The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
September 13, 2024
Apigee hybridhybrid v1.12.2
On September 13, 2024 we released an updated version of the Apigee hybrid software, 1.12.2.
- For information on upgrading, see Upgrading Apigee hybrid to version 1.12.2.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
362305438 | You can now add additional env variables to the runtime component. |
347798999 | You can now configure forward proxy for opentelemetry pods in Apigee hybrid. |
Bug ID | Description |
---|---|
N/A | Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra . This addresses the following vulnerability: |
For Cloud SQL Enterprise Plus edition, you can set the number of days of retained transaction logs from 1 to 35. For more information, see Use point-in-time recovery (PITR).
New Dataproc Serverless for Spark runtime versions:
- 1.1.78
- 1.2.22
- 2.2.22
Dataproc Serverless for Spark: Fixed a bug that caused some batches and sessions to fail to start when using the premium compute tier.
The custom extractor models pretrained-foundation-model-v1.2-2024-05-10
and pretrained-foundation-model-v1.3-2024-08-31
now support ML Processing in US/EU regions.
Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.
Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.
You can use Private Service Connect endpoints to access the regional service endpoints of supported Google APIs. This feature is available in General Availability.
The maximum number of concurrent workflow executions has increased from 7,500 to 10,000.
September 12, 2024
Access ApprovalAccess Approval supports Database Center in the Preview stage.
Access Transparency supports Database Center in the Preview stage.
On September 12, 2024, we released an updated version of Apigee.
With this release, Apigee supports Workforce Identity Federation.
Workforce Identity Federation lets you use an external identity provider (IdP) to authenticate and authorize a workforce — a group of users, such as employees, partners, and contractors — using Identity and Access Management (IAM) to access Apigee services.
See Access Apigee using Workforce Identity Federation for more information.
Bug ID | Description |
---|---|
338285095 | Fixed a problem where apps associated with an AppGroup did not appear in the Apps list in the Apigee UI in Cloud Console. As a result, users could not access the app's App Detail page in the console. Using search in the console with a partial app name or API key search for the app was not available. With this fix, users can now view apps associated with an AppGroup in the Apps list, and view details for each app or delete the app. Users will still not be able to create or edit AppGroup apps. Apigee hybrid organizations were not impacted by this problem, as they use the Classic UI to view the app details. |
PEM parsing error in JWT/JWS policies due to non-standard format
For Apigee and Apigee hybrid versions 1.13 and higher, any deviations in the required PEM format of keys used in Apigee JWS or JWT policies may result in a parsing error.
For more information, see Apigee known issues.
The XSLT Transform data transformer function is now available. This function transforms the specified XML string using the specified XSL string.
You can now use the partial ordering mode in BigQuery DataFrames to generate more efficient queries. This feature is in Preview.
Cloud SQL now supports near-zero downtime planned maintenance on standalone Cloud SQL Enterprise Plus edition primary instances. In addition, you can also simulate near-zero downtime for planned maintenance events on standalone Cloud SQL Enterprise Plus edition primary instances.
For more information, see About maintenance on Cloud SQL instances.
You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. To upgrade your instance, see Upgrade an instance to Cloud SQL Enterprise Plus edition using in-place upgrade.
You can now upgrade the minor version of a Cloud SQL for MySQL Enterprise Plus edition instance with near-zero downtime. To upgrade the minor version of your Cloud SQL for MySQL 8.0 instance, see Upgrade the minor version.
You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser
), instead of using the Cloud SQL Admin IAM role.
For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.
Cloud SQL now supports near-zero downtime planned maintenance on standalone Cloud SQL Enterprise Plus edition primary instances. In addition, you can also simulate near-zero downtime for planned maintenance events on standalone Cloud SQL Enterprise Plus edition primary instances.
For more information, see About maintenance on Cloud SQL instances.
You can now upgrade your instances to Cloud SQL Enterprise Plus edition with near-zero downtime. To upgrade your instance, see Upgrade an instance to Cloud SQL Enterprise Plus edition using in-place upgrade.
You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser
), instead of using the Cloud SQL Admin IAM role.
For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.
You can now provide access to Cloud SQL Studio by granting a new IAM role, Cloud SQL Studio User (roles/cloudsql.studioUser
), instead of using the Cloud SQL Admin IAM role.
For more information about using Cloud SQL Studio, see Manage your data using Cloud SQL Studio.
Release 1.29.500-gke.163
Google Distributed Cloud for bare metal 1.29.500-gke.163 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.500-gke.163 runs on Kubernetes v1.29.7-gke.1200.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
The following container image security vulnerabilities have been fixed in 1.29.500-gke.163:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Partner Connector launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- Meta Ads By Detrics
- Similarweb Rank Tracker By Similarweb
- The Trade Desk By Power My Analytics
- Pinterest Organic By Reporting Ninja
- Salesmate By Salesmate
Text wrapping for pivot table column headers
You can choose to wrap column header text in pivot table charts by enabling the Wrap text option in the Style tab.
Public Preview of Gemini in Looker Conversational Analytics
You can query data in natural language. The Conversational Analytics feature is a Gemini-powered data querying experience that makes it easier to find answers, explore data, and share insights using natural language. This feature is now available in Public Preview.
Learn more about Gemini in Looker and how to enable it in Looker Studio.
September 11, 2024
Apigee Advanced API SecurityDelay in score generation for Risk Assessment v2 with VPC-SC-enabled organizations only
This issue impacts Risk Assessment v2 only, which is in preview.
With VPC-SC-enabled organizations only, when generating scores for new organizations or scoring changes to included proxies, shared flows, and target server configurations, score generation could take as much as three hours.
See the Risk Assessment v2 customer documentation for information on the functionality.
You can now use Terraform to manage IAM tags on datasets and tables. This feature is generally available (GA).
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Pub/Sub
pubsub.googleapis.com/Schema
- Secure Web Proxy
networksecurity.googleapis.com/GatewaySecurityPolicy
networksecurity.googleapis.com/GatewaySecurityPolicyRule
networksecurity.googleapis.com/UrlList
You can now specify United States regions when using regional endpoints.
Config Connector version 1.122.0 is now available.
The state-into-spec
field now defaults to Absent
in all Config Controller clusters.
RedisCluster
(Alpha) now uses direct reconciliation.
SQLInstance
now uses direct reconciliation.
Added RedisCluster
(Alpha) resource for service Redis.
ContainerCluster
The spec.nodeConfig.taint
can be updated in place in lieu of destroying and recreating the object.
ContainerNodePool
The spec.nodeConfig.taint
can be updated in place in lieu of destroying and recreating the object.
SQLInstance
Add the spec.cloneSource
field to clone a SQLInstance.
RunJob
Add the spec.template.template.volumes[].cloudSqlInstance
field to configure Cloud SQL instance.
For GPU node pools created in GKE Standard clusters running version 1.30.1-gke.115600 or later, GKE automatically installs the default
NVIDIA GPU driver version corresponding to the GKE version if you don't specify the gpu-driver-version
flag.
(2024-R35) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.31.0-gke.1506000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1234000
- 1.27.16-gke.1234001
- 1.27.16-gke.1258000
- 1.28.13-gke.1024000
- 1.28.13-gke.1042000
- 1.29.8-gke.1031000
- 1.29.8-gke.1057000
- 1.30.4-gke.1129000
- 1.30.4-gke.1213000
- 1.31.0-gke.1058000
- 1.31.0-gke.1324000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1506000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.16-gke.1148000
- 1.28.12-gke.1179000
- 1.29.7-gke.1274000
- 1.30.3-gke.1969000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
Stable channel
- Version 1.30.2-gke.1587003 is now the default version for cluster creation in the Stable channel.
- The following versions are now available in the Stable channel:
- Version 1.27.16-gke.1008000 is no longer available in the Stable channel.
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1051001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1051001 with this release.
Extended channel
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1148000
- 1.28.12-gke.1179000
- 1.29.7-gke.1274000
- 1.30.3-gke.1969000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
No channel
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.27.16-gke.1008000
- 1.27.16-gke.1148000
- 1.27.16-gke.1234000
- 1.27.16-gke.1234001
- 1.28.13-gke.1042000
- 1.29.6-gke.1326000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
(2024-R35) Version updates
- Version 1.31.0-gke.1506000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1234000
- 1.27.16-gke.1234001
- 1.27.16-gke.1258000
- 1.28.13-gke.1024000
- 1.28.13-gke.1042000
- 1.29.8-gke.1031000
- 1.29.8-gke.1057000
- 1.30.4-gke.1129000
- 1.30.4-gke.1213000
- 1.31.0-gke.1058000
- 1.31.0-gke.1324000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1287000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1049000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1096000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1287000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1049000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1096000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1506000 with this release.
(2024-R35) Version updates
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.16-gke.1148000
- 1.28.12-gke.1179000
- 1.29.7-gke.1274000
- 1.30.3-gke.1969000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
(2024-R35) Version updates
- Version 1.30.2-gke.1587003 is now the default version for cluster creation in the Stable channel.
- The following versions are now available in the Stable channel:
- Version 1.27.16-gke.1008000 is no longer available in the Stable channel.
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1051001 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1051001 with this release.
(2024-R35) Version updates
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1148000
- 1.28.12-gke.1179000
- 1.29.7-gke.1274000
- 1.30.3-gke.1969000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
(2024-R35) Version updates
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.27.16-gke.1008000
- 1.27.16-gke.1148000
- 1.27.16-gke.1234000
- 1.27.16-gke.1234001
- 1.28.13-gke.1042000
- 1.29.6-gke.1326000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1148001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
Looker 24.16 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, September 16, 2024
Expected Looker (original) final deployment and download available: Thursday, September 26, 2024
Expected Looker (Google Cloud core) deployment start: Monday, September 16, 2024
Expected Looker (Google Cloud core) final deployment: Monday, September 30, 2024
Beginning in Looker 24.18, the October 2024 Looker release, Google Maps will be the only visualization engine for all map visualizations. The Legacy Maps chart type will be removed. Please go to the Legacy features page in the Admin panel and disable "Allow legacy maps"; if you encounter any issues, contact Looker Support.
The LookML Validator now checks for incompatible types in Liquid comparison expressions and, if it finds them, returns an error.
You can change the width of the panels in the Looker IDE, both the feature panel (which contains File Browser, Object Browser, and Git Actions) and the side panel (which contains Project Health, Quick Help, and Metadata). The size of the side panels is persisted across logins and refreshes.
The Chart Config Editor now supports sunburst visualizations.
The Redshift driver is now configured with AWS's recommended TCP keep-alive settings.
The content_summary
API endpoint is now generally available. You can use this endpoint to search for recently viewed content or content that you have marked as a favorite.
Comprehensive API support for Looker Connected Sheets is now accessible through both AppsScript and the Google Sheets APIs. API support enables automated data refresh, custom workflows, and integration with external tools and services.
Looker instances with the Redshift license feature enabled will now use the driver version 2.1.0.30.
An issue has been fixed where measures would remove COALESCE SQL expressions from dimensions during query generation. This feature now performs as expected.
CJK characters are now displayed properly in mobile browsers when they are included within inline table email attachments.
An issue has been fixed that was causing the Collapse All Folders button in the Looker IDE to not work correctly. This feature now performs as expected.
An issue has been fixed where some schedules would fail to send if a PDT was rebuilding. This feature now performs as expected.
An issue where downloaded queries would not show error messages has been fixed. This feature now performs as expected.
An issue has been fixed where the progress bar on single value visualizations could overlap with the visualization note. This feature now performs as expected.
The LookML validator no longer forces the full_suggestions
parameter to be enabled in certain situations involving Liquid variables and derived tables.
The Chart Config Editor now displays a more informative error message if you try to use an unsupported visualization type.
An issue has been fixed where the LookML Validator would return incorrect errors on cancel_grouping_fields
in Explores with joins. This feature now performs as expected.
An issue has been fixed where the Looker SQL Interface could not connect to Tableau using OAuth. This feature now performs as expected.
Internal database calls during LookML validation have been reduced.
An issue where the LookML Validator could crash if a LookML file incorrectly referenced a dimension_group
in a filters parameter has been fixed. This feature now performs as expected.
An issue has been fixed where Looker was incorrectly sanitizing some of the allowed CSS properties. This feature now performs as expected.
The child_count
property can now be omitted from dashboard and Look API responses when a feature flag is enabled.
An issue has been fixed with the TRUNC
function on some Denodo 8 dialects. This feature now performs as expected.
An issue has been fixed where query metrics were not appearing in the Explore list. This feature now performs as expected.
An issue has been fixed where the LookML validator would not return an error when value_format
and named_value_format
were both defined for a field. This feature now performs as expected.
The render
event has been added to the audit log list.
An issue with SAML authentication has been fixed.
The audit log buffer is now persisted to minimize log data loss.
A new Labs feature, Delegate Model Set Management, lets admins grant a new permission, manage_modelsets_restricted
. This permission grants users permissions that are similar to manage_models
, but only for model sets to which the users have access.
Secure Source Manager branch protection is Generally Available. To learn more about branch protection, see the Branch protection overview and Configure branch protection.
Secure Source Manager integration with Cloud Build lets you define your Cloud Build configuration and build triggers in your Secure Source Manager repository. To learn how to trigger builds automatically, see Connect to Cloud Build.
Validate updates to integrations in the Security Command Center Enterprise use case
Updates to the threat response playbook blocks and use case flows are available in the SCC Enterprise - Cloud Orchestration & Remediation
use case for Security Command Center Enterprise. To get these changes, upgrade the integrations to the latest versions.
For more information, see Validate integration versions in the use case.
The discovery service of Sensitive Data Protection now supports Amazon S3. You can run discovery to generate data profiles of your S3 buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.
This feature is available only to Security Command Center Enterprise customers. To use this feature, you need an AWS connector in Security Command Center that has Sensitive Data Protection enabled.
To get started on profiling Amazon S3 data, see the following:
- Connect to AWS for vulnerability detection and risk assessment
- Sensitive data discovery for Amazon S3
- Profile Amazon S3 data
For more information about sensitive data discovery, see Data profiles.
Preview stage support for the following integration:
Vertex AI Search: Natural language query filters (Public preview)
For queries on structured data stores, the natural language queries can be reformulated as filters and a residual query. For example, "Find a coffee shop serving banana bread"
becomes
"query": "banana bread", "filter": "type": ANY(\"cafe\")
.
The natural-language query understanding feature only applies to generic apps. It is recommended for structured data stores but can also be applied to unstructured data stores with metadata and to website data stores with structured data.
This feature is in Public preview. For more information, see Filter with natural language understanding.
Vertex AI APIs: Updated model for ranking and reranking documents for RAG
The ranking API model is upgraded. This underlying model significantly improves the relevance of top-ranked documents and provides more nuanced scores. For more information about ranking documents, see Rank and rerank documents with RAG.
September 10, 2024
Apigee Advanced API SecurityOn September 10, 2024 we released an updated version of Advanced API Security.
Proxy-specific security actions
You can now create security actions that apply only to one or more specified proxies.
This new functionality is not available with Apigee hybrid at this time.
See Security actions to learn more about proxy-specific security actions.
We previously identified a potential issue that could cause downtime for traffic directed to your GKE-managed internal passthrough Network Load Balancers after certain cluster operations, like node upgrades. This issue specifically affected clusters with GKE subsetting and Services configured with externalTrafficPolicy=Cluster
. See the Aug 14, 2024 release note for details.
A fix for this issue is now available. We recommend upgrading your GKE cluster's control plane to the following patch versions or later:
- 1.27.16-gke.1258000
- 1.28.13-gke.1024000
- 1.29.8-gke.1057000
- 1.30.4-gke.1129000
- 1.31.0-gke.1506000
Added support for CMEK organization policies.
New SAP certification for operating system
For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has now certified the operating system Red Hat Enterprise Linux (RHEL) for SAP 8.10.
For more information about SAP-certified operating systems, see:
Secret Manager is now enabled for use with Cloud KMS Autokey.
Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.
For more information, see Enable customer-managed encryption keys for Secret Manager. To learn more about Cloud KMS Autokey, see Autokey overview.
The DOD_ID_NUMBER
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
Journey Voices is now in Preview and supports text streaming.
The ability to back up and restore data on a Vertex AI Workbench instance is now available in Preview. For more information, see Back up and restore an instance.
reCAPTCHA Mobile SDK v18.6.1 is now available for Android.
This version contains the compatibility fix for Android 6 and earlier.
September 09, 2024
Access ApprovalAccess Approval supports Cloud Data Fusion in the GA stage.
The BigQuery Data Transfer Service can now transfer campaign reporting and configuration data from Display & Video 360 into BigQuery, including Creative
, Partner
, and Advertiser
tables. This feature is generally available (GA).
Table and TopList widgets can now display the results of multiple queries. You can also configure the column headers, data alignment, and color-code cells based on how a numeric value compares to a threshold. For more information, see the following documents:
You can now use the Google Cloud console to do the following:
Create buckets with hierarchical namespace enabled. To learn more, see Create a bucket.
Create and manage folders in buckets with hierarchical namespace enabled. To learn more, see Create and manage folders.
Rename and move folders. To learn more, see Rename and move folders.
cos-109-17800-309-46
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.21 | See List |
Updated app-containers/containerd to 1.7.21.
Upgraded app-containers/containerd to v1.7.20, Upgraded app-containers/containerd-test to v1.7.20.
Fixes CVE-2023-7256 in net-libs/libpcap.
Fixes CVE-2024-44987 in the Linux kernel.
Fixes CVE-2024-43889 in the Linux kernel.
Fixes CVE-2024-42302 in the Linux kernel.
Fixes CVE-2024-41057 in the linux kernel.
Fixes CVE-2024-43837 in the Linux kernel.
Fixes CVE-2024-43855 in the Linux kernel.
Fixes CVE-2024-41076 in the Linux kernel.
Fixes CVE-2024-42316 in the Linux kernel
Fixes CVE-2024-43828 in the Linux kernel.
Fixes CVE-2024-43856 in the Linux kernel.
Fixes CVE-2024-41073 in the Linux kernel.
Fixes CVE-2024-44934 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812248 -> 812274
cos-dev-121-18657-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.49 | v24.0.9 | v1.7.21 | See List |
Updated app-containers/containerd to 1.7.21.
Updated dev-go/oauth2 to v0.23.0. Removed dev-go/appengine.
Updated dev-lang/python to 3.8.19_p1. This fixes CVE-2007-4559.
Updated the Linux kernel to v6.6.49.
Removed chromeos-base/ec-utils and chromeos-base/ec-utils.
Removed dev-libs/confuse and dev-embedded/libftdi.
Removed dev-python/setuptools.
Removed dev-python/webcolors.
Replaced cos-extensions with new Go binary.
Updated google-osconfig-agent to v20240822.00.
Fixes CVE-2023-7256 in net-libs/libpcap.
Upgraded app-editors/vim, app-editors/vim-core to 9.1.0698. This fixed CVE-2024-43790, CVE-2024-43802.
Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Runtime sysctl changes:
- Changed: fs.file-max: 811752 -> 811768
cos-113-18244-151-50
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.21 | See List |
Updated app-containers/containerd to 1.7.21.
Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Fixes CVE-2024-42302 in the Linux kernel.
Fixes CVE-2024-41057 in the linux kernel.
Fixes CVE-2024-43837 in the Linux kernel.
Fixes CVE-2024-43855 in the Linux kernel.
Fixes CVE-2024-43889 in the Linux kernel.
Fixes CVE-2024-42316 in the Linux kernel.
Fixes CVE-2024-43828 in the Linux kernel.
Fixes CVE-2024-43856 in the Linux kernel.
Fixes CVE-2024-41073 in the Linux kernel.
Fixes CVE-2024-43854 in the Linux kernel.
Fixes CVE-2024-41058 in the Linux kernel.
Fixes CVE-2024-41098 in Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812039 -> 812022
cos-105-17412-448-29
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Fixes CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Fixes CVE-2024-43889 in the Linux kernel.
Fixes CVE-2024-43828 in the Linux kernel.
Fixes CVE-2024-43856 in the Linux kernel.
Fixes CVE-2024-44934 in the Linux kernel.
Fixes CVE-2024-41073 in the Linux kernel.
Fixes CVE-2024-42302 in the Linux kernel.
Fixes CVE-2024-43854 in the Linux kernel.
Fixes CVE-2024-41098 in Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812696 -> 812685
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
cos-101-17162-528-34
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Fixes CVE-2023-7256 in net-libs/libpcap.
Fixes CVE-2024-40959 in the Linux kernel.
Fixes CVE-2024-40995 in the Linux kernel.
Fixes CVE-2024-43828 in the Linux kernel.
Fixes CVE-2024-41055 in the Linux kernel.
Fixes CVE-2024-43856 in the Linux kernel.
Fixes CVE-2024-40958 in the Linux kernel.
Fixes CVE-2024-41073 in the Linux kernel.
Fixes CVE-2024-44934 in the Linux kernel.
Fixes CVE-2024-41049 in the Linux kernel.
cos-beta-117-18613-0-25
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.44 | v24.0.9 | v1.7.21 | See List |
Fixes CVE-2024-43889 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811778 -> 811784
You can now set a default Dataform customer-managed encryption keys (CMEK) key for your project to encrypt multiple Dataform repositories with the same CMEK key. For more information, see Use Dataform default CMEK keys.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-ndb
2.3.2 (2024-07-15)
Bug Fixes
Google Distributed Cloud (software only) for VMware 1.28.900-gke.113 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.900-gke.113 runs on Kubernetes v1.28.12-gke.1100.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
The following issues are fixed in 1.28.900-gke.113:
- Fixed the known issue where updating DataplaneV2 ForwardMode doesn't automatically trigger anetd DaemonSet restart.
- Fixed the known issue where the
credential.yaml
file was regenerated incorrectly during an admin workstation upgrade. - Fixed the
known issue
where the
etcdctl
command was not found during cluster upgrade at the admin cluster backup stage.
Fixed the following vulnerabilities in 1.28.900-gke.113:
High-severity container vulnerabilities:
Ubuntu vulnerabilities:
- CVE-2023-52629
- CVE-2023-52760
- CVE-2024-26680
- CVE-2024-26830
- CVE-2024-26921
- CVE-2024-36901
- CVE-2024-39292
- CVE-2024-39484
- CVE-2023-52585
- CVE-2023-52882
- CVE-2024-26900
- CVE-2024-26936
- CVE-2024-26980
- CVE-2024-27398
- CVE-2024-27399
- CVE-2024-27401
- CVE-2024-35848
- CVE-2024-35947
- CVE-2024-36017
- CVE-2024-36031
- CVE-2024-36880
- CVE-2024-36883
- CVE-2024-36886
- CVE-2024-36889
- CVE-2024-36897
- CVE-2024-36902
- CVE-2024-36904
- CVE-2024-36905
- CVE-2024-36906
- CVE-2024-36916
- CVE-2024-36919
- CVE-2024-36928
- CVE-2024-36929
- CVE-2024-36931
- CVE-2024-36933
- CVE-2024-36934
- CVE-2024-36937
- CVE-2024-36938
- CVE-2024-36939
- CVE-2024-36940
- CVE-2024-36941
- CVE-2024-36944
- CVE-2024-36946
- CVE-2024-36947
- CVE-2024-36950
- CVE-2024-36952
- CVE-2024-36953
- CVE-2024-36954
- CVE-2024-36955
- CVE-2024-36957
- CVE-2024-36959
- CVE-2024-36960
- CVE-2024-36964
- CVE-2024-36965
- CVE-2024-36967
- CVE-2024-36969
- CVE-2024-36975
- CVE-2024-38600
- CVE-2023-52752
- CVE-2024-25742
- CVE-2024-26886
- CVE-2024-26952
- CVE-2024-27017
- CVE-2024-36016
- CVE-2022-38096
- CVE-2023-52488
- CVE-2023-52699
- CVE-2023-52880
- CVE-2024-23307
- CVE-2024-24857
- CVE-2024-24858
- CVE-2024-24859
- CVE-2024-24861
- CVE-2024-25739
- CVE-2024-26629
- CVE-2024-26642
- CVE-2024-26654
- CVE-2024-26687
- CVE-2024-26810
- CVE-2024-26811
- CVE-2024-26812
- CVE-2024-26813
- CVE-2024-26814
- CVE-2024-26817
- CVE-2024-26828
- CVE-2024-26922
- CVE-2024-26923
- CVE-2024-26925
- CVE-2024-26926
- CVE-2024-26929
- CVE-2024-26931
- CVE-2024-26934
- CVE-2024-26935
- CVE-2024-26937
- CVE-2024-26950
- CVE-2024-26951
- CVE-2024-26955
- CVE-2024-26956
- CVE-2024-26957
- CVE-2024-26958
- CVE-2024-26960
- CVE-2024-26961
- CVE-2024-26964
- CVE-2024-26965
- CVE-2024-26966
- CVE-2024-26969
- CVE-2024-26970
- CVE-2024-26973
- CVE-2024-26974
- CVE-2024-26976
- CVE-2024-26977
- CVE-2024-26981
- CVE-2024-26984
- CVE-2024-26988
- CVE-2024-26989
- CVE-2024-26993
- CVE-2024-26994
- CVE-2024-26996
- CVE-2024-26999
- CVE-2024-27000
- CVE-2024-27001
- CVE-2024-27004
- CVE-2024-27008
- CVE-2024-27009
- CVE-2024-27013
- CVE-2024-27015
- CVE-2024-27016
- CVE-2024-27018
- CVE-2024-27019
- CVE-2024-27020
- CVE-2024-27059
- CVE-2024-27393
- CVE-2024-27395
- CVE-2024-27396
- CVE-2024-27437
- CVE-2024-35785
- CVE-2024-35789
- CVE-2024-35791
- CVE-2024-35796
- CVE-2024-35804
- CVE-2024-35805
- CVE-2024-35806
- CVE-2024-35807
- CVE-2024-35809
- CVE-2024-35813
- CVE-2024-35815
- CVE-2024-35817
- CVE-2024-35819
- CVE-2024-35821
- CVE-2024-35822
- CVE-2024-35823
- CVE-2024-35825
- CVE-2024-35847
- CVE-2024-35849
- CVE-2024-35851
- CVE-2024-35852
- CVE-2024-35853
- CVE-2024-35854
- CVE-2024-35855
- CVE-2024-35857
- CVE-2024-35871
- CVE-2024-35872
- CVE-2024-35877
- CVE-2024-35879
- CVE-2024-35884
- CVE-2024-35885
- CVE-2024-35886
- CVE-2024-35888
- CVE-2024-35890
- CVE-2024-35893
- CVE-2024-35895
- CVE-2024-35896
- CVE-2024-35897
- CVE-2024-35898
- CVE-2024-35899
- CVE-2024-35900
- CVE-2024-35902
- CVE-2024-35905
- CVE-2024-35907
- CVE-2024-35910
- CVE-2024-35912
- CVE-2024-35915
- CVE-2024-35918
- CVE-2024-35922
- CVE-2024-35925
- CVE-2024-35930
- CVE-2024-35933
- CVE-2024-35934
- CVE-2024-35935
- CVE-2024-35936
- CVE-2024-35938
- CVE-2024-35940
- CVE-2024-35944
- CVE-2024-35950
- CVE-2024-35955
- CVE-2024-35958
- CVE-2024-35960
- CVE-2024-35969
- CVE-2024-35970
- CVE-2024-35973
- CVE-2024-35976
- CVE-2024-35978
- CVE-2024-35982
- CVE-2024-35984
- CVE-2024-35988
- CVE-2024-35989
- CVE-2024-35990
- CVE-2024-35997
- CVE-2024-36004
- CVE-2024-36005
- CVE-2024-36006
- CVE-2024-36007
- CVE-2024-36008
- CVE-2024-36020
- CVE-2024-36025
- CVE-2024-36029
The following new YARA-L 2.0 functions are available in Rules and Search:
- arrays.concat
- arrays.join_string
- arrays.max
- arrays.min
- arrays.size
- arrays.index_to_int
- cast.as_bool
- cast.as_float
- math.ceil
- math.floor
- math.geo_distance
- math.is_increasing
- math.pow
- math.random
- strings.contains
- strings.count_substrings
- strings.extract_domain
- strings.extract_hostname
- strings.from_hex
- strings.ltrim
- strings.reverse
- strings.rtrim
- strings.trim
- strings.url_decode
- timestamp.as_unix_seconds
- timestamp.now
The following new YARA-L 2.0 functions are available in Rules:
- hash.sha256
- window.avg
- window.first
- window.last
- window.median
- window.mode
- window.stddev
- window.variance
Details on function signatures and behavior can be found in YARA-L2.0 Function Syntax Reference Documentation
Due to technical issues, the SOAR version has been rolled back to Release 6.3.16.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
4.7.1 (2024-08-26)
Bug Fixes
ABAP SDK for Google Cloud version v1.8 (On-premises or any cloud edition)
Version 1.8 of the on-premises or any cloud edition of ABAP SDK for Google Cloud is generally available (GA). This version introduces the Vertex AI SDK for ABAP, a dedicated toolset for seamless interaction with Google Cloud's Vertex AI platform from SAP environment. The SDK lets you build AI-powered enterprise features and applications with reduced complexity and development efforts from within your SAP systems.
For more information, see:
New configuration options for Vulnerability Assessment for AWS
When configuring Vulnerability Assessment for AWS, you can customize the scan settings by defining the scan interval, specific regions, specific tags, and specific instance IDs. You can also include SC1 or ST1 instances in the scan. For more information, see Enable and use Vulnerability Assessment for AWS.
Ray cluster's autoscaling feature is now supported. See Scale Ray clusters on Vertex AI
September 08, 2024
Google SecOps SOARRelease 6.3.17 is now in General Availability.
September 07, 2024
Google SecOps SOARRelease 6.3.18 is currently in Preview.
Playbooks are getting stuck in the queue. (ID #53247410)
September 06, 2024
Cloud MonitoringThe Metrics management page in Cloud Monitoring now shows you the sources of metric reads and lets you exclude unneeded metrics entirely, eliminating the cost of ingesting them. For more information, see View and manage metric usage.
The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu
metrics.
New Dataproc on Compute Engine subminor image versions:
- 2.0.117-debian10, 2.0.117-rocky8, 2.0.117-ubuntu18
- 2.1.65-debian11, 2.1.65-rocky8, 2.1.65-ubuntu20, 2.1.65-ubuntu20-arm
- 2.2.31-debian12, 2.2.31-rocky9, 2.2.31-ubuntu22
Dataproc on Compute Engine: The latest 2.2
image versions now support Hudi 0.15.0
.
Dataproc on Compute Engine: The latest 2.2 image versions support Hudi Trino integration natively. If both components are selected when you create a Dataproc cluster, Trino will be configured to support Hudi automatically.
(2024-R34) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
There are no new releases in the Rapid channel.
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
There are no new releases in the Extended channel.
No channel
There are no updates for clusters not enrolled in a release channel.
(2024-R33) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.31.0-gke.1058000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1148000
- 1.28.13-gke.1006000
- 1.29.7-gke.1274000
- 1.30.3-gke.1639000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1234000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1234000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969000 with this release.
Regular channel
- Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.16-gke.1051000
- 1.27.16-gke.1082000
- 1.28.12-gke.1052000
- 1.29.7-gke.1104000
- 1.30.3-gke.1225000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.
Stable channel
- Version 1.29.7-gke.1104000 is now the default version for cluster creation in the Stable channel.
- Version 1.27.16-gke.1051001 is now available in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
Extended channel
- Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1051000
- 1.27.16-gke.1082000
- 1.28.12-gke.1052000
- 1.29.7-gke.1104000
- 1.30.3-gke.1225000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.
No channel
- Version 1.30.3-gke.1639000 is now the default version for cluster creation.
- The following control plane and node versions are now available:
- The following versions are no longer available:
- 1.27.15-gke.1252000
- 1.27.16-gke.1051000
- 1.27.16-gke.1082000
- 1.28.11-gke.1260000
- 1.29.6-gke.1254000
- 1.29.7-gke.1008000
- 1.30.3-gke.1225000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.
(2024-R34) Version updates
There are no new releases in the Rapid channel.
(2024-R33) Version updates
- Version 1.31.0-gke.1058000 is now the default version for cluster creation in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1148000
- 1.28.13-gke.1006000
- 1.29.7-gke.1274000
- 1.30.3-gke.1639000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1234000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1024000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.8-gke.1031000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1969000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1234000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1024000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.8-gke.1031000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1969000 with this release.
(2024-R34) Version updates
There are no new releases in the Regular channel.
(2024-R33) Version updates
- Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.16-gke.1051000
- 1.27.16-gke.1082000
- 1.28.12-gke.1052000
- 1.29.7-gke.1104000
- 1.30.3-gke.1225000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.
(2024-R34) Version updates
There are no new releases in the Stable channel.
(2024-R33) Version updates
- Version 1.29.7-gke.1104000 is now the default version for cluster creation in the Stable channel.
- Version 1.27.16-gke.1051001 is now available in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
(2024-R34) Version updates
There are no new releases in the Extended channel.
(2024-R33) Version updates
- Version 1.30.3-gke.1639000 is now the default version for cluster creation in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1051000
- 1.27.16-gke.1082000
- 1.28.12-gke.1052000
- 1.29.7-gke.1104000
- 1.30.3-gke.1225000
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.
(2024-R34) Version updates
There are no updates for clusters not enrolled in a release channel.
(2024-R33) Version updates
- Version 1.30.3-gke.1639000 is now the default version for cluster creation.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.15-gke.1252000
- 1.27.16-gke.1051000
- 1.27.16-gke.1082000
- 1.28.11-gke.1260000
- 1.29.6-gke.1254000
- 1.29.7-gke.1008000
- 1.30.3-gke.1225000
- Auto-upgrade targets are now available for the following minor versions:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.12-gke.1179000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.
Burst limits will be rolling out over the next 90 days. This should not affect customers if sources are properly configured. Review documentation for full details.
Burst limits will be rolling out over the next 90 days. This should not affect customers if sources are properly configured. Review documentation for full details.
The SEXUAL_ORIENTATION
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
September 05, 2024
Anthos Attached ClustersThis release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
On September 5, 2024, we released an updated version of the Apigee UI.
An informational message was added to the action creation flow for Apigee Security actions, informing users that actions can't be edited or deleted.
Bug ID | Description |
---|---|
349284447 | Correct sorting for revisions in Duplicate Proxy The Duplicate Proxy experience now correctly sorts the list of existing revisions. |
359475166 | Fixed issue with Analytics Error Analysis Resolved issue with the Error Composition page that interchanged the proxy error and target error legend. |
hybrid 1.13.0-hotfix.1
On September 5, 2024 we released an updated version of the Apigee hybrid software, 1.13.0-hotfix.1.
Apply this hotfix following the steps in Upgrading Apigee hybrid to version 1.13:
- For information on upgrading, see Upgrading Apigee hybrid to version 1.13.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
362690729 | Fix for aggressive scaling of runtime pods & cpu spike. |
362979563 | Fix for Ingress Health Check failure /healthz/ingress - route_not_found . |
Preview: You can view the on-demand reservations and future reservation requests available for consumption in your project, folder, or organization. This helps you plan for future capacity assurance, as well as view the reserved resources that cover your projected growth or peak usage. For more information, see View usage and forecast data in Capacity Planner.
Preview: You can use the Capacity Planner API to export usage and forecast data of the VMs, Persistent Disk volumes, or GPUs in your project, folder, or organization. This lets you export usage and forecast data in a Cloud Storage bucket or BigQuery table. For more information, see Export usage and forecast data using the Capacity Planner API.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Generally available: Multi-writer support for Hyperdisk Balanced disks. Up to 8 VMs can simultaneously read from and write to the same disk. For more information, see Share disks between VMs.
Dataproc Metastore supports custom region configurations. A custom region configuration lets your service run workloads from two separate regions.
You can now use Firestore to perform K-nearest neighbor (KNN) vector searches. Additionally, use Firestore vector searches with inequality filters, retrieve the calculated vector distance, and specify a distance threshold. This feature is generally available (GA).
For more information, see Search with vector embeddings.
(New guide) Enterprise application with Oracle Database on Compute Engine: Provides a reference architecture to host an application that uses an Oracle database, deployed on Compute Engine VMs.
Gemini in Looker now available for Looker Studio content
Looker Studio Pro users can now create calculated fields and generate Google Slides from Looker Studio content using Gemini assistance. Gemini in Looker no longer requires content to be associated with a Looker Studio Pro subscription.
For more information about Gemini in Looker, see the Gemini in Looker overview.
September 04, 2024
AlloyDB for PostgreSQLAlloyDB for PostgreSQL is now available in africa-south1
(Johannesburg) and in
me-central2
(Damman). For more information, see AlloyDB locations.
Backup and DR Service added support to automatically protect your Google Cloud VMware Engine VMs using vSphere tags. The dynamic protection tags feature is supported for backup/recovery appliances running on version 11.0.12.320 or later. You can check the appliance version from Manage > Appliances page.
You can now use vector search and vector index features in BigQuery.
You can use the
VECTOR_SEARCH
function
to search embeddings in order to identify semantically similar entities.
You can use
vector indexes
to make VECTOR_SEARCH
more efficient, with the trade-off of returning more
approximate results.
You can try the vector search and vector index capabilities by using the Search embeddings with vector search tutorial.
The BigQuery vector search and vector index features are generally available (GA).
Dataproc on Compute Engine: Dataproc image version 2.2 will become the default Dataproc on Compute Engine image version on September 6, 2024.
For GKE versions 1.29 and later, the gke-metrics-agent
Pod runs with the prometheus-metrics-collector
container in addition to the existing gke-metrics-agent
and core-metrics-exporter
containers. This change might result in an increase in the Service time series ingestion requests per minute
quota; however, there is no additional cost.
Experimental: As CentOS Linux 7 has reached end-of-life (EOL) on June 30, 2024, Migrate to Virtual Machines lets you convert CentOS Linux 7 to Rocky Linux 8 as part of your migration.
To use this feature, send a request to the email address: centos-to-rocky-linux@google.com.
Note: This product or feature is subject to the Pre-GA Offerings Terms in the General Service Terms section of the Service Specific Terms. Pre-GA products and features are available as is and might have limited support.
Install new version of the Security Command Center Enterprise use case
The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation
use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date, September 4, 2024, introduces updated widgets, new playbooks, optimized data synchronization jobs, updated ingestion logic, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.
For installation instructions, see Update Enterprise use case, September 2024.
September 03, 2024
AlloyDB for PostgreSQLThe extension pgvector
is updated to version 0.7.2.
Deterministic URLs, which let you predict a Cloud Run service URL before the service is created, is now in general availability (GA).
When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.
You can now use point-in-time recovery to restore your zonal instance to a preferred primary zone and your regional instance to both a preferred primary zone and a preferred secondary zone. For more information, see Use point-in-time recovery (PITR).
When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.
When you clone your zonal instance, you can now specify a preferred zone for the instance. You can also specify preferred primary and secondary zones for your regional instance. If the zones for your instance go down in the future, then Cloud SQL can assign the preferred zones to the instance, and you don't experience downtime. For more information, see Clone instances.
Version 3.24 is released
All release notes published on this date are part of version 3.24.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Raw data export
With raw data export, you can export detailed CCAI Platform session data to an external storage bucket. With this data you can get insights into calls, chats, emails, queues, agent performance, virtual agents, and more.
Virtual agents can create and assign tickets for custom CRM apps
Virtual agents can now create and assign incoming tickets for custom CRM apps prior to a human agent taking the ticket. This capability was previously available only for some commercial CRM apps. For more information, see Configure the assignment of chat or call records created by virtual agents.
Barge is available for chat
Barge, which lets supervisors join or take over calls with end-users, is now available for chat. For more information, see Barge for calls and chat.
Reserved data attributes
With reserved data attributes, you can tag sessions with one of the following labels: Verified Customer
, Bad Actor
, or Repeat Customer
. You can send this information to Google at the start of a session using an SDK, a SIP header, or the Apps API. With the API you can also send this information after the session starts. After we receive this information we display it in the agent adapter so the agent or a supervisor can act accordingly. For more information, see Reserved data attributes.
Fixed an issue where listening to a voicemail would occasionally lead to the creation of a duplicate entry at the top of the list.
Fixed an issue that prevented emails from being sent to external storage.
Fixed an issue where integrating the Salesforce CRM with CCAI Platform was failing.
cos-101-17162-528-27
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Fixed CVE-2024-40954 in the Linux kernel.
Fixed CVE-2024-43854 in the Linux kernel.
Fixed CVE-2024-43854 in the Linux kernel.
Fixed CVE-2024-43854 in the Linux kernel.
Fixed CVE-2024-41098 in the Linux kernel.
Fixed CVE-2024-42283 in the Linux kernel.
Fixed CVE-2024-42269 in the Linux kernel.
Fixed CVE-2024-42270 in the Linux kernel.
Fixed CVE-2024-40994 in the Linux kernel.
Fixed CVE-2023-52889 in the Linux kernel.
Fixed CVE-2024-41000 in the Linux kernel.
Fixed CVE-2024-42102 in the Linux kernel.
Fixed CVE-2024-40960 in the Linux kernel.
Fixed CVE-2024-40961 in the Linux kernel.
Fixed KCTF-c07ff85 in the Linux kernel.
cos-109-17800-309-33
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | See List |
Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2023-46246, CVE-2024-41957, CVE-2024-41965.
Fixed CVE-2024-41058 in the Linux kernel.
Fixed CVE-2024-41058 in the Linux kernel.
Fixed CVE-2024-43854 in the Linux kernel.
Fixed CVE-2024-43854 in the Linux kernel.
Fixed CVE-2024-43854 in the Linux kernel.
Fixed CVE-2024-41098 in the Linux kernel.
Fixed CVE-2024-42270 in the Linux kernel.
Fixed CVE-2023-52889 in the Linux kernel.
Fixed CVE-2024-42283 in the Linux kernel.
Fixed CVE-2024-42268 in the Linux kernel.
Fixed CVE-2024-42269 in the Linux kernel.
Fixed CVE-2024-42285 in the Linux kernel.
Fixed KCTF-c07ff85 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812259 -> 812248
cos-beta-117-18613-0-24
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.44 | v24.0.9 | v1.7.21 | See List |
Updated app-containers/containerd to 1.7.21.
Fixed CVE-2024-37370, CVE-2024-37371 in app-crypt/mit-krb5.
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Fixed CVE-2024-44934 in the Linux kernel.
Fixed CVE-2024-42269 in the Linux kernel.
Fixed CVE-2024-42268 in the Linux kernel.
Fixed CVE-2024-42270 in the Linux kernel.
Fixed KCTF-c07ff85 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 811697 -> 811778
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
cos-113-18244-151-33
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | See List |
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Fixed CVE-2024-42270 in the Linux kernel.
Fixed CVE-2024-42285 in the Linux kernel.
Fixed CVE-2024-42269 in the Linux kernel.
Fixed CVE-2024-42268 in the Linux kernel.
Fixed CVE-2024-42283 in the Linux kernel.
Fixed CVE-2023-52889 in the Linux kernel.
Fixed KCTF-c07ff85 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812030 -> 812039
cos-105-17412-448-22
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Updated app-editors/vim, app-editors/vim-core to version 9.1.0686. This fixed CVE-2024-41957, CVE-2024-41965.
Fixed CVE-2023-52889 in the Linux kernel.
Fixed CVE-2024-42285 in the Linux kernel.
Fixed CVE-2024-42269 in the Linux kernel.
Fixed CVE-2024-42283 in the Linux kernel.
Fixed CVE-2024-42270 in the Linux kernel.
Fixed KCTF-c07ff85 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812685 -> 812696
New Dataproc on Compute Engine subminor image versions:
- 2.0.116-debian10, 2.0.116-rocky8, 2.0.116-ubuntu18
- 2.1.64-debian11, 2.1.64-rocky8, 2.1.64-ubuntu20, 2.1.64-ubuntu20-arm
- 2.2.30-debian12, 2.2.30-rocky9, 2.2.30-ubuntu22,
Dataproc on Compute Engine: Apache Spark upgraded to version 3.5.1
in image version 2.2
starting with image version 2.2.30
.
Gemini 1.5 Flash (gemini-1.5-flash
) supports controlled generation.
VMware Engine now offers GA support for VPC Service Controls. VPC Service Controls provides an additional layer of security to prevent data exfiltration and unauthorized access. For more information, see VPC Service Controls.
Added support for Maintenance Windows (Preview). For more details, see About maintenance.
Support for execution backlogging is available in Preview. Backlogged executions automatically run as soon as execution concurrency quota becomes available.
September 02, 2024
Backup and DRBackup and DR Service added support to view mounted image logs in Cloud Logging.
Backup and DR Service added support to view mounted image reports in BigQuery.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigquery
2.42.2 (2024-08-29)
Bug Fixes
Dependencies
- Update actions/upload-artifact action to v4.3.5 (#3456) (f00977c)
- Update actions/upload-artifact action to v4.3.5 (#3462) (e1c6e92)
- Update actions/upload-artifact action to v4.3.6 (#3463) (ba91227)
- Update github/codeql-action action to v2.26.6 (#3464) (2aeb44d)
2.42.1 (2024-08-27)
Bug Fixes
Dependencies
- Update actions/upload-artifact action to v4.3.5 (#3420) (d5ec87d)
- Update actions/upload-artifact action to v4.3.5 (#3422) (c7d07b3)
- Update actions/upload-artifact action to v4.3.5 (#3424) (a9d6869)
- Update actions/upload-artifact action to v4.3.5 (#3427) (022eb57)
- Update actions/upload-artifact action to v4.3.5 (#3430) (c7aacba)
- Update actions/upload-artifact action to v4.3.5 (#3432) (b7e8244)
- Update actions/upload-artifact action to v4.3.5 (#3436) (ccefd6e)
- Update actions/upload-artifact action to v4.3.5 (#3440) (916fe9a)
- Update actions/upload-artifact action to v4.3.5 (#3443) (187f099)
- Update actions/upload-artifact action to v4.3.5 (#3444) (04aea5e)
- Update actions/upload-artifact action to v4.3.5 (#3449) (c6e93cd)
- Update actions/upload-artifact action to v4.3.5 (#3455) (fbfc106)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.49.0 (#3417) (66336a8)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.50.0 (#3448) (2c12839)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240714-2.0.0 (#3412) (8a48fd1)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3421) (91d780b)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3423) (16f350c)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240727-2.0.0 (#3428) (9ae6eca)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240803-2.0.0 (#3435) (b4e20db)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240815-2.0.0 (#3454) (8796aee)
- Update dependency com.google.cloud:google-cloud-bigquerystorage-bom to v3.9.0 (c4afbef)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.53.0 (#3418) (6cff7f0)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.54.0 (#3450) (cc9da95)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#3433) (801f441)
- Update github/codeql-action action to v2.26.2 (#3426) (0a6574f)
- Update github/codeql-action action to v2.26.3 (#3438) (390e182)
- Update github/codeql-action action to v2.26.5 (#3446) (58aacc5)
Documentation
Added a new metric: composer.googleapis.com/workflow/task_instance/queued_duration
. This metric is based on the dag.<dag_id>.<task_id>.queued_duration
Airflow metric.
Fixed an issue where an upgrade of a PSC-based private IP environment failed leaving the environment in an inconsistent state.
(Cloud Composer 3) Fixed the cause of false-positive failures of Airflow Celery workers reported by the liveness health check.
The apache-airflow-providers-google
package was upgraded to version 10.22.0 in Cloud Composer 2 images and Cloud Composer 3 builds with Airflow 2.9.1. For more information about changes, see the apache-airflow-providers-google changelog from version 10.21.0 to version 10.22.0.
The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 8.4.0 in Cloud Composer 2 images and Cloud Composer 3 builds with Airflow 2.9.1. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 8.3.4 to version 8.4.0.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.6 (default)
- composer-3-airflow-2.7.3-build.15
Cloud Composer 2.9.3 images are available:
- composer-2.9.3-airflow-2.9.1 (default)
- composer-2.9.3-airflow-2.7.3
You can now import Grafana dashboards into Cloud Monitoring by using the console. For more information, see Import Grafana dashboards into Cloud Monitoring.
Generally available: You can use the performance monitoring unit (PMU) to monitor low-level CPU events and metrics in VMs that use a C4 machine type. Using the PMU is helpful to analyze and optimize the performance of the software running on your VM when running performance-sensitive workloads, such as high-performance computing (HPC) or machine learning (ML) workloads.
For more information, see the following pages:
Release Notes 6.3.16 is now in General Availability.
Remote Agents 2.1.0 is now in General Availability.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
4.7.0 (2024-08-24)
Features
September 01, 2024
Cloud Data FusionCloud Data Fusion version 6.8 is no longer supported. You should upgrade your instances to run in a supported version. For instructions, see Manage version upgrades for instances and pipelines.
Release Notes 6.3.17 is currently in Preview.
Last Close comment and Last Close Root Cause not showing up in BigQuery. (ID #00298031)
Alert names that are too long cover the time remaining on the alert SLA. (ID #52831259)
Unable to edit, delete or export custom integration (ID #52403533)
Multi Select option not working in Custom Actions. (ID #52874346)
Playbook shows failed step even though it's not being used by the playbook. (ID #00282731)
Playbook export contains archived blocks. (ID #00251935)
August 31, 2024
Access ApprovalAccess Approval supports Filestore in the GA stage.
August 30, 2024
Apigee XOn August 30, 2024, we released an updated version of Apigee (1-13-0-apigee-4).
Bug ID | Description |
---|---|
N/A | Updates to security infrastructure and libraries. |
Updates to the Artifact Registry API are as follows:
- Add or update file annotations with
UpdateFile()
. - Add or update package version annotations with
UpdateVersion()
. - Filter by annotation or name with
ListFiles()
,ListPackages()
, andListVersions()
. - Filter by name with
ListTags()
,ListRepositories()
andListDockerImages()
. - Order by
name
,createTime
, orupdateTime
forListFiles()
,ListVersions()
,ListRepositories()
, andListPackages()
.
Artifact Registry records metrics and logs for your projects. To explore the available Artifact Registry metrics and logs, view your project in the Metrics Explorer or the Logs Explorer.
For more information about metrics and logs, read Observability in Google Cloud.
Two new control packages are available in the GA stage:
- Healthcare and Life Sciences Controls
- Healthcare and Life Sciences Controls with US Support
These control packages replace the HIPAA and HITRUST Previews with a more robust set of controls for customers in the Healthcare and Life Sciences industries. For more information about these new controls, see Restrictions and Limitations for Healthcare and Life Sciences Controls.
Excel plugin version 2.12.3 is available in Cloud Data Fusion 6.10.0 and later. This version fixes an issue in the Excel batch source causing pipelines with large XLSX files to consume high memory and fail (PLUGIN-1771 and PLUGIN-1795).
Excel plugin version 2.11.5 is available in Cloud Data Fusion 6.9 versions. This version fixes an issue in the Excel batch source causing pipelines with large XLSX files to consume high memory and fail (PLUGIN-1771 and PLUGIN-1795).
Excel plugin version 2.10.3 is available in Cloud Data Fusion 6.8 versions. This version fixes an issue in the Excel batch source causing pipelines with large XLSX files to consume high memory and fail (PLUGIN-1771 and PLUGIN-1795).
Database Migration Service for homogeneous migrations to Cloud SQL for SQL Server now supports differential backup files. For more information, see Supported types of backup files.
Generally available: When applying a spread placement policy to VMs, you can specify the availability domain in which to place the VMs. Specifying an availability domain lets you decide how to physically locate VMs among each other, which can increase the reliability of your workload by placing VMs in different domains, or try to limit network latency among VMs by placing them in the same domain. Viewing the availability domains of your VMs is also useful for planning, deploying, or upgrading your application, as well as developing your availability SLAs.
For more information, see Create and apply spread placement policies to VMs.
The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu
metrics.
The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu
metrics.
VPC Service Controls and private egress
You can now use VPC Service Controls with CCAI Platform to help mitigate the risk of data exfiltration from your contact center. When you include a CCAI Platform instance in a VPC Service Controls perimeter, the instance is restricted from exchanging data with Google Cloud services (such as Cloud Storage or Dialogflow) that are outside of the perimeter. You can further secure your instance by including Contact Center AI Platform API in your list of restricted services. You can then create an access level to allow access to only your own administrators. For more information, see VPC Service Controls.
In addition to private ingress, you can now use Private Service Connect to set up private egress from your CCAI Platform instances. For more information, see Set up private egress.
Gen AI Evaluation Service is Generally Available. To learn more, see the Gen AI Evaluation Service overview.
(New guide) Select a managed container runtime environment: Learn about managed runtime environments and assess your requirements to choose between Cloud Run and GKE Autopilot.
The prioritization logic of Applied Threat Intelligence (ATI) rule set has been improved to remove alerts from events that have a specified security result action of BLOCKED or QUARANTINED. This change only impacts the IP address indicator types for both High and Active Breach priority. For more information, see View details about rule sets.
Community migration is complete
The Looker Studio Help community migration to Google Cloud is complete. To ask questions and participate in conversations with fellow Looker Studio users and experts, visit the new community.
Preview release of Memorystore for Valkey.
Preset topologies and include export filters are generally available.
Preset topologies let you specify the connectivity configuration across all VPC spokes. You can choose between mesh or star preset topologies. Include export filters lets you limit connectivity by specifying a list of permitted CIDR ranges, thereby blocking all but the permitted IP address ranges.
Service Catalog now lets users provide a service account when they add or update a Terraform solution, deploy a new or existing Terraform solution, or deprovision a Terraform deployment, so that users can use their own managed service account to complete tasks with Service Catalog. For details, see Managing solutions and Changes to Cloud Build service accounts.
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.65.0 (2024-07-29)
Features
Bug Fixes
- spanner/test: Bump google.golang.org/api@v0.187.0 (8fa9e39)
- spanner/test: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
- spanner/test: Update dependencies (257c40b)
- spanner: Bump google.golang.org/api@v0.187.0 (8fa9e39)
- spanner: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
- spanner: Fix negative values for max_in_use_sessions metrics #10449 (#10508) (4e180f4)
- spanner: HealthCheck should not decrement num_in_use sessions (#10480) (9b2b47f)
- spanner: Update dependencies (257c40b)
1.66.0 (2024-08-07)
Features
- spanner: Add support of multiplexed session support in writeAtleastOnce mutations (#10646) (54009ea)
- spanner: Add support of using multiplexed session with ReadOnlyTransactions (#10269) (7797022)
1.67.0 (2024-08-15)
Features
- spanner/admin/database: Add resource reference annotation to backup schedules (#10677) (6593c0d)
- spanner/admin/instance: Add edition field to the instance proto (6593c0d)
- spanner: Support commit options in mutation operations. (#10668) (62a56f9)
Bug Fixes
- spanner/test/opentelemetry/test: Update google.golang.org/api to v0.191.0 (5b32644)
- spanner: Update google.golang.org/api to v0.191.0 (5b32644)
Documentation
- spanner/admin/database: Add an example to filter backups based on schedule name (6593c0d)
Java
Changes for google-cloud-spanner
6.72.0 (2024-08-07)
Features
- Add
RESOURCE_EXHAUSTED
to the list of retryable error codes (e859b29) - Add field order_by in spanner.proto (e859b29)
- Add QueryCancellationAction message in executor protos (e859b29)
- Add SessionPoolOptions, SpannerOptions protos in executor protos (e859b29)
- Add support for multi region encryption config (e859b29)
- Enable hermetic library generation (#3129) (94b2a86)
- spanner: Add samples for instance partitions (#3221) (bc48bf2)
- spanner: Adding
EXPECTED_FULFILLMENT_PERIOD
to the indicate instance creation times (withFULFILLMENT_PERIOD_NORMAL
orFULFILLMENT_PERIOD_EXTENDED
ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (e859b29) - spanner: Set manual affinity incase of gRPC-GCP extenstion (#3215) (86b306a)
- Support Read RPC OrderBy (#3180) (735bca5)
Bug Fixes
- Make sure commitAsync always finishes (#3216) (440c88b)
- SessionPoolOptions.Builder#toBuilder() skipped useMultiplexedSessions (#3197) (027f92c)
Dependencies
- Bump sdk-platform-java-config to 3.33.0 (#3243) (35907c6)
- Update dependencies to latest (#3250) (d1d566b)
- Update dependency com.google.auto.value:auto-value-annotations to v1.11.0 (#3191) (065cd48)
- Update dependency com.google.cloud:google-cloud-trace to v2.47.0 (#3067) (e336ab8)
6.73.0 (2024-08-22)
Features
Bug Fixes
- Github workflow vulnerable to script injection (#3232) (599255c)
- Make DecodeMode.DIRECT the deafult (#3280) (f31a95a)
- Synchronize lazy ResultSet decoding (#3267) (4219cf8)
Dependencies
- Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#3277) (c449a91)
- Update dependency commons-cli:commons-cli to v1.9.0 (#3275) (84790f7)
- Update dependency io.opentelemetry:opentelemetry-bom to v1.41.0 (#3269) (a7458e9)
- Update dependency org.hamcrest:hamcrest to v3 (#3271) (fc2e343)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.11.0 (#3272) (1bc0c46)
- Update opentelemetry.version to v1.41.0 (#3270) (88f6b56)
Documentation
Node.js
Changes for @google-cloud/spanner
7.11.0 (2024-07-29)
Features
- Add support for blind writes (#2065) (62fc0a4)
- spanner: Add samples for instance partitions (#2083) (b91e284)
7.12.0 (2024-08-02)
Features
7.13.0 (2024-08-09)
Bug Fixes
7.14.0 (2024-08-14)
Features
Bug Fixes
Python
Changes for google-cloud-spanner
3.48.0 (2024-07-30)
Features
- Add field lock_hint in spanner.proto (9609ad9)
- Add field order_by in spanner.proto (9609ad9)
- spanner: Add support for txn changstream exclusion (#1152) (00ccb7a)
Bug Fixes
August 29, 2024
AlloyDB for PostgreSQLQuery federation between BigQuery and AlloyDB is now generally available (GA). This feature lets you use BigQuery to query data stored in AlloyDB databases.
Database server compatibility with PostgreSQL version 16 is now available in Preview. You can create AlloyDB clusters with PostgreSQL 16 compatibility.
Hierarchy Controller will not be available after December, 2024. After December, 2024, you can't install Hierarchy Controller and Config Sync will be blocked from upgrades if Hierarchy Controller is configured as a configmanagement
fleet feature or through the ConfigManagement
API. To continue using similar functionality, migrate from Hierarchy Controller to Hierarchical Namespace Controller.
This note was added on September 6, 2024 and edited on September 9, 2024 for clarification.
Terraform version 5.41.0 introduced a new field to the google_gke_hub_feature_membership
: config_sync.enabled
. Because the default value of this field is false
, it causes Config Sync installations to fail when Terraform is upgraded to version 5.41.0. For more information, including workarounds, see the known issue entry. This issue affects all supported Config Sync versions. This note was added on September 11, 2024.
The spec.git
and spec.enableLegacyFields
fields of the ConfigManagement object have been removed. The spec.enableMultiRepo
field is now set to true
by default, automatically enabling the RootSync API. RootSync provides the same core functionality, along with additional features.
If you currently configure Git settings within a ConfigManagement object, to avoid disruptions, before upgrading you must migrate this configuration to a RootSync object.
Optimized Config Sync resource usage by implementing watch filtering with ApplySet ("applyset.kubernetes.io/" labels and annotations). This reduces reconciler Deployment memory consumption by limiting events and cached objects to those relevant to the managed package. For more information on the resource usage optimization, see Config Sync Watch Filtering v1.18 vs v1.19.
Config Sync now enables loading files from directories beyond the Kustomize root during rendering. For more information, refer to Configure Kubernetes with Kustomize.
Improved support for private registries. If you've configured a private registry for your cluster, Config Sync now automatically detects and updates the image references within its reconciler Deployments to point to the corresponding images in your private registry.
Upgraded bundled Helm version from v3.14.4 to v3.15.3 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.
Upgraded the Open Telemetry image from 0.102.0 to 0.103.0 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.
Fixed some inaccuracies in status updates and metrics reports.
The BigQuery Data Transfer Service now supports incremental transfers when you migrate your data from your Teradata data warehouses to BigQuery. This feature is generally available (GA).
Delta Lake BigLake tables are now generally available (GA). Delta Lake is an open source, tabular data storage format that supports petabyte scale data tables.
Dialogflow CX & ES: Text-to-Speech Journey Voices will get an update in the week of Sept 3. If you select a journey voice in your agent Text-to-Speech settings (CX, ES), only LINEAR16 output audio_encoding (CX, ES) will be supported starting from Sept 3. This model update will also include slight variations in pauses, tone, and so on of the synthesized journey voices.
Google Distributed Cloud (software only) for VMware 1.30.0-gke.1930 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.0-gke.1930 runs on Kubernetes v1.30.3-gke.200.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
- GA: StatefulSet CSI Migration Tool
- GA: Migrate clusters to use recommended features
- Preview: The
gcloud beta container fleet memberships get-credentials
command uses a preview feature of the Connect gateway that lets you run thekubectl
attach
,cp
, andexec
commands. For more information, see Limitations in the Connect gateway documentation.
- For admin and user clusters created at 1.30 and later versions,
loadBalancer.Kind
needs to be set to eitherMetalLB
orManualLB
. - For user clusters created at 1.30 and later versions,
enableControlplaneV2
needs to be set totrue
. - The
featureGates.GMPForSystemMetrics
field in the stackdriver CR is now always on and can't be disabled. It has been default on since 1.16. If you have manually turned it off, this upgrade means a breaking change in some system metrics format. For information on changing this field, see Enabling and disabling Managed Service for Prometheus.
Version changes in 1.30.0-gke.1930:
- Existing Seesaw load balancers now require TLS 1.2.
- COS was upgraded to m109
- Updated Dataplane V2 to use Cilium 1.13
Other changes in1.30.0-gke.1930:
- Enhanced the upgrade process to include an automatic pre-upgrade check. Before you upgrade your admin or user cluster, the system runs this check to detect known issues. The check also provides guidance to ensure a smooth upgrade experience.
- Ingress node ports are optional for ControlplaneV2 clusters.
- Admin clusters created in 1.30 will use Dataplane V2, Google's Container Network Interface (CNI) implementation, which is based on Cilium.
- Admin clusters upgraded to 1.30 from 1.29 will use Dataplane V2.
- Removed mTLS on system metrics scrape endpoints, which makes it easier to integrate with 3rd party monitoring systems.
- Stopped bundling cert-manager and removed the monitoring-operator because system components no longer depend on them. Cert-manager from existing 1.29 clusters will continue running, but stop being managed by Google after upgrading to 1.30. If you don't use cert-manager, you can delete cert-manager after upgrade. New clusters in 1.30 and higher won't come with cert-manager. If you rely on the bundled cert-manager for their own use case, you should install their own in new clusters.
- The implementation of the preview feature usage metering has changed. Clusters using this feature will continue to function, but we recommend that you use the predefined dashboard, Anthos Cluster Utilization Metering, to understand resource usage at different levels.
The following issues were fixed in 1.30.0-gke.1930:
- Fixed the known issue where cluster creation failed due to the control plane VIP in a different subnet.
- Fixed the known issue where a user cluster with Binary Authorization failed to come up.
- Fixed the known issue that caused the Connect Agent to lose connection to Google Cloud after a non-HA to HA admin cluster migration.
- Fixed the known issue where the admin cluster upgrade failed for clusters created on versions 1.10 or earlier.
- Fixed the known issue where the Docker bridge IP used 172.17.0.1/16 for COS cluster control plane nodes.
- Fixed the known issue where the HA admin cluster installation preflight check reported the wrong number of required static IPs.
- Fixed the known issue that caused multiple network interfaces with the standard CNI didn't work.
- Fixed a
gkeadm
preflight check that wasn't validating the VM folder.
The following vulnerabilities were fixed in 1.30.0-gke.1930:
Critical container vulnerabilities:
High-severity container vulnerabilities:
- CVE-2024-21626
- CVE-2023-47038
- CVE-2024-0985
- CVE-2021-43816
- CVE-2022-23648
- CVE-2019-16884
- CVE-2021-33194
- CVE-2021-30465
- CVE-2022-48622
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
- CVE-2024-21823
- CVE-2024-26643
- CVE-2024-26924
- CVE-2023-52434
- CVE-2023-52447
- CVE-2023-52497
- CVE-2023-52620
- CVE-2023-52640
- CVE-2023-52641
- CVE-2023-52644
- CVE-2023-52645
- CVE-2023-52650
- CVE-2023-52652
- CVE-2023-52656
- CVE-2023-52662
- CVE-2023-6270
- CVE-2023-7042
- CVE-2024-0841
- CVE-2024-22099
- CVE-2024-26583
- CVE-2024-26584
- CVE-2024-26585
- CVE-2024-26601
- CVE-2024-26603
- CVE-2024-26651
- CVE-2024-26659
- CVE-2024-26688
- CVE-2024-26733
- CVE-2024-26735
- CVE-2024-26736
- CVE-2024-26737
- CVE-2024-26743
- CVE-2024-26744
- CVE-2024-26747
- CVE-2024-26748
- CVE-2024-26749
- CVE-2024-26750
- CVE-2024-26751
- CVE-2024-26752
- CVE-2024-26754
- CVE-2024-26763
- CVE-2024-26764
- CVE-2024-26766
- CVE-2024-26769
- CVE-2024-26771
- CVE-2024-26772
- CVE-2024-26773
- CVE-2024-26774
- CVE-2024-26776
- CVE-2024-26777
- CVE-2024-26778
- CVE-2024-26779
- CVE-2024-26782
- CVE-2024-26787
- CVE-2024-26788
- CVE-2024-26790
- CVE-2024-26791
- CVE-2024-26792
- CVE-2024-26793
- CVE-2024-26795
- CVE-2024-26798
- CVE-2024-26801
- CVE-2024-26802
- CVE-2024-26803
- CVE-2024-26804
- CVE-2024-26805
- CVE-2024-26809
- CVE-2024-26816
- CVE-2024-26820
- CVE-2024-26833
- CVE-2024-26835
- CVE-2024-26838
- CVE-2024-26839
- CVE-2024-26840
- CVE-2024-26843
- CVE-2024-26845
- CVE-2024-26846
- CVE-2024-26851
- CVE-2024-26852
- CVE-2024-26855
- CVE-2024-26856
- CVE-2024-26857
- CVE-2024-26859
- CVE-2024-26861
- CVE-2024-26862
- CVE-2024-26863
- CVE-2024-26870
- CVE-2024-26872
- CVE-2024-26874
- CVE-2024-26875
- CVE-2024-26877
- CVE-2024-26878
- CVE-2024-26879
- CVE-2024-26880
- CVE-2024-26881
- CVE-2024-26882
- CVE-2024-26883
- CVE-2024-26884
- CVE-2024-26885
- CVE-2024-26889
- CVE-2024-26891
- CVE-2024-26894
- CVE-2024-26895
- CVE-2024-26897
- CVE-2024-26898
- CVE-2024-26901
- CVE-2024-26903
- CVE-2024-26906
- CVE-2024-26907
- CVE-2024-26915
- CVE-2024-27024
- CVE-2024-27028
- CVE-2024-27030
- CVE-2024-27034
- CVE-2024-27037
- CVE-2024-27038
- CVE-2024-27039
- CVE-2024-27043
- CVE-2024-27044
- CVE-2024-27045
- CVE-2024-27046
- CVE-2024-27047
- CVE-2024-27051
- CVE-2024-27052
- CVE-2024-27053
- CVE-2024-27054
- CVE-2024-27065
- CVE-2024-27073
- CVE-2024-27074
- CVE-2024-27075
- CVE-2024-27076
- CVE-2024-27077
- CVE-2024-27078
- CVE-2024-27388
- CVE-2024-27390
- CVE-2024-27403
- CVE-2024-27405
- CVE-2024-27410
- CVE-2024-27412
- CVE-2024-27413
- CVE-2024-27414
- CVE-2024-27415
- CVE-2024-27416
- CVE-2024-27417
- CVE-2024-27419
- CVE-2024-27431
- CVE-2024-27432
- CVE-2024-27436
- CVE-2024-35811
- CVE-2024-35828
- CVE-2024-35829
- CVE-2024-35830
- CVE-2024-35844
- CVE-2024-35845
- CVE-2023-52435
- CVE-2023-52486
- CVE-2023-52489
- CVE-2023-52491
- CVE-2023-52492
- CVE-2023-52493
- CVE-2023-52494
- CVE-2023-52498
- CVE-2023-52583
- CVE-2023-52587
- CVE-2023-52588
- CVE-2023-52594
- CVE-2023-52595
- CVE-2023-52597
- CVE-2023-52598
- CVE-2023-52599
- CVE-2023-52601
- CVE-2023-52602
- CVE-2023-52604
- CVE-2023-52606
- CVE-2023-52607
- CVE-2023-52608
- CVE-2023-52614
- CVE-2023-52615
- CVE-2023-52616
- CVE-2023-52617
- CVE-2023-52618
- CVE-2023-52619
- CVE-2023-52622
- CVE-2023-52623
- CVE-2023-52627
- CVE-2023-52631
- CVE-2023-52633
- CVE-2023-52635
- CVE-2023-52637
- CVE-2023-52638
- CVE-2023-52642
- CVE-2023-52643
- CVE-2024-1151
- CVE-2024-2201
- CVE-2024-23849
- CVE-2024-26592
- CVE-2024-26593
- CVE-2024-26594
- CVE-2024-26600
- CVE-2024-26602
- CVE-2024-26606
- CVE-2024-26608
- CVE-2024-26610
- CVE-2024-26614
- CVE-2024-26615
- CVE-2024-26625
- CVE-2024-26627
- CVE-2024-26635
- CVE-2024-26636
- CVE-2024-26640
- CVE-2024-26641
- CVE-2024-26644
- CVE-2024-26645
- CVE-2024-26660
- CVE-2024-26663
- CVE-2024-26664
- CVE-2024-26665
- CVE-2024-26668
- CVE-2024-26671
- CVE-2024-26673
- CVE-2024-26675
- CVE-2024-26676
- CVE-2024-26679
- CVE-2024-26684
- CVE-2024-26685
- CVE-2024-26689
- CVE-2024-26695
- CVE-2024-26696
- CVE-2024-26697
- CVE-2024-26698
- CVE-2024-26702
- CVE-2024-26704
- CVE-2024-26707
- CVE-2024-26712
- CVE-2024-26715
- CVE-2024-26717
- CVE-2024-26720
- CVE-2024-26722
- CVE-2024-26808
- CVE-2024-26825
- CVE-2024-26826
- CVE-2024-26829
- CVE-2024-26910
- CVE-2024-26916
- CVE-2024-26920
- CVE-2023-24023
- CVE-2023-52600
- CVE-2023-52603
- CVE-2024-26581
- CVE-2023-1194
- CVE-2023-32254
- CVE-2023-32258
- CVE-2023-38427
- CVE-2023-38430
- CVE-2023-38431
- CVE-2023-3867
- CVE-2023-46838
- CVE-2023-52340
- CVE-2023-52429
- CVE-2023-52436
- CVE-2023-52438
- CVE-2023-52439
- CVE-2023-52441
- CVE-2023-52442
- CVE-2023-52443
- CVE-2023-52444
- CVE-2023-52445
- CVE-2023-52448
- CVE-2023-52449
- CVE-2023-52451
- CVE-2023-52454
- CVE-2023-52456
- CVE-2023-52457
- CVE-2023-52458
- CVE-2023-52462
- CVE-2023-52463
- CVE-2023-52464
- CVE-2023-52467
- CVE-2023-52469
- CVE-2023-52470
- CVE-2023-52480
- CVE-2023-52609
- CVE-2023-52610
- CVE-2023-52612
- CVE-2024-22705
- CVE-2024-23850
- CVE-2024-23851
- CVE-2024-24860
- CVE-2024-26586
- CVE-2024-26589
- CVE-2024-26591
- CVE-2024-26597
- CVE-2024-26598
- CVE-2024-26631
- CVE-2024-26633
Release 1.30.0-gke.1930
Google Distributed Cloud for bare metal 1.30.0-gke.1930 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.0-gke.1930 runs on Kubernetes 1.30.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Version 1.16 end of life: In accordance with the Version Support Policy, version 1.16 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life and is no longer supported.
New and updated features:
Preview: Added support for keyless mode for clusters. This feature uses short-lived tokens and Workload Identity Federation for your cluster and workload credentials, instead of the default long-lived service account keys and Kubernetes Secrets. This feature provides improved security and reduces credential maintenance.
Preview: Added support for Custom Scheduler Configuration for pods to automatically spread workloads across cluster nodes for increased reliability.
GA: Added support for admin and hybrid clusters to manage multiple versions of user clusters concurrently.
GA: Added support for node-level private registry configuration for workload images.
GA: Updated the
bmctl update
command to display the difference between the specs in the YAML cluster configuration file and the deployed Cluster resource. The diff covers the specs for both the Cluster resource and the NodePool resource.GA: Added support for rolling back select node pool upgrades.
GA: Added support for specifying a session duration for Identity Service-issued tokens. You can set a session duration between 15 and 1440 minutes (24 hours). Shorter sessions provide better security (at the cost of more frequent reauthentication). Longer sessions reduce the frequency for reauthentication (at the cost of reduced security).
Preview: Updated the
gcloud beta container fleet memberships get-credentials command
to use a connect gateway preview feature that lets you run thekubectl attach
,cp
, andexec
commands. For more information, see Limitations.
Functionality changes:
Updated the node pool upgrade behavior. Version 1.30 and higher clusters, support all node pool versions from the preceding two minor versions. The
preview.baremetal.cluster.gke.io/two-minor-version-node-pool: enable
annotation isn't required when upgrading clusters from version 1.29 to version 1.30.Updated the
bmctl version
command to return the metadata image digest in the response. To print only the metadata image digest only, specify the new--option
valuemetadata-digest
.Deprecated the
spec.gkeVersion
field in theMachine
custom resource. Starting with version 1.30.0, thespec.gkeVersion
field is set to empty. For accurate version information, useanthosBareMetalVersion
(GDC for bare metal version) in theCluster
resource spec orgkeVersion
(Kubernetes version) in theCluster
resource status.Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, such as
Cluster
,NodePool
,BareMetalMachine
, andBareMetalCluster
.Updated registry mirror support to allow you to specify a port for host addresses.
Updated the networking preflight check to verify that either the
ip_tables
or thenf_tables
kernel module is available for loading, instead of being explicitly loaded.Updated the
stackdriver
custom resource to remove the feature gate for using Managed Service for Prometheus for system metricsfeatureGates.GMPForSystemMetrics
. This feature gate has defaulted to on (true
) since version 1.16. If you have manually disabled using Managed Service for Prometheus for system metrics, upgrading to version 1.30 might be a breaking change for some system metrics formats.Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.
Updated GKE Identity Service custom resource definition to change the description for
IdentityServiceOptions
and improve formatting.Added preflight checks for available disk space in specific directories:
During cluster creation, the following directories are checked:
/
(the root directory) has at least 4 GiB of free space/var/log/fluent-bit-buffers
has at least 12 GiB of free space/var/opt/buffered-metrics
has at least 10016 MiB of free space
During a cluster upgrade, the following directory is checked:
/
(the root directory) has at least 2 GiB of free space
GA: Adopted the GKE audit policy, instead of the previous unpopulated policy.
Fixes:
Fixed an issue where old, inoperable WebHook resources caused problems with cluster upgrades.
Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.
Fixed an issue where service accounts created by using the
--create-service-accounts
flag with thebmctl create config
command don't have enough permissions.Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.
The following container image security vulnerabilities have been fixed in 1.30.0-gke.1930:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Release 1.28.900-gke.112
Google Distributed Cloud for bare metal 1.28.900-gke.112 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.900-gke.112 runs on Kubernetes 1.28.
After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Fixes:
The following container image security vulnerabilities have been fixed in 1.28.900-gke.112:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Dynamic mute rules are generally available
Security Command Center now supports dynamic mute rules, which allow you to mute future and existing findings temporarily until a specified date or indefinitely until a finding no longer matches the configuration. We are adding these rules as an alternative to the original static mute rules that only mute future findings indefinitely.
We recommend using dynamic mute rules exclusively in your mute rule configurations. For instructions on how to migrate your existing mute rules to dynamic mute rules, see Migrate from static to dynamic mute rules.
For a comparison of static and dynamic mute rules, see Types of mute rules.
reCAPTCHA Mobile SDK v18.6.0 is now available for iOS.
This version contains the following changes:
- A new API,
fetchClient
, is available that provides built-in retries for network issues. - Bug fixes and improvements.
August 28, 2024
BigQueryYou can now use the GROUP BY
clause and the SELECT DISTINCT
clause with the ARRAY
and STRUCT
data types. This feature is in Preview.
You can now query data in AlloyDB using a federated query. This feature is now generally available (GA).
The following Gemini in BigQuery features are now generally available (GA):
- Data insights
- Data canvas
- SQL and Python code assistance features:
- Partitioning and clustering recommendations
To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.
Phrase support for the SEARCH
function is now generally available (GA).
The Preview of Data Boost for Bigtable has been expanded to let you use Data Boost compute resources when you read Bigtable data using a Spark application. For more information, see Use the Bigtable Spark connector.
The Global external Application Load Balancer and the Classic Application Load Balancer will no longer support TLS sessionID resumption. They continue to support modern forms of TLS resumption.
The TLS protocol supports an optimization which allows a client reconnecting to a server with which it has communicated before to perform a cheaper abbreviated handshake. This optimization is available in several modes, which include the modern PSK and ticket mechanisms, as well as the long-obsolete sessionID mechanism.
The Global external Application Load Balancer and the Classic Application Load Balancer are the only Google Cloud products that currently support the obsolete sessionID mechanism.
This sessionID mechanism is going to be disabled over the next 4-5 weeks. Clients that currently make use of sessionID will transparently fall back to full TLS handshakes. To recover the performance optimization gains, we recommend that you upgrade clients to modern TLS libraries which support the PSK or ticket mechanisms.
You can use custom constraints to provide more granular and customizable control over specific fields for firewall policy resources. For more information, see Manage firewall policy resources by using custom constraints. This feature is available in General Availability.
Data insights is generally available (GA). Data insights offers an automated way to explore and understand your data. It uses Gemini to generate queries based on the metadata of a table, and helps you uncover patterns, assess data quality, and perform statistical analysis.
You generate data insights in BigQuery. You can view data insights in Dataplex and in BigQuery.
(2024-R32) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.30.3-gke.1639000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1082000
- 1.28.12-gke.1090000
- 1.28.12-gke.1179000
- 1.29.7-gke.1174000
- 1.30.3-gke.1225000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1639000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
Stable channel
- The following versions are now available in the Stable channel:
Extended channel
- The following versions are now available in the Extended channel:
No channel
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.12-gke.1090000
- 1.29.7-gke.1174000
(2024-R32) Version updates
- Version 1.30.3-gke.1639000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1082000
- 1.28.12-gke.1090000
- 1.28.12-gke.1179000
- 1.29.7-gke.1174000
- 1.30.3-gke.1225000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1639000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.
(2024-R32) Version updates
- The following versions are now available in the Regular channel:
(2024-R32) Version updates
- The following versions are now available in the Stable channel:
(2024-R32) Version updates
- The following versions are now available in the Extended channel:
(2024-R32) Version updates
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.28.12-gke.1090000
- 1.29.7-gke.1174000
Vertex AI Search: Turn off schema auto-detect for structured data
By default, schema auto-detect dynamically adds new properties to the schema when the property fields are detected on data import.
However, you can turn off the dynamic feature so that only data that corresponds to fields already in the schema get imported. This is good approach for not-so-clean data because you can choose not to import extraneous data that isn't part of your defined schema and that you don't want in your structured data store.
For more information, see About providing your own schema as a JSON object.
Vertex AI Search: Datetime and geolocation detection for structured data
By default, when structured data is imported, fields that are detected in datetime
and geolocation
format are assigned those types in the schema.
However, you can turn off datetime and geolocation detection so that in the schema the datetime
fields are set to type string
and the geolocation
fields are set to type object
.
For more information, see About providing your own schema as a JSON object.
August 27, 2024
Apigee XClarification: On July 26 we announced monetization support with data residency. Please note that monetization support with data residency is for non-hybrid organizations only at this time.
For more information, see Introduction to data residency.
(Cloud Composer 2) Starting on September 26, 2024, all Cloud Composer environments within a VPC SC perimeter will have no access to public PyPI repositories by default. For details about installing PyPI packages in the VPC SC mode, see Installing PyPI packages.
The following Cloud Run volume types are now generally available (GA):
Starting from version 1.30.3-gke.1451000, new and upgraded GKE clusters support the GKE Metrics Server updates where the addon-resizer runs in the cluster's control plane instead of worker nodes.
Documentation is available for the Security Posture REST API.
Regional endpoints are available for Sensitive Data Protection. Regional endpoints help you meet data residency requirements by keeping data at rest, in use, and in transit within your specified region. For more information, see Global and regional endpoints for Sensitive Data Protection.
Regional endpoints for Sensitive Data Protection are available in the following regions:
australia-southeast1
asia-east1
asia-east2
asia-northeast1
asia-northeast3
asia-south1
asia-south2
asia-southeast1
asia-southeast2
europe-central2
europe-north1
europe-southwest1
europe-west1
europe-west2
europe-west3
europe-west4
europe-west6
europe-west8
europe-west9
me-central1
me-central2
me-west1
southamerica-east1
southamerica-west1
northamerica-northeast1
northamerica-northeast2
us-central1
us-east1
us-east4
us-east5
us-south1
us-west1
us-west2
us-west3
us-west4
August 26, 2024
Anthos clusters on AWSThe following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-36978
For more details, see the GCP-2024-049 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-36978
For more details, see the GCP-2024-049 security bulletin.
On, August 26, 2024, Apigee announced the GA launch of its non-VPC provisioning option.
With the non-VPC peering provisioning approach, you are not required to provide networks and IP ranges during the Apigee provisioning process. Instead, you use Private Service Connect (PSC) for routing northbound traffic to Apigee and southbound traffic to target services running in your Google Cloud projects. Non-VPC peering is supported for command-line (CLI) steps only. You can perform non-VPC provisioning for subscription, Pay-as-you-go, and evaluation installations of Apigee.
To learn more, see Apigee networking options.
You can now create remote models in BigQuery ML based on the Anthropic Claude model in Vertex AI.
Use the
ML.GENERATE_TEXT
function with these remote models to perform generative natural language tasks for text
stored in BigQuery tables. Try this feature with the
Generate text by using the ML.GENERATE_TEXT
function
how-to topic.
This feature is in preview.
You can now use EXPORT DATA
statements to directly export BigQuery data to Bigtable (reverse ETL). This feature is generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-bigtable
2.43.0 (2024-08-22)
Features
- Add fields and the BackupType proto for Hot Backups (#2300) (acaa3ff)
- Allow non default service account in DirectPath (#2312) (09d0f23)
- bigtable: Remove deprecated Bytes from BigEndianBytesEncoding (#2309) (32f244f)
- Enable hermetic library generation (#2234) (169aea5)
Bug Fixes
Dependencies
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- GKE On-prem API
gkeonprem.googleapis.com/BareMetalCluster
gkeonprem.googleapis.com/BareMetalNodePool
gkeonprem.googleapis.com/VmwareCluster
gkeonprem.googleapis.com/VmwareNodePool
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Cloud Controls Partner APIs
cloudcontrolspartner.googleapis.com/Partner
cloudcontrolspartner.googleapis.com/Customer
cloudcontrolspartner.googleapis.com/Workload
The Cloud Run functions (cloud functions v2 API) build process now supports cross-project Artifact Registry repositories for greater configurability. This support is at the Preview release level.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-logging
3.20.1 (2024-08-22)
Dependencies
Python
Changes for google-cloud-logging
3.11.2 (2024-08-15)
Bug Fixes
You can now configure traffic routing between Cloud Run and Cloud Run, Google Kubernetes Engine, and Google Compute Engine services using Cloud Service Mesh service routing APIs. Cloud Run also automatically authenticates calls to destination services using service account credentials (In Preview).
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-storage
2.42.0 (2024-08-19)
Features
Bug Fixes
- Update modified field handling for blob and bucket with json transport to properly clear fields (#2664) (e2f5537), closes #2662
Dependencies
cos-dev-121-18632-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.47 | v24.0.9 | v1.7.20 | See List |
Upgraded app-admin/google-guest-agent to v20240816.00.
Upgraded app-admin/fluent-bit to v3.1.6.
Upgraded chromeos-base/shill-client to v0.0.1-r4654.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r640.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2799.
Upgraded chromeos-base/debugd-client to v0.0.1-r2710.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2445.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2945.
Upgraded dev-db/sqlite to v3.46.1.
Upgraded sys-fs/xfsprogs to v6.9.0.
Upgraded net-dns/c-ares to v1.33.0.
Upgraded sys-apps/gentoo-functions to v1.7.2.
Updated the Linux kernel to v6.6.47.
Runtime sysctl changes:
- Added: vm.unprivileged_userfaultfd: 0
- Changed: fs.file-max: 811814 -> 811752
cos-101-17162-528-16
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | See List |
Fixed CVE-2023-0597 in the Linux kernel.
Fixed CVE-2024-42154 in the Linux kernel
Fixed CVE-2024-41087 in the Linux kernel
Fixed CVE-2024-42247 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 813025 -> 813018
- Changed: kernel.threads-max: 63552 -> 63551
- Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94137 125519 188274
- Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188277 251039 376554
- Changed: user.max_cgroup_namespaces: 31776 -> 31775
- Changed: user.max_ipc_namespaces: 31776 -> 31775
- Changed: user.max_mnt_namespaces: 31776 -> 31775
- Changed: user.max_net_namespaces: 31776 -> 31775
- Changed: user.max_pid_namespaces: 31776 -> 31775
- Changed: user.max_time_namespaces: 31776 -> 31775
- Changed: user.max_user_namespaces: 31776 -> 31775
- Changed: user.max_uts_namespaces: 31776 -> 31775
cos-beta-117-18613-0-10
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.44 | v24.0.9 | v1.7.20 | See List |
Upgraded app-admin/fluent-bit to v3.1.6.
Upgraded sys-apps/pv to v1.8.12.
Updated google-osconfig-agent to v20240822.00.
cos-105-17412-448-16
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Fixed CVE-2023-0597 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812707 -> 812685
- Changed: kernel.threads-max: 63552 -> 63551
- Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94137 125519 188274
- Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188277 251039 376554
- Changed: user.max_cgroup_namespaces: 31776 -> 31775
- Changed: user.max_ipc_namespaces: 31776 -> 31775
- Changed: user.max_mnt_namespaces: 31776 -> 31775
- Changed: user.max_net_namespaces: 31776 -> 31775
- Changed: user.max_pid_namespaces: 31776 -> 31775
- Changed: user.max_time_namespaces: 31776 -> 31775
- Changed: user.max_user_namespaces: 31776 -> 31775
- Changed: user.max_uts_namespaces: 31776 -> 31775
cos-109-17800-309-24
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | See List |
Updated google-osconfig-agent to v20240822.00.
cos-113-18244-151-27
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | See List |
Updated google-osconfig-agent to v20240822.00.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.10.0 (2024-08-20)
Features
- dataflow: Add support for Go 1.23 iterators (84461c0)
New Dataproc on Compute Engine subminor image versions:
- 2.0.115-debian10, 2.0.115-rocky8, 2.0.115-ubuntu18
- 2.1.63-debian11, 2.1.63-rocky8, 2.1.63-ubuntu20, 2.1.63-ubuntu20-arm
- 2.2.29-debian12, 2.2.29-rocky9, 2.2.29-ubuntu22
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for datastore/admin/apiv1
1.19.0 (2024-08-22)
Features
1.18.0 (2024-08-21)
Features
- datastore: Add support for Go 1.23 iterators (84461c0)
- datastore: Start generating datastorepb protos (946a5fc)
Bug Fixes
Java
Changes for google-cloud-datastore
2.21.2 (2024-08-22)
Dependencies
For controlled generation, you can have the model respond with an enum value in plain text, as defined in your response schema. Set the responseMimeType
to text/x.enum
. For more information, see Control generated output.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
CVE-2024-39503 For more details, see the GCP-2024-047 security bulletin.
CVE-2024-41009 For more details, see the GCP-2024-048 security bulletin.
CVE-2024-36978 For more details, see the GCP-2024-049 security bulletin.
Release 1.16.12
Google Distributed Cloud for bare metal 1.16.12 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.12 runs on Kubernetes 1.27.
After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Fixes:
The following container image security vulnerabilities have been fixed in 1.16.12:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-36978
For more details, see the GCP-2024-049 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-41009
For more details, see the GCP-2024-048 security bulletin.
To create a Looker (Google Cloud core) instance with Private Service Connect, it is no longer necessary to be added to an allowlist.
Network Analyzer now includes an insight indicating that the next hop IP address is not assigned to any forwarding rule in the relevant networks. This insight is already available in the Recommender API. For more information, see routes with an invalid next hop insight.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/pubsub
4.6.0 (2024-07-12)
Features
- Add max messages batching for Cloud Storage subscriptions (#1956) (90546f6)
- Add use_topic_schema for Cloud Storage Subscriptions (#1948) (120fa1b)
Bug Fixes
Go
Changes for pubsub/apiv1
1.42.0 (2024-08-19)
Features
Bug Fixes
- pubsub: Update google.golang.org/api to v0.191.0 (5b32644)
Java
Changes for google-cloud-pubsub
1.132.1 (2024-08-20)
Dependencies
- Update dependency com.google.cloud:google-cloud-core to v2.42.0 (#2140) (80dca35)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#2141) (273fbf3)
- Update dependency com.google.protobuf:protobuf-java-util to v4.27.3 (#2127) (8523b4f)
- Update dependency org.xerial.snappy:snappy-java to v1.1.10.6 (#2135) (102ff84)
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.14.0 (2024-08-20)
Features
- secretmanager: Add support for Go 1.23 iterators (84461c0)
August 23, 2024
Anthos clusters on AWSThe following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-41009
For more details, see the GCP-2024-048 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-41009
For more details, see the GCP-2024-048 security bulletin.
On August 23, 2024, we updated the Preview release of Apigee API hub.
You can now edit an uploaded API specification's metadata through the Cloud console. See Edit specification metadata.
You can now choose in the Cloud console to restrict the upload of an API specification file that contains errors. By default, specs containing errors are uploaded. See Add a spec to an existing version.
When an Apigee API proxy is auto-registered, its deployment type is now labeled either Apigee X or Apigee hybrid. Existing Apigee proxy deployments registered with API hub will also be labeled with the appropriate type. See Auto-register Apigee proxies.
All API proxy endpoints auto-registered from Apigee will be prefixed with https://
by default. Endpoints for existing API proxies that were added to API hub will be updated.
A validation check has been added to reject an API specification style guide upload if the style guide's extends
property contains a URL. See Upload a new style guide.
User interface and performance improvements were made.
Provisioning improvements were made to address potential failures.
hybrid v1.13.0
On August 23, 2024 we released an updated version of the Apigee hybrid software, v1.13.0.
- For information on upgrading, see Upgrading Apigee hybrid to version v1.13.0.
- For information on new installations, see The big picture.
Storing additional secrets in an external secret store
Starting in version v1.13, You can now store AX Hash Salt, Redis password, and Encryption keys in an external secret store like Hashicorp Vault. See Storing Secrets in Vault.
Apigee Operator now runs in the Apigee Kubernetes namespace
Starting in version v1.13, apigee-operator
runs in the same name space as the other Apigee hybrid components instead of the apigee-system
namespace. You can use apigee
or your own custom Apigee namespace. See Upgrading Apigee hybrid to version v1.13.0 and Step 3: Create the apigee namespace.
Improved backup and restore
Starting in version v1.13.0, Apigee hybrid introduces a new backup and restore system. The new system removes the need for pod exec permission and use of a Kubernetes ClusterRole, and requires fewer Kubernetes Service Accounts when using Workload Identity. The new system replaces use of the apigee-cassandra-backup-utility image by using the apigee-hybrid-cassandra-client image. The apigee-cassandra-backup-utility image will no longer be provided starting with this release. See Scheduling backups in a remote server.
Leader election enabled for apigee-watcher
component
Starting in version v1.13.0, leader election is enabled for the apigee-watcher
component. For proper functioning of the leader election, make sure that the apigee-watcher
component uses only one replica set.
Bug ID | Description |
---|---|
352070616 | Update Go language version. |
351868444 | Tolerations are now working for Redis's Envoy pod. (Fixed in 1.12.1-hotfix.1) |
347997965 | Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics. (Fixed in 1.11.2-hotfix.1) |
347798999 | Fixed issue preventing configuration of forward proxy for opentelemetry pods. (Fixed in Apigee hybrid v 1.12.1) |
346589998 | Check Cassandra DNS hostname resolution during Hybrid region expansion. |
345501069 | Fixed issue with Hybrid Guardrails resource configuration preventing the Guardails pod from starting. (Fixed in Apigee hybrid v 1.12.1) |
341797795 | Autofill the Hybrid Guardrails checkpoint value if a checkpoint is not provided. (Fixed in Apigee hybrid v 1.12.1) |
340889560 | Added csi to the apigee-logger SCC. (Fixed in Apigee hybrid v 1.12.0-hotfix.1) |
340248314 | Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways . The default value is 75. (Fixed in Apigee hybrid v 1.12.1) |
339849002 | Hashicorp Vault integration issues fixed for Google Service Account for Cassandra Backup/Restore. (Fixed in Apigee hybrid v 1.12.0-hotfix.1) |
324779388 | Improved error handling for backup and restore. (Fixed in Apigee hybrid v 1.12.1) |
311489774 | Removed inclusion of Java in Cassandra client image.. (Fixed in Apigee hybrid v 1.12.1) |
310338146 | Fixed invalid download directory output from the create-service-account tool. (Fixed in Apigee hybrid v 1.12.1) |
300135626 | Removed inclusion of Java in Cassandra Backup Utility image. (Fixed in Apigee hybrid v 1.12.1) |
297539870 | HTTPTargetConnection property io.timeout.millis is now honored correctly when using websockets. (Fixed in 1.11.2-hotfix.2) |
239523766 | Remove "Unable to evaluate jsonVariable, returning null" logging string from ExtractVariables Policy (Fixed in Apigee hybrid v 1.12.1) |
181569113 | Fixed an issue in new debug session creation. (Fixed in Apigee hybrid v 1.11.2) |
Bug ID | Description |
---|---|
N/A | Security fixes for apigee-asm-istiod . This addresses the following vulnerability: |
N/A | Security fixes for apigee-cassandra-backup-utility . This addresses the following vulnerability: |
N/A | Security fixes for apigee-connect-agent . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-envoy . This addresses the following vulnerability: |
N/A | Security fixes for apigee-fluent-bit . This addresses the following vulnerability: |
N/A | Security fixes for apigee-hybrid-cassandra . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-hybrid-cassandra-client . This addresses the following vulnerability: |
N/A | Security fixes for apigee-mart-server . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-mint-task-scheduler . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-operators . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-prom-prometheus . This addresses the following vulnerability: |
N/A | Security fixes for apigee-prometheus-adapter . This addresses the following vulnerability: |
N/A | Security fixes for apigee-redis . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-udca . This addresses the following vulnerability: |
N/A | Security fixes for apigee-watcher . This addresses the following vulnerability: |
N/A | Security fixes for cassandra-backup-utility . This addresses the following vulnerability: |
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Vertex AI
aiplatform.googleapis.com/NotebookExecutionJob
New label detection model
An improved model is now available for Label Detection. Along with the improved model, the topicality
field is now populated correctly.
Specify "builtin/latest
" in the model field of a Feature
object to use the new model.
We'll support both the current model and the new model the next 90 days. After 90 days, the new models will become the default. The current models can still be accessed by specifying "builtin/legacy
" for an additional 90 days before they are deprecated.
Generally available: Hyperdisk Storage Pools with Advanced Performance provisioning help you to manage the performance needs of your Hyperdisk Balanced and Hyperdisk Throughput disks. By creating your disks in a storage pool, you can provision your disks to handle peak performance spikes while also optimizing costs. For more information, see Provisioning types for Hyperdisk Storage Pools.
Model pretrained-foundation-model-v1.3-2024-08-31
is available as a Release Candidate (RC) for custom extractor. Recommended for those who want the lowest latency and best speed.
For more information about available models, see Custom extractor model versions.
Model pretrained-ocr-v2.1-2024-08-07
is available as RC version of the Document AI OCR 2.1 processor. It has three key improvements:
- Better printed text recognition.
- More precise checkbox detection.
- More accurate reading order.
Added support for Node level monitoring metrics.
You can now create regional secrets using Secret Manager. When you create a regional secret, you specify the location where you want it to be stored. Your secret data remains within the chosen location at all times, whether it's at rest, in use, or in transit. This capability allows you to meet data residency requirements, which mandate that data remains within specified geographic boundaries, often due to regulatory or compliance reasons. The feature is in Preview.
For more information, see Data residency and regional secrets.
Vertex AI Search: Connect Google Cloud Storage datasets to Vertex AI Search (Public preview)
You can create Vertex AI Search data stores that periodically sync with data in Cloud Storage datasets. You can choose how often you want to update your data stores: every day, every 3 days, or every 5 days.
Synchronizing Cloud Storage data to Vertex AI Search is available in Public preview. For more information, see Import from Cloud Storage.
VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. This feature is available in Preview. For more information, see VPC Flow Logs.
The live migration feature for bring your own IP v1 has been removed. For new configurations, we recommend that you use bring your own IP v2, which lets you control when prefixes are advertised.
August 22, 2024
AlloyDB for PostgreSQLAlloyDB Omni now offers in-depth documentation that describes how to install and use AlloyDB Omni in virtual machine (VM) environments. The information in these documents is in addition to the AlloyDB Omni documentation that describes how to install and use AlloyDB Omni in VM and Kubernetes environments. For more information, see Get started with AlloyDB Omni on VMs.
The extension temporal_tables
version 1.2.2 has been added to extensions supported by AlloyDB.
The following extensions are updated:
- Updated
pg_partman
to version 4.7.4. - Updated
pgtt
to version 3.0.0.
On August 22, 2024 we released a new version of the Apigee integrated portal.
Bug ID | Description |
---|---|
350546059 | Fixed an issue when displaying OpenAPI Specs in the portal that caused the Example button to show even when no example was present. |
New canvas view
In the integration editor layout, you can try the new canvas view to create integration flows. This feature is in preview. The canvas view offers the following benefits:
- Improved responsiveness of the canvas interaction
- Clearer view of your integration
- Minimap view
- Easier to build integrations
(Cloud Composer 3) Fixed the dags backfill
Airflow CLI command that was failing with a connection error.
Fixed a bug where executing Airflow CLI commands produced output that was not human-readable.
The apache-airflow-providers-google
package was upgraded to version 10.21.1 in Cloud Composer 2 images with Airflow 2.7.3 and 2.9.1, and in all latest Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.21.0 to version 10.21.1.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.5
- composer-3-airflow-2.7.3-build.14
Cloud Composer 2.9.2 images are available:
- composer-2.9.2-airflow-2.9.1 (default)
- composer-2.9.2-airflow-2.7.3
Cloud Composer version 2.4.1 has reached its end of support period.
Cloud Monitoring has ended support for the ingestion of AWS CloudWatch metrics by using AWS connector projects. This is a breaking change. For information about this deprecation, see Deprecations: AWS CloudWatch metrics in Connector projects.
You can continue to collect AWS CloudWatch metrics by using the open source Prometheus CloudWatch exporter and the Ops Agent. For information about this solution, see Collect AWS CloudWatch metrics by using the Prometheus CloudWatch exporter.
Cloud Run is now supported by Sovereign Controls by Partners. The set of packages and features provided by Sovereign Controls by Partners lets you use Cloud Run while meeting digital sovereignty requirements and managing your workloads with data sovereignty guarantees.
The onboarding path for Managed Cloud Service Mesh with asmcli is deprecated as of August 22, 2024, and support will end in February 2025. This change affects only Google Cloud clusters. Any off-Google Cloud clusters will continue to use asmcli.
To ensure this transition is as smooth as possible, use the gcloud or Cloud Console onboarding paths when creating new clusters before February 2025.
For clusters with existing Cloud Service Mesh deployments, no immediate action is required from you and those deployments remain fully supported.
1.20.8-asm.6 is now available for in-cluster Cloud Service Mesh.
You can now download 1.20.8-asm.6 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh 1.20.8-asm.6 uses Envoy v1.28.5.
1.21.5-asm.5 is now available for in-cluster Cloud Service Mesh.
You can now download 1.21.5-asm.5 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh 1.21.5-asm.5 uses Envoy v1.29.7.
1.22.4-asm.0 is now available for in-cluster Cloud Service Mesh.
You can now download 1.22.4-asm.0 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.4 subject to the list of supported features. Cloud Service Mesh 1.22.4-asm.0 uses Envoy v1.30.4.
New Dataproc Serverless for Spark runtime versions:
- 1.1.77
- 1.2.21
- 2.0.85
- 2.2.21
Dataproc Serverless for Spark: Subminor version 2.0.85
is the last release of runtime version 2.0
, which will no longer be supported and will not receive new releases.
AI21 Labs
Managed models from AI21 Labs are available on Vertex AI. To use a AI21 Labs model on Vertex AI, send a request directly to the Vertex AI API endpoint. For more information, see AI21 models.
Conditional formatting for collapsed pivot table charts
You can now apply single color conditional formatting to collapsed pivot table charts.
Partner Connector launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- Adobe Commerce (Magento) By Supermetrics
- CTM: Call Log By CallTrackingMetrics LLC
- Piano Analytics By Catchr
- ClickUp By Bay Leaf Digital
- TikTok By Gladior B.V.
- WooCommerce By Data Bloo
- Apresenta.me By Apresenta.me
- Semactic SEO Data By Semactic
- Piwik PRO Analytics By Piwik PRO
- Metrihub By Metrihub
- Klaviyo By Power My Analytics
- Similarweb website analysis By Similarweb
August 21, 2024
Artifact RegistryThe following Artifact Registry Cloud Audit Log method names have changed:
Docker-EmptyTarBlob
is renamedDocker-ServeBlob
Docker-GetEmptyTags
is renamedDocker-GetTags
Docker-HeadEmptyTarBlob
is renamedDocker-HeadBlob
Kfp-UploadPackage-Redirect
is renamedKfp-UploadPackage
Apt-ViewRemoteIndexFile
is renamed to indicate the type of file requested:Apt-ViewIndexFile
: when a repository metadata file is requestedApt-Contents
: when the Contents index file for a specific repository component and architecture type is requestedApt-ViewArchIndexFile
: when the Packages index file for a specific repository component and architecture type is requested
Apt-ViewRemotePackageFile
is renamedApt-ViewPackageFile
Yum-ViewUpstreamFile
is renamed to indicate the type of file requested:Yum-ViewIndexKey
: when the public key for signing Yum packages is requestedYum-ViewIndexFile
: when one of a repository's index files is requestedYum-ViewPackageFile
: when a Yum package file is requested
For more information on Artifact Registry logs, see Audit Logging.
Python code completion is now available for all BigQuery projects. This feature is available in preview. To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.
You can now update the "labels" and "descriptions" of your certificate issuance configurations using the Google Cloud CLI or API. For more information, see Manage certificate issuance configuration.
Regional Google-managed certificates are now generally available (GA). For more information, see Certificate Manager overview.
Support for managing certificates independently in each project with separate authorization is now generally available (GA). For more information, see Manage DNS authorizations.
Cloud Functions has been renamed to Cloud Run functions.
- Cloud Functions (1st gen) is now known as Cloud Run functions (1st gen).
- Cloud Functions (2nd gen) is now known as Cloud Run functions.
Learn more in the blog post.
You can also deploy new functions, and modify existing functions that were created with the Cloud Functions v2 API in Cloud Run. This enables you to customize your function as you would a Cloud Run service.
You can now configure GPU in your Cloud Run service (Preview).
You can now deploy functions in Cloud Run (Preview). Functions that were created using the Cloud Functions v2 API can now be directly updated in Cloud Run. Note that you must use Google Cloud SDK 489.0.0 version or later if using the gcloud CLI.
Learn more about the different use cases for deploying functions.
Cloud Run now provides security updates for services that are deployed from source when you specify the runtime base image (Preview). Automatic security updates are enabled by default for functions. For details, see Configure automatic base image updates.
Date and Currency Normalization for custom extractor
With this release, the model will deduce the region information from the document and use it to disambiguate the date and currency formats in the following ways:
- This release will enable the support of region based date and currency normalization of entities with datetime and currency data types in Custom Document Extractor (CDE) Generative AI based processor versions v1.1 and v1.2.
- Currently CDE Generative AI based processor supports date and currency normalization but it defaults to US date format and USD respectively in case the values are ambiguous. In other words, if a date can be parsed in mm/dd/yyyy and dd/mm/yyyy formats, it will use mm/dd/yyyy format for normalization. Similarly if $ can be mean USD or CAD, it would default to USD.
For more information, go to the Entity Normalization page.
GKE support for Hyperdisk ML as an attached persistent disk option is now generally available. Support is available for both Autopilot and Standard clusters running GKE versions 1.30.2-gke.1394000 and later.
On April 30, 2024, the 4.x versions of Migrate for Compute Engine reached end of life, and the product was deprecated on Google Cloud.
To migrate your virtual machines (VMs) to Compute Engine, use Migrate to Virtual Machines.
You can attach tags to secrets to conditionally grant or deny access to Secret Manager resources. For example, you can conditionally grant Identity and Access Management (IAM) roles based on whether a secret has a specific tag. This feature is in Preview. For more information, see Create and manage tags.
reCAPTCHA Mobile SDK v18.6.0 is now available for Android.
This version contains the following changes:
- A new API,
fetchClient
, is available that provides built-in retries for network issues. - Bug fixes and improvements.
August 20, 2024
Access TransparencyAccess Transparency supports Colab Enterprise in the GA stage.
Access Transparency supports Cloud Interconnect in the GA stage.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-39503
For more details, see the GCP-2024-047 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-39503
For more details, see the GCP-2024-047 security bulletin.
Backup and DR Service hotfixes hf-11.0.12.3217
, hf-11.0.12.3218
, and hf-11.0.12.3219
automatically update backup/recovery appliances. These hotfixes address the following issues:
- Oracle DB application backups wait indefinitely for in-progress log backups to complete. These log backups, in turn, cannot obtain a lock mutex to discover the backup staging LUNs, resulting in an indefinite hang. This issue occurs when the size of the application transaction logs exceeds the log backup staging size.
- Cloud stats are repeatedly logged into the enginemgr log and increase log usage.
You can now perform
anomaly detection
with BigQuery ML
multivariate time series (ARIMA_PLUS_XREG
) models.
This feature lets you detect anomalies in historical time series data or in new data with multiple feature columns. You can try this feature by using the
Perform anomaly detection with a multivariate time-series forecasting model
tutorial. This feature is
generally available
(GA).
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Getting all FHIR Encounter resource details is available in Preview.
Config Controller now uses the following versions of its included products:
- Config Connector v1.121.0, release notes
- Config Sync v1.18.3, release notes
cos-beta-117-18613-0-3
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.44 | v24.0.9 | v1.7.20 | See List |
Updates to Major Packages:
Upgraded app-admin/node-problem-detector to v0.8.19.
Upgraded app-admin/google-guest-configs to v20240607.00.
Upgraded app-admin/logrotate to v3.22.0.
Upgraded app-containers/docker-credential-helpers to v0.8.2.
Upgraded app-admin/google-guest-agent to v20240716.00.
Upgraded app-admin/google-osconfig-agent to v20240501.00.
Upgraded Konlet to v.0.12.0. This fixes an iptables compatibility issue.
Upgraded go to version 1.22.3.
Upgraded sys-boot/grub-lakitu to the FC 39's current version.
Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.
Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.
Updated app-containers/nvidia-container-toolkit to v1.14.6.
Upgraded app-emulation/cloud-init to v23.4.3.
Updated sys-apps/systemd to v254.9.
Updated app-emulation/kubernetes to v1.30.3.
Updated docker-credential-gcr to v2.1.22.
Updated app-containers/runc to v1.1.12.
Updated net-misc/openssh to v9.6_p1-r1.
Updated toolbox to v20230714.
Upgraded app-admin/fluent-bit to v3.1.3.
New Features and Changes in the Linux Kernel:
Runtime sysctl changes:
- Added: dev.tty.legacy_tiocsti: 1
- Added: kernel.io_uring_group: -1
- Added: kernel.kexec_load_limit_panic: -1
- Added: kernel.kexec_load_limit_reboot: -1
- Added: kernel.loadpin.enforce: 1
- Added: net.core.mem_pcpu_rsv: 256
- Added: net.core.rps_default_mask: 00
- Added: net.ipv4.tcp_plb_cong_thresh: 128
- Added: net.ipv4.tcp_plb_enabled: 0
- Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
- Added: net.ipv4.tcp_plb_rehash_rounds: 12
- Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
- Added: net.ipv4.tcp_rto_min_us: 200000
- Added: net.ipv4.tcp_shrink_window: 0
- Added: net.ipv4.tcp_syn_linear_timeouts: 4
- Added: net.ipv4.udp_child_hash_entries: 0
- Added: net.ipv4.udp_hash_entries: 4096
- Added: net.ipv6.conf.all.accept_ra_min_lft: 0
- Added: net.ipv6.conf.default.accept_ra_min_lft: 0
- Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
- Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
- Added: net.ipv6.icmp.error_anycast_as_unicast: 0
- Added: vm.memfd_noexec: 0
- Added: kernel.io_uring_disabled: 0
- Added: fs.overflowgid: 65534
- Changed: net.core.optmem_max: 131072 -> 20480
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
- Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
- Changed: fs.fanotify.max_user_marks: 67560 -> 67544
- Changed: fs.file-max: 811776 -> 811724
- Changed: fs.inotify.max_user_watches: 63441 -> 63425
- Changed: kernel.threads-max: 63503 -> 63487
- Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
- Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
- Changed: user.max_cgroup_namespaces: 31751 -> 31743
- Changed: user.max_fanotify_marks: 67560 -> 67544
- Changed: user.max_inotify_watches: 63441 -> 63425
- Changed: user.max_ipc_namespaces: 31751 -> 31743
- Changed: user.max_mnt_namespaces: 31751 -> 31743
- Changed: user.max_net_namespaces: 31751 -> 31743
- Changed: user.max_pid_namespaces: 31751 -> 31743
- Changed: user.max_time_namespaces: 31751 -> 31743
- Changed: user.max_user_namespaces: 31751 -> 31743
- Changed: user.max_uts_namespaces: 31751 -> 31743
- Changed: net.ipv6.route.max_size: 4096 -> 2147483647
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
- Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
Added support for iSCSI targets and RAM block devices.
Added support for dm-zero and dm-clone.
Enabled support for MGLRU in the Linux kernel.
Enabled vrf, ip_gre, and ip6_gre modules.
Updated the Linux kernel to v6.6.44.
New Features and Changes in the Image:
Disable NVIDIA persistence mode with -no-verify flag
Added support for TPU v6 devices.
Updated cos-gpu-installer to v2.3.5.
Added the package revision number to the SSH banner in net-misc/openssh.
Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".
Mount efivarfs fs by default on EFI-enabled systems.
Added igzip CLI tool.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Removed support for NVIDIA 470 drivers.
Fixed bug that cause constant restarts in fluent-bit stackdriver plugin.
Installed the google_optimize_local_ssd script.
Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.
Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.
Added NVIDIA GPU drivers R550 branch and updated latest to 550.54.14.
Fixed a bug in google-guest-agent service enablement.
Fixed integrity-fs dm-crypt creation flakiness.
Added automatic generation of known modules list to image build process.
Included nvidia plugin into sosreport.
Fixed a time-to-login slowdown introduced by cloud-init changes.
Changed default umask value for a user to 027.
Removed legacy logging agent (fluentd).
Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.
Enhanced integrity-fs with disk resize and dm-clone.
Removed deprecated R525 NVIDIA GPU drivers.
Added more service logs to the default Cloud Logging configuration.
Allow GPU driver installation on dev-channel images without the -test flag.
CVE/Security Fixes:
Fixed CVE-2024-39894 in net-misc/openssh.
Upgraded sys-apps/dbus to v1.14.10-r192. This fixes CVE-2023-34969.
Upgraded dev-lang/go to v1.22.4. This fixes CVE-2023-39323, CVE-2023-44487, CVE-2023-39325, CVE-2024-24790 and CVE-2024-24789.
Fixed CVE-2024-35195 in dev-python/requests.
Updated R550, latest driver to v550.90.07. This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.
Updated R535, default driver to v535.183.01. This fixes CVE‑2024‑0090 and CVE‑2024‑0092.
Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.
Fixed CVE-2023-4641 in sys-apps/shadow.
Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.
Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.
Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.
Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.
Fixed CVE-2024-34459 in the libxml2 package.
Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.
Fixed CVE-2023-32681 in dev-python/requests.
Fixed CVE-2024-3772 in dev-python/pydantic.
Fixed CVE-2023-5388 in dev-libs/nss.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.
Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2023-38545, CVE-2024-7264, CVE-2024-6197.
Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.
Fixed CVE-2024-28182 in net-libs/nghttp2.
Upgraded docker to v24.0.9. This fixes CVE-2024-24557.
Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in sys-boot/shim.
Fixed CVE-2023-40551 in sys-boot/shim.
Fixed CVE-2023-40547 in sys-boot/shim.
Updated dev-libs/openssl to v3.0.14. This resolves CVE-2024-0727, CVE-2023-6129, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741 and CVE-2024-5535.
Fixed CVE-2024-0684 in sys-apps/coreutils.
Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.
Fixed CVE-2024-23851 in the Linux kernel.
Fixed CVE-2024-21626 in app-containers/runc.
Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.
Updated dev-go/net to v0.27.0. This resolves CVE-2023-44487, CVE-2023-39325 and CVE-2023-45288.
Updated app-editors/vim, app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.
Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.
Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.
Fixed CVE-2023-4016 in sys-process/procps.
Fixed CVE-2023-1255 in the dev-libs/openssl package.
Update dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.
Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.
Fixed CVE-2024-39472 in the linux kernel.
Updates for Minor Packages:
Upgraded app-containers/cni-plugins to v1.5.1.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.
Upgraded chromeos-base/shill-client to v0.0.1-r4612.
Upgraded chromeos-base/debugd-client to v0.0.1-r2707.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.
Upgraded chromeos-base/minijail to v18-r142.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.
Upgraded dev-embedded/libftdi to v1.5-r7.
Upgraded sys-apps/pv to v1.8.10.
Upgraded net-dns/c-ares to v1.31.0.
Upgraded dev-python/pygobject to v3.46.0-r1.
Upgraded dev-db/sqlite to v3.46.0.
Upgraded dev-libs/nss to v3.97.
Upgraded sys-apps/hwdata to v0.383.
Upgraded net-misc/rsync to v3.3.0-r1.
Upgraded sys-apps/findutils to v4.10.0.
Upgraded sys-libs/libseccomp to v2.5.5-r1.
Upgraded sys-apps/ethtool to v6.9.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.
Fixed glibc-2.36 build errors in sys-boot/syslinux.
Upgraded sys-apps/makedumpfile to v1.7.5.
Upgraded app-admin/sosreport to v4.7.1.
Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.
Upgraded sys-apps/rootdev to v0.0.1-r50.
Upgraded dev-util/puffin to v1.0.0-r451.
Upgraded dev-libs/double-conversion to v3.3.0.
Upgraded sys-apps/sed to v4.9-r1.
Upgraded sys-process/procps to v4.0.4-r1.
Upgraded sys-fs/e2fsprogs to v1.47.0-r3.
Upgraded sys-libs/libcap to v2.70.
Upgraded dev-python/jinja to v3.1.4.
Upgraded net-libs/gnutls to v3.8.6.
Upgraded sys-apps/dmidecode to v3.6.
Upgraded sys-fs/xfsprogs to v6.8.0.
Upgraded sys-apps/less to v661.
Upgraded sys-apps/acl to v2.3.2-r1.
Upgraded sys-apps/grep to v3.11-r1.
Upgraded net-libs/libtirpc to v1.3.4-r2.
Upgraded sys-apps/gentoo-functions to v1.6.
Upgraded net-misc/wget to v1.24.5.
Upgraded dev-libs/libusb to v1.0.27-r1.
Upgraded sys-libs/timezone-data to v2024a-r1.
Upgraded sys-libs/libcap-ng to v0.8.5.
Removed net-libs/grpc.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Updated dev-go/pprof to v0.0.0_p20230811.
Updated dev-go/go-tools to v0.16.2_p20231218.
Updated dev-go/term to v0.15.0.
Updated dev-go/go-sys to v0.15.0.
Updated dev-go/sync to v0.5.0.
Updated dev-go/mod to v0.14.0.
Updated dev-go/demangle to v0.0.0_p20230524.
Updated dev-go/go-arch to v0.6.0.
Upgraded chromeos-base/vm_protos to v0.0.1-r563.
Upgraded chromeos-base/hiberman-client to v0.0.1-r470.
Upgraded app-benchmarks/bootchart to v0.9.2-r5.
Downgraded app-misc/ca-certificates to v20230311.3.96.1.
Upgraded sys-auth/pambase to v20240128.
Upgraded net-misc/chrony to v4.5.
Upgraded chromeos-base/system_api to v0.0.1-r5653.
Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.
Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.
Upgraded sys-fs/squashfs-tools to v4.6.1.
Upgraded sys-apps/sandbox to v2.29-r1.
Upgraded app-arch/xz-utils to v5.4.6-r1.
Upgraded dev-util/bsdiff to v4.3.1-r42.
Upgraded app-arch/pigz to v2.8.
Upgraded sys-apps/coreutils to v9.3-r1.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded sys-apps/file to v5.45-r4.
Upgraded sys-libs/timezone-data to v2024a.
Upgraded sys-libs/zlib to v1.3.1-r1.
Updated gzip to v1.13-r1.
Upgraded app-eselect/eselect-iptables to v20220320.
Upgraded sys-libs/libcap-ng to v0.8.4-r1.
Upgraded dev-python/netifaces to v0.11.0-r2.
Upgraded sys-libs/gdbm to v1.24.
Updated protobuf-legacy-api to v1.5.4.
cos-dev-121-18623-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.46 | v24.0.9 | v1.7.20 | See List |
Upgraded app-admin/google-guest-configs to v20240725.00.
Upgraded app-containers/docker-credential-gcr to v2.1.23.
Updated app-emulation/kubernetes to 1.30.3.
Upgraded app-admin/google-guest-agent to v20240716.00.
Upgraded app-admin/fluent-bit to v3.1.3.
Upgraded app-emulation/kubernetes to 1.29.7.
Upgraded app-containers/containerd to 1.7.20.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2797.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r638.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2943.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2442.
Upgraded chromeos-base/debugd-client to v0.0.1-r2708.
Upgraded chromeos-base/shill-client to v0.0.1-r4637.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.
Upgraded chromeos-base/debugd-client to v0.0.1-r2707.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.
Upgraded chromeos-base/shill-client to v0.0.1-r4612.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.
Upgraded app-arch/lz4 to v1.10.0-r1.
Upgraded net-libs/libtirpc to v1.3.4-r3.
Upgraded sys-apps/gentoo-functions to v1.7.1.
Upgraded dev-libs/nss to v3.103.
Upgraded sys-apps/pv to v1.8.12.
Upgraded app-arch/gzip to v1.13-r1.
Upgraded net-libs/gnutls to v3.8.6.
Upgraded net-misc/rsync to v3.3.0-r1.
Upgraded sys-apps/less to v661.
Upgraded sys-libs/gdbm to v1.24.
Upgraded dev-libs/nss to v3.102.
Upgraded the Linux kernel to v6.6.46.
Added more service logs to the default Cloud Logging configuration.
Allowed GPU driver installation on dev-channel images without the -test flag.
Updated protobuf-legacy-api to v1.5.4.
Downgraded sys-apps/ethtool to v6.7.
Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.
Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.
Updated dev-go/net to v0.27.0. This fixes CVE-2023-45288.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.
Runtime sysctl changes:
- Changed: fs.file-max: 811776 -> 811814
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
cos-113-18244-151-23
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | See List |
Upgraded sys-apps/pv to v1.8.12.
Downgraded setuptools to v65.6.3. Cherry-picked upstream fix for CVE-2024-6345.
Fixed CVE-2024-6602 in dev-libs/nss
Runtime sysctl changes:
- Added: vm.unprivileged_userfaultfd: 0
- Changed: fs.file-max: 812026 -> 812045
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
cos-109-17800-309-20
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | See List |
Fixed CVE-2024-6602 in dev-libs/nss.
Downgraded setuptools to v65.6.3. Cherry-picked upstream fix for CVE-2024-6345.
Runtime sysctl changes:
- Added: vm.unprivileged_userfaultfd: 0
- Changed: fs.file-max: 812257 -> 812229
- Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000
cos-105-17412-448-12
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | See List |
Fixed CVE-2024-6602 in dev-libs/nss.
Runtime sysctl changes:
- Added: vm.unprivileged_userfaultfd: 0
- Changed: fs.file-max: 812708 -> 812707
M124 release
- Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 container images are now available.
M124 release
- Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 VM images are now available.
1.31 is now available in the Rapid channel
Kubernetes 1.31 is now available in the Rapid channel. For more information about the content of Kubernetes 1.31, read the Kubernetes 1.31 Release Notes.
New features
The following features are new in Kubernetes 1.31:
- Field selectors for custom resources is beta and enabled by default.
- matchLabelKeys and mismatchLabelKeys for Pod Affinity and Pod Anti Affinity are beta and enabled by default.
- Traffic distribution for Services is beta and enabled by default.
- Transition kubectl from SPDY to WebSockets is beta and enabled by default.
- Recursive Read-only (RRO) mounts is beta and enabled by default.
- Job success/completion policy is beta and enabled by default.
- Always Honor PersistentVolume Reclaim Policy is beta and enabled by default.
- procMount security context option is beta and enabled by default.
Deprecated APIs in 1.31
- The following Beta versions of graduated APIs were deprecated in 1.29 in favor of newer versions:
flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
- deprecated since 1.29, will no longer be served in 1.32
- instead, use
flowcontrol.apiserver.k8s.io/v1
, available since 1.29
- The
status.nodeInfo.kubeProxyVersion
field in the Node API is deprecated and will not be populated starting in v1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.
Deprecated in-tree volume support
- The Ceph CephFS (
kubernetes.io/cephfs
) and RBD (kubernetes.io/rbd
) volume plugins are deprecated since 1.28 and are removed in 1.31. To determine if you have volumes/pods using RBD or Ceph volumes, run the following commands. If either of them print output, then you are using a deprecated volume type.
kubectl describe pv | egrep \-i 'Type: \*(RBD|CephFS)'
kubectl describe pod \-A | egrep \-i 'Type: \*(RBD|CephFS)'
Switch to use an RBD or CephFS CSI driver (like the CSI drivers provided at https://github.com/ceph/ceph-csi/), or a Google Cloud-managed solution like Filestore.
For more information, refer to the OSS Kubernetes announcement and https://github.com/ceph/ceph-csi/
(2024-R31) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1051000
- 1.28.12-gke.1052000
- 1.29.7-gke.1104000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1082000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1082000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1174000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1174000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1058000 with this release.
Regular channel
- Version 1.29.7-gke.1104000 is now the default version in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.27.16-gke.1008000
- 1.28.11-gke.1315000
- 1.29.7-gke.1008000
- 1.30.2-gke.1587003
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
Stable channel
- Version 1.29.6-gke.1326000 is now the default version in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
Extended channel
- Version 1.29.7-gke.1104000 is now the default version in the Extended channel.
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1008000
- 1.28.11-gke.1315000
- 1.29.7-gke.1008000
- 1.30.2-gke.1587003
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
No channel
- Version 1.29.7-gke.1104000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.15-gke.1154000
- 1.27.16-gke.1008000
- 1.28.11-gke.1172000
- 1.28.11-gke.1315000
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-39503
For more details, see the GCP-2024-047 security bulletin.
The C4 machine family is generally available in the following versions:
- Standard clusters in version 1.29.2-gke.1521000 and later. To use this family in GKE Standard, you can use the
--machine-type
flag when creating a cluster or node pool. - Autopilot clusters in 1.30.3-gke.1225000 and later. To use this family in GKE Autopilot, you can use the Performance compute class when scheduling your workloads.
- Cluster autoscaler and node auto-provisioning are supported in 1.30.3-gke.1225000 and later.
(2024-R31) Version updates
- Version 1.29.7-gke.1104000 is now the default version in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.27.16-gke.1008000
- 1.28.11-gke.1315000
- 1.29.7-gke.1008000
- 1.30.2-gke.1587003
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
(2024-R31) Version updates
- Version 1.29.6-gke.1326000 is now the default version in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
(2024-R31) Version updates
- Version 1.29.7-gke.1104000 is now the default version in the Extended channel.
- The following versions are no longer available in the Extended channel:
- 1.27.16-gke.1008000
- 1.28.11-gke.1315000
- 1.29.7-gke.1008000
- 1.30.2-gke.1587003
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
(2024-R31) Version updates
- Version 1.29.7-gke.1104000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.15-gke.1154000
- 1.27.16-gke.1008000
- 1.28.11-gke.1172000
- 1.28.11-gke.1315000
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
(2024-R31) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1051000
- 1.28.12-gke.1052000
- 1.29.7-gke.1104000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1082000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1082000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1090000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1174000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1174000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1058000 with this release.
BigQuery subscriptions with use table schema
enabled now support type conversions for DATE
, TIME
, DATETIME
, TIMESTAMP
, NUMERIC
, and BIGNUMERIC
data types. For more information about these conversions, see the Use table schema documentation.
Pub/Sub has increased the limit on schema definition size to 300 KB. For more information, see Resource limits.
Cloud Storage subscriptions now support using the schema of the Pub/Sub topic to which the subscription is attached when writing Avro files. For more information, see the file format documentation.
Secret Manager add-on for Google Kubernetes Engine (GKE) is now generally available (GA). With the add-on, you can access the secrets stored in Secret Manager as volumes mounted in Kubernetes Pods. You can install the Secret Manager add-on on both Standard clusters and Autopilot clusters. The Secret Manager add-on is a Google managed and officially supported version of the open source Kubernetes Secrets Store CSI driver.
For more information, see Use Secret Manager add-on with Google Kubernetes Engine.
Preview stage support for the following integration:
M124 release
The M124 release of Vertex AI Workbench user-managed notebooks includes the following:
- Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 user-managed notebooks instances are now available.
- Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.
August 19, 2024
Access TransparencyAccess Transparency supports Filestore in the GA stage.
Timeouts when deploying API proxies and shared flows
The following endpoints may experience timeouts when used with a high volume of queries per second (QPS):
- organizations.environments.apis.revisions.
deployments.deploy - organizations.environments.apis.revisions.
deployments.undeploy - organizations.environments.sharedflows.revisions.
deployments.deploy - organizations.environments.sharedflows.revisions.
deployments.undeploy
To reduce the likelihood of timeouts, we recommend a target of three QPS when using these endpoints.
To track the status of this issue, see Apigee Known Issues.
You can now view your BigQuery insights and recommendations using the Recommendations page in the Google Cloud console. You can also view your BigQuery insights and recommendations using the following INFORMATION_SCHEMA
views:
These features are now in preview.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-bigtable
2.26.0 (2024-08-12)
Features
- Add fields and the BackupType proto for Hot Backups (#1010) (b95801f)
- Add MergeToCell to Mutation APIs (f029a24)
- Add min, max, hll aggregators and more types (f029a24)
- Async execute query client (#1011) (45bc8c4)
Bug Fixes
Documentation
Setting specific rules in Binary Authorization policies is generally available (GA) as of September 28, 2023.
Cloud Build support for custom organization policies is now generally available.
Custom organization policies let you define constraints for programmatic, fine-grained control over your organization's resources. You can set these policies at the organization, folder, or project level.
To learn more, see Manage Cloud Build resources with custom constraints.
Generally available: General purpose C4 VMs on the Intel Emerald Rapids CPU. The C4 machine series offers consistently high performance with up to 192 vCPUs and 1.5 TB of DDR5 memory, and support for Hyperdisk storage.
C4 VMs are available in the following regions and zones:
- Singapore -
asia-southeast1-a,b
- Belgium -
europe-west1-b,c
- Netherlands -
europe-west4-a,b,c
- Iowa -
us-central1-a,b,c
- South Carolina -
us-east1-b,c,d
- Virginia -
us-east4-a,b,c
You can now use Quality AI as a preview feature within the Insights console to evaluate contact center conversations and agent performance more efficiently. See the Overview, Basics, Setup Guide, and Best Practices pages for more details.
New Dataproc on Compute Engine subminor image versions:
- 2.0.114-debian10, 2.0.114-rocky8, 2.0.114-ubuntu18
- 2.1.62-debian11, 2.1.62-rocky8, 2.1.62-ubuntu20, 2.1.62-ubuntu20-arm
- 2.2.28-debian12, 2.2.28-rocky9, 2.2.28-ubuntu22
syslog
is now available for Dataproc cluster nodes in Cloud Logging. See Dataproc logs for cluster and job log information.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-datastore
2.20.1 (2024-08-14)
Bug Fixes
(New guide) Use generative AI for utilization management: A reference architecture for health insurance companies to automate prior authorization (PA) request processing and improve their utilization review (UR) processes.
Cloud Deploy is now available in the following region: africa-south1
(Johannesburg)
The Sovereign Controls Foundation by CNTXT and Sovereign Controls Advanced by CNTXT partner offerings are now generally available.
The ability to create a Vertex AI Workbench instance based on a custom container is now generally available. Only custom containers derived from the Google-provided base container are supported. For more information, see Create an instance using a custom container.
August 18, 2024
Application IntegrationIn the Application Integration editor, you can now search, browse, and select tasks and connectors in the Tasks list. For more information, see Add a Connectors task.
Release Notes 6.3.16 is currently in Preview.
Unable to edit, delete or export custom integration (ID #52403533)
Remote Agents 2.1.0 is currently in Preview
Agent logs are now consolidated in one location: /opt/SiemplifyAgent/Logs
.
Agent source code logs are located in agent.log
python scripts logs are located in python.log
Release 6.3.15 is now in General Availability.
August 17, 2024
Google SecOps SIEMThe documentation for the SIEM product is currently undergoing a makeover. The upper tabs for the table of contents have been removed and the table of contents for SIEM now appears at the bottom of the left hand navigation bar.
In addition, labels have been added to the top of each page that let you know if the specific page is relevant for SIEM. You can click on the label to reach the SIEM table of contents.
The documentation for the SOAR product is currently undergoing a makeover. The upper tabs for the table of contents have been removed and the table of contents for SOAR now appears at the bottom of the left hand navigation bar.
In addition, labels have been added to the top of each page that let you know if the specific page is relevant for SOAR. You can click on the label to reach the SOAR table of contents.
August 16, 2024
AlloyDB for PostgreSQLThe AlloyDB Omni Kubernetes Operator version 1.1.0 lets you configure a load balancer using annotations.
On August 16, 2024, we released an updated version of Apigee (1-13-0-apigee-3).
Bug ID | Description |
---|---|
324418891 | Added improvements to the MessageLogging policy to avoid potential downtime and deployment failures. |
351068926 | Updated the error format, fault status, and status code returned (from 500 to 404 ) in cases where an invalid authorization code causes an error. |
Documentation has been added to explain how to export job information. Exporting a job's information is useful when you want to retain the information after a job is deleted or analyze the information outside of Batch. For more information, see Export job information.
Error Reporting can now analyze log entries that have been routed to a log bucket in a non-global region, provided the log sink is in the same project as the log bucket.
(New guide) Migrate from Amazon RDS and Amazon Aurora for MySQL to Cloud SQL for MySQL: Describes how to design, implement, and validate a plan to migrate from Amazon RDS or Amazon Aurora to Cloud SQL for MySQL.
Architecting disaster recovery for cloud infrastructure outages: Added DR guidance for Organization Policy Service.
In GKE version 1.29.7-gke.1238000-1.30, and 1.30.3-gke.1571000 or later, node pools use regional instance templates instead of global instance templates. To learn more, see Regional and global instance templates.
You can now create static overlays and position them on top of a live stream.
New SAP certifications: C4 series of general-purpose machine types
For use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads, SAP has certified the Compute Engine C4 series of general-purpose machine types.
For more information, see the following:
Vertex AI Search: Search tuning (GA)
Search tuning for unstructured data stores is Generally available (GA). You can upload training files to tune the model for your search app.
Search tuning supports Data Residency; you can tune data stores in the US and EU multi-regions as well as global data stores.
For information, see Improve search results with search tuning.
reCAPTCHA Mobile SDK v18.6.0-beta02 is now available for iOS.
This version contains bug fixes and improvements.
August 15, 2024
Apigee UIOn August 15, 2024, we released an updated version of the Apigee UI.
Bug ID | Description |
---|---|
356453519 | Fixed issue with the display of shared flow detail pages. In some cases, detail pages for shared flows with names containing a space (" ") would not display and resulted in UI errors. |
355674677 | Fixed infinite redirect loop after Subscription org provisioning. Clicking the Continue button in the final step of the Subscription organization provisioning flow resulted in an infinite redirect loop. |
On August 15, 2024 documentation was added describing how to provision Apigee in the Google Cloud console.
See Get started in the Google Cloud console for more information.
Apigee provisioning for Subscription orgs is now performed in the Google Cloud console.
Extended support pricing is now available for Cloud SQL for MySQL. To view pricing details, see Cloud SQL pricing.
For more information about extended support, see Extended support for Cloud SQL.
For more information about extended support timelines, see Database versions and version policies.
Extended support pricing is now available for Cloud SQL for PostgreSQL. To view pricing details, see Cloud SQL pricing.
For more information about extended support, see Extended support for Cloud SQL.
For more information about extended support timelines, see Database versions and version policies.
If your Cloud SQL Enterprise edition instance stores the transaction logs used for point-in-time recovery (PITR) on disk, then when you do an in-place upgrade to Cloud SQL Enterprise Plus edition the storage location for the transaction logs is switched to Cloud Storage. For more information, see Upgrade an instance to Cloud SQL Enterprise Plus edition by using in-place upgrade.
To check where your instance stores the transaction logs used for PITR, see Use point-in-time recovery (PITR).
New Dataproc Serverless for Spark runtime versions:
- 1.1.76
- 1.2.20
- 2.0.84
- 2.2.20
Dialogflow CX: You can now configure sensitivity levels of safety filters with respect to different Responsible AI (RAI) categories.
Vertex AI Agents: OpenAPI tool authentication now supports custom client certificates for mutual TLS authentication.
Eventarc support for creating triggers for direct events from Apigee API hub is generally available (GA).
(New guide) Manage and scale networking for Windows applications that run on managed Kubernetes: Discusses how to manage networking for Windows applications that run on Google Kubernetes Engine using Cloud Service Mesh and Envoy gateways. This reference architecture is accompanied by a deployment guide.
Looker (Google Cloud core) customers can now create a Looker (Google Cloud core) instance with Private Service Connect. To create a Private Service Connect instance, ensure that you have received confirmation from your sales representative that your project has been added to the allowlist for Private Service Connect.
New Looker and Looker Studio shared terms and concepts glossary
A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.
Sort list controls by any metric
List controls now support sorting the options on any metric, rather than just the reference metric.
The IAM recommender generates policy insights and role recommendations for the following identities:
- All identities in a workload identity pool
- Single identity in a workload identity pool
- All identities in a workforce identity pool
- Single identity in a workforce identity pool
- All Google Kubernetes Engine Pods that use a specific Kubernetes service account
To learn more, see Availability. This feature is generally available.
Google Cloud's Agent for SAP version 3.5
Version 3.5 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements to support Workload Manager's observability service for SAP, metric enhancements, and some minor fixes.
For more information, see What's new with Google Cloud's Agent for SAP.
Install new version of the Security Command Center Enterprise use case
The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation
use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by the date August 15, 2024, provides updates to the security operations features of the Enterprise tier of Security Command Center.
For installation instructions, see Update Enterprise use case, August 2024.
The PHONE_NUMBER
infoType functionality that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model includes US_TOLLFREE_PHONE_NUMBER
findings as type PHONE_NUMBER
in the scan results.
To enable the new functionality, leave InfoType.version
unset, or set it to latest
or stable
. To use the old functionality, set InfoType.version
to legacy
. You can continue to use the legacy functionality for 90 days.
August 14, 2024
AlloyDB for PostgreSQLThe AlloyDB Omni Kubernetes Operator version 1.0.0 and later lets you schedule matching new database Pods to nodes to balance node distribution across the AlloyDB Omni cluster and help optimize performance.
You can now get lower latency for small queries with the new short query optimized mode. BigQuery automatically determines which queries may be accelerated while other queries continue to run like before. This feature is now in preview.
Beginning with the release of January 2024 data, Google Cloud Carbon Footprint has adopted a semi-annual methodology improvement schedule, with updates planned for January and July data releases each year.
For the July 2024 data release (in mid-August 2024), we have upgraded the carbon model to version 11 and implemented the following updates:
Updating Scope 1 & 3 emissions from Google's corporate footprint:
Updated Scope 1 & 3 allocation factors using latest Google company-wide data from 2024 Google Environmental Report. See the non-electricity emission sources section of methodology documentation on how we apply these Scope 1 & 3 emissions across Google products and services.
Notably, expanded the Scope 1 & 3 inventory boundary to include the following for a more comprehensive emissions inventory:
- HVAC fugitive emissions
- Additional emissions categories of transmission & distribution (T&D) loss
- Extraction and transportation of fuels used to generate grid electricity
Updating renewable electricity percentage for Scope 2 market-based emissions from Google's corporate footprint:
- Updated annual renewable electricity percentage from Google's clean energy procurement, in accordance with 2024 Google Environmental Report, as an input for Scope 2 market-based emissions. Note that Scope 2 location-based emissions are estimated using hourly greenhouse gas emissions factors. Read more about the difference in methodology between Scope 2 location-based and market-based emissions in the methodology document.
Improving allocation of shared internal AI/ML resources:
- Improved the treatment of central machine learning compute resources and workloads across Google products and services, including corrected central resource impact to the following Google Cloud services:
- Cloud Natural Language
- Translate
- Cloud Vision API
- Cloud Speech API
- Cloud Dialogflow API
- Vertex AI
- Cloud AutoML
- Cloud Machine Learning Engine
- Video Stitcher API
- Cloud Video Intelligence API
- Notebooks
- Cloud Text-to-Speech API
Improving data accuracy:
- Improved data center PUE mapping and energy allocation to internal services.
The notebook scheduler is now generally available. See Schedule a notebook run.
(2024-R30) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1008000
- 1.28.11-gke.1315000
- 1.29.7-gke.1008000
- 1.30.2-gke.1587003
- 1.30.3-gke.1451000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
Regular channel
- Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
Stable channel
- Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
Extended channel
- Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
No channel
- Version 1.29.7-gke.1008000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.5-gke.1091002
- 1.30.1-gke.1329003
- 1.30.3-gke.1451000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
We've identified a potential issue that may cause downtime for traffic coming to your GKE managed Internal passthrough Network Load Balancers, after certain cluster operations like node upgrades. This issue specifically affects clusters with GKE Subsetting and Services with externalTrafficPolicy=Cluster
.
This issue is more likely to occur in clusters with more than 25 nodes. To prevent this issue altogether, we recommend updating your Service configuration to use externalTrafficPolicy=Local
. If you're already experiencing downtime, scale up the number of pods backing your LoadBalancer to provide immediate relief. A fix for this issue will be available in upcoming GKE releases.
(2024-R30) Version updates
- Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1008000
- 1.28.11-gke.1315000
- 1.29.7-gke.1008000
- 1.30.2-gke.1587003
- 1.30.3-gke.1451000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
(2024-R30) Version updates
- Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
(2024-R30) Version updates
- Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
(2024-R30) Version updates
- Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
(2024-R30) Version updates
- Version 1.29.7-gke.1008000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.5-gke.1091002
- 1.30.1-gke.1329003
- 1.30.3-gke.1451000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
Looker 24.14 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, August 19, 2024
Expected Looker (original) final deployment and download available: Thursday, August 29, 2024
Expected Looker (Google Cloud core) deployment start: Monday, August 19, 2024
Expected Looker (Google Cloud core) final deployment: Saturday, September 7, 2024
The Edit Connection page URL has been changed from admin/next/connections/:id
to admin/next/connections/:id/edit
. The Looker UI will not change, but any scripts or hyperlinks that you have created that reference the old URLs may break.
The presumed_looker_employee
property is now omitted from the user API response model. If you were relying on this functionality, migrate to use the verified_looker_employee
property instead.
The Chart Config Editor now supports a new Sankey chart type.
The Edit button appears only for model sets for which the user has edit access.
The Queries Admin page now contains a SQL Interface tab in the Details pop-up for queries that originate from the Open SQL Interface.
The Chart Config Editor now supports a Venn diagram chart type.
The Open SQL Interface is now generally available and the SQL Interface Looker Labs toggle is removed.
The Looker–Tableau BI Connector is now generally available. You can now use Tableau Desktop to connect to your Looker data.
The Looker IDE supports Vim and Emacs editors in addition to the default Looker IDE editor. You now can set your editor preference in the new IDE Settings page in the Looker IDE. Note: The IDE Settings page will be available in a future release.
The Looker IDE now supports text line wrapping in the IDE editor. Line wrapping is now the default behavior. You can turn off line wrap mode in the new IDE Settings page in the Looker IDE. Note: This feature will be available in a future release.
The Looker IDE now persists a user's IDE state, including the open LookML file in the file browser; the expanded or collapsed status of items in the file browser; the selected item in the IDE navigation bar (such as the file browser, Git actions, object browser, or project settings); and the sidebar item (such as the Quick Help panel, the Metadata panel, and the Project Health panel). You can remove the persistence by clicking the Reset IDE Layout button in the new IDE Settings page of the Looker IDE. Note: This feature will be available in a future release.
The LookML validator will no longer report inaccessible field errors for fields that are excluded from Explores.
System Activity queries that count Looker employee usage on your instance will no longer count Google employees that don't work on Looker products.
Performance has been improved for model preparation for models that use local import.
An issue has been fixed where some custom fields could not be deleted from the data table in an Explore. This feature now performs as expected.
An issue that caused some schedules to get indefinitely stuck in the scheduler queue has been fixed. This feature now performs as expected.
Previously, Look IDs were not always saved in the query metadata. This issue has been fixed, and this feature now performs as expected.
Previously, an issue caused some table calculations that referenced row totals to not appear in the series editor. This feature now performs as expected.
Previously, an issue could cause one invalid conditional data formatting rule to disable all conditional formatting rules for a series. This feature now performs as expected.
A previous issue with some Liquid variables would unnecessarily pull fields into the SQL query. This feature now performs as expected.
Rather than returning a 500 error as it would have previously, the sync_lookml_dashboard
endpoint will now return a 422 with a more informative error message if there is an issue with the LookML dashboard layout.
The custom field editor now displays an error when users attempt to enter a conditional formatting rule with more than three conditions.
Unqualified field references in Liquid will no longer trigger SQL dependencies if the value does not depend on the result set.
An issue has been fixed where an escaped single quote in a LookML string was being treated as the end of the string. The fix enables color formatting to be applied to the entire string.
An issue has been fixed where dashboard filters were applied to tile queries during tile editing. This feature now performs as expected.
An issue has been fixed where LookML details were exposed to users who did not have the see_lookml
permission.
An issue has been fixed where Looker would draw incorrect markers in the Google map visualization. This feature now performs as expected.
An issue with Exasol pivot queries has been fixed. This feature now performs as expected.
An issue with the User Activity dashboard has been resolved. This feature now performs as expected.
An issue with SSO logins has been fixed. This feature now performs as expected.
An issue has been fixed where the top-level item in an object tree was sometimes not expanded upon first loading. This feature now performs as expected.
An issue that could cause the LookML Validator to time out has been fixed. This feature now performs as expected.
Previously, a Validation or Query operation might fail if a measure did not have a type and used a sql_distinct_key
. This feature now performs as expected.
An issue has been fixed with the Denodo dialect where the TRUNC()
function could erroneously return a NULL value. This feature now performs as expected.
HighCharts error codes are now displayed in the UI rather than a blank visualization being rendered.
An issue has been fixed where unlocalized strings were rendered as "Bad Translation Key" when the project localization level was set to "permissive." This feature now performs as expected.
Looker can now use more efficient queries to determine the names of Redshift external schemas.
An issue has been fixed where, previously, a project could not be deleted because of a timeout on the Delete Confirmation page. This feature now performs as expected.
Previously, updating an OAuth client secret when there were multiple connections sometimes failed. This feature now performs as expected.
Previously, the PDT Admin panel could not be filtered by the status "Failed." This feature now performs as expected.
The editing experience in the Chart Config Editor is now more responsive.
A new progress bar, called the Explore query tracker, appears in the Explore UI when a query is running. You can toggle this off in the Labs features under Explore Query Tracker.
For Google BigQuery connections, Looker (Google Cloud core) can automatically use the OAuth application credentials that your Looker admin used when they created the Looker (Google Cloud core) instance. See the Looker (Google Cloud core) documentation for more information.
August 13, 2024
Apigee Advanced API SecurityOn August 13, 2024 we released an updated version of Advanced API Security.
Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.
Note: This functionality is not available in the me-central2
region at this time. See Available Apigee API Analytics Regions for region information. We will announce with a release note when that region is supported.
Public preview of Risk Assessment v2
This release introduces Risk Assessment v2 in preview. Risk Assessment v2 includes these improvements:
- Improved reliability: Faster score calculations with recent proxy data.
- Simplified score display: The new score is a percentage, where 100% means full alignment with the security profile.
For usage information and a list of all improvements and changes in v2, see Risk Assessment v2.
Cancel jobs is available in Preview.
Batch CentOS (batch-centos
) and Batch HPC CentOS (batch-hpc-centos
) have reached end of development due to the end of support (EOS) of Compute Engine CentOS 7 images on June 30, 2024.
The final image versions of these Batch OSes—batch-centos-7-official-20240628-00-p00
and batch-hpc-centos-7-official-20240628-00-p00
from June 28, 2024—are only supported until August 27, 2024. By then, migrate any job that uses Batch CentOS or Batch HPC CentOS to a different OS.
The documentation has been updated to clarify that a Batch OS stops being supported when its base Compute Engine OS is deprecated. This restriction only applies to Batch OSes that have not already reached the end of development as of the date of this notice.
For more information, see Restrictions for VM OS images.
You can now enable client-side metrics with the Bigtable client library for Go. Used in conjunction with server-side monitoring metrics, client-side metrics can provide a complete, actionable view of Bigtable performance. For more information, see Set up client-side metrics.
The Carbon footprint dashboard in the FinOps hub now includes market-based emissions data (preview)
Scope 2 market-based emissions data (preview) for the Carbon footprint dashboard are now available in the FinOps hub. The market-based emissions metric represents purchased electricity, incorporating Google's annual renewable energy purchases. You can use the data in the Carbon footprint dashboard to optimize your cloud spend and reduce your carbon impact.
To learn more about the methodology and the difference between location-based and market-based emission metrics, see the carbon footprint documentation.
(Airflow 2.7.3) Improved the reliability of connections between Airflow components and the Redis component.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.4
- composer-3-airflow-2.7.3-build.13
Cloud Composer 2.9.1 images are available:
- composer-2.9.1-airflow-2.9.1 (default)
- composer-2.9.1-airflow-2.7.3
Database Migration Service now supports migrations to MySQL minor version 8.0.37. See Supported source and destination databases in Cloud SQL for MySQL migrations.
Introducing log scopes. Log scopes are persistent, project-level resources that list a set of resources to be searched for log entries. For example, you might configure a log scope to contain multiple projects and several log views. If you select your log scope when using the Logs Explorer, it displays the log entries that originate in the specified projects and those in the specified log views.
You can create, edit, and delete log scopes. You can also set one log scope as the default log scope, which determines the resources that the Logs Explorer searches for log entries.
For more information, see Create and manage log scopes.
Google Distributed Cloud for VMware 1.29.400-gke.81 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.400-gke.81 runs on Kubernetes v1.29.6-gke.1800.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
Existing Seesaw load balancers now require TLS 1.2.
The following vulnerabilities are fixed in 1.29.400-gke.81:
High-severity container vulnerabilities:
- CVE-2024-0567
- CVE-2021-43816
- CVE-2022-23648
- CVE-2021-33194
- CVE-2021-30465
- CVE-2019-16884
- CVE-2022-48622
- CVE-2020-22218
Ubuntu vulnerabilities:
- CVE-2023-52752
- CVE-2024-25742
- CVE-2024-26886
- CVE-2024-26952
- CVE-2024-27017
- CVE-2024-36016
- CVE-2022-38096
- CVE-2023-52488
- CVE-2023-52699
- CVE-2023-52880
- CVE-2024-23307
- CVE-2024-24857
- CVE-2024-24858
- CVE-2024-24859
- CVE-2024-24861
- CVE-2024-25739
- CVE-2024-26629
- CVE-2024-26642
- CVE-2024-26654
- CVE-2024-26687
- CVE-2024-26810
- CVE-2024-26811
- CVE-2024-26812
- CVE-2024-26813
- CVE-2024-26814
- CVE-2024-26817
- CVE-2024-26828
- CVE-2024-26922
- CVE-2024-26923
- CVE-2024-26925
- CVE-2024-26926
- CVE-2024-26929
- CVE-2024-26931
- CVE-2024-26934
- CVE-2024-26935
- CVE-2024-26937
- CVE-2024-26950
- CVE-2024-26951
- CVE-2024-26955
- CVE-2024-26956
- CVE-2024-26957
- CVE-2024-26958
- CVE-2024-26960
- CVE-2024-26961
- CVE-2024-26964
- CVE-2024-26965
- CVE-2024-26966
- CVE-2024-26969
- CVE-2024-26970
- CVE-2024-26973
- CVE-2024-26974
- CVE-2024-26976
- CVE-2024-26977
- CVE-2024-26981
- CVE-2024-26984
- CVE-2024-26988
- CVE-2024-26989
- CVE-2024-26993
- CVE-2024-26994
- CVE-2024-26996
- CVE-2024-26999
- CVE-2024-27000
- CVE-2024-27001
- CVE-2024-27004
- CVE-2024-27008
- CVE-2024-27009
- CVE-2024-27013
- CVE-2024-27015
- CVE-2024-27016
- CVE-2024-27018
- CVE-2024-27019
- CVE-2024-27020
- CVE-2024-27059
- CVE-2024-27393
- CVE-2024-27395
- CVE-2024-27396
- CVE-2024-27437
- CVE-2024-35785
- CVE-2024-35789
- CVE-2024-35791
- CVE-2024-35796
- CVE-2024-35804
- CVE-2024-35805
- CVE-2024-35806
- CVE-2024-35807
- CVE-2024-35809
- CVE-2024-35813
- CVE-2024-35815
- CVE-2024-35817
- CVE-2024-35819
- CVE-2024-35821
- CVE-2024-35822
- CVE-2024-35823
- CVE-2024-35825
- CVE-2024-35847
- CVE-2024-35849
- CVE-2024-35851
- CVE-2024-35852
- CVE-2024-35853
- CVE-2024-35854
- CVE-2024-35855
- CVE-2024-35857
- CVE-2024-35871
- CVE-2024-35872
- CVE-2024-35877
- CVE-2024-35879
- CVE-2024-35884
- CVE-2024-35885
- CVE-2024-35886
- CVE-2024-35888
- CVE-2024-35890
- CVE-2024-35893
- CVE-2024-35895
- CVE-2024-35896
- CVE-2024-35897
- CVE-2024-35898
- CVE-2024-35899
- CVE-2024-35900
- CVE-2024-35902
- CVE-2024-35905
- CVE-2024-35907
- CVE-2024-35910
- CVE-2024-35912
- CVE-2024-35915
- CVE-2024-35918
- CVE-2024-35922
- CVE-2024-35925
- CVE-2024-35930
- CVE-2024-35933
- CVE-2024-35934
- CVE-2024-35935
- CVE-2024-35936
- CVE-2024-35938
- CVE-2024-35940
- CVE-2024-35944
- CVE-2024-35950
- CVE-2024-35955
- CVE-2024-35958
- CVE-2024-35960
- CVE-2024-35969
- CVE-2024-35970
- CVE-2024-35973
- CVE-2024-35976
- CVE-2024-35978
- CVE-2024-35982
- CVE-2024-35984
- CVE-2024-35988
- CVE-2024-35989
- CVE-2024-35990
- CVE-2024-35997
- CVE-2024-36004
- CVE-2024-36005
- CVE-2024-36006
- CVE-2024-36007
- CVE-2024-36008
- CVE-2024-36020
- CVE-2024-36025
- CVE-2024-36029
In GKE version 1.30 and later, there is a workaround in the PDCSI driver for privileged workloads that access container namespaces with hostpath. The workaround delays NodeUnstage until attached filesystems are no longer in use. Under certain conditions, the privileged hostpath workloads may cause a container's mount namespace to be retained longer than the container's lifecycle. The workaround addresses an issue where the driver could proceed with detaching a GCE persistent disk even if the block device filesystem is still in use.
With this fix, the PDCSI driver will validate that an attached block device is no longer in use prior to unmounting it from a GKE node.
Custom compute classes are a new set of capabilities in GKE that provide an API for fine-grained control over fallback compute priorities, autoscaling configuration, obtainability and node consolidation. Custom compute classes offer enhanced flexibility and control over your GKE compute infrastructure so that you can ensure optimal resource allocation for your workloads. You can use custom compute classes in GKE version 1.30.3-gke.1451000 and later. To learn more, see About custom compute classes.
Choosing a hosting option for a Looker (original) instance helps you understand the benefits and limitations of each hosting option — Looker-hosted or customer-hosted — so that you can make the best decision for their organization.
Looker (Google Cloud core) users now have access to the first-ever Learn Assistant panel on Google Cloud console pages. This panel provides tailored documentation and tutorials that are specifically related to the tasks or concepts covered on that console page.
A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.
A new multi-region instance configuration is now available in North America - nam16
(Iowa/Northern Virginia/Columbus).
August 12, 2024
Access ApprovalAccess Approval supports Cloud Armor in the GA stage.
Access Transparency supports Cloud Armor in the GA stage.
Customer Manager Encryption Key support is now available in preview for all Agent Assist features in regionalized environments, including all generative AI features. See the documentation for more details.
On August 12, 2024, we released a new version of Apigee.
We changed the maximum number of Apps per developer from 10 to 100. See the Limits page for more detail.
Note that using more than 10 apps per developer will result in latency when accessing flow variables referencing developer.apps
.
With this release, Apigee expanded its support for data residency to additional regions in Japan:
asia-northeast1
(Tokyo)asia-northeast2
(Osaka)
Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
A weekly digest of client library updates from across the Cloud SDK.
You can now use time series and range functions to support time series analysis. This feature is now generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-logging
3.11.1 (2024-08-06)
Bug Fixes
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.12.1 (2024-08-07)
Bug Fixes
Python
Changes for google-cloud-storage
2.18.2 (2024-08-08)
Bug Fixes
2.18.1 (2024-08-05)
Bug Fixes
The translation LLM and adaptive translation now support Arabic, Hindi, and Russian. For the full list of supported languages, see Supported languages.
cos-105-17412-448-8
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | v470.256.02(default),v550.90.07(latest) |
This is an LTS Refresh release.
Updated app-admin/google-guest-configs to 20240607.00.
Updated app-containers/containerd to 1.7.19.
Upgraded app-containers/cni-plugins to v1.4.1.
Upgraded sys-auth/pambase to v20240128.
Upgraded sys-apps/gentoo-functions to v0.19.
Upgraded dev-libs/nss to v3.100.
Upgraded dev-libs/re2 to v0.2022.12.01.
Upgraded app-arch/unzip to v6.0_p27-r1.
Upgraded dev-python/six to v1.16.0-r1.
Upgraded dev-python/netifaces to v0.11.0-r2.
Upgraded dev-lang/python-exec to v2.4.10.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Disable NVIDIA persistence mode with -no-verify flag.
Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.
Fixed CVE-2023-5678 in dev-libs/openssl.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Fixed CVE-2024-6345 in dev-python/setuptools.
Fixed CVE-2024-39894 in openssh.
Fixed CVE-2024-39472 in the Linux kernel.
Fixed CVE-2024-38577 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812698 -> 812708
cos-101-17162-528-12
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
This is an LTS Refresh release.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Disable NVIDIA persistence mode with -no-verify flag.
Fixed CVE-2024-6602 in dev-libs/nss.
Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Fixed CVE-2024-6345 in dev-python/setuptools.
Updated ncurses to 6.4_p20240414. This resolves CVE-2023-45918.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Fixed CVE-2024-39472 in the Linux kernel.
Fixed CVE-2024-42229 in the Linux kernel.
Fixed CVE-2024-42068 in the Linux kernel.
Fixed CVE-2024-42082 in the Linux kernel.
Fixed CVE-2024-38577 in the Linux kernel.
Fixes CVE-2024-36901 in the Linux kernel.
Fixes CVE-2024-39482 in the Linux kernel.
cos-109-17800-309-13
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Upgraded sys-apps/less to v661.
Downgraded sys-apps/ethtool to v6.3.
Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.
Fixed CVE-2024-39472 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812261 -> 812257
cos-113-18244-151-14
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Downgraded sys-apps/ethtool to v6.7.
Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.
Fixed CVE-2024-39472 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812030 -> 812026
Data lineage list view is available in preview. The lineage list view displays full lineage information in a single table. For more information, see Data lineage list view.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.12 (2024-08-08)
Bug Fixes
- dataflow: Update google.golang.org/api to v0.191.0 (5b32644)
Customer-Managed Encryption Keys (CMEK) in Dataform are generally available (GA). For more information, see Use customer-managed encryption keys.
You can now use Cloud External Key Manager (Cloud EKM) keys to protect Dataform data. Cloud EKM keys in Dataform are generally available (GA). For more information, see Using and managing external keys.
Data lineage list view is available in preview. The lineage list view displays full lineage information in a single table. For more information, see Data lineage list view.
New Dataproc Serverless for Spark runtime versions:
- 1.1.75
- 1.2.19
- 2.0.83
- 2.2.19
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-datastore
2.20.0 (2024-08-07)
Features
- Add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionStats (#521) (dfbee2d)
- Add new_transaction support (#499) (43855dd)
- Implement query profiling (#542) (1500f70)
- New PropertyMask field which allows partial commits, lookups, and query results (7fd218b)
Bug Fixes
Java
Changes for google-cloud-datastore
2.21.1 (2024-08-06)
Dependencies
2.21.0 (2024-07-31)
Features
(2024-R29) Version updates
There are no GKE cluster version updates in 2024-R29. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
There are no new releases in the Rapid channel.
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
There are no new releases in the Extended channel.
No channel
There are no updates for clusters not enrolled in a release channel.
(2024-R29) Version updates
There are no new releases in the Rapid channel.
(2024-R29) Version updates
There are no new releases in the Regular channel.
(2024-R29) Version updates
There are no new releases in the Stable channel.
(2024-R29) Version updates
There are no new releases in the Extended channel.
(2024-R29) Version updates
There are no updates for clusters not enrolled in a release channel.
You can attach tags to Identity and Access Management (IAM) service accounts to conditionally grant or deny access to specific service accounts. This feature is in Preview. For more information, see Creating and managing tags for service accounts.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.13.6 (2024-08-08)
Bug Fixes
- secretmanager: Update google.golang.org/api to v0.191.0 (5b32644)
Cloud Infrastructure Entitlement Management (CIEM) is generally available
CIEM helps you adhere to the principle of least privilege by providing a comprehensive look at the security of your identity and access configuration. It provides insight into details such as what permissions are associated with a given identity, what roles are not optimal (highly permissive), and what steps you can take to remediate potential misconfigurations.
For more information about CIEM, see Overview of Cloud Infrastructure Entitlement Management.
EC2 Vulnerability Assessment findings now support attack exposure scores
Software vulnerability
findings detected by EC2 Vulnerability Assessment for Amazon Web Services are now scored with attack path simulations. Use these attack exposure scores on vulnerabilities to proactively secure the resources that are the most valuable to your business. For more information, see Attack exposure scores.
VPC Flow Logs includes the following metadata annotations in General Availability:
src_gateway
anddest_gateway
src_google_service
anddest_google_service
load_balancing
network_service
psc
For more information, see Record Format.
August 11, 2024
Google SecOps SOARRelease 6.3.14 is now in General Availability.
Generative AI on Vertex AI supports CMEK, VPC Service Controls, and Data Residency. For more information, see Security controls.
August 10, 2024
Google SecOps SOARRelease 6.3.15 is currently in Preview.
Unable to upload ZIP files to the Case wall. (ID #52659859)
August 09, 2024
Access ApprovalAccess Approval supports Storage Transfer Service in the GA stage.
Private Service Connect and Organization Policy Service
You can create Contact Center AI Platform (CCAIP) instances that are configured for private access, which restricts access to them over the public internet. You can then set up Private Service Connect, which lets your agents, managers, and CCAIP administrators access the private instances. This is done using your own internal IP address, keeping your traffic within Google Cloud. Private Service Connect doesn't prevent end-users from contacting your contact center as they normally would. Private Service Connect is in Preview. For more information, see Set up Private Service Connect.
You can also use Google Cloud Organization Policy to get centralized, programmatic control over your organization's resources. If you want more granular, customizable control over the specific fields that are restricted in your organization policies, you can create custom constraints. For more information, see Manage Contact Center AI Platform resources using custom constraints .
Gemini on Vertex AI supports multiple response candidates. For details, see Generate content with the Gemini API.
Apache Kafka for BigQuery is now called Google Cloud Managed Service for Apache Kafka.
VMware Engine ve2-mega-64
node type is generally available in the australia-southeast1
region. For more information on the node type, see Node types. To use the node type in the australia-southeast1
region, contact your Google account team.
Google Cloud NetApp Volumes offers volume replication between the following region pairs for Flex service level:
europe-west1
(Belgium) andeurope-west8
(Milan)europe-west1
(Belgium) andeurope-west9
(Paris)europe-west8
(Milan) andeurope-west12
(Turin)
To learn more, see About volume replication.
reCAPTCHA Mobile SDK v18.6.0-beta01 is now available for iOS.
This version contains the following changes:
- A new API,
fetchClient
, is available that provides built-in retries for network issues. - Bug fixes and improvements.
August 08, 2024
AlloyDB for PostgreSQLEnhanced Query Insights and active queries are now available in Preview for read pool instances.
On August 8, 2024, we announced an increase in the recommended number of API basepaths per Apigee environment or environment group.
The recommended limit of API proxy basepaths per Apigee environment or environment group increased from 1,000 to 3,000. For more information, see the Environment and organization section of the Limits page.
Bug ID | Description |
---|---|
329304975, 301845257 | Limit on number of basepaths per environment Fixed issue with the number of total basepaths per environment causing potential failures when deploying API proxy revisions. |
The JSON_KEYS
function, which extracts unique JSON keys from a JSON expression, is in Preview.
Some JSON functions that take a JSONPath let you specify a mode that allows flexibility in how the JSONPath matches the JSON data structure. This feature is in Preview.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Backup and DR Service
backupdr.googleapis.com/ManagementServer
- Google Kubernetes Engine
View granular cost data from Secret Manager secret usage in Cloud Billing exports to BigQuery
You can now view granular Secret Manager secret cost data in the Google Cloud Billing detailed export. Use the resource.name
or resource.global_name
field in the export to view and filter your detailed log bucket usage.
Tags data for Secret Manager secret usage is available in both the Standard usage cost export and the Detailed usage cost export.
To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see about tags and query examples with tags.
The kubelet read-only port in GKE clusters (TCP port 10255) is not used by Cloud Composer. You can define appropriate firewall rules to block external traffic over TCP 10255 in your customer project as described in Modify VPC firewall rules.
Fixed a problem that caused file synchronization between the bucket and Airflow components to be stuck or progress very slowly.
(Airflow 2.9.1) Improved the reliability of connections between Airflow components and the Redis component.
The default version of Airflow is changed to 2.9.1.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.3
- composer-3-airflow-2.7.3-build.12
Cloud Composer 2.9.0 images are available:
- composer-2.9.0-airflow-2.9.1 (default)
- composer-2.9.0-airflow-2.7.3
Cloud Composer version 2.4.0 has reached its end of support period.
You can now select internal proxy Network Load Balancers as a health checked target for DNS routing policies in Preview. For more information, see DNS routing policies and health checks.
Release 1.29.400-gke.86
Google Distributed Cloud for bare metal 1.29.400-gke.86 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.400-gke.86 runs on Kubernetes 1.29.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
- GA: Added support in version 1.29.400-gke.86 and higher for Red Hat Enterprise Linux (RHEL) version 9.2. For more information, see Select your operating system.
Fixes:
The following container image security vulnerabilities have been fixed in 1.29.400-gke.86:
Fixed the following vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
New formatting options for the bin calculated field type
New formatting options for the Bin calculated field type let you customize the appearance of ad hoc numeric tiers. These options include:
- Interval "[x,y)" — This format displays the range including x, and up to but not including y.
- Integer "x to y" — This format must be used with discrete integer values (such as age).
- Relational ">= x and < y" — This format is best used with continuous numbers (such as dollars).
M124 release
The M124 release of Vertex AI Workbench managed notebooks includes the following:
- Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.
M124 release
The M124 release of Vertex AI Workbench instances includes the following:
- Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.
- Spark notebooks on Dataproc: The Serverless Spark runtime template creation screen now has an easy-to-use UI for configuring resource allocation, autoscaling, and GPU settings.
August 07, 2024
Apigee XOn August 7, 2024, we published new documentation explaining how to integrate Apigee with a Security Information and Event Management (SIEM) solution. See Integrate Apigee with your SIEM solution for more information.
Management console is now available in the London (europe-west2
), Mumbai (asia-south1
), and Los Angeles (us-west2
) regions.
Backup and DR Service 11.0.12.322 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.
Backup and DR service now supports restoring Oracle database to any target. Learn more.
Backup and DR Service now supports migrating manual protection to dynamic protection using tags through management console. Learn more.
An updated version of JDBC driver for BigQuery is now available.
You can now create a materialized view over Apache Iceberg table that is partition aligned with the base table. The materialized view only supports time-based partition transformation, for example, YEAR
, MONTH
, DAY
, and HOUR
. This feature is in preview.
Configuring Cloud Service Mesh for either proxyless gRPC or Envoy proxy deployments with the Kubernetes Gateway API is now available as a preview feature. For more information see, the Overview page.
Google Distributed Cloud for VMware 1.28.800-gke.109 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.800-gke.109 runs on Kubernetes v1.28.11-gke.2200.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
Existing Seesaw load balancers now require TLS 1.2.
Fixed
The following vulnerabilities are fixed in 1.28.800-gke.109:
High-severity container vulnerabilities:
Ubuntu vulnerabilities:
This is a patch release of Google Distributed Cloud connected (version 1.7.1).
Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected:
- CVE-2024-36971, CVE-2024-36901, CVE-2024-36969, CVE-2024-36902 CVE-2024-36893, CVE-2024-36897, CVE-2024-35984, CVE-2024-35997, CVE-2024-6387 (GCP-2024-040), CVE-2024-38433, CVE-2024-0172
The following Google Distributed Cloud connected components have been updated:
- GKE on Bare Metal has been updated from version 1.28.500 to version 1.28.700. (This component was formerly known as Anthos Clusters on Bare Metal.)
- Kubernetes has been updated from version 1.28.8 to version 1.28.10.
The following issues have been resolved in this release of Google Distributed Cloud connected:
Nodes no longer get stuck in
Ready,SchedulingDisabled
state after applying configuration changes. Applying or deleting theNodeSystemConfigUpdate
orSriovNetworkNodePolicy
resources no longer results in a node that's stuck in theReady,Scheduling Disabled
state after it reboots.Cluster software upgrades are no longer affected by GKE Identity Service (GKE IS) Pods that get stuck in a
Failed
state after a machine reboot.Virtual machine workloads no longer temporarily go down when upgrading Google Distributed Cloud connected software. The virtual machine workloads now remain running while a Google Distributed Cloud software upgrade completes.
Changes to the
VMRuntime
resource are no longer required before upgrading to Google Distributed Cloud connected version 1.7.1 or higher.Excessive CPU load on nodes undergoing live virtual machine migration during software upgrades has been resolved. When completing a live virtual machine migration during a Google Distributed Cloud connected software upgrade, nodes no longer experience CPU spikes that might affect workloads running on them.
Virtual machines no longer lose connectivity to each other during a live migration. When completing a live migration of virtual machines from one node to another, the virtual machines now retain network connectivity to each other across the source and destination nodes.
Virtual machines are now properly scheduled after recovery from a network partition. When a loss of network connectivity across multiple nodes occurs and causes a stall in storage I/O operations, the virtual machine fencing logic now properly marks the affected virtual machines as failed. Such virtual machines are now properly scheduled back onto the affected nodes when network connectivity is restored.
This release of Google Distributed Cloud connected contains the following known issues:
Virtual machine management can fail after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you might not be able to manage the virtual machines scheduled on the corresponding nodes after you power the machines back up, even though those virtual machine workloads continue to run. To remedy this issue, contact Google Support.
The Kubernetes API server might return 404 errors when attempting to access
virt-api
endpoints. To work around this issue, contact Google Support.Storage operations hang when volume replicas are deleted from a cluster without removing the corresponding Symcloud Storage persistent volume intent. If you delete the volume replicas for a Symcloud Storage persistent volume but do not remove the corresponding intent, TCMU devices on the worker node hang, causing storage operations to stall indefinitely. This can affect both your workload data availability as well core system functionality of Google Distributed Cloud connected. To prevent this, you must always remove a Symcloud Storage persistent volume before deleting its associated volume replicas. If you need to resolve this issue on an affected node, contact Google Support.
Cluster deletion can fail due to stale Symcloud Storage data. When attempting to delete a cluster during disaster recovery or cluster reset, the deletion might fail due to the corresponding Symcloud Storage volumes not having been cleaned up. To resolve this issue, contact Google Support.
Cluster upgrades might fail with an "
ABM upgrade timed out
" error. Under certain conditions, if the GKE token expires while a cluster upgrade is in progress, the upgrade fails with an "ABM upgrade timed out
" error and a missinggkehub.memberships.update
permission is recorded in the logs. If you encounter this issue, contact Google Support.Removing the
NodeSelector
node label value in theNodeSystemConfigUpdate
resource after reconciliation does not reset the node status to default. If you remove the node label value in theNodeSelector
field of theNodeSystemConfigUpdate
resource after the resource has been successfully reconciled, the node does not revert to its default configuration.
The following new functionality has been introduced in this release of Google Distributed Cloud connected:
- Active backup network redundancy. On Google Distributed Cloud connected servers, you can now opt in to active backup network redundancy mode for each Google Distributed Cloud connected zone. This mode improves resilience to network interruptions when you have a redundant network link available. To enable this feature, contact Google Support.
(2024-R28) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.15-gke.1252000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
Regular channel
- Version 1.29.6-gke.1326000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
Extended channel
- Version 1.29.6-gke.1326000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
No channel
- Version 1.29.6-gke.1326000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
(2024-R28) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.15-gke.1252000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
(2024-R28) Version updates
- Version 1.29.6-gke.1326000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
(2024-R28) Version updates
- The following versions are now available in the Stable channel:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
(2024-R28) Version updates
- Version 1.29.6-gke.1326000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
(2024-R28) Version updates
- Version 1.29.6-gke.1326000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
August 06, 2024
Access ApprovalAccess Approval supports Looker (Google Cloud core) in the Preview stage.
Access Transparency supports Looker (Google Cloud core) in the Preview stage.
If you specify a source workstation during workstation creation, Cloud Workstations supports cloning of persistent directories. For more information, see REST workstations, RPC google.cloud.workstations.v1beta, or gcloud beta workstations create.
Web SDK 2.22 is released
Web SDK 2.22 includes the following updates:
Resize text. You can change the font size for any text displayed in the agent adapter.
Control link behavior. You can control whether a link opens in the same tab or a new tab.
cos-109-17800-309-7
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
This is an LTS Refresh release.
Upgraded app-admin/google-guest-configs to 20240607.00.
Upgraded app-containers/containerd to 1.7.19.
Upgraded sys-auth/pambase to v20240128.
Upgraded app-containers/docker, app-containers/docker-test, app-containers/docker-cli to v24.0.9.
Upgraded app-containers/docker-credential-gcr to v2.1.22.
Upgraded app-containers/docker-credential-helpers to v0.8.1.
Upgraded app-containers/cni-plugins to v1.4.1.
Upgraded net-misc/rsync to v3.2.7-r5.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Runtime sysctl changes:
- Added: net.core.mem_pcpu_rsv: 256
cos-113-18244-151-9
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
This is an LTS Refresh release.
Upgraded app-admin/google-guest-configs to 20240607.00.
Upgraded app-containers/containerd to 1.7.19.
Upgraded net-misc/rsync to v3.2.7-r5.
Upgraded sys-apps/less to v661.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.
Runtime sysctl changes:
- Changed: fs.file-max: 812026 -> 812030
You can now keep a GKE Standard cluster on a minor version for longer with the Extended release channel. Clusters running 1.27 or later can be enrolled in the Extended channel, and automatically receive security patches during the extended support period after the end of standard support. To learn more, see Get long-term support with the Extended channel.
Vertex AI Search: Layout parser GA
The layout parser for Vertex AI Agent Builder is Generally available. The layout parser transforms documents in various formats into structured representations. It makes content like paragraphs, tables, lists, and structural elements like headings, page headers, and footers easily accessible.
For more information, see Layout parser.
Vertex AI Search: Generative answers performance improvements
Generative answers have been updated with performance improvements.
- Re-ranking for generative answers has been updated to decrease response latency.
- Detection of adversarial queries has been updated for improved accuracy.
August 05, 2024
AlloyDB for PostgreSQLAlloyDB Omni version 15.5.5 is now generally available (GA). This version includes the following features and changes:
The AlloyDB Omni Kubernetes Operator version 1.1.0 is generally available (GA) and it includes the following new features:
- Cross-data center replication to support automated setup of disaster recovery.
- Support for the Red Hat OpenShift container platform version 4.14 and later in Preview.
- Variable number of nodes per read pool instance.
- Customizable count for the number of failed checks before auto-failover kicks in for a High Availability (HA) configuration.
- Version 1.1.0 of the Operator is supported on AlloyDB Omni version 15.5.5 and later.
- A dedicated backup server for streamlined backup operations.
- When you create a database cluster, the admin password secret is no longer deleted after you specify it.
The
postgres_ann
extension is renamed toalloydb_scann
. Before you upgrade AlloyDB Omni, you must drop any indexes created using the olderpostgres_ann
version, then upgrade AlloyDB Omni, and then create the indexes again using thealloydb_scann
extension.Various bug fixes.
On August 5, 2024 we released an updated version of Advanced API Security.
Shadow API Discovery, which is in preview, now supports the use of tags to label and organize observation results.
For usage information, see Use tags.
Regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS).
With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store to validate the client certificate's chain of trust.
For details, see the following:
- Mutual TLS authentication
- Set up mutual TLS with user-provided certificates
- Set up mutual TLS with a private CA
This capability is in General Availability.
Global external Application Load Balancer and global external Application Load Balancer (classic) already support frontend mTLS (General Availability).
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/logging
11.2.0 (2024-07-15)
Features
Java
Changes for google-cloud-logging
3.20.0 (2024-08-02)
Features
Dependencies
Documentation
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-storage
2.41.0 (2024-07-31)
Features
Bug Fixes
- Add UnknownHostException to set of retriable exception (#2651) (18de9fc)
- Update grpc resumable upload error categorization to be more tolerant (#2644) (95697dd)
- Update Storage#readAllBytes to respect shouldReturnRawInputStream option (#2635) (dc883cc)
- Update TransferManager downloads to reduce in memory buffering (#2630) (fc2fd75)
- Use fast calculation for totalRemaining number of bytes from multiple ByteBuffers (#2633) (758b3dd)
Dependencies
- Update dependency com.google.apis:google-api-services-storage to v1-rev20240625-2.0.0 (#2616) (b22babb)
- Update dependency com.google.apis:google-api-services-storage to v1-rev20240706-2.0.0 (#2634) (1ccaa0c)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#2647) (8196259)
- Update dependency net.jqwik:jqwik to v1.9.0 (#2608) (a20eb66)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2604) (8c79f39)
- Update junit-platform.version to v5.10.3 (#2605) (a532ee4)
You can now use parallel downloads with Cloud Storage FUSE to accelerate read performance of large files over 1 GB in size. When enabled, parallel downloads use multiple workers to download a file in parallel, accelerating file reads. For more information, see Improve read performance using parallel downloads.
Fixed an issue in which users weren't able to access the Colab Enterprise UI when Colab Service Status was OFF for everyone in Google Workspace.
AMD has notified Google about 3 new (2 medium risk, 1 high risk) firmware vulnerabilities affecting SEV-SNP in AMD EPYC 3rd generation (Milan) and 4th generation (Genoa) CPUs (CVE-2023-31355, CVE-2024-21978, and CVE-2024-21980).
For more information, see the GCP-2024-046 security bulletin.
Config Connector version 1.121.0 is now available.
The state-into-spec
field now defaults to Absent
in any new Config Controller clusters.
Starting in version 1.122, this will be the default for all Config Controller clusters.
Starting in version 1.123, this will be the default for all Config Connector clusters.
DataformRepository
(Alpha) now uses direct reconciliation.
BigtableInstance
- When autoscaling is enabled (
spec.cluster[].autoscalingConfig.
), does not usenumNodes
(spec.cluster[].numNodes=2
) as that applies only to manual scaling.
BigQueryConnection
- Added
status.observedState
field to store the output-only fields which are previously mistakenly defined inspec
.
BigQueryTable
- Added
spec.requirePartitionFilter
field. This release note was added on August 20.
Version 3.23 is released
All release notes published on this date are part of version 3.23.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Cancel partial responses for virtual agents
You can now configure virtual agents (VAs) to enable cancellation of the playback of partial-responses fulfillment when the final fulfillment is returned. For example, if a webhook is called by the VA and partial responses is enabled, the fulfillment is returned to CCAI Platform and it starts playing the message to the end-user. If the final fulfillment is sent by Dialogflow to CCAI Platform while the partial-responses fulfillment is still being played, it is possible to interrupt this playback and play the final fulfillment.
For more information, see Support for partial response in Dialogflow CX.
New force logout endpoint in the Apps API
You can now do a force logout on agents, using agent ID or IP address, by making a POST call to a new Apps API endpoint: POST /apps/api/v1/agent_statuses/force_logout
. This endpoint lets you immediately log out an agent who is not currently on a call or chat. If the agent is on a call or chat, they are automatically logged out after the call or chat ends.
Updated agent statuses endpoint
The agent statuses endpoint, apps/api/v1/agent_statuses
, now returns an agent's IP address.
Contact lists
Agents can now use contact lists, which improve the organization and accessibility of external contacts. Agents can use a centralized workspace to create a personal contact list or a favorite contact list. Agents can access global and custom lists, depending on how your configure CCAIP. Administrators have the ability to: (1) Manage list visibility at the team or queue level, (2) Bulk upload CSV files containing contact lists, and (3) Add, edit, or delete contacts and destinations, including SIP URI addresses and phone numbers. For more information, see Contact lists and Use contacts.
Auto answer settings are relocated
The following auto answer settings for calls and chats have been relocated. Functionality remains the same:
Global settings (moved to the Operations Management Routing page):
Old Locations:
Calls: Settings > Call
Chats: Settings > Chat
New Locations:
Calls: Settings > Operation Management > Routing > Call Routing > Deltacast
Chats: Settings > Operation Management > Routing > Chat Routing > Deltacast
Queue-level settings (moved to the Deltacast Settings page):
Old Locations:
Calls: Settings > Queue > [IVR] [Mobile] [Web]
Chats: Settings > Queue > Web
New Locations:
Calls: Settings > Queue > [IVR] [Mobile] [Web] > Routing > Call Routing > Deltacast
Chats: Settings > Queue > Web > Routing > Call Routing > Deltacast
For more information, see Auto answer.
End-of-session transfers for virtual agents
You can now set up a virtual agent (VA) to handle end-of-session interactions. When a live agent ends a session, it's transferred to a VA for wrap-up. You can use end-of-session transfers for interactions such as post-session surveys or feedback. This feature is available for both calls and chats.
Queue-level whisper settings for calls
Whisper settings for calls are now available at the queue level. This feature allows you to turn off whisper messages for specific queues or customize the whisper message. For example, on a billing queue, you could provide agents with instructions such as, "Call coming through the billing queue. Remember to redact if taking any payments." In addition, you can customize the call countdown timer and enable Use countdown at the queue level for calls.
For more information, see Configure whisper announcements at the queue level.
Workforce management
Workforce management (WFM) provides simple, flexible, real-time forecasting, scheduling, and adherence monitoring. Here are some key features:
Dynamic scheduling to optimize staffing. Save time by automating scheduling based on expected staffing needs. Allow agents to pick their schedule based on availability and skillset. WFM is customizable so you can create schedules that account for agent skills, time zones, channel coverage, employee time-off requests, and more.
Intelligent, flexible forecasting. Quickly create accurate omnichannel forecasts that model staffing requirements using both historical and real-time data. Interval, weekly, and monthly patterns and in-forecast updates provide day-to-day flexibility. You can make changes on the fly, or "set it and forget it."
Schedule adherence. WFM helps you avoid costly mistakes by providing agents and managers with real-time access to adherence and performance monitoring. This helps to ensure that agents are in the right place at the right time so there are no gaps in your customer service experience.
For more information, see Workforce management.
Queue-level configuration of the cascade group timer
You can now configure the cascade group timer at the queue level, instead of only at the global level. This would be useful, for example, if you wanted the agents assigned to a VIP queue to have more time to answer before the session is moved to the next cascade group.
For more information, see Configure a cascade group at the queue level.
Queue-level configuration of the percent allocation group timer
You can now configure the percent allocation group timer at the queue level, instead of only at the global level.
For more information, see Percent allocation groups.
Settings version control
Settings version control is a new feature that lets administrators more easily migrate the queue menu structure and settings from one tenant to another. Settings version control consists of two main components: (1) Exporting and importing queue menu structure and settings, and (2) Viewing and managing version history. You can save the current configuration of an existing tenant to a JSON file and then import the file and apply it to a new tenant. You can also create a reusable configuration template, making the creation of new tenants faster and more consistent. The version history feature lets administrators track the change history of a tenant, providing an overview of all previous settings applied. Administrators can revert to previous settings if they are not satisfied with recent changes. Settings version control is in Preview. For more information, see Settings version control.
New quality management (QM) session event field
CCAIP now passes a new field in the session event payload for calls.
The new field is available in the following event payload streams:
QM call events
External call events
The new session event field is the same as the agent_number
field in the CCAIP metadata. This field is passed in the payload for all session events that have an agent participant.
Here is an example of a session event field: "agent_number":"1660"
Fixed an issue where calls would sometimes not ring for an agent while connecting to a caller.
Fixed an issue where agents with chat concurrency set to 1 were incorrectly receiving new chat offers while already handling a chat.
Fixed a co-browse display issue.
Fixed an issue where chats continued to be translated after being transferred to a queue that had live translation turned off.
Fixed an issue where the agent adapter was not triggering events in an iframe when starting or ending a co-browse session.
Fixed an issue where the Telnyx API was throwing an error when verifying a number, preventing BYOC numbers from being added.
Access Approval supports Dataform in the GA stage.
The translation LLM now supports Arabic, Hindi, and Russian. For the full list of supported languages, see the Translate text page.
Disaster recovery scenarios for data: Added guidance about using the following capabilities to back up and recover self-managed databases deployed in Google Cloud:
Disaster recovery scenarios for applications: Added guidance about using the following capabilities to back up and recover applications deployed in Google Cloud:
For the Flex service level, Google Cloud NetApp Volumes offers its services in the following regions:
europe-west8 (Milan)
europe-west9 (Paris)
europe-west12 (Turin)
To learn more, see NetApp Volumes key features.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
Beta release for the pubsub opentelemetry tracing feature
OpenTelemetry tracing standards are in active development, and thus attributes, links, and span names are EXPERIMENTAL and subject to change or removal without notice.
1.41.0 (2024-08-01)
Features
- pubsub/pstest: Add Message.Topic field and populate on publish (#10510) (01bf051)
- pubsub: Add max messages batching for Cloud Storage subscriptions (1bb4c84)
Bug Fixes
Java
Changes for google-cloud-pubsub
1.132.0 (2024-08-01)
Features
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.41.0 (#2093) (217b8a3)
- Update dependency com.google.cloud:google-cloud-bigquery to v2.42.0 (#2124) (24ebe24)
- Update dependency com.google.cloud:google-cloud-core to v2.41.0 (#2120) (1f6428a)
- Update dependency com.google.cloud:google-cloud-storage to v2.40.1 (#2095) (0d64d6c)
- Update dependency com.google.cloud:google-cloud-storage to v2.41.0 (#2129) (2348d20)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#2121) (7fbea6d)
- Update dependency com.google.protobuf:protobuf-java-util to v4.27.2 (#2091) (9859f11)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2096) (42f12ed)
Documentation
Python
Changes for google-cloud-pubsub
2.23.0 (2024-07-29)
Features
The ORGANIZATION_NAME
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
The STREET_ADDRESS
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
August 03, 2024
Google SecOps SOARRelease 6.3.13 is now in General Availability.
August 02, 2024
Apigee Advanced API SecurityThe preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents is now re-enabled after resolution of the known issue noted on July 19.
For usage instructions, see the Incident details documentation.
Redirecting from Apigee Integration to Application Integration
We are converging Apigee Integration and Application Integration. This change involves the following updates:
- You will now be redirected to Application Integration from the Apigee portal.
- Apigee Integration will not support configuring connector tasks in the Apigee portal. You will have to open Application Integration in the Google cloud console to configure connector tasks in your integration.
For more information, see Use Application Integration.
Vertex AI SDK for Python supports token listing and counting for prompts without the need to make API calls. This feature is available in (Preview). For details, see List and count tokens.
The NVIDIA GPU Operator can now be used as an alternative to fully managed GKE for both Container-Optimized OS and Ubuntu node images. Choose this option to manage your GPU stack if you're looking for a consistent multi-cloud experience, already using the NVIDIA GPU Operator, or have software reliant on it.
Release 6.3.14 is currently in Preview.
Unable to rerun a failed playbook step when the parameter is very large. As part of the fix, large parameter values will show as truncated on the platform but will not change the actual value sent to the playbook. (ID #49774296)
The platform does not show the correct error when trying to save a playbook which is open in another tab. (ID #00269661)
Can't remove the remote agent after host/container has stopped (ID #49024310)
List and multi-select parameters not appearing correctly in the IDE (ID # 51995565)
Playbook simulator sometimes not executing actions in the correct order (ID #48264534)
Missing audit log entries when deleting permission groups (ID #51496411)
The Vertex AI Model Registry now offers Preview support for model copy across different projects. For information about how to copy your model projects and regions, see Copy models in Model Registry.
August 01, 2024
Apigee XOn August 1, 2024, we released an updated version of Apigee (1-13-0-apigee-1).
New flow variables are now available:
request.headers.names.string
request.queryparams.names.string
request.formparams.names.string
message.headers.names.string
message.queryparams.names.string
message.formparams.names.string
response.headers.names.string
These context variables can be used to return header, query parameter, and form parameter names in string
format that can be used in API proxy logic. Each variable returns a comma-separated list of names.
For more information, see the Flow variables reference.
Bug ID | Description |
---|---|
308583363, 332464869 | Security fix for apigee-mart . This addresses the following vulnerabilities: |
332465218 | Security fix for apigee-runtime .This addresses the following vulnerabilities: |
341994213, 333971421 | Security fixes for Cassandra emulator .These address the following vulnerabilities: |
329762216 | Security fix for This addresses the following vulnerability: CVE-2024-24786 |
342630443, 342714341, 343202829 | Security fixes to address the following vulnerabilities: |
Bug ID | Description |
---|---|
293150694 | <HTTPMonitor> now supports the <UseTargetServerSSLInfo> element and can trust TLS certs from non-public CAs. |
329874359 | Decreased the default value of <CacheLookupTimeoutInSeconds> from 30 seconds to 12 seconds. |
334442202 | Added specific and informative error messaging for App query failures resulting from discrepancies between developers and apps. |
333919279 | Improved reliability for Developer, App and API products APIs. |
339169651 | Fixed potential HTTP request smuggling vulnerability when using the OPTIONS method. |
297539870 | <HTTPTargetConnection> property io.timeout.millis is honored when used with WebSockets. |
N/A | Updated infrastructure and libraries. |
Generally available: The Chrome Enterprise Premium file transfer connector. You can use this feature to scan files that are transferred between different file systems on ChromeOS.
Bigtable supports querying in SQL. This feature is available in Preview. For more information, see Introduction to SQL for Bigtable.
The Bigtable Studio query editor is available in Preview. For more information, see Manage your data using Bigtable Studio.
Bigtable aggregates let you build distributed counters and aggregate your Bigtable data at write time using min, max, sum, or HLL. This feature is generally available (GA). For more information, see Aggregate values at write time.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Compute Engine
compute.googleapis.com/InstantSnapshot
In July and August 2024, new Cloud Composer 2 environments keep switching to using GKE 1.29 and PSC as a connectivity channel to the GKE control plane. Creating new Cloud Composer 2 private IP environments will require using PSC SERVICE_PRODUCER
endpoints, which might be blocked by the Disable Private Service Connect for Consumers organization policy constraint. Previously, this org policy limitation could be addressed by using VPC peerings instead of PSC, but starting from GKE 1.29, this workaround is no longer available.
(Cloud Composer 3 only) The July 24th issue with Airflow upgrade operations for Cloud Composer 3 environments is now fixed. Airflow upgrade operations are now being re-enabled, and should reach all Cloud Composer 3 environments within the next couple of days.
The initial synchronization of DAGs and plugins in Airflow workloads is performed in a separate container and utilizes full resources of the Pod.
(Cloud Composer 3) Fixed an error that happened when values in certain formats were used for Airflow configuration options.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.2
- composer-3-airflow-2.7.3-build.11
Cloud Composer 2.8.8 images are available:
- composer-2.8.8-airflow-2.9.1
- composer-2.8.8-airflow-2.7.3 (default)
Airflow 2.6.3 is no longer included in Cloud Composer 2 images.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud SQL for SQL Server now offers two editions of Cloud SQL to support your various business and application needs: Cloud SQL Enterprise Plus edition and Cloud SQL Enterprise edition. Each edition provides different performance and availability characteristics to meet the needs of your applications.
Cloud SQL Enterprise Plus edition has new machines for better performance, higher availability, and advanced disaster recovery. Existing instances become Cloud SQL Enterprise edition for SQL Server instances with no changes to pricing or features. You can upgrade existing instances to the Cloud SQL Enterprise Plus edition in-place using the Google Cloud Console, the gCloud CLI, or the API with minimal downtime.
For more information about Cloud SQL editions, see Introduction to Cloud SQL editions.
Beginning November 1, 2024, BigQuery users will start seeing charges for Cloud Storage usage as per pricing documentation, which was not metered before due to a billing bug.
Retrieval fees for Nearline, Coldline, and Archive storage classes will be charged per existing pricing documentation and retrieval SKUs.
Inter Region Network Data Transfer fees will be charged when a BigQuery job in one location reads data stored in a Cloud Storage bucket in a different location. These charges are covered by GCP Storage Data Transfer SKUs and Network Data Transfer GCP Inter Region SKUs. Network Data Transfer GCP Multi-region SKUs are not applicable to this change.
Refer to the announcement for more information.
Generally available: You can use instant snapshots to take in-place disk backups that can be restored to new disks in under a minute.
Instant snapshots are ideal for rapid data restoration within the same location as the source disk. For more information, see Instant snapshots.
Google Distributed Cloud for VMware 1.16.11-gke.25 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.11-gke.25 runs on Kubernetes v1.27.15-gke.1200.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
Existing Seesaw load balancers now require TLS 1.2.
The following vulnerabilities are fixed in 1.16.11-gke.25:
High-severity container vulnerabilities:
Ubuntu vulnerabilities:
Release 1.28.800-gke.111
Google Distributed Cloud for bare metal 1.28.800-gke.111 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.800-gke.111 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Functionality changes:
- Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, including the following:
Cluster
,NodePool
,BareMetalMachine
andBareMetalCluster
.
Fixes:
The following container image security vulnerabilities have been fixed in 1.28.800-gke.111:
Medium-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
You can now enable NCCL Fast Socket on your multi-GPU Autopilot workloads. NCCL Fast Socket is a transport layer plugin designed to improve NVIDIA Collective Communication Library (NCCL) performance on Google Cloud. To enable NCCL Fast Socket on GKE Autopilot, you must use a GKE Autopilot cluster with control plane version 1.30.2-gke.1023000 or later. For more information, see Improve workload efficiency using NCCL Fast Socket.
Autopilot nodes use Google Virtual NIC (gVNIC) for 1.30.2-gke.1023000 and later.
Customers can now configure direct ingestion of Google Cloud data without using a 1-time Google Security Operations access code. This feature will be launched over a period of several weeks. For more information, see Enable direct ingestion from Google Cloud.
Customers can now configure direct ingestion of Google Cloud data without using a 1-time Google Security Operations access code. This feature will be launched over a period of several weeks. For more information, see Enable direct ingestion from Google Cloud.
Audit logging for Gemini in Looker
You can view Gemini in Looker log events in the Admin Console (Security Investigation Tool). Gemini in Looker can be enabled for Looker Studio Pro subscriptions, which are associated with a Google Cloud project. To see which Google Cloud projects have Gemini in Looker enabled, as well as those with Gemini in Looker's Trusted Tester capabilities, filter the log by choosing the Setting name attribute and view the entries in the Project ID column.
Learn more about Looker Studio log events.
Spanner now offers Spanner Graph in Preview, which unites purpose-built graph database capabilities with Spanner. Spanner Graph includes a graph query interface compatible with the ISO GQL (Graph Query Language) standards, and interoperability between relational and graph models. For more information, see the following:
Spanner full-text search (Preview) lets you search a table to find words, phrases, or integers, instead of just searching for exact matches in structured fields. Spanner full-text search capabilities also include making spelling corrections, automating language detection of search input, and ranking search results. To learn more, see the Full-text search overview.
July 31, 2024
AlloyDB for PostgreSQLGemini in Databases assistance in AlloyDB for PostgreSQL is now available in Preview for standard and enhanced query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you monitor and troubleshoot your AlloyDB resources. For more information, see Monitor and troubleshoot with Gemini assistance.
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
hybrid 1.11.2-hotfix.2
On July 31, 2024 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.2.
Note: This release reflects a change to the component images and not the Helm chart templates. If your hybrid installation is currently on Apigee hybrid v1.11.2, Apply this hotfix with the following steps:
In your overrides file, update the
image.url
andimage.tag
properties ofao
andruntime
:ao: image: url: "gcr.io/apigee-release/hybrid/apigee-operators" tag: "1.11.2-hotfix.2" runtime: image: url: "gcr.io/apigee-release/hybrid/apigee-runtime" tag: "1.11.2-hotfix.2"
Install the hotfix release:
For Helm-managed releases, update the
apigee-operator
with thehelm upgrade
command and your current overrides files:helm upgrade operator apigee-operator/ \ --namespace apigee-system \ --atomic \ -f overrides.yaml
For each environment in your Apigee org:
helm upgrade ENV_NAME apigee-env/ \ --namespace apigee \ --atomic \ -f overrides.yaml
For
apigeectl
-managed releases:install the hotfix release with
apigeectl init
using your updated overrides file:${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client
Followed by:
${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE
Apply the hotfix release with
apigeectl apply
:${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs --dry-run=client
Followed by:
${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs
- For information on upgrading, see Upgrading Apigee hybrid to version 1.11.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
351868444 | Tolerations are now working for Redis's Envoy pod. |
297539870 | HTTPTargetConnection property io.timeout.millis is now honored correctly when using websockets. |
Ruby 3.3 is now generally available.
Ruby 3.3 is now generally available.
When you translate SQL queries from your source database, you can use configuration YAML files to optimize and improve the performance of your translated SQL. This feature is in preview.
Workload management now provides the following benefits:
- The autoscaler now scales up immediately.
- The autoscaler now scales more precisely.
- The autoscaler scales to the nearest multiple of 50 slots, instead of 100.
- You can now purchase capacity commitments, set baseline slots, and set autoscale max slots in incremental steps of 50 slots.
- If one minute or more has passed since the most recent increase in capacity, you can now reduce capacity without resetting the one minute minimum. This allows for multiple consecutive decreases without a one minute delay between them.
These features are now generally available (GA).
Health checks for external endpoints in Cloud DNS routing policies are now available in Preview.
The Python transform plugin version 2.3.1 is available in Cloud Data Fusion version 6.10.1. The release lets you use a macro in the Script plugin property field to pass runtime arguments (CDAP-21054).
Cloud Functions now supports the Ruby 3.3 runtime at the General Availability release level.
Cloud Load Balancing now supports failover for global, classic, and regional external Application Load Balancers. Failover is handled by creating two or more regional external Application Load Balancers in the regions where you want the traffic to failover to. Only regional external Application Load Balancers can be used as failover backup load balancers.
For details, see Failover for external Application Load Balancers.
This feature is available in Preview.
Gemini in Databases assistance in Cloud SQL for MySQL is now available in Preview for query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you observe and troubleshoot your Cloud SQL resources. For more information, see Observe and troubleshoot with Gemini assistance.
Gemini in Databases assistance in Cloud SQL for PostgreSQL is now available in Preview for query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you observe and troubleshoot your Cloud SQL resources. For more information, see Observe and troubleshoot with Gemini assistance.
You can now use list caching with Cloud Storage FUSE, which is a cache for directory and file list, or ls
, responses that improves list operation speeds. To learn more about list caching and how to enable it, see the Cloud Storage FUSE caching overview page.
You can now use the Google Cloud console to set a default soft delete retention duration. For more information, see Use tags to set a default soft delete retention duration for new buckets.
cos-113-18244-85-65
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Runtime sysctl changes:
- Changed: fs.file-max: 812041 -> 812026
The maximum size limit for repositories encrypted with customer-managed encryption keys (CMEK) is 512 MB. For more information about Dataform quotas and limits, see Quotas and limits. For more information about encrypting Dataform repositories with CMEK, see Use customer-managed encryption keys.
New Dataproc Serverless for Spark runtime versions:
- 1.1.74
- 1.2.18
- 2.0.82
- 2.2.18
Dataproc Serverless for Spark: Upgraded Spark BigQuery connector to version 0.36.4 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions.
New Imagen on Vertex AI image generation model and features
The Imagen 3 image generation models (imagen-3.0-generate-001
and the low-latency version imagen-3.0-fast-generate-001
) are Generally Available to approved users. These models offer the following additional features:
- Additional aspect ratios (1:1, 3:4, 4:3, 9:16, 16:9)
- Digital watermark (SynthID) enabled by default
- Watermark verification
- User-configurable safety features (safety setting, person/face setting)
For more information, see Model versions and Generate images using text prompts.
Gemma 2 2B is available in Model Garden. For details, see Use Gemma open models.
The following models have been added to Model Garden:
- Gemma 2 2B: A foundation LLM by Google Deepmind.
- Qwen2: An LLM series by Alibaba Cloud.
- Phi-3: An LLM series by Microsoft.
Resource and deployment settings were made to the following models:
- Added GPU inferences for gemma2-27b and gemma2-27b-it with verified performances.
- Added verified deployment settings for Mistral AI models that are deployed from Huggingface, including mistralai/mistral-nemo-instruct-2407, mistralai/mistral-nemo-base-2407, mistralai/mistral-large-instruct-2407, and mistralai/codestral-22b-v0.1.
- Added multiple deployment settings with A100 (40G), A100 (80G) and H100 (80G) for select models, such as llama3.1, llama3, gemma2, gemma, and mistral-7b.
(2024-R27) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.30.2-gke.1587003 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.14-gke.1059002
- 1.27.15-gke.1125000
- 1.28.11-gke.1260000
- 1.28.11-gke.1289000
- 1.29.6-gke.1038001
- 1.29.6-gke.1137000
- 1.30.1-gke.1329003
- 1.30.2-gke.1394003
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.2-gke.1587003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
Regular channel
- Version 1.29.6-gke.1254000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
Stable channel
- Version 1.29.6-gke.1038001 is now the default version in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.14-gke.1042001
- 1.28.10-gke.1075001
- 1.29.5-gke.1091002
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
Extended channel
- Version 1.29.6-gke.1254000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
No channel
- Version 1.29.6-gke.1254000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.14-gke.1042001
- 1.27.15-gke.1125000
- 1.28.9-gke.1289002
- 1.28.10-gke.1075001
- 1.28.11-gke.1289000
- 1.29.6-gke.1137000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
GKE Autopilot versions 1.28.6-gke.1317000 and later fixes a known issue for ephemeral storage requests. If the combined ephemeral storage requests across all containers in your workload exceed 10 GiB, your workload will be rejected with an error message. This differs from earlier versions, which admitted the workload if it requested more than 10 GiB while only actually provisioning 10 GiB, which would result in workload eviction when the workload used more than 10 GiB.
To ensure uninterrupted operation with GKE Autopilot versions 1.28.6-gke.1317000 and later, do the following:
- Verify that containers injected by webhooks don't cause Pods to exceed the maximum Autopilot resource limits.
- Adjust workload resource requests to account for any containers that may be injected by webhooks.
- If any Pods are rejected after updating, reduce their ephemeral storage requests to meet the limit for your workload configuration.
To learn more, see Automatic resource management in Autopilot.
(2024-R27) Version updates
- Version 1.30.2-gke.1587003 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.14-gke.1059002
- 1.27.15-gke.1125000
- 1.28.11-gke.1260000
- 1.28.11-gke.1289000
- 1.29.6-gke.1038001
- 1.29.6-gke.1137000
- 1.30.1-gke.1329003
- 1.30.2-gke.1394003
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.2-gke.1587003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
(2024-R27) Version updates
- Version 1.29.6-gke.1254000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
(2024-R27) Version updates
- Version 1.29.6-gke.1038001 is now the default version in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.14-gke.1042001
- 1.28.10-gke.1075001
- 1.29.5-gke.1091002
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
(2024-R27) Version updates
- Version 1.29.6-gke.1254000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
(2024-R27) Version updates
- Version 1.29.6-gke.1254000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.14-gke.1042001
- 1.27.15-gke.1125000
- 1.28.9-gke.1289002
- 1.28.10-gke.1075001
- 1.28.11-gke.1289000
- 1.29.6-gke.1137000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
You can now keep a GKE Standard cluster on a minor version for longer with the Extended release channel. Clusters running 1.27 or later can be enrolled in the Extended channel, and automatically receive security patches during the extended support period after the end of standard support. To learn more, see Get long-term support with the Extended channel.
The DATE_OF_BIRTH
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.64.0 (2024-06-29)
Features
- spanner: Add field lock_hint in spanner.proto (3df3c04)
- spanner: Add field order_by in spanner.proto (3df3c04)
- spanner: Add LockHint feature (#10382) (64bdcb1)
- spanner: Add OrderBy feature (#10289) (07b8bd2)
- spanner: Add support of checking row not found errors from ReadRow and ReadRowUsingIndex (#10405) (5cb0c26)
Bug Fixes
Java
Changes for google-cloud-spanner
6.70.0 (2024-06-27)
Features
Bug Fixes
- Do not end transaction span when rolling back to savepoint (#3167) (8ec0cf2)
- Remove unused DmlBatch span (#3147) (f7891c1)
Dependencies
- Update dependencies (#3181) (0c787e6)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#3184) (9c85a6f)
- Update dependency commons-cli:commons-cli to v1.8.0 (#3073) (36b5340)
6.71.0 (2024-07-03)
Features
Node.js
Changes for @google-cloud/spanner
7.9.0 (2024-06-21)
Features
Bug Fixes
- deps: Update dependency google-gax to v4.3.4 (#2051) (80abf06)
- deps: Update dependency google-gax to v4.3.5 (#2055) (702c9b0)
- deps: Update dependency google-gax to v4.3.6 (#2057) (74ebf1e)
- deps: Update dependency google-gax to v4.3.7 (#2068) (28fec6c)
7.9.1 (2024-06-26)
Bug Fixes
7.10.0 (2024-07-19)
Features
- Add field lock_hint in spanner.proto (47520e9)
- Add field order_by in spanner.proto (47520e9)
- Add QueryCancellationAction message in executor protos (47520e9)
- Add support for change streams transaction exclusion option for Batch Write (#2070) (2a9e443)
- Update Nodejs generator to send API versions in headers for GAPICs (47520e9)
Bug Fixes
VPC Service Controls feature: VPC Service Controls supports using identity groups and third-party identities (only single identities) in ingress and egress rules to allow access to resources protected by service perimeters. This feature is available in Preview.
For more information, see Configure identity groups and third-party identities in ingress and egress rules. You can also learn an example of using identity groups and third-party identities in ingress and egress rules.
July 30, 2024
Apigee XOn July 30, 2024, we released an updated version of Apigee.
With this release, Apigee expanded its support for data residency to an additional region in Europe: europe-west6
(Zurich).
Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
For a list of supported geographic locations, see Apigee locations.
hybrid 1.12.1-hotfix.1
On July 30, 2024 we released an updated version of the Apigee hybrid software, 1.12.1-hotfix.1.
Note: This release reflects a change to the component images and not the Helm chart templates. If your hybrid installation is currently on Apigee hybrid v1.12.1, Apply this hotfix with the following steps:
In your overrides file, update the
ao.image.url
andao.image.tag
properties:ao: image: url: "gcr.io/apigee-release/hybrid/apigee-operators" tag: "1.12.1-hotfix.1"
Install the hotfix release. Update the
apigee-operator
component with thehelm upgrade
command and your current overrides files:helm upgrade operator apigee-operator/ \ --namespace apigee-system \ --atomic \ -f overrides.yaml
- For information on upgrading, see Upgrading Apigee hybrid to version 1.12.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
351868444 | Tolerations are now working for Redis's Envoy pod. |
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
You can now use the output_dimensionality
argument of the
ML.GENERATE_EMBEDDING
function
when you use the function with a
remote model
based on a
Vertex AI multimodalembedding
model. The output_dimensionality
argument lets you specify the number of dimensions
to use when generating embeddings. This feature is in Preview.
You can now troubleshoot Compute Engine issues involving host events, MIG autoscaling and health-check failures, resource-availability errors, and VM performance by using the new "interactive playbook" dashboards in Cloud Monitoring. You can access the playbook dashboards from the Dashboards page by selecting the GCP category or by filtering for "GCE Interactive Playbook".
You can now use the gcloud CLI or the Cloud SQL Admin API to switch the storage location of transaction logs used for point-in-time recovery (PITR) on your instance from disk to Cloud Storage. For more information, see Use point-in-time recovery and Switch transaction log storage to Cloud Storage.
cos-109-17800-218-88
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Upgraded app-arch/libarchive to version 3.7.4. This fixes CVE-2024-26256.
Fixed CVE-2024-39894.
Fixed CVE-2024-36891 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812285 -> 812261
You can use IAM attributes in custom organization policies to control how your allow policies can be modified. For more information, see Use custom organization policies.
July 29, 2024
Backup for GKEBackup for GKE now offers committed use discounts (CUDs) that provide 20% discount (one year term) and 45% discount (3 year term) on backup management fee in exchange for your commitment. For more information, see Backup for GKE Committed use discounts.
The RANGE
data type is now a supported JSON encoding. This feature is Generally Available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for bigquery/storage/apiv1beta1
1.62.0 (2024-07-22)
Features
- bigquery/analyticshub: Support Direct Table Access Toggle (Egress GA) (b660d68)
- bigquery/analyticshub: Support public directory self service for Listings/Exchanges (#10485) (b660d68)
- bigquery: Add rounding mode to FieldSchema (#10328) (1a9e204)
- bigquery: Json support on managedwriter/adapt pkg (#10542) (978d4a1)
- bigquery: Support column name character map in load jobs (#10425) (b829327)
Bug Fixes
- bigquery/storage/managedwriter: Faster context failure on send (#10169) (1fb0e64)
- bigquery: Bump google.golang.org/api@v0.187.0 (8fa9e39)
- bigquery: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
- bigquery: Empty slice instead of nil slice for primitive repeated fields (#7315) (b371210)
- bigquery: Reduce default backoffs (#10558) (037e9ef)
Documentation
- bigquery/analyticshub: A comment for message
DataExchange
is changed (b660d68) - bigquery/analyticshub: A comment for message
Listing
is changed (b660d68) - bigquery/datatransfer: Update OAuth links in
CreateTransferConfigRequest
andUpdateTransferConfigRequest
(3df3c04) - bigquery: Improve Inserter and StructSaver godoc (#10170) (c1cffb6)
- bigquery: Update description of query preview feature (#10554) (25c5cbe)
Java
Changes for google-cloud-bigquery
2.42.0 (2024-07-28)
Features
- Add ability to specify RetryOptions and BigQueryRetryConfig when create job and waitFor (#3398) (1f91ae7)
- Add additional parameters to CsvOptions and ParquetOptions (#3370) (34f16fb)
- Add remaining Statement Types (#3381) (5f39b19)
Bug Fixes
Dependencies
- Update actions/upload-artifact action to v4.3.4 (#3382) (efa1aef)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.48.0 (#3374) (45b7f20)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240616-2.0.0 (#3368) (ceb270c)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240623-2.0.0 (#3384) (e1de34f)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240629-2.0.0 (#3392) (352562d)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.52.0 (#3375) (2115c04)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#3405) (a4a9999)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#3371) (2e804c5)
- Update github/codeql-action action to v2.25.11 (#3376) (