Google Cloud release notes

Stay organized with collections Save and categorize content based on your preferences.

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

November 30, 2022

SAP on Google Cloud

Cloud Storage Backint agent for SAP HANA version 1.0.23

Version 1.0.23 of the Cloud Storage Backint agent for SAP HANA is now available. This version includes stability enhancements.

For more information about the agent, see Cloud Storage Backint agent for SAP HANA overview.

November 29, 2022

Google Cloud Armor

Three new rate limiting keys are now Generally Available:

  • HTTP-PATH
  • SNI
  • REGION-CODE

For more information about using rate limiting keys, see the Rate limiting overview.

Google Kubernetes Engine

Kubernetes control plane logs are now Generally Available. You can now configure GKE clusters with control plane version 1.22.0 or later to export to Cloud Logging logs emitted by the Kubernetes API server, Scheduler, and Controller Manager.

These logs are stored in Cloud Logging and can be queried in the Cloud Logging Log Explorer or Cloud Logging API. These logs can also be sent to Google Cloud Storage, BigQuery, or Pub/Sub using the Log Router.

You can now use deprecation insights to identify clusters on versions 1.23 and earlier that use Docker-based node images, which are unsupported on GKE version 1.24 and later.

Text-to-Speech

Text-to-Speech now offers additional Neural2 voices across 9 locales with 40+ speakers. Voices are available in the us-central1, us, and eu endpoints. See the supported voices page for a complete list of voices and audio samples.

November 28, 2022

BigQuery

BigQuery now supports the following features when you load data:

These features are generally available (GA).

Cloud Billing

View granular cost data from Cloud Run instances in Cloud Billing exports to BigQuery

You can now view granular Cloud Run cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your Cloud Run instances.

Review the schema of the Detailed cost data export.

View granular cost data from Cloud Function instances in Cloud Billing exports to BigQuery

You can now view granular Cloud Function cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your Cloud Function instances.

Review the schema of the Detailed cost data export.

Google Cloud VMware Engine

Zerto Solution version 9.5u1 is now supported as a disaster recovery solution with VMware Engine. Learn more about setting up Zerto Solution.

Preview: VMware Engine private clouds support the addition of a Trusted Platform Module (TPM) 2.0 virtual cryptoprocessor to a virtual machine.

For details about this feature, see About Virtual Trusted Platform Module.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.121.1 (2022-11-21)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.18.0 (#1375) (b6ada4e)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.19.1 (#1416) (e140a49)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.18 (#1413) (b3fb828)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.18 (#1414) (74d2dc3)

November 23, 2022

Traffic Director

Traffic Director deployment with automatic Envoy injection for Google Kubernetes Engine Pods currently installs Envoy version v1.24.0.

November 22, 2022

Anthos clusters on bare metal

Release 1.13.2

Anthos clusters on bare metal 1.13.2 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.2 runs on Kubernetes 1.24.

Fixes:

  • Ensured the kubeadmconfig Secret is deleted when a Cluster API node is removed.
  • Added preflight check command (bmctl check preflight) that you can use when upgrading version 1.13 and higher clusters.
  • Updated the commands bmctl check preflight and bmctl create cluster so that they fail if worker or control-plane nodes have docker credentials in /root/.docker/config.json. (Anthos clusters on bare metal version 1.13 and higher can no longer use Docker Engine as a container runtime. All clusters must use the default container runtime containerd).
  • The following container image security vulnerabilities have been fixed:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Cloud Composer

We are currently experiencing an issue with gcloud CLI version 410.0.0. Some composer commands return non-zero error codes along with an additional gcloud crashed (TypeError): 'NoneType' object is not callable) output message.

This issue doesn't impact the functionality provided by the commands when used in interactive mode. It may contribute to misleading error stack traces and cause failures when using the commands programmatically since it returns non-zero error codes.

The following issue affects only CMEK-encrypted Composer environments for which a label update operation was performed in Composer 1 versions 1.18.3 and higher, and Composer 2 versions between 2.0.7 and 2.0.28.

Updating labels in CMEK-encrypted Composer environments leads to reconfiguring the bucket to use a Google Managed Key instead of the CMEK key for newly added or modified objects in the bucket. This issue doesn't cause changes in bucket's access settings.

  • Please refrain from updating labels in your CMEK-encrypted Composer environments until the issue is fixed.
  • If you already performed the update, reconfigure the environment Cloud Storage bucket to use the original CMEK key. See Use customer-managed encryption keys.
Cloud Functions

Cloud Functions has added support for a new runtime, Node.js 18, at the Preview release level.

Google Kubernetes Engine

GKE version 1.21.14-gke.9500 has an issue where Pods in certain conditions might get stuck terminating indefinitely, due to a Linux kernel bug. The version has been removed and is no longer available for new clusters. If your node pools are running 1.21.14-gke.9500 and experience the issue, we recommend downgrading the node pool to 1.21.14-gke.8500.

SAP on Google Cloud

Terraform configurations for SAP deployments on Google Cloud

Terraform configurations to automate the deployment of resources for running the following databases on Google Cloud are now generally available (GA):

For more information, see Automating SAP deployments on Google Cloud with Terraform.

November 21, 2022

Anthos Service Mesh

1.15.3-asm.6 is now available for in-cluster Anthos Service Mesh.

You can now download 1.15.3-asm.6 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.15.3 subject to the list of supported features.

1.14.5-asm.8 is now available for in-cluster Anthos Service Mesh.

You can now download 1.14.5-asm.8 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.14.5 subject to the list of supported features.

1.13.9-asm.3 is now available for in-cluster Anthos Service Mesh.

You can now download 1.13.9-asm.3 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.13.9 subject to the list of supported features.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.4.0 (2022-11-17)

Features
  • Add reference_file_schema_uri to LoadJobConfig, ExternalConfig (#1399) (931285f)
  • Add default value expression (#1408) (207aa50)
  • Add More Specific Type Annotations for Row Dictionaries (#1295) (eb49873)
Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

  • Service Directory
    • servicedirectory.googleapis.com/Namespace
Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigtable

1.7.3 (2022-11-18)

Bug Fixes
  • First pass on making retry configuration more consistent (#695) (c707c30)
  • Make internal rst_stream errors retriable (#699) (770feb8)
  • Make sure that the proper exception type is bubbled up for ReadRows (#696) (5c72780)
  • Prevent sending full table scan when retrying (backport #554) (#697) (c4ae6ad)
Dialogflow

Dialogflow CX now integrates with GitHub. This integration makes it easy to export your agent to JSON for a push to GitHub, and to pull from GitHub for an agent restore.

Document AI

Expense Parser Releases

As of November 18, 2022, for the Expense Parser, we have promoted our v1.3 Release Candidate version to a Stable version so that more customers can use it confidently. 

New Stable version

Features in the new Stable Expense Parser, pretrained-expense-v1.3-2022-07-15:

  • Support for a new language, Japanese, which has been requested by multiple customers.

  • Better entity performance

  • Addition of 3 new entity types (line_item/quantity, payment_typecredit_card_last_four_digits)

  • Better support for hotel and car-rental related expenses 

New Release Candidate version

Along with this Stable version, we are also launching a new Release Candidate version of the Expense Parser, pretrained-expense-v1.4-2022-11-18, with the following new features, in addition to the features in the Stable version:

  • Improvements to overall performance

  • Support for two (2) new languages, Italian and Portuguese

  • Support for Uptraining to improve or add/remove entities in the schema

  • Support for Uptraining to add support for unsupported languages

  • Addition of 3 new entity types (traveler_name, reservation_idline_item/transaction_date)

  • Maximum pages (online/synchronous requests) limit has been increased to 15.

Deprecation of the old Stable version

The pretrained-expense-v1.1-2021-04-09 version of the Expense Parser will be deprecated following this release. 

Invoice Parser Updates

The previous Stable Invoice processor version, pretrained-invoice-v1.1-2021-04-09, is deprecated as of November 22, 2022.

The Invoice Parser, for v1.3 and v1.4, now has the following quotas and limits:

  • Maximum pages (online/synchronous requests): 15
  • Maximum pages (batch/offline/asynchronous requests): 200
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-ndb

1.12.0rc1 (2022-11-17)

Bug Fixes
  • Drop Python 2 support (90efd77)
  • Drop Python 3.6 support (#829) (b110199)
  • model: Ensure repeated props have same kind when converting from ds (#824) (29f5a85)
Documentation
  • Add note in Django middleware documentation that it is unimplemented (#805) (aa7621d)
  • Add note that ProtoRPC message classes are unimplemented (#819) (ae813e9)
  • context: Note that several methods are no longer implemented. (#821) (34c2c38)
  • CONTRIBUTING: Note the need for Redis/Memcached env vars in tests (#838) (19f8415), closes #836
  • Fix bad import path in migration guide (#827) (7b44961)
  • Fix typo in begin_transaction docstring (#822) (7fd3ed3)
  • README: Syncronize supported version text with python-datastore (#837) (316f959)

1.11.2 (2022-06-03)

Documentation
  • fix changelog header to consistent size (#773) (7bb4e5a)
Google Kubernetes Engine

The Logs tab available for each cluster on the Kubernetes Engine > Clusters page now includes suggested queries for your logs. For more information about using your GKE logs, see Viewing your GKE logs.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.121.0 (2022-11-16)

Features
  • Next release from main branch is 1.121.0 (#1406) (1b25b0e)
Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.8.28 (#1399) (ec1cae8)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.6 (#1395) (a3c32ea)
SAP on Google Cloud

Cloud Storage Backint agent for SAP HANA version 1.0.22

Version 1.0.22 of the Cloud Storage Backint agent for SAP HANA is now available. This version includes enhanced validations for backint configuration and backup stability.

For more information about the agent, see Cloud Storage Backint agent for SAP HANA overview.

Google Cloud monitoring agent for SAP NetWeaver version 2.7

Version 2.7 of the Google Cloud monitoring agent for SAP NetWeaver is now available. This version includes bug fixes and supportability improvements.

For more information about the agent, see Monitoring SAP NetWeaver on Google Cloud.

November 18, 2022

Anthos clusters on bare metal

Release 1.11.8

Anthos clusters on bare metal 1.11.8 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.8 runs on Kubernetes 1.22.

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Apigee X

On November 18, 2022, we released an updated version of Apigee X (1-9-0-apigee-16).

Bug ID Description
257268790 There is an edge case scenario where an invalid resource or bundle configuration resulting in unhandled exception will result in failure that leads to restart of runtime pods or bootup of new runtime pods.
Cloud Build

You can now configure Cloud Build to continue executing a build even if specified steps fail. This feature is available as a preview release. To learn more, see the allowFailure and allowExitCodes topics in Build configuration file schema.

Cloud Composer

Airflow 2.3.4 is available in Cloud Composer images.

(Available without upgrading) Fixed issues where creating environments with Private Service Connect would occasionally time out with a Rate limit exceeded error or fail due to a missing subnet name.

Fixed an issue where the number of online Celery workers metric was sometimes incorrectly reported as 0.

Images with Airflow 2.3.4 use the public version 8.4.0 of the apache-airflow-providers-google package. See the package page.

The following versions for Cloud Composer 1.19.15 and 2.0.32 are available:

  • composer-1.19.15-airflow-1.10.15 (default)
  • composer-1.19.15-airflow-2.1.4
  • composer-1.19.15-airflow-2.2.5
  • composer-1.19.15-airflow-2.3.4
  • composer-2.0.32-airflow-2.1.4
  • composer-2.0.32-airflow-2.2.5 (default)
  • composer-2.0.32-airflow-2.3.4

(Cloud Composer 2 with Private Service Connect) SQL proxy now gets restarted faster when connection issues are detected.

(Cloud Composer 2) You can now create Composer environments with labels that contain only digits.

Cloud Composer version 1.17.5 has reached its end of full support period.

Cloud Interconnect

Dedicated Interconnect support is available in the following colocation facilities:

  • Telecom Italia Sparkle Milano Data Center, Milan

For more information, see the Locations table.

Google Cloud Marketplace

You can download private offers as PDFs. Offers can include notes from the vendor and the included EULA.

Google Cloud Marketplace Partners

You can download private offers as PDFs. Offers can be saved at any point in the offer process and can include internal notes and the EULA for the offer.

Google Kubernetes Engine

GKE Autopilot clusters support compact placement policies in version 1.25 and later.

Policy Intelligence

Policy Analyzer now offers organization policy analysis. Policy Analyzer helps you get more information about the resources affected by an organization policy constraint. This feature is available in Preview.

Pub/Sub

The Kafka Connector library for Pub/Sub and Pub/Sub Lite is now generally available.

Pub/Sub Lite

The Kafka Connector library for Pub/Sub and Pub/Sub Lite is now generally available.

Resource Manager

Policy Analyzer now offers organization policy analysis. Policy Analyzer helps you get more information about the resources affected by an organization policy constraint. This feature is available in Preview.

Traffic Director

The backendServices API reference documentation now reflects that the outlierDetection object supports gRPC clients.

For more information about using the outlier detection feature with proxyless service mesh deployments, see the Outlier detection section of the Traffic Director documentation.

November 17, 2022

Anthos clusters on VMware

Anthos clusters on VMware 1.13.2-gke.26 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.2-gke.26 runs on Kubernetes 1.24.7-gke.1400.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

  • Fixed a validation error where the GKE Hub membership is not found when using a gcloud version that is not bundled with the admin workstation.
  • Fixed the issue where the admin cluster might fail to register due to naming conflicts.
  • Fixed the issue where the Connect Agent in the admin cluster does not upgrade after a failure to upgrade nodes in the user cluster control plane.
  • Fixed a bug where running gkectl diagnose snapshot using system scenario did not capture Cluster API resources in the default namespace.
  • Fixed the issue during admin cluster creation where gkectl check-config fails due to missing OS images, if gkectl prepare is not run first.
  • Fixed the unspecified Internal Server error in ClientConfig when using the Anthos Identity Service (AIS) hub feature to manage the OpenID Connect (OIDC) configuration.
  • Fixed the issue of /var/log/audit/ filling up disk space on the admin workstation.
  • Fixed an issue where cluster deletion may be stuck at node draining when the user cluster control plane and node pools are on different datastores.
  • Fixed the issue where nodes fail to register if the configured hostname in the IP block file contains one or more periods.
  • Fixed the following vulnerabilities:
Assured Workloads

The Impact Level 4 (IL4) compliance regime is now generally available.

BigQuery

Object tables are now in preview. Object tables are read-only tables containing metadata for unstructured data stored in Cloud Storage. These tables enable you to analyze and perform inference on images, audio files, documents, and other file types by using BigQuery ML and BigQuery remote functions. Object tables extend structured data features such as data security and governance best practices to unstructured data.

Metadata caching is now in preview. Using cached metadata might improve query performance for BigLake tables and object tables that reference large numbers of objects, by allowing the query to avoid listing objects from Cloud Storage.

Cloud Load Balancing

Internal HTTP(S) load balancers and internal TCP proxy load balancers now support global access. By default, clients for these load balancers must be in the same region as the load balancer. With global access enabled, clients can access the load balancer from any region. They still must be in the same VPC network as the load balancer or in a VPC network that's connected to the load balancer's VPC network by using VPC Network Peering.

For instructions, see the following:

Cloud Run

Logs from Cloud Run services can now be tailed or viewed in a command-line friendly format using gcloud beta run services logs tail and gcloud beta run services logs read

Compute Engine

Preview: You can limit the runtime of a VM to automatically stop or delete it when a time limit is reached. Limiting VM runtimes can help you optimize temporary workloads by minimizing costs and releasing quota. For more information, see Limit the runtime of a VM.

Dataproc

Dataproc Serverless for Spark supports Spark and System metrics. These metrics are enabled by default. Spark driver and executor metrics can be customised using overrides.

Added support for Dataproc to attach to a gRPC Dataproc Metastore in any region.

Secure Boot, Virtual trusted platform module (vTPM), and Integrity monitoring Shielded VM features are enabled by default for Dataproc on Compute Engine clusters that use 2.1 preview images.

Nodemanagers in DECOMMISSIONING, NEW, and SHUTDOWN state are now included in the /cluster/yarn/nodemanagers metric.

Dataproc Serverless for Spark now shows the subminor runtime version used in the runtimeConfig.version field,

Fixed a bug that caused a Dataproc cluster with a Dataproc Metastore service to fail the creation process, if the cluster was in the same network but different subnetworks.

Document AI Warehouse

Fixed the bug that users are unable to preview documents created involving Doc AI processors.

Google Cloud VMware Engine

Starting November 17, 2022, newly created private clouds will utilize IP address layout (IP Plan) version 2.0 subnet allocations. HCX addressing is now included in the management CIDR allocation, simplifying the process of starting data center VM migrations. IP Plan version 2.0 also enables additional scale and features delivered to your public cloud in upcoming releases.

Stretched private clouds are now available in the europe-west3 (Frankfurt) region. You can use stretched private clouds to stretch vSphere/vSAN clusters across zones and protect against zone level failures. This functionality enables high levels of availability for business critical applications.

You can now use the gcloud command-line tool or the API to manage VMWare Engine networks, network policies, and private clouds. See the API reference or the gcloud SDK for more information.

Google Kubernetes Engine

GKE Autopilot clusters support signaling to GKE that a particular node is problematic in version 1.24 and later.

Transcoder API

The output color space of transcoded videos matches the input color space.

Virtual Private Cloud

Preview: Connectivity to Private Service Connect endpoints used to access a managed service is supported over VLAN attachments for Cloud Interconnect

November 16, 2022

Chronicle

You can collect Splunk CIM logs by using the Chronicle forwarder and Splunk default parser. For more information, see Collect Splunk CIM logs.

Cloud Storage

The following regions are now generally available for dual-region storage:

  • Mumbai (asia-south1)
  • Delhi (asia-south2)
  • Columbus (us-east5)
  • Dallas (us-south1)
  • Las Vegas (us-west4)

Turbo replication is now available for all dual-region combinations.

Compute Engine

Generally available: You can double the default size limit for a managed instance group (MIG): Zonal MIGs support up to 2,000 VMs and regional MIGs support up to 4,000 VMs. For more information, see Increase the group's size limit.

Document AI

The Identity Document Proofing Processor is now available in Public Preview.

The Identity Document Proofing Processor is designed to help predict the validity of ID documents with four different signals:

  • is_identity_document detection: predict whether an image contains a recognized identity document.
  • suspicious_words detection: predict whether words are present that aren't typical on IDs.
  • image_manipulation detection: predict whether the image was altered or tampered via an image editing tool.
  • online_duplicate detection: predict whether the image can be found online.
Filestore Security Command Center

Event Threat Detection, a built-in service of Security Command Center Premium, has launched the Initial Access: Excessive Permission Denied Actions rule to Preview. This rule detects events where a principal repeatedly triggers permission denied errors across multiple methods and services.

For more information about Event Threat Detection findings, see Event Threat Detection rules.

Virtual Private Cloud

Preview: Private Service Connect endpoints with consumer HTTP(S) controls now support accessing regional Google APIs and managed services using the following load balancers:

  • Regional internal HTTP(S) load balancer
  • Regional external HTTP(S) load balancer

November 15, 2022

Agent Assist

Agent Assist has launched backend modules as a GA feature. Backend modules is an out-of-the-box solution that provides an effective backend infrastructure, making integrating Agent Assist with your agent system faster and easier. See the backend modules basics and integration guide for details.

The Agent Assist Console is now GA. The Console now also includes built-in workflow tutorials that walk you through creating a dataset, training and testing a model, and creating a conversation profile. Sample datasets and demo models are now provided as well. To see the new Console tutorials, navigate to the Console and click the Get started button under the feature you'd like to test.

Agent Assist now supports sentiment analysis of voice data as a private Preview feature. For more information, see the Agent Assist private features documentation. To gain access to the private documentation, please contact your Google representative.

Agent Assist now supports CCAI Transcription as a GA feature. CCAI Transcription allows you to convert streaming audio data into text transcripts in real time, allowing you to implement Agent Assist features for use with voice data. See the documentation for details.

Chronicle

UDM Search

UDM Search is a new Chronicle search feature which enables you to find UDM events within your Chronicle instance. You can search both for individual UDM events and groups of UDM events tied to shared search terms. UDM search includes a number of search features, enabling you to navigate through your UDM data:

  • Quick Filters—Fast access to saved searches and search history.
  • Event Viewer—View the raw log and UDM for the event.
  • Search Manager—Comprehensive view of your saved searches and search history.

There is also a new UDM search API method available for the Chronicle Search API.

Be sure to review Google's recommended best practices for conducting searches using UDM Search. UDM searches can require substantial computational resources to complete if they are not constructed carefully. Performance also varies depending on the size and complexity of the data in your Chronicle instance.

Reference Lists

Google has made enhancements to the Chronicle reference lists feature, it now enables you to perform more complex matching beyond exact string matches. These new types of reference lists can be used in Detection Engine rules.

For more detailed information about these special list types, see the reference lists documentation.

When creating a list, you must provide a "List Type" to indicate how you want Chronicle to interpret your list. List type cannot be changed after list creation, and can be STRING, REGEX, or CIDR. The list type for any existing lists has been set to STRING, since all reference lists made by preview customers perform exact string matching.

You can create Reference Lists using the Chronicle user interface or programmatically using the Reference List API. For information on how to embed a Reference List within a Rule, see the documentation.

Cloud Bigtable

Cloud Bigtable now lets you retrieve metadata about a table, giving you greater observability when troubleshooting. This feature is generally available (GA). For more information, see Table stats.

Cloud Spanner

Time to live (TTL) is now supported in PostgreSQL-dialect databases. With TTL, you can reduce storage costs, improve query performance, and simplify data retention by automatically removing unneeded data based on user-defined policies.

Added support for the JSONB data type in the Cloud Spanner PostgreSQL dialect. For more information, see Work with JSONB data.

Cloud Translation

For online document translations, you can increase the page limit for native PDF documents to 300 pages.

Compute Engine

Generally available: Use the new distribution shape ANY SINGLE ZONE in a regional managed instance group (MIG) to automatically select a single zone that has available resources within your quota. Recommended for workloads that require low latency, high-bandwidth connections between VMs or when you want to avoid inter-zone network traffic costs.

Config Connector

Config Connector version 1.97.0 is now available.

Added spec.gcRules to BigtableGCPolicy (Issues #624, #542, #482, #345, #300).

Added spec.load.jsonExtension to BigQueryJob.

Added spec.externalDataConfiguration.avroOptions to BigQueryTable.

Added spec.compressionMode to ComputeBackendBucket.

Added spec.compressionMode to ComputeBackendService.

Added spec.advancedOptionsConfig.jsonCustomConfig to ComputeSecurityPolicy.

Added spec.managementConfig.fullManagementConfig to ConfigControllerInstance.

Added spec.nodeConfig.guestAccelerator[].gpuSharingConfig and spec.notificationConfig.pubsub.filter to ContainerCluster.

Added spec.nodeConfig.guestAccelerator[].gpuSharingConfig to ContainerNodePool.

Added spec.config.dataprocMetricConfig, spec.config.gceClusterConfig.confidentialInstanceConfig, spec.config.gceClusterConfig.shieldedInstanceConfig, spec.config.masterConfig.diskConfig.localSsdInterface, spec.config.metastoreConfig.dataprocMetastoreServiceRef, spec.config.secondaryWorkerConfig.diskConfig.localSsdInterface, spec.config.securityConfig, spec.config.workerConfig.diskConfig.localSsdInterface and spec.virtualClusterConfig to DataprocCluster.

Added spec.cloudLoggingConfig to DNSManagedZone.

Added spec.persistenceConfig to RedisInstance.

Added status.version to SecretManagerSecretVersion.

Added spec.maintenanceVersion and status.availableMaintenanceVersions to SQLInstance.

Added spec.passwordPolicy to SQLUser.

Added spec.customPlacementConfig to StorageBucket.

Added spec.notificationConfig to StorageTransferJob (Issue #303).

Moved SQLUser output-only field sqlServerUserDetails from spec to status.

Added support for DLPJobTrigger resource.

Contact Center AI Insights API

Topic modeling is now a GA feature. Topic modeling helps you discover topics (call drivers) in conversations between contact center agents and end-users. For more information, see the documentation.

Dialogflow

Dialogflow CX agents can now be exported to JSON.

Pub/Sub

BigQuery subscriptions now support the JSON type for all string fields, including data and attributes. For more information about JSON type compatibility, see Properties of a BigQuery subscription.

November 14, 2022

Assured Workloads

The Israel Regions and Support compliance regime is now in Preview.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.19.1 (2022-11-08)

Dependencies
  • Update dependency com.google.cloud:google-cloud-storage to v2.15.0 (#2402) (aac2711)

2.19.0 (2022-11-07)

Features
  • Add getTimestampInstant() method to FieldValue (#2350) (113303f)
Dependencies
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20221028-2.0.0 (#2393) (d3f6a6b)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.6 (#2399) (9de9aa8)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.17 (#2396) (87f8cdd)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.17 (#2397) (7927350)

The slot estimator helps you manage slot capacity based on historical performance metrics. This feature is now generally available (GA).

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.16.0 (2022-11-11)

Features
Bug Fixes

2.15.1 (2022-11-08)

Bug Fixes
  • Call record attempt compeletion on permanent failures (#1502) (f409c47)
  • Fix the connectivity error count caculation (#1401) (1f8cfd7)
  • Only record retry count when it's > 0 (#1488) (445a667)
Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.6 (#1501) (8f61c64)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.17 (#1495) (1b7c21a)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.17 (#1496) (74779e3)

1.22.0-sp.4 (2022-11-08)

Dependencies
  • Regenerating with new Protobuf (1.22.0-sp) (#1491) (b31cafd)
Cloud Composer

All Composer environment GKE clusters are set up with maintenance exclusions for the period between November 18, 2022 and November 30, 2022. For more information, see Maintenance exclusions.

Cloud Functions

Cloud Functions container runtimes have been patched against CVE-2022-3786 and CVE-2022-3602. Affected runtime languages are:

  • Java 17
  • Python 3.10
  • Go 1.18/1.19
  • .NET 6

You should redeploy functions using the affected runtime languages as soon as possible. Google does not automatically update the base image in use for already-deployed functions. Google will automatically apply the most updated runtime version to the redeployed function.

Cloud Tasks

Support for internal ingress from Cloud Tasks to Cloud Run and Cloud Functions is now at General Availability.

Compute Engine

Balanced persistent disks and SSD persistent disks now offer baseline IOPS and throughput performance. To learn more, see Baseline performance.

Config Controller

VPC Service Controls now support Config Controller. The support is in Preview status.

Config Controller now uses the following versions of its included products:

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/dataflow

2.0.1 (2022-11-11)

Bug Fixes
  • Allow passing gax instance to client constructor (#80) (9054e83)
  • Better support for fallback mode (#76) (7b4c304)
  • Change import long to require (#77) (531996b)
  • deps: Use google-gax v3.5.2 (#87) (9f856a5)
  • Do not import the whole google-gax from proto JS (#79) (a0924da)
  • docs: Document fallback rest option (#72) (bb637f7)
  • Preserve default values in x-goog-request-params header (#81) (18e64cc)
  • Regenerated protos JS and TS definitions (#90) (920d3fe)
  • Remove pip install statements (#78) (884ea27)
  • use google-gax v3.3.0 (a0924da)
Dataproc

Dataproc Serverless for Spark now now uses runtime version 1.0.23 and 2.0.3.

New sub-minor versions of Dataproc images:

1.5.77-debian10, 1.5.77-rocky8, 1.5.77-ubuntu18,

2.0.51-debian10, 2.0.51-rocky8, 2.0.51-ubuntu18,

preview 2.1.0-RC4-debian11, preview 2.1.0-RC4-rocky8, preview 2.1.0-RC4-ubuntu20.

Downgraded google-auth-oauthlib Python package to fix gcsfs Python package for 2.0 and 2.1 images.

Backported HIVE-17317 in the latest 2.0 and 2.1 images.

Dataproc Serverless for Spark runtime version 1.0.23 and 2.0.3 downgrades google-auth-oauthlib Python package to fix gcsfs Python package.

Upgraded Apache Commons Text to 1.10.0 for Knox in 1.5 images, and for Spark, Pig, Knox in 2.0 images, addressing CVE-2022-42889.

Dataproc Serverless for Spark runtime version 1.0.23 and 2.0.3 adds PyMongo Python library.

Discovery Engine API

Discovery for Media

Discovery for Media is available in Public Preview. Discovery for Media Recommendations provides Google-quality recommendations of your media content to help increase engagement.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.120.25 (2022-11-09)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.8.27 (#1391) (dd9f1c3)
  • Update dependency com.google.protobuf:protobuf-java-util to v3.21.9 (#1370) (8b753a4)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.17 (#1389) (6def6bb)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.17 (#1388) (0924923)

Python

Changes for google-cloud-pubsub

2.13.11 (2022-11-11)

Bug Fixes
  • Remove suboptimal logic in leasing behavior (#816) (f067af3)
Security Command Center

The files attribute was added to the Finding object of the Security Command Center API.

The files attribute contains information about each file that triggered a finding, including the name of the file, the full path to the file, and the size of the file.

For more information, see the Security Command Center API documentation for the Finding object.

November 11, 2022

Access Approval

Access Approval lets you revoke active access requests using the Google Cloud console.

Cloud Composer

Airflow triggerer and Deferrable Operators are available in Preview in Cloud Composer 2.

Note: Minimum versions required by Airflow triggerer: Cloud Composer 2.0.31 and up, Apache Airflow 2.2.5 and up.

Cloud Composer 1.19.14 and 2.0.31 images are available:

  • composer-1.19.14-airflow-1.10.15 (default)
  • composer-1.19.14-airflow-2.1.4
  • composer-1.19.14-airflow-2.2.5
  • composer-1.19.14-airflow-2.3.3
  • composer-2.0.31-airflow-2.1.4
  • composer-2.0.31-airflow-2.2.5
  • composer-2.0.31-airflow-2.3.3

Cloud Composer versions 1.17.4 and 2.0.0-preview.5 have reached their end of full support period.

Cloud Monitoring

Prometheus Query Language (PromQL) for creating charts and dashboards in Cloud Monitoring is now Generally Available. For more information, see PromQL in Cloud Monitoring.

Cloud Monitoring now provides a GKE Clusters dashboard for enabling Managed Service for Prometheus on clusters in your project. For more information, see Get started with managed collection.

Dataproc

Dataproc Serverless for Spark runtime versions 1.0.22 and 2.0.2 will be deprecated on 11/11/2022. New batch submissions that use these runtime versions will fail starting 11/11/2022. This is due to an update to the google auth library which breaks running Pyspark batch workloads having dependency on gcsfs. Upcoming runtime versions will address this issue.

Dataproc images 2.0.50 and preview 2.1.0-RC3 are deprecated and cluster creations based on these images will fail starting 11/11/2022. This is due to an update to the google auth library which breaks running Pyspark batch workloads having dependency on gcsfs. Upcoming image versions will have a fix to address this issue.

Document AI

New stable W2 processor version with the following enhancements:

  • Breaks down long entities such as addresses into fine-grained sub-entities: StreetAddressOrPostalBox, AdditionalStreetAddressOrPostalBox, City, State, and Zip. This modification not only improves accuracy, but also entity specificity.
  • Handles wider variations of W2 forms including multi-copies (2,3,4-ups) issued by various payroll vendors.
  • Introduces 8 new entities for Box 12 that represent both codes and values.

New stable Payslip processor version with the following enhancements:

  • Bonus, commissions, holiday, overtime, regular pay and vacation are now part of earning_item/earning_this_period and earning_item/earning_ytd. Captures all types of earnings beyond those categories, and maps them to their respective earning rates, hours and pay (both for the period and year-to-date).
  • Returns year-to-date and current period taxes and deductions.
  • Direct deposits are linked to the corresponding bank account numbers.
  • Returns page numbers, state and federal tax exemptions and filing statuses.
Google Kubernetes Engine

The Filestore CSI driver has patched the following CVEs for newly created clusters running GKE version 1.23 and later:

  • CVE-2022-37434
  • CVE-2019-19126
  • CVE-2019-25013
  • CVE-2022-23219
  • CVE-2021-35942
  • CVE-2020-10029
  • CVE-2021-3326
  • CVE-2022-23218
  • CVE-2020-1752
  • CVE-2021-3999
  • CVE-2020-27618
  • CVE-2021-27645
  • CVE-2016-10228
  • CVE-2020-6096
  • CVE-2021-33574
  • CVE-2022-29458
Speech-to-Text

Speech-to-Text has updated its pricing policy. Enhanced models are no longer priced differently than standard models. Usage of all models will be reported to and priced like standard models. Also, all Cloud Speech-to-Text requests will now be rounded up to the nearest 1 second, with no minimum audio length (requests were previously rounded up to the nearest 15 seconds). See the Pricing page for details.

November 10, 2022

Anthos clusters on AWS

Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

For more information, see the GCP-2022-024 security bulletin.

Anthos clusters on AWS (previous generation)

Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

For more information, see the GCP-2022-024 security bulletin.

Anthos clusters on Azure

Two new vulnerabilities (CVE-2022-2585 and CVE-2022-2588) have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

For more information, see the GCP-2022-024 security bulletin.

Anthos clusters on VMware

Anthos clusters on VMware 1.11.5-gke.14 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.11.5-gke.14 runs on Kubernetes 1.22.15-gke.2200.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

Apigee Integrated Portal

On November 10, 2022 we released an updated version of Apigee integrated portal.

Bug ID Description
246636016 Updated the handling of linked or uploaded empty specification files for API catalog items, and added a meaningful error message.
226406073 In the portal list view, changed column Last Published to Created. Sorting is by oldest portal at top.
182687440 Updated the file filter for icon upload so you can choose and upload .ico files.
153886771 Fixed an issue with identity provider configuration where SAML certificate data would not correctly render after initial upload.
Chronicle

Chronicle Curated Detections has been enhanced with the following additional detection content:

  • Windows-based threats:
    • Security Posture Downgrade: detects activity attempting to disable or decrease the effectiveness of security tools.
  • Cloud threats:
    • Suspicious Behavior: detects activity that is thought to be uncommon and suspicious in most environments.
    • Service Disruption: detects destructive or disruptive actions that, if performed in a functioning production environment, may cause a significant outage.
    • Suspicious Infrastructure Change: detects modifications to production infrastructure that align with known persistence tactics.
Cloud Load Balancing

Regional external and regional internal HTTP(S) load balancers now support regional SSL policies. SSL policies give you the ability to control the features of SSL that your Google Cloud load balancers negotiate with clients.

For details, see:

This feature is in General Availability.

Cloud Storage

You can now use the Google Cloud console to get role recommendations and policy insights for buckets. Role recommendations and policy insights help you understand and manage permission usage for your buckets.

Compute Engine

Per VM Tier_1 networking performance now includes up to 25 Gbps egress for traffic going to public IP addresses (increased from 7 Gbps).

Generally available: Share sole-tenant node groups with other projects or with your entire organization. For more information, see Share sole-tenant node groups.

Document AI Warehouse

Enable the validation check for Enum property values by default. Enum values that are not defined in the schema will not be allowed to be set to the corresponding document property Enum fields. The validationCheckDisabled flag in EnumTypeOptions disables the ENUM Validation.

Enable text extraction feature.

Fix partial document update which could cause loss of raw document name entry.

Fix plain_text unintended movement in API response messages.

Fix an issue when a user supplies multiple property filters for the same schema in the search query, the service returns error.

Google Kubernetes Engine

You can now use use compact placement for node auto-provisioning in Standard clusters with GKE version 1.25 and later. To learn more, see Use compact placement for node auto-provisioning.

Policy Intelligence

Role recommendations and policy insights for Cloud Storage buckets are now generally available. Additionally, you can now use the Google Cloud console to review bucket-level role recommendations and policy insights.

Security Command Center

Security Command Center added the ability to export findings to a CSV file from the Google Cloud console. For more information, see Export findings to a CSV file.

Spectrum Access System

The CBSDs can now operate in the 3650–3700 MHz portion of the CBRS band in the 150 km area around fixed-satellite service (FSS) receive-only earth stations. The 150 km area around each FSS for 3650-3700 MHz that was considered an exclusion zone is now a protection zone. For more information on how to access the CBRS heatmaps, see CBRS heatmaps.

This feature is Generally Available (GA).

Text-to-Speech

Text-to-Speech now offers these new voices. See the supported voices page for a complete list of voices and audio samples.

  1. en-US-News-K
  2. en-US-News-L
  3. en-US-News-M
  4. en-US-News-N
Transfer Appliance

Users can now use SMB to transfer data by enabling SMB file share.

Vertex AI

AutoML Image Classification Error Analysis

Error analysis allows you to examine error cases after training a model from within the model evaluation page. This feature is available in Preview.

For each image you can inspect similar images from the training set to help identify the following:

  • Label inconsistencies between visually similar images
  • Outliers if a test sample has no visually similar images in the training set

After fixing any data issues, you can retrain the model to improve model performance.

November 09, 2022

Anthos clusters on VMware

Two new vulnerabilities, CVE-2022-2585 and CVE-2022-2588, have been discovered in the Linux kernel that can lead to a full container break out to root on the node.

For more information, see the GCP-2022-024 security bulletin.

App Engine flexible environment .NET

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

App Engine flexible environment Go

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

App Engine flexible environment Java

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

App Engine flexible environment Node.js

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

App Engine flexible environment PHP

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

App Engine flexible environment Python

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

App Engine flexible environment Ruby

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

App Engine flexible environment custom runtimes

The option to set IP mode to internal for App Engine flexible environment instances is now generally available.

Bare Metal Solution

Enhancements to Bare Metal Solution resource management–Adds the following self-service functionality:

BigQuery

You can now transfer data from Amazon S3 and Azure Blob Storage to BigQuery using the LOAD DATA statement. This feature is generally available (GA) and includes support for the following features:

  • Transfer files that are hive partitioned.
  • Load semi-structured JSON source data into BigQuery without providing a schema by using JSON columns in the destination table.
  • Encrypt destination tables using customer managed encryption keys.
  • Transfer data to US multi-region and US-EAST-4 regions.
Chronicle

Alerts and IOC Matches

The Alerts and Indicators of Compromise (IOC) page displays all the alerts and IOCs currently impacting your enterprise. It provides tools that enable you to filter and view your alerts and IOCs.

  • Alerts can be designated by your security infrastructure, by your security personnel, or by Chronicle Uppercase.

  • IOCs are designated automatically by Chronicle. Chronicle is always absorbing data from both your own infrastructure and numerous other security data sources. It automatically correlates suspicious security indicators with your security data. If a match is found (for example, a suspicious domain is found within your enterprise), Chronicle labels the event as an IOC and displays it on the IOC matches tab.

You can also still navigate to the Enterprise Insights page using the link provided at the top of the Alerts and IOCS page. To view CBN alerts, you still need to use the Enterprise Insights page.

Alert view

Alert view shows a variety of information with regards to a specific alert, including:

  • Alert Status

  • Alert Details—Displays an alert's creation time, recent updates, and its associated rule.

  • Decision States—Displays the verdict for the alert and if it is an indication of a security issue. History—Displays the history of changes made to the alert by your security team. For alerts originating from Chronicle SOAR, Alert view also includes the number and a link to the associated Chronicle SOAR case. You can pivot to your Chronicle SOAR account using this link.

Chronicle SOAR Authentication

You can authenticate with your Chronicle SOAR account from Chronicle. Once you have authenticated with your Chronicle SOAR account, you can pivot between your Chronicle account and your Chronicle SOAR account as needed.

Chronicle SOAR Cases

Chronicle SOAR ingests alerts from a variety of sources. You can conduct additional investigations of Chronicle SOAR cases from Chronicle or pivot to Chronicle SOAR. You can pivot to your Chronicle SOAR Cases from the Chronicle application menu. For more information on Chronicle SOAR cases, see the Chronicle SOAR documentation.

Chronicle SOAR Playbooks

Chronicle SOAR Playbooks define a series of automatic steps taken when triggered by an incoming alert and can be used to investigate and respond to security issues. You can pivot to your Chronicle SOAR Playbooks from the Chronicle application menu. For more information on Chronicle SOAR Playbooks, see the Chronicle SOAR documentation.

The following default parsers have changed. Each is listed by product name and ingestion label, if applicable.

  • Akeyless Vault Platform (AKEYLESS_VAULT)
  • AWS Control Tower (AWS_CONTROL_TOWER)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Privileged Identity (BEYONDTRUST_PI)
  • Check Point (CHECKPOINT_FIREWALL)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Wireless IPS (CISCO_WIPS)
  • Citrix Monitor (CITRIX_MONITOR)
  • CrowdStrike Falcon (CS_EDR)
  • Darktrace (DARKTRACE)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • EPIC Systems (EPIC)
  • F5 ASM (F5_ASM)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • FortiGate (FORTINET_FIREWALL)
  • Google Cloud Audit (N/A)
  • Security Command Center (N/A)
  • HAProxy (HAPROXY)
  • InterSystems Cache (INTERSYSTEMS_CACHE)
  • Lenel Onguard Badge Management (LENEL_ONGUARD)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Netscout (ARBOR_EDGE_DEFENSE)
  • Netscout Arbor Sightline (ARBOR_SIGHTLINE)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • OpenSSH (OPENSSH)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Pulse Secure (PULSE_SECURE_VPN)
  • RSA NetWitness (RSA_NETWITNESS)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • Signal Sciences WAF (SIGNAL_SCIENCES_WAF)
  • Sourcefire (SOURCEFIRE_IDS)
  • Symantec Endpoint Protection (SEP)
  • Unix system (NIX_SYSTEM)
  • Vectra Stream (VECTRA_STREAM)
  • Versa Firewall (VERSA_FIREWALL)
  • WatchGuard (WATCHGUARD)
  • Wazuh (WAZUH)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Zix Email Encryption (ZIX_EMAIL_ENCRYPTION)
  • Zoom Operation Logs (ZOOM_OPERATION_LOGS)

For details about changes in each parser, see Supported default parsers.

Cloud Storage

Expanded Cloud Storage monitoring dashboards are now available in Preview.

  • Available metrics include server and client error rates, write request counts, network ingress rates, and network egress rates.
  • Dashboards can be filtered by bucket location.
  • Dashboards are customizable, including the ability to set up alerts.

In addition to the project-wide dashboard, per-bucket dashboards are available in a new Observability tab in the Bucket Details for each bucket.

Cloud Tasks

Support for VPC Service Controls is in Preview.

Google Cloud Marketplace

Curate which products are available for your Organization to use with Private Marketplace (Preview). You can add products to collections and share these collections with your organization, folders, or projects.

Learn more about Private Marketplace.

Google Kubernetes Engine

GKE Gateway for Single Cluster is now generally available in GKE version 1.24 and later. Use the Gateway API to express the intent of your inbound HTTP(S) traffic into your GKE cluster and the Gateway controller will instrument and fully manage the external and/or internal HTTP(S) load balancer(s) that forwards traffic to your applications. For complete details about the GKE Gateway controller, refer to the following documentation.

Identity and Access Management

You can use the Google Cloud console to view authentication activities, which indicate when your service accounts and keys were last used to call a Google API.

Network Connectivity Center

The Google Cloud console now lets you do all of the following:

  • See a list of existing hubs
  • Create multiple hubs
  • Edit an existing hub's description and/or labels

Previously, you could complete these actions only by using the Google Cloud CLI or the API.

Also, the Network Connectivity Center Quotas page has been updated to describe the limit of 60 hubs per project.

For more information about creating and managing hubs, see Work with hubs and spokes.

Vertex AI

Feature Transform Engine is available in Preview. For documentation, refer to Feature engineering.

November 08, 2022

Anthos clusters on bare metal

Release 1.12.4

Anthos clusters on bare metal 1.12.4 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.12.4 runs on Kubernetes 1.23.

Fixes:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

Cloud Data Fusion

DNS Resolution is generally available (GA). You can use domain or hostnames for sources instead of IP addresses for pipeline design-time activities, such as getting schema, wrangling, and previewing pipelines.

Cloud Functions

Cloud Functions has added support for the following new runtimes at the Preview release level:

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Spanner

Cloud Spanner now supports cross-region and cross-project backup use cases. You can copy a backup of your database from one instance to another instance in a different region or project to provide additional data protection and compliance capabilities.

Cloud Storage

The Autoclass feature is now available.

  • When enabled, Autoclass transitions the storage classes of your objects automatically based on their access patterns.
  • Currently, Autoclass can only be enabled at the time of bucket creation.

gcloud storage GA release 1.1 is now available.

  • The 1.1 release adds more support for managing bucket settings, including lifecycle configurations, CORS configurations, and labels.
Cloud Trace

The Trace scatterplot now indicates traces with error codes as red. For more information, see Finding and viewing traces.

Compute Engine

The quota limits displayed in the Cloud console might be incorrect in the asia-south1 region. For more information, see Known issues.

Deep Learning Containers

M100 Release

  • Regular package updates.
Deep Learning VM Images

M100 Release

  • Migrated the Docker proxy agent to use a systemctl service.
  • Regular package updates.
Google Kubernetes Engine

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane. GKE doesn't ship with Istio and isn't affected by this vulnerability. However, if you separately installed Anthos Service Mesh or Istio in your GKE cluster, refer to the Anthos Service Mesh security bulletin for more information.

Vertex AI Workbench

M100 Release

The M100 release of Vertex AI Workbench includes the following:

  • Fixed a bug that prevented an instance with a GPU from starting.
  • Regular package updates.
  • Miscellaneous bug and display fixes.

Fixed a server-side request forgery (SSRF) vulnerability. Previous versions of managed notebooks and user-managed notebooks instances still contain the vulnerability. It is recommended that you migrate your data to a new instance.

Virtual Private Cloud

Preview: You use the private.googleapis.com and restricted.googleapis.com VIPs to access Google APIs and services using IPv6 addresses. For more information, see the following pages:

Workflows

Workflows is available in the following additional regions:

  • asia-east2 (Hong Kong, China)
  • europe-central2 (Warsaw, Poland)
  • europe-southwest1 (Madrid, Spain)
  • europe-west9 (Paris, France)
  • northamerica-northeast2 (Toronto, Canada)
  • us-east5 (Columbus, United States)
  • us-south1 (Dallas, United States)
  • us-west2 (Los Angeles, United States)
  • us-west3 (Salt Lake City, United States)

November 07, 2022

Anthos Service Mesh

The rollout of version 1.15 for managed Anthos Service Mesh has completed in all regions.

Anthos clusters on VMware

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane.

For instructions and more details, see the Anthos clusters on VMware security bulletin.

Anthos clusters on bare metal

Security bulletin (1.11, 1.12, and 1.13)

A security vulnerability, CVE-2022-39278, has been discovered in Istio, which is used in Anthos Service Mesh, that allows a malicious attacker to crash the control plane.

For instructions and more details, see the Anthos clusters on bare metal security bulletin.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.3.6 (2022-11-02)

Features
  • Reconfigure tqdm progress bar in %%bigquery magic (#1355) (506f781)
Bug Fixes
Documentation
Miscellaneous Chores

In the Explorer pane, you can now star your projects, datasets, and tables. This feature replaces the pin feature, which formerly allowed you to pin projects to the Explorer pane. This feature is now generally available (GA).

In the Cloud console, the Add data feature lets you access popular ways to search for and ingest data sources that work with BigQuery. For an example, see viewing listings in Analytics Hub. This feature is now generally available (GA).

Chronicle

Chronicle Feed Management added support for the Sentinel One Alerts API. See the Feed Management documentation for information about how to configure this feed.

When downloading data to CSV file format from the Chronicle user interface, raw log data is now excluded unless you are using Raw Log Scan. For example, raw log data is no longer included when you download events.

This resolves an issue where downloading to CSV was failing.

Cloud Build

Users can now customize Slack notifications for their builds using notifier templates. To learn more, see Configure Slack notifications.

Cloud Data Loss Prevention

The ExcludeByHotword type was added as a type of ExclusionRule. With this new type, you can do the following:

  • Exclude a column from inspect findings if the column name matches a regular expression.
  • Exclude a finding from inspect findings if that finding is proximate to a string that matches a regular expression.

Previously, you could do these only by setting up a hotword rule that lowers the likelihood of the matching findings.

For more information on excluding findings, see Exclusion rules.

Cloud Logging

You can now dynamically include your log content in your alert notifications for easier troubleshooting. For more information about extracting log content into labels, see Create a log-based alert (Monitoring API).

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

10.3.0 (2022-11-04)

Features
  • Add support for instrumentation version annotations (#1370) (c039022)

10.2.3 (2022-11-03)

Bug Fixes

10.2.2 (2022-10-31)

Bug Fixes
  • Runtime package.json check causes breakage when bundled (#1364) (ec40231)

Java

Changes for google-cloud-logging

3.13.0 (2022-11-04)

Features
  • Add support for instrumentation version annotations (#1179) (0931446)
  • Update release-please.yml with correct path (#1184) (9e75fe4)
Dependencies
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.17 (#1181) (1830525)

3.12.1 (2022-11-02)

Bug Fixes
  • Make partialSuccess to be true by default (#1173) (123960a)
Cloud Monitoring

You can now dynamically include your log content in your alert notifications for easier troubleshooting. For more information about extracting log content into labels, see Create a log-based alert (Monitoring API).

Cloud Spanner

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.40.0 (2022-11-03)

Features
  • Expose logger in ClientConfig (#6958) (bd85442), refs #6957
  • Update result_set.proto to return undeclared parameters in ExecuteSql API (de4e16a)
  • Update transaction.proto to include different lock modes (caf4afa)

Java

Changes for google-cloud-spanner

6.4.4-sp.7 (2022-11-02)

Dependencies
Compute Engine

Generally available: Memory-optimized M3 virtual machine instances are available in the following regions and zones:

  • Frankfurt, Germany (europe-west3-a,b)
  • Eemshaven, Netherlands (europe-west4-a,b)
  • Council Bluffs, Iowa, USA (us-central1-a,b)
  • Las Vegas, Nevada, USA (us-west4-a,b)

See VM instance pricing for details.

Dataproc

New sub-minor versions of Dataproc images:

1.5.76-debian10, 1.5.76-rocky8, 1.5.76-ubuntu18

2.0.50-debian10, 2.0.50-rocky8, 2.0.50-ubuntu18

preview 2.1.0-RC3-debian11, preview 2.1.0-RC3-rocky8, preview 2.1.0-RC3-ubuntu20,

Dataproc Serverless for Spark now now uses runtime version 1.0.22 and 2.0.2.

If a Dataproc Metastore service uses the gRPC endpoint protocol, a Dataproc or self-managed cluster located in any region can attach to the service.

Dialogflow

The following languages are now GA (generally available) for Dialogflow CX:

  • Bulgarian (bg)
  • Catalan (ca)
  • Croatian (hr)
  • Czech (cs)
  • Greek (el)
  • Hebrew (iw)
  • Hmong (hmn)
  • Hungarian (hu)
  • Serbian (sr)
  • Slovak (sk)
  • Somali (so)
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for datastore/admin/apiv1

1.9.0 (2022-10-26)

Features
Documentation

Python

Changes for google-cloud-datastore

2.10.0 (2022-11-01)

Features
Google Cloud Marketplace Partners

After your organization enrolls in Partner Advantage portal, you can start integrating your products with Google Cloud Marketplace and preparing to publish them at the same time that your organization completes the process of becoming an approved Google Cloud Build partner.

Google Distributed Cloud Edge

This is a minor release of Google Distributed Cloud Edge (version 1.2.0).

The following new features have been introduced in this release of Google Distributed Cloud Edge:

The following changes have been introduced in this release of Google Distributed Cloud Edge:

  • Google Distributed Cloud Edge now ships with the NVIDIA Tesla T4 GPU driver version 470.63.01.
  • The Network Function operator feature of Google Distributed Cloud Edge has been updated as follows. To learn more, see Network Function operator.
    • The NodeSystemConfigUpdate resource now supports additional sysctls fields.
    • The NodeSystemConfigUpdate resource now supports fields for specifying the IP address lists and domain lists of private image registries.
    • The CustomNetworkInterfaceConfig resource no longer supports certain previously supported fields.
    • You can now scope both safe and unsafe sysctls parameters to a specific Pod or namespace using the tuning Container Networking Interface (CNI) plug-in.
    • Webhook-level enforcement of valid field values is now in effect.
  • The Kubernetes control plane has been updated to version 1.23.5-gke.1505.
  • The coredns service has been updated to version 1.8.6-gke.0.

The following issues have been resolved in this release of Google Distributed Cloud Edge:

  • Google Distributed Cloud Edge nodes no longer become temporarily unresponsive due to excessive memory utilization.
Google Kubernetes Engine

When you create a LoadBalancer service in GKE, the Google Cloud controllers automatically create the following firewall rules and apply them to the GKE nodes to allow inbound connections on the Service port:

  • Internal load balancer with GKE subsetting or external load balancer with regional backend services (RBS): k8s2-[cluster-id]-[namespace]-[service-name]-[suffixhash]
  • Internal load balancer without GKE subsetting or external load balancer with target pool: k8s-fw-[loadbalancer-hash]

These rules now include the load balancer IP address in the destination ranges field to further control the inbound connections to the nodes. You can use the gcloud compute firewall-rules describe command to check a relevant firewall. The new field in the output is similar to the following:

destinationRanges:
- [LOADBALANCER_VIRTUAL_IP_ADDRESS]
Managed Service for Microsoft Active Directory

Support for schema extensions in Managed Microsoft AD is generally available. Learn how to extend the schema.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

3.2.1 (2022-11-04)

Bug Fixes

Java

Changes for google-cloud-pubsub

1.111.0-sp.3 (2022-11-03)

Dependencies
  • Regenerating with new Protobuf (1.111.0-sp) (#1382) (58d55aa)
SAP on Google Cloud

New SAP certifications: M3 series of memory-optimized machine types

For use with SAP HANA and SAP NetWeaver, SAP has now certified the Compute Engine memory-optimized M3 series machine types.

For more information, see:

Security Command Center

Security Command Center released two new error detectors:

  • KTD blocked by admission controller
  • KTD image pull failure

These detectors report configuration errors that prevent the Container Threat Detection service from functioning properly.

Remediation guidance is provided for each finding type. For more information, see Security Command Center errors.

VPC Service Controls

Beta stage support for the following integration:

November 04, 2022

Apigee Integration

On November 4, 2022 we released an updated version of the Apigee Integration software.

US multi-region (us) for Apigee Integration is deprecated. Use us-east1, us-west1, or us-central1 locations instead

As of November 10, 2022, you can no longer create an integration in the US multi-region (us) location. Any existing integration running in US multi-region (us) will be stopped on or after January 10, 2023.

It's recommended that you perform the following actions before January 10, 2023:

  • Clone your existing integrations to us-east1, us-west1, us-central1, or any of the supported regions. For information about how to clone an integration, see Clone integrations.

  • Migrate your existing integration proxies to us-east1, us-west1, us-central1, or any of the supported regions. You can do this by manually updating the IntegrationRegion child element in the SetIntegrationRequest policy.

Apigee X

On November 4, 2022 we released an updated version of Apigee X.

Apigee support for using Private Service Connect (PSC) for client-to-Apigee (northbound) traffic is now GA. In addition, we now support using PSC for northbound routing in multi-region configurations. For details, see Expanding Apigee to multiple regions. See also Northbound networking with Private Service Connect and Migrate northbound routing to Private Service Connect.

Cloud Logging

The Logs tab available for each cluster on the Kubernetes Engine > Clusters page now includes suggested queries for your logs. For more information about using your GKE logs, see Viewing your GKE logs.

Google Kubernetes Engine

(2022-R26) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.23.12-gke.100 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.12-gke.500
    • 1.22.12-gke.1200
    • 1.24.3-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to 1.24.4-gke.800 with this release.

Stable channel

  • Version 1.22.15-gke.100 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.

Regular channel

  • Version 1.23.12-gke.100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.4300
    • 1.22.12-gke.500
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.23.12-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.12-gke.100 with this release.

Rapid channel

  • Version 1.24.5-gke.600 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.5300
    • 1.22.13-gke.1000
    • 1.23.11-gke.300
    • 1.24.3-gke.2100
    • 1.25.1-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.14-gke.7100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.14-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.12-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.5-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to 1.25.2-gke.1700 with this release.

(2022-R26) Version updates

  • Version 1.23.12-gke.100 is now the default version.
  • The following control plane and node versions are now available:
  • The following control plane versions are no longer available:
    • 1.22.12-gke.500
    • 1.22.12-gke.1200
    • 1.24.3-gke.2100
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.21 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.22 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.24 to 1.24.4-gke.800 with this release.

(2022-R26) Version updates

  • Version 1.22.15-gke.100 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.21 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.22 to 1.22.15-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.

(2022-R26) Version updates

  • Version 1.23.12-gke.100 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.21.14-gke.4300
    • 1.22.12-gke.500
    • 1.23.8-gke.1900
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.20 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.21 to 1.21.14-gke.5300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.22 to 1.23.12-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.23 to 1.23.12-gke.100 with this release.

(2022-R26) Version updates

  • Version 1.24.5-gke.600 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.21.14-gke.5300
    • 1.22.13-gke.1000
    • 1.23.11-gke.300
    • 1.24.3-gke.2100
    • 1.25.1-gke.500
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.20 to 1.21.14-gke.7100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.21 to 1.22.14-gke.300 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.22 to 1.23.12-gke.100 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.23 to 1.24.5-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to 1.24.5-gke.600 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to 1.25.2-gke.1700 with this release.
Vertex AI

Vertex AI Prediction

You can now use A2 machine types to serve predictions.

Custom training on Vertex AI now supports NVIDIA A100 80GB GPUs on a2-ultragpu-1g/2g/4g/8g machines. For details, see Configure compute resources for custom training.

November 03, 2022

Anthos Service Mesh

1.15.3-asm.1 is now available.

Anthos Service Mesh 1.15.3-asm.1 includes the features of Istio 1.15.3 subject to the list of Anthos Service Mesh supported features. If you've installed in-cluster 1.15.2, please update to 1.15.3 right away. Google will automatically upgrade customers running managed Anthos Service Mesh.

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions:

  • 1.22.15-gke.100
  • 1.23.11-gke.300
  • 1.24.5-gke.200

Anthos on AWS nodepools now includes the iptables utility to resolve an issue with the installation of Anthos Service Mesh.

On clusters at version 1.24.3-gke.2200, the IMDS emulator fails to start. This issue is fixed for clusters at version 1.24.5-gke.200 and later.

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions:

  • 1.22.15-gke.100
  • 1.23.11-gke.300
  • 1.24.5-gke.200
BigQuery

SQL functions for managing wrapped keysets are generally available (GA). You can now perform the following actions natively in BigQuery with fewer risks and steps:

Included with this release are the following new key management functions:

Cloud Asset Inventory

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Org Policies
    • orgpolicy.googleapis.com/Policy
Cloud Logging

You can now collect Aerospike logs from the Ops Agent, starting with version 2.22.0. For more information, see Monitoring third-party applications: Aerospike.

Cloud Monitoring

You can now add table widgets to custom dashboards that let you limit the number of table rows, persiste specific columns, display only those rows with the highest, or lowest values, and that display a visual indicator of the value as compared to the range of possible values. For more information, see Display data in tabular form on a dashboard.

Cloud Spanner

Support for the NHibernate ORM is now generally available, enabling you to use Cloud Spanner as a backend database for the NHibernate framework. For more information, see NHibernate Dialect for Cloud Spanner.

Google Kubernetes Engine

You can now easily identify clusters that use certificates incompatible with Kubernetes version 1.23. Kubernetes 1.23 deprecation insights are now available in Preview for clusters of at least version 1.22.6-gke.1000.

Vertex AI

Vertex AI Prediction

Custom prediction routines (CPR) are now Generally Available. CPR lets you easily build custom containers for prediction with pre/post processing support.

November 02, 2022

Anthos Service Mesh

VPC-SC for managed Anthos Service Mesh is generally available (GA) in the rapid channel.

Apigee hybrid

hybrid v1.7.5

On November 2, 2022 we released an updated version of the Apigee hybrid software, v1.7.5.

For information on upgrading, see Upgrading Apigee hybrid to version 1.7.

Bug ID Description
251435916 Fixed an issue where in certain circumstances, MP pods would scale without traffic.
241959053 Fixed apigeectl parsing error for serviceaccountRef.
Bug ID Description
253693906 Upgraded Prometheus to 2.39.1 to address vulnerabilities in an earlier version. This change addresses the following vulnerabilities:
CVE-2022-24675
CVE-2022-27664
CVE-2022-28131
CVE-2022-28327
CVE-2022-30580
CVE-2022-30630
CVE-2022-30631
CVE-2022-30632
CVE-2022-30633
CVE-2022-30635
CVE-2022-32189
253498057 Upgraded Fluent Bit to 1.9.9 to address vulnerabilities in an earlier version. This change addresses the following vulnerabilities:
CVE-2022-1292
CVE-2022-2068
CVE-2021-3999
CVE-2022-23218
CVE-2022-23219
CVE-2022-25013
CVE-2021-33574
CVE-2018-12886
CVE-2022-0778
248288668 Fixes to address apigee-installer vulnerabilities.
247864229 upgraded kube-rbac-proxy to v0.13.0 to address vulnerabilities in an earlier version.
N/A Upgraded to ASM 1.12.9 to address Istio and Go language vulnerabilities in an earlier version (CVE-2022-39278). For more information, see the Service Mesh security bulletin.
BigQuery

The query execution graph is now in preview. You can use the query execution graph to diagnose query performance issues, and to receive query performance insights.

Chronicle

Enhancements to the Detection Engine API

The StreamDetectionAlerts method in the Detection Engine API has been enhanced to return detections generated by both user-created rules and Chronicle Curated Detections. For more information about this method, see StreamDetectionAlerts.

Deep Learning Containers

M99 Release

  • Fixed a bug where Jupyter widgets through ipywidgets were causing errors and not displaying.
  • Regular package updates.
Deep Learning VM Images

M99 Release

  • Fixed a bug where Jupyter widgets through ipywidgets were causing errors and not displaying.
  • Updated TPU versions for TensorFlow 2.8, 2.9, and 2.10 Deep Learning VMs.
  • Improved error messages for debugging custom container Deep Learning VMs that were instantiated with a GPU but without installing NVIDIA drivers.
  • Regular package updates.

November 01, 2022

Anthos Service Mesh

Version 1.15 is now available for managed Anthos Service Mesh and is rolling out to the Rapid Release Channel.

Upon rollout completion, the managed Anthos Service Mesh channels will contain the following versions:

  • Rapid Release Channel - Version 1.15
  • Regular Release Channel - Version 1.14
  • Stable Release Channel - Version 1.13

Note that regions will have mixed availability during the 1.15 rollout. Additionally, stable and regular channel promotion occurs before 1.15 rolls out to rapid channel.

See Select a managed Anthos Service Mesh release channel for more information.

End-user authentication is being made available to managed Anthos Service Mesh in the rapid release channel. See the preceding release note for rollout timelines.

Anthos clusters on VMware

Anthos clusters on VMware 1.13.1-gke.35 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.13.1-gke.35 runs on Kubernetes 1.24.2-gke.1900.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

  • Increased logging granularity for the cluster backup operation including indicating status for each step of the process.
Anthos clusters on bare metal

Cluster lifecycle improvements in 1.13 and later

Preview: You can use the Google Cloud console to create user clusters, delete user clusters, and to add and remove node pools from a user cluster. To explore the new feature, try out the tutorial Create an Anthos on bare metal user cluster on Compute Engine VMs using the console.

App Engine standard environment Go

Build environment variables support is now generally available.

App Engine standard environment Java

Build environment variables support is now generally available.

App Engine standard environment Node.js

Build environment variables support is now generally available.

App Engine standard environment PHP

Build environment variables support is now generally available.

App Engine standard environment Python

Build environment variables support is now generally available.

App Engine standard environment Ruby

Build environment variables support is now generally available.

BigQuery

The BigQuery migration assessment is now available for Amazon Redshift in preview. You can use this feature to assess the complexity of migrating from your Amazon Redshift data warehouse to BigQuery.

Chronicle

The Ingestion API udmevents and createentities methods now accept both uppercase and lowercase characters in the following fields:

  • <_Noun_>.mac: defined when calling the udmeevents method, where Noun is either principal, src, target, observer, intermediary, or about.

  • entity.asset.mac: defined when calling the createentities method.

These fields are defined in the UDM record in the request body when calling the method. For more information about these methods, see Chronicle Ingestion API documentation. For more information about UDM fields, see the Unified Data Model field list.

Cloud Healthcare API

A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Router

The Cloud Router BGP MD5 authentication feature is Generally Available (GA). For more information, see Use MD5 authentication.

Compute Engine

The image import tool now supports importing Ubuntu 22.04 LTS images to Google Cloud.

Pub/Sub

BigQuery subscriptions now support the Avro logical types timestamp-micros, date, and time-micros. For more information about schema compatibility between a Pub/Sub topic and a BigQuery table, see Schema compatibility.

Resource Manager

The feature for listing all tags that are attached to or inherited by your resources has entered general availability. For more information, see Creating and managing tags.

You can now use the Cloud Console UI to create and manage tags. For more information, see Creating and managing tags.

VPC Service Controls

Beta stage support for the following integration:

Virtual Private Cloud

Private Service Connect supports internal regional TCP proxy load balancers as a service attachment target in General Availability. This lets you create hybrid TCP/UDP services where a clients in a VPC network can connect to an on-premise service by going through Private Service Connect and a TCP proxy with hybrid NEGs to reach a hybrid endpoint.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.0.0 is now generally available. This native SDK supports iOS and Android devices.

October 31, 2022

Anthos clusters on AWS (previous generation)

Anthos clusters on AWS (previous generation) aws-1.13.1-gke.1 is now available.

You can now launch clusters with the following Kubernetes versions:

  • 1.22.15-gke.1400
  • 1.23.12-gke.1400
  • 1.24.6-gke.1300
Anthos clusters on bare metal

Release 1.13.1

Anthos clusters on bare metal 1.13.1 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.13.1 runs on Kubernetes 1.24.

Fixes:

Known issues:

For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.43.0 (2022-10-24)

Features
  • bigquery/analyticshub: rename nodejs analyticshub library package name (52dddd1)
  • bigquery/storage/managedwriter: Enable field name indirection (#6247) (1969273)
  • bigquery/storage/managedwriter: Retry on FailedPrecondition (#6761) (d1a444d)
  • bigquery/storage/managedwriter: Support append retries (#6695) (6ae9c67)
  • bigquery/storage/managedwriter: Switch to opt-in retry (#6765) (a3e97a6)
  • bigquery: Add remote function options to routine metadata (#6702) (d9a437d)
Bug Fixes
  • bigquery/storage/managedwriter: Address possible resource leak (#6775) (979440b)
  • bigquery: Avoid stack overflow on query param with recursive types (#6890) (854ccfc), refs #6884
  • bigquery: Bq connection auth scopes (#6752) (8e09288), refs #6744
Documentation
  • bigquery/storage/managedwriter/adapt: Typo in error string (#6729) (bb26153)
  • bigquery/storage/managedwriter: Add retry info to package docs (#6803) (81e52e5)

Java

Changes for google-cloud-bigquery

2.18.2 (2022-10-28)

Dependencies

2.18.1 (2022-10-28)

Dependencies

2.18.0 (2022-10-27)

Features
Bug Fixes
  • Add --add-opens arg to native-image command (#2369) (8e8b6d7)
  • Properly handle external table schema on table update (#2236) (460ef31)
Dependencies
  • Update arrow.version to v10 (major) (#2371) (b7873db)
  • Update cloud client dependencies (#2362) (0936699)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.6.0 (#2355) (7bc59a7)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.7.0 (#2366) (02102d3)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20221015-2.0.0 (#2370) (9b796cf)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.10.0 (#2356) (edb2ca0)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.5 (#2361) (51b2258)
  • Update dependency com.google.code.gson:gson to v2.10 (#2367) (82e3de5)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.15 (#2352) (b0f172c)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.16 (#2358) (f4e5fc5)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.15 (#2353) (ac9226c)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.16 (#2359) (52ec31a)

The max_staleness materialized view option helps you achieve consistently high performance with controlled costs when processing large, frequently changing datasets. This feature is now in preview.

Column-level data masking is now generally available (GA). You can use data masking to selectively obscure column data for groups of users, while still allowing access to the column.

Chronicle

Chronicle Feed Management added a hostname field to the configuration workflow of certain log types. The hostname field enables you to configure the API endpoint for the feed. If you do not define a value for this field, the following default values are used:

  • AzureAD (AZURE_AD) default hostname is graph.microsoft.com.
  • AzureADAudit (AZURE_AD_AUDIT) default hostname is graph.microsoft.com.
  • AzureADContext (AZURE_AD_CONTEXT) default hostname is graph.microsoft.com.
  • AzureMDMIntune (AZURE_MDM_INTUNE) default hostname is graph.microsoft.com.
  • MicrosoftGraphAlert (MICROSOFT_GRAPH_ALERT) default hostname is graph.microsoft.com.
  • MicrosoftSecurityCenterAlert (MICROSOFT_SECURITY_CENTER_ALERT) default hostname is management.azure.com.
  • Office365 (OFFICE_365) default hostname is manage.office.com.

Chronicle Feed Management API was also updated to support the hostname field for these log types.

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.15.0 (2022-10-26)

Features
  • Add APIs for Mutation and RowMutationEntry (#1454) (a86934f)
Bug Fixes
  • Catch all throwables so version mismatch won't hang the client (#1402) (c03b8a4)
  • Fix attempt status tag for metrics (#1477) (e54cf7d)
  • Rename metric names to match the external name (#1479) (28ca7c3)
  • Set a longer timeout to wait for callbacks to be executed (#1478) (0d9ff6a)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.5.0 (#1464) (d8e58a5)
  • Update dependency com.google.cloud:google-cloud-monitoring-bom to v3.6.0 (#1476) (331dcfb)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.5 (#1470) (557a4fb)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.15 (#1462) (69540cb)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.16 (#1467) (53599ca)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.15 (#1463) (a6612f9)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.16 (#1468) (fe0ddb1)
Cloud Composer

The apache-airflow-providers-google package in images with Airflow 2.1.4 and 2.2.5 was upgraded to 2022.10.17+composer. Changes compared to version 2022.9.6+composer:

  • Upgraded requirements for the google-cloud-container package from >=0.1.1,<2.0.0 to >=2.2.0,<3.0.0.
  • Added changes for GKEHook and GKE unit tests from #22852, without pulling changes for DataprocCreateClusterOperator.

The google-api-core package was downgraded from 2.8.2 to 2.8.1. This change fixes integration with Cloud Spanner.

Cloud Composer 1.19.13 and 2.0.30 images are available:

  • composer-1.19.13-airflow-1.10.15 (default)
  • composer-1.19.13-airflow-2.1.4
  • composer-1.19.13-airflow-2.2.5
  • composer-1.19.13-airflow-2.3.3
  • composer-2.0.30-airflow-2.1.4
  • composer-2.0.30-airflow-2.2.5
  • composer-2.0.30-airflow-2.3.3

Cloud Composer versions 1.17.3 and 2.0.0-preview.4 have reached their end of full support period.

Cloud Key Management Service

Cloud HSM resources are now available in the following regions:

  • europe-southwest1
  • europe-west9
  • me-west1

For information about which locations are supported by Cloud KMS, Cloud HSM, and Cloud EKM, see Cloud KMS locations.

Cloud Load Balancing

Cloud Load Balancing introduces the internal regional TCP proxy load balancer. This is an Envoy proxy-based regional layer 4 load balancer that enables you to run and scale your TCP service traffic behind an internal regional IP address that is accessible only to clients in the same VPC network or clients connected to your VPC network.

The internal regional TCP proxy load balancer distributes TCP traffic to backends hosted on Google Cloud, on-premises, or other cloud environments.

For details, see the following:

This capability is in General Availability.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

10.2.1 (2022-10-28)

Bug Fixes
  • Correct an order of instrumentation entries (#1362) (c6b11e3)

10.2.0 (2022-10-27)

Features
  • Add support for partialSuccess global configuration (#1359) (178b19f)

Java

Changes for google-cloud-logging

3.12.0 (2022-10-27)

Features

3.11.10 (2022-10-26)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.5 (#1156) (413fa54)
  • Update dependency org.easymock:easymock to v5.0.1 (#1159) (df8bfbe)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.16 (#1144) (4836c7e)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.16 (#1154) (a13ef9f)
Cloud Secure Web Gateway

Cloud SWG is available in Preview. Cloud SWG provides a secure web gateway that helps you secure egress web traffic (HTTP/S). Contact your sales representative to sign up and use Cloud SWG.

Cloud Spanner

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-spanner

6.32.0 (2022-10-27)

Features
  • Enable client to server compression (#2117) (50f8425)
  • Increase default number of channels when gRPC channel pool is enabled (#1997) (44f27fc)
  • Update result_set.proto to return undeclared parameters in ExecuteSql API (#2101) (826eb93)
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.6.0 (#2125) (7d86fe4)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.5 (#2122) (308a65c)
  • Update dependency com.google.cloud:google-cloud-trace to v2.5.0 (#2126) (5167928)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.16 (#2119) (b2d27e8)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.16 (#2120) (151cf77)
  • Update dependency org.graalvm.sdk:graal-sdk to v22.3.0 (#2116) (9d6930b)

Node.js

Changes for @google-cloud/spanner

6.4.0 (2022-10-27)

Features
  • Update result_set.proto to return undeclared parameters in ExecuteSql API (eaa445e)
  • Update transaction.proto to include different lock modes (#1723) (eaa445e)
Dataproc

Dataproc Serverless for Spark now allows the customization of driver and executor memory using the following properties:

  • spark.driver.memory
  • spark.driver.memoryOverhead
  • spark.executor.memory
  • spark.executor.memoryOverhead

Dataproc Serverless for Spark now outputs approximate_usage after a workload finishes that shows the approximate DCU and shuffle storage resource consumption by the workload.

Removed the Auto Zone placement check for supported machine types.

Document AI

A new Release Candidate (RC) version of the Document OCR Processor, pretrained-ocr-v1.1-2022-09-12, is available in the US and EU. This RC can detect document defects.

  • If the document is considered to be defective, the API now returns the same 5 document defect types supported by the Intelligent Document Quality Processor:
    • quality/defect_blurry
    • quality/defect_noisy
    • quality/defect_dark
    • quality/defect_faint
    • quality/defect_text_too_small
  • In addition, it now supports 3 more defect types:
    • quality/defect_document_cutoff
    • quality/defect_text_cutoff
    • quality/defect_glare
  • The defect detection results are in the image_quality_scores field on the Page object in the returned JSON. This additional feature adds latency comparable to OCR processing to the process call.
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.12.3 (2022-10-24)

Dependencies
  • Update dependency org.easymock:easymock to v5.0.1 (#896) (0382c3d)
Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.26.0 (2022-10-24)

Features
Bug Fixes
Documentation

Java

Changes for google-cloud-pubsub

1.120.24 (2022-10-28)

Bug Fixes
  • Adding an explicit check to prevent empty publishes (#1376) (689d7da)

1.120.23 (2022-10-27)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.8.22 (#1361) (0355868)
  • Update dependency com.google.cloud:google-cloud-core to v2.8.24 (#1368) (9776aad)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.5 (#1362) (d32c591)
  • Update dependency com.google.protobuf:protobuf-java-util to v3.21.8 (#1356) (dc1e0ca)
  • Update dependency org.easymock:easymock to v5.0.1 (#1365) (2a807a5)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.16 (#1358) (226e105)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.16 (#1359) (3f10227)

October 28, 2022

Anthos clusters on AWS

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

For instructions and more details, see the Anthos clusters on AWS security bulletin.

Anthos clusters on AWS (previous generation)

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

For instructions and more details, see the Anthos clusters on AWS security bulletin.

Anthos clusters on Azure

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

For instructions and more details, see the Anthos clusters on Azure security bulletin.

Anthos clusters on VMware

A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that could allow an unprivileged user to escalate to system execution privilege.

For instructions and more details, see the Anthos clusters on VMware security bulletin.

Anthos clusters on bare metal

Anthos clusters on bare metal 1.11.7 is now available for download. To upgrade, see Upgrading Anthos on bare metal. Anthos clusters on bare metal 1.11.7 runs on Kubernetes 1.22.

Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section.

AutoML Translation

The following language translation pairs have been added:

Language Pair Language Codes
Javanese -> English jv -> en
Khmer -> English km -> en
Myanmar (Burmese) -> English my -> en
Nepali -> English ne -> en
Pashto -> English ps -> en
Tagalog (Filipino) -> English tl -> en
Tamil -> English ta -> en
Telugu -> English te -> en
Uzbek -> English uz -> en
Zulu -> English zu -> en
Cloud Asset Inventory

The following resource types are now publicly available through the Export APIs (ExportAssets, ListAssets, and BatchGetAssetsHistory), Feed API, and Search APIs (SearchAllResources, SearchAllIamPolicies).

  • Cloud Domains
    • domains.googleapis.com/Registration
  • Cloud Functions 2nd Gen
    • cloudfunctions.googleapis.com/Function
Cloud SQL for MySQL

The changes listed in the September 15 Release Notes entry for read replica maintenance have been postponed.

Cloud SQL for PostgreSQL

The changes listed in the September 15 Release Notes entry for read replica maintenance have been postponed.

Cloud SQL for SQL Server

The changes listed in the September 15 Release Notes entry for read replica maintenance have been postponed.

Dataproc

The following preview Dataproc image versions are available:

  • 2.1.0-RC2-debian11
  • 2.1.0-RC2-rocky8
  • 2.1.0-RC2-ubuntu20

The following component versions are available for use with the 2.1.0-RC2 images (the HBase and Druid components are not supported in 2.1 image versions):

  • Apache Atlas 2.2.0

  • Apache Flink 1.15.0

  • Apache Hadoop 3.3.3

  • Apache Hive 3.1.3

  • Apache Hive WebHCat 3.1.3

  • Apache Kafka 3.1.0

  • Apache Pig 0.18.0-SNAPSHOT

  • Apache Spark 3.3.0

  • Apache Sqoop v1 1.5.0-SNAPSHOT

  • Apache Sqoop v2 1.99.6

  • Apache Tez 0.10.1

  • Cloud Storage Connector hadoop3-2.2.8

  • Conscrypt 2.5.2

  • Docker 20.10

  • Hue 4.10.0

  • Java temurin-11-jdk

  • JupyterLab Notebook 3.4

  • Oozie 5.2.1

  • Presto 376

  • Python 3.10

  • R 4.1

  • Ranger 2.2.0

  • Scala 2.12.14

  • Solr 9.0.0

  • Zeppelin Notebook 0.10.1

  • Zookeeper 3.8.0

Dataproc Serverless for Spark now now uses runtime version 1.0.21 and 2.0.1.

Dataproc Serverless for Spark runtime version 2.0.1 upgrades Apache Commons Text to 1.10.0, addressing CVE-2022-42889

Dataproc Serverless for Spark runtime version 2.0.1 upgrades the following components:

Google Kubernetes Engine

A new vulnerability, CVE-2022-20409, has been discovered in the Linux kernel that could allow an unprivileged user to escalate to system execution privilege. For instructions and more details, see the GKE security bulletin.

Translation Hub

The translator workflow is in Preview:

Support for 24 new languages is Generally Available (GA). Glossaries aren't supported when translating to or from these languages.

  • Assamese
  • Aymara
  • Bambara
  • Bhojpuri
  • Dhivehi
  • Dogri
  • Ewe
  • Guarani
  • Ilocano
  • Konkani
  • Krio
  • Kurdish(Sorani)
  • Lingala
  • Luganda
  • Maithili
  • Meiteilon(Manipuri)
  • Mizo
  • Oromo
  • Quechua
  • Sanskrit
  • Sepedi(Pedi)
  • Tigrinya
  • Tsonga
  • Twi (Akan)

October 27, 2022

Anthos Config Management

Changed the default Helm release namespace from config-management-system to default, if spec.helm.namespace isn't specified. Note that the value specified in spec.helm.namespace is only used as the value of Release.Namespace declared in your Helm template; otherwise, the namespace default will be used.

Added the spec.helm.values field in RootSync and RepoSync to allow overriding the default values that accompany the Helm chart.

The constraint template library includes a new template: K8sBlockLoadBalancer. For reference, see Constraint template library.

The constraint template library's K8sHttpsOnly template now supports Ingress blocks which do not include tls: using the new tlsOptional: true parameter. For reference, see Constraint template library.

Policy Controller has been updated to include a more recent build of OPA Gatekeeper (hash: 600a68d).

Config Sync now handles exporting metrics correctly with the right permissions and resource names after the update to Open Telemetry v0.54.0 which was introduced in ACM 1.12.2.

Fixed a Prometheus exporter error in the otel-collector by resolving a discrepancy between components regarding the description of the pipeline_error_observed metric.

GKE version 1.23 introduced a change that made 1.23 Autopilot clusters incompatible with Config Sync. To work around this issue, use Config Sync on an Autopilot cluster with version 1.22 or earlier. This note was updated on November 4, 2022.

The 409.0.0 Google Cloud CLI release introduced two bugs for Anthos Config Management. The version command incorrectly prints "NA" instead of the current version. The status command prints an incorrect message about unreachable regions. This note was updated on November 10, 2022.

Anthos clusters on VMware

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node.

For instructions and more details, see the Anthos clusters on VMware security bulletin.

Apigee API hub

On October 27, 2022 Apigee API hub released a new version of the software.

A link to the Settings page has been added to the APIs list page.

See: Discover APIs using APIs list

Bug ID Description
254505866 Provisioning API hub using the UI failed if you selected a region other than the following: asia-east1, asia-southeast1, europe-west1, europe-west4, us-central1, us-east1, us-west1, us-west4.
Apigee X

On October 27, 2022 we released an updated version of Apigee X.

This release contains the General Acceptance (GA) release of Advanced API Security, which:

  • Detects unwanted requests sent to your APIs, including attacks by bots or other malicious agents.
  • Evaluates the security of your API configurations and provides recommendations for improvements.

Advanced API Security is a paid add-on to Apigee. You can try out Advanced API Security for free in any trial org—follow the procedure described in Enable Advanced API Security. Contact Apigee to learn more.

Apigee hybrid

hybrid v1.8.2

On October 27, 2022 we released an updated version of the Apigee hybrid software, v1.8.2.

For information on upgrading, see Upgrading Apigee hybrid to version 1.8.

Bug ID Description
253693906 Upgraded Prometheus to 2.39.1 to address vulnerabilities in an earlier version. This change addresses the following vulnerabilities:
CVE-2022-24675
CVE-2022-27664
CVE-2022-28131
CVE-2022-28327
CVE-2022-30580
CVE-2022-30630
CVE-2022-30631
CVE-2022-30632
CVE-2022-30633
CVE-2022-30635
CVE-2022-32189
253498057 Upgraded Fluent Bit to 1.9.9 to address vulnerabilities in an earlier version. This change addresses the following vulnerabilities:
CVE-2022-1292
CVE-2022-2068
CVE-2021-3999
CVE-2022-23218
CVE-2022-23219
CVE-2022-25013
CVE-2021-33574
CVE-2018-12886
CVE-2022-0778
248288668 Fixes to address apigee-installer vulnerabilities.
247864229 upgraded kube-rbac-proxy to v0.13.0 to address vulnerabilities in an earlier version.
N/A Upgraded to ASM 1.12.9 to address Istio and Go language vulnerabilities in an earlier version (CVE-2022-39278). For more information, see the Service Mesh security bulletin.
BigQuery

Search indexes and the SEARCH() function are now generally available (GA). These enable you to use Google Standard SQL to efficiently pinpoint specific data elements in unstructured text and semi-structured data.

Chronicle

Chronicle Feed Management added support for the CrowdStrike Detection API. See the Feed Management documentation for information about how to configure this feed.

Cloud Data Fusion

Cloud Data Fusion version 6.7.2 is generally available (GA). This release is in parallel with the CDAP 6.7.2 release.

In Cloud Data Fusion version 6.7.2, the default machine type changed from N2 to E2.

Fixed in 6.7.2:

  • In the BigQuery Sink plugin (version 0.20.3), fixed an issue that caused a NullPointerException error when table metrics were updated or when the output schema was not defined.
  • In the Send Email batch pipeline alert, fixed an issue where emails failed to send when the Protocol was set to TLS.
Cloud Storage

Bucket tags are now generally available (GA).

Compute Engine

Generally available: Compute Engine flexible committed use discounts (flexible CUDs) are spend-based discounts that add flexibility to your spending capabilities by eliminating the need to restrict your commitments to a single project, region, or machine series. You can purchase flexible commitments and commit to a minimum hourly spend amount to use vCPUs and/or memory in any of the projects within your Cloud Billing account, across any region, and belonging to any eligible general-purpose and/or compute-optimized machine types.

Learn more about flexible CUDs and how to purchase flexible commitments.

Google Kubernetes Engine

A new vulnerability, CVE-2022-3176, has been discovered in the Linux kernel that can lead to local privilege escalation. This vulnerability allows an unprivileged user to achieve full container breakout to root on the node. For instructions and more details, see the GKE security bulletin.

Retail API

Recording Google Analytics 4 user events to the Retail API is available in GA. If you have integrated Google Analytics 4 for your user events, you can record the user event data in Google Analytics 4 format directly to the Retail API.

To use this feature, see the Record user events with Google Analytics 4 documentation.

A/B experiment traffic monitoring for Retail Search is available in private preview. See the documentation for A/B experiment monitoring.

A/B experiments compare key metrics between the Retail API and your existing search implementation. After setting up an experiment and its traffic splitting, you can monitor experiment traffic using the Retail console. In the console, you create variant arms that map to each experiment group that you created for the A/B experiment. This allows you to check whether the actual traffic matches the intended traffic split of your experiment. Traffic monitoring can help you determine if differences in traffic are due to a quality gap between services or an incorrect experiment setup.

To use A/B experiment traffic monitoring in private preview, contact Retail Support.

Traffic Director

Traffic Director deployment with automatic Envoy injection for Google Kubernetes Engine Pods currently installs Envoy version 1.20.0.

Vertex AI

Vertex AI Prediction

You can now use E2 machine types to serve predictions.

October 26, 2022

BigQuery

The following geography functions are now generally available (GA):

  • ST_ISCLOSED: Returns TRUE for a non-empty geography, where each element in the geography has an empty boundary.
  • ST_ISRING: Checks if a geography is a linestring and if the linestring is both closed and simple.
Config Connector

Config Connector version 1.96.0 is now available.

Added storageTarget to BigTableInstance (Issue #729).

Added location and BITBUCKET support to CloudBuildTrigger (Issue #672).

Added visibleCoreCount to ComputeInstance.

Added visibleCoreCount to ComputeInstanceTemplate.

Added snapshotProperties.chainName to ComputeResourcePolicies.

Added chainName to ComputeSnapshot.

Added certificateMapRef to ComputeTargetSSLProxy.

Added costManagementConfig, nodePoolDefaults, serviceExternalIpsConfig to ContainerCluster.

Added locationPolicy, totalMaxNodeCount, totalMinNodeCount to ContainerNodePool.

Added channelRef and resourceConditions to EventarcTrigger.

Added mesh to GKEHubFeatureMembership.

Added forceDelete to MonitoringNotificationChannel.

Removed labels field from NetworkServicesGateway (alpha), NetworkServicesGRPCRoute (alpha), NetworkServicesHTTPRoute (alpha), NetworkServicesMesh (alpha), and NetworkServicesTCPRoute (alpha).

Released new controller unmanaged-detector. Now if there is no Config Connector controller for a resource's namespace, that resource's status will show as "Unmanaged".

Extended faster reconciliation of resources with dependencies to support IAMAuditConfig and IAMPolicy.

Added support for DLPInspectTemplate resource.

Fixed issue with DataprocCluster where resource creation was failing with error message Update call failed: error applying desired state: infeasible update: ({true }) would require recreation (Issue #661).

Dataproc

All Dataproc Serverless for Spark runtime versions prior to 1.0.21 and 2.0.1 will be deprecated on November 2, 2022.

VPC Service Controls

General availability for the following integration:

October 25, 2022

Anthos Service Mesh

1.15.2-asm.6 is now available.

Anthos Service Mesh 1.15.2-asm.6 includes the features of Istio 1.15.2 subject to the list of Anthos Service Mesh supported features.

Docker images for in-cluster Anthos Service Mesh v1.15 and later support the Arm architecture.

Anthos Service Mesh now supports configuring Mesh CA and Google CA Service connectivity through an HTTPS proxy when direct connectivity from the sidecar-injected workloads is not available (for example, due to firewalls or other restrictive features). See Configure Certificate Authority connectivity through a proxy for more information.

Anthos Service Mesh 1.12 is no longer supported. For more information, see Supported versions.

Managed Anthos Service Mesh 1.15 isn't rolling out to the rapid release channel at this time. You can periodically check this page for the announcement of the rollout of Managed Anthos Service Mesh to the rapid channel. See Select a managed Anthos Service Mesh release channel for more information.

1.14.5-asm.3 is now available.

Anthos Service Mesh 1.14.5-asm.3 includes the features of Istio 1.14.5 subject to the list of Anthos Service Mesh supported features.

1.13.9-asm.1 is now available.

Anthos Service Mesh 1.13.9-asm.1 includes the features of Istio 1.13.9 subject to the list of Anthos Service Mesh supported features.

Anthos clusters on VMware

Anthos clusters on VMware 1.12.3-gke.23 is now available. To upgrade, see Upgrading Anthos clusters on VMware. Anthos clusters on VMware 1.12.3-gke.23 runs on Kubernetes 1.23.8-gke.1900.

The supported versions offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware are 1.13, 1.12, and 1.11.

  • Fixed the issue of a race condition that blocks the deletion of an old machine object during cluster upgrade or update.
  • Fixed an issue for clusters enabled with Anthos Network Gateway where the NetworkGatewayGroup object may erroneously report nodes as having NotHealthy status.
  • Fixed an issue where creating or updating NetworkGatewayGroup objects fails because of a webhook IP conflict error.
  • Fixed the following vulnerabilities:

Dataproc

Dataproc Serverless for Spark runtime version 2.0 will become the default Dataproc Serverless for Spark runtime version on December 13, 2022.

Identity and Access Management

Deny policies are generally available (GA). Use deny policies to prevent principals from using certain permissions, regardless of the roles they're granted.

SAP on Google Cloud

New SAP certification for operating systems

SAP has certified the operating system SUSE Linux Enterprise Server (SLES) 15 SP4 for SAP HANA and SAP NetWeaver on Google Cloud.

For more information about SAP-certified operating systems, see:

Vertex AI Workbench

The v1beta1 version of the Notebooks API is scheduled for removal no earlier than January 16, 2023. After this date, you must use Notebooks API v1 to manage Vertex AI Workbench resources.

October 24, 2022

Apigee X

On October 24, 2022, we released an updated version of Apigee X (1-9-0-apigee-5).

Some runtime error messages have been improved with a reason code. To display only the error codes with a reason code, scroll down to Search and type reason. The error catalog filters the view.

See: Runtime error catalog

Bug ID Description
252818300 Fixed issue with failing web socket connections.
249580739 This feature introduces a new filter-based mechanism to display API products.
249521773 Endpoint attachment ID naming convention change. The ID must start with a lowercase letter followed by up to 31 lowercase letters, numbers, or hyphens, and cannot end with a hyphen. The minimum length is 2. See Create an endpoint attachment.
249069616 Fixed issue where error in DebugSession could interrupt runtime flow.
248631925 The Developer List API has been enhanced to support pagination in a Google-wide consistent pattern.
247540503 Race condition with encryption key lookup causing KVM lookup failures.
246774745 io.timeout.millis not honored, causing 504 Gateway timeout for dynamic targets.
246193561 Disabling/Destroying of customer cloud KMS key impacted the runtime after 5 minutes and data that was encrypted with the key could not be accessed by Apigee data plane.
241786534 MART is able to send logs to UDCA successfully now.
240618523 Dynamically setting target.url now supports websocket protocols (ws and wss)
218567150 X-request-id headers modified at 14th character.
206879901 Fixed issue where Response headers were not visible from debug screen.
181569522 Fixed the environment recreate scenario without manual cleanup.
173566787 Message Processors behavior is changed. Message Processors will now reuse existing target IP addresses once if DNS resolution fails during DNS cache refresh
159599332 The flow variable servicecallout.requesturi reflects appropriately if the URI is constructed using multiple variables.
N/A Upgraded infrastructure and libraries
Bug ID Description
204965286 Security fix for CVE-2022-25647
193613381 Security fix for CVE-2021-21290 in netty-transport
BigQuery

You can now view BI Engine Top Tables Cached Bytes, BI Engine Query Fallback Count, and Query Execution Count as dashboard metrics for BigQuery. This feature is now in preview.

Cloud Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigtable

2.13.2 (2022-10-20)

Bug Fixes
  • Respect deadlines for column family operations (#687) (df2e64a)
Cloud Functions

Cloud Functions now supports the .NET Core 6.0 runtime at the General Availability release level.

Cloud Logging

You can now instrument gRPC applications to use Microservices observability.

Pricing for Microservices observability is the same as Cloud Operations Pricing. There are no separate charges for using Cloud Trace, Cloud Monitoring, or Cloud Logging Microservices observability plugins.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.11.9 (2022-10-17)

Dependencies
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.15 (#1145) (5bd000c)
Cloud Monitoring

You can now instrument gRPC applications to use Microservices observability.

Pricing for Microservices observability is the same as Cloud Operations Pricing. There are no separate charges for using Cloud Trace, Cloud Monitoring, or Cloud Logging Microservices observability plugins.

A new version of Managed Service for Prometheus is now available. Version 0.5.0 of managed collection for Kubernetes has been released. Users who deploy managed collection using kubectl should reapply the manifests. Users who deploy the service using gcloud or the GKE UI will be upgraded on a rolling basis over the coming weeks. This release has no impact on users of self-deployed collection.

For details about the changes included, see the release page on GitHub.

Cloud Spanner

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/spanner

6.3.0 (2022-10-03)

Bug Fixes
  • deps: Update dependency @google-cloud/precise-date to v3 (#1676) (3f20ec4)
  • Do not import the whole google-gax from proto JS (#1553) (#1700) (f9c2640)
  • Update google-gax to v3.3.0 (f9c2640)
Cloud Trace

You can now instrument gRPC applications to use Microservices observability.

Pricing for Microservices observability is the same as Cloud Operations Pricing. There are no separate charges for using Cloud Trace, Cloud Monitoring, or Cloud Logging Microservices observability plugins.

Dataproc

Dataproc Serverless for Spark now supports spark.dataproc.diagnostics.enabled property that enables auto diagnostics on Batch failure. Note that enabling auto diagnostics will hold compute and storage quota after Batch is complete and until diagnostics is finished.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-datastore

2.9.0 (2022-10-18)

Features
  • Add datastore aggregation query APIs (#306) (96d98e5)
Bug Fixes

Java

Changes for google-cloud-datastore

2.2.11 (2022-10-17)

Dependencies
  • Regenerating with new Protobuf (2.2.x) (#873) (9b3d60b)

2.12.2 (2022-10-21)

Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.0.5 (#891) (1f32176)

2.12.1 (2022-10-19)

Dependencies
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.16 (#885) (c8b7559)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.16 (#886) (76df7ea)

2.12.0 (2022-10-17)

Features
Dependencies
  • Update dependency com.google.errorprone:error_prone_core to v2.16 (#872) (b2a72ca)
  • Update dependency org.easymock:easymock to v5 (#877) (ed816e2)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.15 (#878) (831a92b)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.15 (#879) (76a187a)
Google Cloud Armor

Default security policies are now Generally Available. You can configure a default rate-limiting security policy when you use the Google Cloud Console to set up your load balancer. For more information, see the Rate limiting overview.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.120.22 (2022-10-18)

Dependencies
  • Update dependency org.easymock:easymock to v5 (#1350) (1e88543)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.9.15 (#1351) (2af7579)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.9.15 (#1352) (379e39b)
Text-to-Speech

Text-to-Speech improved the quality of these voices. See the supported voices page for a complete list of voices and audio samples.

  1. cloud-en-GB-Wavenet-A
  2. cloud-en-GB-Wavenet-B
  3. cloud-en-GB-Wavenet-C
  4. cloud-en-GB-Wavenet-D
  5. cloud-en-GB-Wavenet-F
  6. cloud-es-ES-Wavenet-B
  7. cloud-es-ES-Wavenet-C
  8. cloud-es-ES-Wavenet-D
  9. cloud-hi-IN-Wavenet-A
  10. cloud-hi-IN-Wavenet-B
  11. cloud-hi-IN-Wavenet-C
  12. cloud-hi-IN-Wavenet-D
Workflows

Eventarc event-triggered requests are limited by the execution API write request on workflows. Events that exceed the limit follow the Eventarc retry policy.

Support for limiting the maximum number of concurrent branches or iterations within a parallel step is available in Preview.

October 21, 2022

Batch

Samples in Go are available for Batch. Documentation has been updated to include the following samples:

For more information, see All Batch code samples.

Cloud Logging

To show or hide log entries similar to a log entry displayed in the Logs Explorer, expand the log entry and use the Similar entries menu.

Cloud Monitoring

The Cloud Monitoring Integrations page now provides access to logs collected by logs-enabled integrations from the Details page for each integration.

Cloud Storage

New public dataset stored in Cloud Storage.

  • Data for ERA5 are now hosted publicly in Cloud Storage.
Contact Center AI Platform

New Version Release

  • Bring Your Own Carrier (BYOC) - Customers can now bring their own numbers through their carrier.

  • Dual Channel Recording - Customers can enable dual channel audio recordings (e.g. agent channel and consumer channel)

  • Virtual Agent Enhancements: Dialogflow CX agents configured for Global Region enabled, barge-in for Dialogflow CX (Voice), and passing parameters (either static or dynamic data) to Virtual Agents via Web SDK.

  • Agent Assist Enhancements: Agent Assist profiles configurable via Developer Settings & enabled at a queue level.

  • Secure Payment: Braintree supported as a payment provider and additional currencies (GBP, EUR, CAD) supported on Stripe and Braintree.

Dataproc

New sub-minor versions of Dataproc images:

1.5.75-debian10, 1.5.75-rocky8, 1.5.75-ubuntu18

2.0.49-debian10, 2.0.49-rocky8, 2.0.49-ubuntu18

Announcing the General Availability (GA) release of Dataproc Serverless for Spark runtime 2.0.

Dataproc Serverless for Spark now uses runtime version 1.0.20 and 2.0.0.

Upgraded Cloud Storage connector version to 2.2.8 in the latest 2.0 images.

Upgraded the Conscrypt library to 2.5.2 in the latest 1.5 and 2.0 images.

Dataproc Serverless for Spark runtime version 2.0.0 upgrades the following components:

  • Conda to 22.9
  • Jetty to 9.4.49.v20220914
  • ORC to 1.8.0
  • Protobuf to 3.21.7
  • RoaringBitmap to 0.9.32

Disabled auto deletion of files under /tmp in the latest Rocky images. Previous Rocky images have files in the /tmp folder deleted every 10 days due to default OS system setting in /usr/lib/tmpfiles.d/tmp.conf.

Changed Hive TokenStoreDelegationTokenSecretManager in the latest 1.5 and 2.0 images so that it updates the base class's current key ID after generating a new master key. This is important for users of DBTokenStore, which generates key IDs based on a monotonically increasing sequence from the database. Prior to this fix, there was a race condition during master key rollover that could cause it to attempt updating the prior master key using an incorrect ID value. This would fail and then quickly retry, sometimes multiple times, causing too many rows in the database.

Set yarn:spark.yarn.shuffle.stop_on_failure to true by default in the latest 1.5 and 2.0 images. This change causes YARN node manager startup to fail if the Spark external shuffle service startup fails. On VM boot, Dataproc will continuously restart the YARN node manager until it is able to start. This change reduces Spark executor errors, such as: org.apache.spark.SparkException: Unable to register with external shuffle server due to : Failed to con