Resource: organizations.keyvaluemaps and REST Resource: v1.organizations.environments.keyvaluemaps.

apigeectl now supports the --v option to set the log verbosity level

Starting in version 1.8, apigeectl includes a --v option to set log verbosity levels in the format --v=int, for example apigeectl apply --v=5. This option replaces the --verbose option (now deprecated). This is the same as the kubectl --v option. See apigeectl for details.

tools/apigee-pull-push.sh includes a –list option to list all images

Starting in version 1.8, The tools/apigee-pull-push.sh utility has a --list or -l option that will list all images in the gcr repo. See apigee-pull-push.sh for details.

Bug ID Description
239854141 apigee-pull-push.sh now uses gcr source repositories. (Fixed in Apigee hybrid v1.8.0)
238370197 Fixed an issue where the timeTaken variable's value could sometimes be calculated incorrectly. (Fixed in Apigee hybrid v1.7.3)
236399482 Added support for ASM v1.13. (Fixed in Apigee hybrid v1.7.2)
236129944 Fixed the controller crashloopbackoff due to null pointer issue. (Fixed in Apigee hybrid v1.6.9)
236129944 Fixed the controller crashloopbackoff resulting from null pointer. (Fixed in Apigee hybrid v1.7.2)
234620567 Fix logger issue in Anthos BareMetal with CentOS. (Fixed in Apigee hybrid v1.6.9)
234355351 Fixed issue with message processor pods restarting frequently. Added backoff polling task for Cloud KMS key listener. The listener is paused only when the flush policy is met. (Fixed in Apigee X, June 21, 2022)
233349518 Fixed "Invalid Resource" error generated for job/apigee-resources-install. (Fixed in Apigee hybrid v1.7.1)
233094108 Fixed Stacktrace truncation in runtime containers to support proxy diagnosis. (Fixed in Apigee hybrid v1.7.2)
232977937 Fixed an issue where deployment would become stuck on "Applying routing changes on" for multiple ingress gateways. (Fixed in Apigee hybrid v1.7.1)
231313050 Fixed issue causing Apigee logger pod to remain in crashloopbackoff state. (Fixed in Apigee hybrid v1.7.2)
229824389 Fixed an issue in hybrid 1.7.0 where the output apigeectl init could be generated in the wrong order. (Fixed in Apigee hybrid v1.7.1)
229804717 Fixed upgrade envoy to use distroless v1.22.0. (Fixed in Apigee hybrid v1.7.1)
229639530 Fixed an error harmonizing the container process ID to use Apigee ID for Hybrid on OpenShift. (Fixed in Apigee hybrid v1.7.1)
228855520 Upgraded support for ASM version 1.13. (Fixed in Apigee X, May 9, 2022)
227600373 Fixed an installation issue with Cassandra. (Fixed in Apigee hybrid v1.6.7)
227538469 Fixed an issue where configuration actions would write logs to the pod file system. (Fixed in Apigee hybrid v1.7.1)
226964206 MART, runtime and synchronizer would write to the pod file system. (Fixed in Apigee hybrid v1.7.1)
226464960 Apigee hybrid fresh installations on OpenShift 4.6 and 4.8 would fail. (Fixed in Apigee hybrid v1.6.7)
225939342 Fixed an error where deployment status would show as "Applying routing changes on {env}". (Fixed in Apigee hybrid v1.7.1)
225198475 Fixed an issue where resource reference changes could not be detected. (Fixed in Apigee hybrid v1.7.1)
225169066 Cassandra database backup and restore was not working when http_proxy is enabled under certain circumstances. (Fixed in Apigee hybrid v1.5.10)
225081332 Fixed allow privileged pods issue. (Fixed in Apigee hybrid v1.7.1)
224620542 On some Kubernetes platforms, logging would fail without adding an empty directory for the logs. (Fixed in Apigee hybrid v1.6.7)
223081301 Fixed organization-level UDCA incorrect http-proxy secret name. (Fixed in Apigee hybrid v1.6.7)
222649295 Organization-level UDCA would hang. (Fixed in Apigee hybrid v1.6.7)
221885751 Hybrid logging functionality has been reworked. This should resolve issues with excessive log volume generation, frequent logger restarts, and ensure correct logger functionality with both docker and containerd runtimes. (Fixed in Apigee hybrid v1.5.8)
221292104 Fix to address failure to capture requests in Debug sessions involving PostClientFlow ServiceCallouts. (Fixed in Apigee X, May 9, 2022)
221266789 Hybrid logging functionality has been reworked. This should resolve issues with excessive log volume generation, frequent logger restarts, and ensure correct logger functionality with both docker and containerd runtimes. (Fixed in Apigee hybrid v1.6.7)
219622478 Fixed the CPS property token so that when set to true, it will allow the instance to shutdown and reboot when cassandra connection failures occur. (Fixed in Apigee hybrid v1.7.3)
216018530 Fixed an issue where the apigee-logger-apigee-telemetry DaemonSet could still be left running after turning off logger. (Fixed in Apigee hybrid v1.7.1)
213261445 Fixed reliance on keystore generated by cert manager for metrics endpoint and removed the need for a custom generate_cert script. (Fixed in Apigee hybrid v1.6.7)
211716827 Fixed an issue where a non-default gateway could cause routing errors in certain circumstances. (Fixed in Apigee hybrid v1.7.1)
205616792 Fixed core dump on running user schema setup. (Fixed in Apigee hybrid v1.7.1)
202950533 Remove the server header from all responses. This will be consistent with CG SaaS and OPDK. (Fixed in Apigee hybrid v1.8.0)
202403896 Upgrade to Apigee hybrid v1.6 from v1.5 could fail due to annotation size. (Fixed in Apigee hybrid v1.5.8)
Bug ID Description
230369447 Security fix for commons-codec (Fixed in Apigee hybrid v1.8)
230368838 Security fix for CVE-2018-10237, auto-value:guava (Fixed in Apigee hybrid v1.8)
230366823 Security fix for jackson-databind (Fixed in Apigee hybrid v1.8)
230366589 Security fix for CVE-2021-22696-cxf in cxf (Fixed in Apigee hybrid v1.8)
229804717 Security fix for CVE-2021-3711 (Fixed in Apigee hybrid v1.8, v1.7, v1.6)
229804942 Security fix for CVE-2022-0778 (Fixed in Apigee hybrid v1.8)
N/A Miscellaneous Security updates and fixes.

The apigeectl --verbose option has been deprecated. It is replaced with the --v option which lets you specify the log verbosity level in the format --v=int, for example apigeectl apply --v=5. See apigeectl for details.

Bare Metal Solution

New operating systems for Bare Metal Solution servers--The following OSes are now supported:

  • Red Hat Enterprise Linux (RHEL) 8.5
  • Oracle Linux 8.5

The following operating systems are no longer supported on Bare Metal Solution servers:

  • Red Hat Enterprise Linux (RHEL) 8.4
  • Oracle Linux 8.4
  • RHEL for SAP Solutions 7.6
  • RHEL for SAP Solutions 7.7
BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.38.0 (2022-08-12)

Features
  • bigquery/migration: Add MySQL dialect to bigquerymigration v2 client library (370e23e)
  • bigquery/storage/managedwriter: improve error communication (#6360) (b30d89d)
Bug Fixes
  • bigquery/storage/managedwriter: propagate calloptions to append (#6488) (c65f9da)

Python

Changes for google-cloud-bigquery

3.3.2 (2022-08-16)

Bug Fixes
  • deps: require proto-plus >= 1.22.0 (1de7a52)
  • deps: require protobuf >=3.19, < 5.0.0 (#1311) (1de7a52)
Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigtable

2.11.3 (2022-08-17)

Performance Improvements

2.11.2 (2022-08-11)

Bug Fixes
  • Deps: allow protobuf < 5.0.0 (#631) (fd54fc6)
  • Deps: require proto-plus >= 1.22.0 (fd54fc6)
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.10.4 (2022-08-19)

Dependencies
  • update dependency com.google.errorprone:error_prone_annotations to v2.15.0 (#1037) (b2731c7)

3.10.3 (2022-08-19)

Bug Fixes
Dependencies
  • update dependency org.junit.vintage:junit-vintage-engine to v5.9.0 (#1016) (e5f0b55)

Python

Changes for google-cloud-logging

3.2.2 (2022-08-12)

Bug Fixes
  • deps: allow protobuf < 5.0.0 (#600) (8495dac)
  • deps: require proto-plus >= 1.22.0 (8495dac)
Cloud SQL for SQL Server

Cloud SQL may set a value for the max server memory (mb) flag on instances, based on Microsoft's recommended values. For information about flags supported by Cloud SQL, see Configure database flags.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-dataflow-client

0.5.5 (2022-08-11)

Bug Fixes
  • deps: allow protobuf < 5.0.0 (#126) (16b89c0)
  • deps: require proto-plus >= 1.22.0 (16b89c0)
Dataproc

Announcing Dataproc Serverless for Spark preview runtime version 2.0.0-RC1, which includes the following components:

  • Spark 3.3.0
  • Cloud Storage Connector 2.2.7
  • Java 17
  • Conda 4.13
  • Python 3.10
  • R 4.1
  • Scala 2.13

Dataproc Serverless for Spark now uses runtime version 1.0.16, which upgrades the following components to the following versions:

  • Spark 3.2.2
  • Avro 1.11.1
  • Hadoop 3.3.4
  • Jetty 9.4.48.v20220622
  • ORC 1.7.5
  • RoaringBitmap 0.9.31
  • Scala 2.12.16
Firestore

Added a query builder and table view to the Firestore data section in the Google Cloud console. Use the query builder to filter and compare many documents at once. To learn more, see Query data in the Google Cloud console.

Kf

Fixed issue that liveness probe is not set properly.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.120.12 (2022-08-18)

Dependencies
  • update dependency com.google.cloud:google-cloud-bigquery to v2.14.4 (#1242) (08cfe80)
  • update dependency com.google.cloud:google-cloud-bigquery to v2.14.6 (#1245) (7f933ee)
  • update dependency com.google.cloud:google-cloud-core to v2.8.9 (#1250) (7c8fd41)
  • update dependency com.google.protobuf:protobuf-java-util to v3.21.5 (#1243) (37eaff8)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-secret-manager

2.12.3 (2022-08-11)

Bug Fixes
  • deps: allow protobuf < 5.0.0 (#335) (34c5858)
  • deps: require proto-plus >= 1.22.0 (34c5858)
Security Command Center

The following attributes were added to the Finding object of the Security Command Center API:

  • Database provides information about access to a database that is related to a finding.
  • serviceAccountKeyName, serviceAccountDelegationInfo, and principalSubject attributes were added to the existing access attribute. These new attributes provide additional context about the principals that are associated with a finding.
  • uris, a new attribute within the indicator attribute, lists any malicious URIs that are associated with a finding.

For more information, see the Security Command Center API documentation for the Finding object.

August 19, 2022

BigQuery

The ALTER TABLE RENAME COLUMN DDL statement, which allows you to rename the columns of a table, is now in preview.

Cloud Bigtable

You can now use tags to allow or deny security policies on a Cloud Bigtable instance. This feature is generally available (GA). To learn more, see Create and manage tags.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Talent Solution Job Search

Extend the functionality for the inferred remote location filter to respect the region code

Config Controller

Config Controller now uses the following versions of its included products:

Google Kubernetes Engine

GKE clusters that run versions 1.22 or later and use Calico Network Policy might experience issues with terminating Pods. The Calico CNI plugin shows error terminating Pods, and eviction takes too long.

Pods that experience this issue display an error message similar to the following:

Warning FailedKillPod 36m (x389 over 121m) kubelet error killing pod: failed to "KillPodSandbox" for "af9ab8f9-d6d6-4828-9b8c-a58441dd1f86" with KillPodSandboxError: "rpc error: code = Unknown desc = networkPlugin cni failed to teardown pod "myclient-pod-6474c76996" network: error getting ClusterInformation: connection is unauthorized: Unauthorized"

To resolve this issue, restart the calico-node pods or restart kubelet.

This link was updated on September 8, 2022: For more information about this issue, see Calico issue #4857.

Memorystore for Redis

Customer-managed encryption keys are now Generally Available for Memorystore for Redis.

Text-to-Speech

Text-to-Speech has improved the quality of these voices

  1. cloud-pt-br-Standard-A
  2. cloud-pt-br-Standard-B

August 18, 2022

Anthos Config Management

Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 8f1ef8c).

Updated the built-in Open Telemetry image to v0.54.0 to include a bug fix for using ADC with Cloud Spanner receiver.

Fixed the reconciler Pod CrashLoopBackoff issue caused by the git-sync container starting before the gcenode-askpass-sidecar.

Added cluster-autoscaler.kubernetes.io/safe-to-evict: "true" annotation to the reconciler Pod so that it does not block Cluster Autoscaler scale down.

Anthos Service Mesh

1.13.7-asm.0 is now available.

Anthos Service Mesh 1.13.7-asm.0 includes the features of Istio 1.13.7 subject to the list of Anthos Service Mesh supported features.

Apigee Connectors

Support for private connectivity through Private Service Connect (PSC)

On August 18, 2022, we released PSC support for hostname configuration in Apigee Connectors.

For all the connectors that require a hostname and port configuration, you can now see a Destinations section when creating the connector. In this section, you must enter the details of the remote host (backend system) you want to connect. You can now specify the destination details either as a host address or a service attachment.

Chronicle

VirusTotal Context

Chronicle's integration with VirusTotal has been revised and enhanced. This feature enables you to pivot from finding domains linked to an asset in Chronicle to viewing information about that domain from VirusTotal. From a Chronicle event view, such as Asset view, Domain view, or IP Address view, click VT Context to open the VirusTotal Context window. Some of the VirusTotal information is only available to users with a VirusTotal Enterprise account.

Some of the older links in the Chronicle user interface to VirusTotal, for example the option in Asset view to display the first 50 results in VirusTotal Graph and the VirusTotal Insights results panel, have been removed. Clicking VT Context provides access to the same information and VirusTotal functionality, including access to VirusTotal Graph.

Cloud Composer

The apache-airflow-providers-google package was upgraded to 2022.8.16+composer. Changes compared to version 2022.6.22+composer:

  • Fix Vertex AI Custom Job training issue (#25367)
  • New Operators for the Google Cloud Dataform service (#25587)

Cloud Composer uses a custom version of the apache-airflow-providers-google package. This custom version is based on the public version 6.8.0. For information about other changes compared to version 6.8.0, see release notes for the previous versions of this package.

The following packages are now preinstalled in Cloud Composer images with Airflow 2.2.5: google-cloud-firestore, firebase-admin, gcfs, dbt-core, apache-airflow-providers-dbt-cloud.

Cloud Composer 1.19.7 and 2.0.24 images are available:

  • composer-1.19.7-airflow-1.10.15 (default)
  • composer-1.19.7-airflow-2.1.4
  • composer-1.19.7-airflow-2.2.5
  • composer-2.0.24-airflow-2.1.4
  • composer-2.0.24-airflow-2.2.5

Cloud Composer versions 1.16.14 and 1.17.0.preview.10 have reached their end of full support period.

Cloud DNS

Health checks for internal load balancers and automatic failovers in Cloud DNS routing policies are now available in Preview.

Dialogflow

Dialogflow CX and ES have new tutorials that walk through the steps of deploying a Dialogflow agent on Google Cloud, integrating with Cloud Functions, Spanner, and App Engine:

Google Cloud Deploy

Google Cloud Deploy now supports Skaffold version 1.39.1, as the default.

Google Kubernetes Engine

(2022-R20) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.22.11-gke.400 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.20.15-gke.9900
    • 1.21.12-gke.1700
    • 1.22.8-gke.201
    • 1.22.8-gke.202
    • 1.22.8-gke.2200
    • 1.22.9-gke.1300
    • 1.22.9-gke.1500
    • 1.22.9-gke.2000
    • 1.23.5-gke.1503
    • 1.23.5-gke.2400
    • 1.23.6-gke.1500
    • 1.23.6-gke.1501
    • 1.23.6-gke.1700
    • 1.23.6-gke.2200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

Stable channel

  • Version 1.21.13-gke.900 is now the default version in the Stable channel.
  • Version 1.20.15-gke.11400 is now available in the Stable channel.
  • Version 1.20.15-gke.9900 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.

Regular channel

  • Version 1.22.11-gke.400 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.11400
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.12800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.11-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

Rapid channel

  • Version 1.24.2-gke.1900 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.20.15-gke.13400
    • 1.21.14-gke.2100
    • 1.22.12-gke.300
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.2-gke.1900 with this release.

(2022-R20) Version updates

  • Version 1.21.13-gke.900 is now the default version in the Stable channel.
  • Version 1.20.15-gke.11400 is now available in the Stable channel.
  • Version 1.20.15-gke.9900 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.

(2022-R20) Version updates

  • Version 1.22.11-gke.400 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.20.15-gke.9900
    • 1.21.12-gke.1700
    • 1.22.8-gke.201
    • 1.22.8-gke.202
    • 1.22.8-gke.2200
    • 1.22.9-gke.1300
    • 1.22.9-gke.1500
    • 1.22.9-gke.2000
    • 1.23.5-gke.1503
    • 1.23.5-gke.2400
    • 1.23.6-gke.1500
    • 1.23.6-gke.1501
    • 1.23.6-gke.1700
    • 1.23.6-gke.2200
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.19 to version 1.20.15-gke.11400 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.20 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to version 1.21.13-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to version 1.22.10-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.23 to version 1.23.7-gke.1400 with this release.

(2022-R20) Version updates

  • Version 1.22.11-gke.400 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.20.15-gke.11400
    • 1.21.13-gke.900
    • 1.22.10-gke.600
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.19 to version 1.20.15-gke.12800 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to version 1.21.14-gke.700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to version 1.22.11-gke.400 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.24.2-gke.1900 with this release.

(2022-R20) Version updates

  • Version 1.24.2-gke.1900 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.20.15-gke.13400
    • 1.21.14-gke.2100
    • 1.22.12-gke.300
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.19 to version 1.20.15-gke.13700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to version 1.21.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to version 1.21.14-gke.2700 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to version 1.23.9-gke.900 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to version 1.24.2-gke.1900 with this release.
Identity and Access Management

Workforce identity federation now lets users from external identity providers sign in to the Google Cloud workforce identity federation console, also known as the console (federated). The console (federated) provides UI access to supported Google Cloud products. This feature is available in Preview.

August 17, 2022

BigQuery

You can now set default values on columns in your BigQuery tables. This feature is now in preview.

Cloud console updates: You can now copy BigQuery metadata to your clipboard by using the following options:

  • In the Schema view, to copy a table's schema, select any fields, and then click Copy.

  • In the Explorer pane, to copy the ID of a resource, click View actions, and then click Copy ID.

Cloud console updates: Improvements include the following:

  • Query results are now displayed in resizable columns.

  • Tab titles now expand when space is available for longer names.

  • Tooltips no longer display text immediately when you hold the pointer over them, avoiding unnecessary distraction.

  • In the Explorer pane, you can now access saved queries by expanding your project. The Saved Queries pane is no longer at the bottom of the console.

  • In the Explorer pane, you can now find a table by searching for mydataset.mytable.

  • In the query editor, you can now press the F1 shortcut key to view more editor shortcuts.

Chronicle

The following supported default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Akamai WAF (AKAMAI_WAF)
  • Arista Switch (ARISTA_SWITCH)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Macie (AWS_MACIE)
  • AWS Route 53 DNS (AWS_ROUTE_53)
  • AWS WAF (AWS_WAF)
  • Azure AD (AZURE_AD)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Bitdefender (BITDEFENDER)
  • Bluecat DDI (BLUECAT_DDI)
  • Centrify (CENTRIFY_SSO)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco Application Centric Infrastructure (CISCO_ACI)
  • Cisco ISE (CISCO_ISE)
  • Custom DNS (CUSTOM_DNS)
  • Cylance Protect (CYLANCE_PROTECT)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • FireEye (FIREEYE_ALERT)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • FortiGate (FORTINET_FIREWALL)
  • IBM z/OS (IBM_ZOS)
  • Linux DHCP (LINUX_DHCP)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Nasuni File Services Platform (NASUNI_FILE_SERVICES)
  • Palo Alto Prisma Cloud (PAN_PRISMA_CLOUD)
  • Ping Identity (PING)
  • Riverbed Steelhead (STEELHEAD)
  • SiteMinder Web Access Management (CA_SSO_WEB)
  • Snoopy Logger (SNOOPY_LOGGER)
  • Stormshield Firewall (STORMSHIELD_FIREWALL)
  • Symantec Endpoint Protection (SEP)
  • Tanium Stream (TANIUM_TH)
  • VMware ESXi (VMWARE_ESX)
  • VMware Horizon (VMWARE_HORIZON)
  • Windows Event (WINEVTLOG)
  • Windows Sysmon (WINDOWS_SYSMON)

For details about changes in each parser, see Supported default parsers.

Chronicle curated detections provide out-of-the-box threat detection content curated, built, and maintained by Google Cloud Threat Intelligence (GCTI) researchers. This release of curated detections cover the following range of threats:

  • Windows-based threats: Coverage for several classes of threats including infostealers, ransomware, RATs, misused software, and crypto activity.
  • Cloud attacks and cloud misconfigurations: Secure cloud workloads with additional coverage around exfiltration of data, suspicious behavior, and additional vectors.
Cloud Interconnect

Dedicated Interconnect support is available in the following colocation facilities:

  • DATA4 Milan-Cornaredo, Milan
  • Telehouse - Paris 2 (Voltaire - Léon Frot), Paris

For more information, see the Locations table.

Cloud Monitoring

Cloud Monitoring is introducing pricing for uptime checks, effective October 1, 2022. For more information, see Cloud Monitoring pricing summary.

Cloud Spanner

The DISABLE_INLINE hint is now available to use in a Google Standard SQL function call. This allows a function to be computed once instead of each time another part of a query references it.

Cloud Translation

For Cloud Translation - Advanced (v3) glossaries, you can now manage glossary entries. This feature is Generally Available (GA).

Config Connector

Config Connector version 1.92.0 is now available.

Fixed missing Kind field in Go Client ResourceRef struct.

Added support for IAMWorkforcePoolProvider resource.

Added support for "reconcile resource immediately once its dependency is ready" feature for CloudFunctionsFunction, EventarcTrigger, MonitoringUptimeCheckConfig, ServiceDirectoryEndpoint, ServiceDirectoryService

Transfer Appliance

Edge Appliance is now generally available (GA).

Edge Appliance is a Google Cloud-managed, secure, high-performance appliance for edge locations. It provides local storage, ML inference, data transformation, and export.

Learn more or request Edge Appliance now.

Vertex AI Workbench

M95 Release

The M95 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed a bug where users were regularly getting a 502 error when trying to access JupyterLab.
  • Fixed a bug where opening an instance in Single User mode slowed the start of an instance.
  • Fixed a bug where a managed notebooks instance was not starting after adding a GPU.
  • Fixed bugs on the Serverless Spark form input.
  • Improved the ActivityLog refresh after Serverless Spark creation.
  • Fixed a bug related to the display of materialized views in BigQuery.
  • Refreshed the JupyterLab interface with an improved Google-specific theme.
  • Fixed a bug related to viewing Cloud Storage buckets and folders with large numbers of objects.
  • Regular package refreshment and bug fixes.

Learn more about managed notebooks versions.

August 16, 2022

BigQuery

Workforce identity federation lets you authenticate and authorize users from external identity providers to access supported Google Cloud products, including BigQuery resources. This feature is now in preview.

Chronicle

Feed Management

You can now configure new data feeds for your Chronicle account using Feed Management. This feature makes it possible for you to setup your own data feeds without the assistance of Chronicle support personnel. You can setup new data feeds using either the Feed Management user interface or the Feed Management API. Chronicle returns error messages in the event you have misconfigured a feed and need to make changes.

Cloud DNS

Alias records are available in Preview.

You can now manage an alias record, which maps an alias domain name to a canonical name at the zone apex, by using Cloud DNS.

Google Cloud Armor

The following two preconfigured WAF rulesets are now available for Google Cloud Armor in public preview:

  • Java attack: java-v33-stable and