Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/gcp-release-notes.xml

April 12, 2024

AlloyDB for PostgreSQL

Fixed the issue causing AlloyDB Omni running in Kubernetes to run out of memory and crash under some heavy workloads. To apply this fix to a database cluster, update its DBCluster manifest definition so that its databaseVersion value is "15.5.2".

Google Kubernetes Engine

GPUDirect-TCPX is now supported on GKE version 1.27 and later and requires the following patch versions:

  • For GKE version 1.27, use GKE patch version 1.27.7-gke.1121000 or later.
  • For GKE version 1.28, use GKE patch version 1.28.8-gke.1095000 or later.
  • For GKE version 1.29, use GKE patch version 1.29.3-gke.1093000 or later.

To use GPUDirect-TCPX, see Maximize GPU network bandwidth with GPUDirect-TCPX and multi-networking.

April 11, 2024

Bigtable

Bigtable now integrates with LangChain, an LLM orchestration framework. For more information, see Build LLM-powered applications using LangChain. This feature is available in Preview.

Cloud Composer

Starting from June 15, 2024 it will not be possible to create Cloud Composer 1 environments in Google Cloud console. It will still be possible to create Cloud Composer 1 environments through Google Cloud SDK, Terraform, and API in allowlisted projects.

Pub/Sub

If you use Pub/Sub metrics as a signal to autoscale your pipeline, refer to Best practices for using Pub/Sub metrics as a scaling signal.

April 10, 2024

Google Kubernetes Engine

The N4 machine family is generally available in GKE Standard clusters running on GKE 1.29 and later. You can select this family by using the --machine-type flag when creating a cluster or node pool. The following limitations apply:

  • Confidential GKE nodes is not supported.
  • Local SSD is not supported.
  • hyperdisk-balanced is the only supported boot disk type.
Looker

Looker 24.6 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Wed, April 17, 2024

  • Expected Looker (original) final deployment and download available: Thursday, April 25, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, April 15, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, April 22, 2024

The Embedded Looker Studio feature is now available to preview. This feature lets you view and edit Looker Studio reports in Looker and create ad hoc analyses in embedded Looker Studio reports with the Open in Reports feature on Looker Explores.

To participate in this closed experiment, you must meet the following requirements:

  • Your Looker instance must be running on Looker 24.6 or later.

  • Your Looker instance must be using Google OAuth authentication.

  • You must have a Looker Studio Pro license for each user who accesses embedded Looker Studio.

  • You must submit the sign-up form for the closed experiment.

More information for using the Embedded Looker Studio feature is coming soon.

As part of a Looker Studio Pro subscription, Looker Studio Pro licenses are available at no cost to Looker users. Looker admins of Looker (original) instances and Looker (Google Cloud core) instances can accept these complimentary licenses and finish setting up a Looker Studio Pro subscription to get started using Looker Studio.

The Performant Field Picker is now generally available. Search modifiers in the Field Picker can no longer be used.

An issue that caused user attribute filter values to fail to load in some situations has been fixed. This feature now performs as expected.

The json_bi and json_detail_lite_stream query result formats did not respect the apply_formatting parameter in certain cases. This feature now performs as expected.

Previously, fields with full_suggestions would not show suggestions while interacting with the filter. This feature now performs as expected.

An issue has been fixed where the fiscal year was not rendering correctly in some Excel downloads. This feature now performs as expected.

A more descriptive error message is now returned when a user tries to delete a project using the API while not in dev mode.

An issue has been fixed where some projects were empty when a user first entered dev mode. This feature now performs as expected.

Previously, an issue would cause Looker to incorrectly generate derived table SQL if a derived table referenced a view that referenced another derived table that was using the SQL_TABLE_NAME syntax. This feature now performs as expected.

When New LookML Runtime is enabled, the LookML Validator will now include more descriptive error information when an aliased derived table's definition references an unqualified field name in Liquid.

Previously, comparison text on single value visualization dashboard tiles could be cut off when the tile was a specific height. This feature now performs as expected.

Performance for PDT stable view publishing has been improved.

An issue was causing the LookML Validator to incorrectly mark some fields as duplicates. This feature now performs as expected.

Previously, an unclear error message was returned when you selected a measure in an aggregate query using the SQL interface. The language of this error message has been clarified.

An intermittent issue was rendering a blank page when content was added to a board. This feature now performs as expected.

An issue was causing QR codes for mobile app authentication to be improperly generated. This feature now performs as expected.

April 09, 2024

AlloyDB for PostgreSQL

The following Gemini in Databases features are now available in Public Preview:

  • Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
  • AlloyDB Studio (GA): lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • Monitor active queries: monitor and troubleshoot the queries that are active in your database.
  • Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
  • Enhanced Query Insights: an assistive query performance diagnostics platform that lets you detect, troubleshoot, and prevent database and query performance problems in near real-time.
  • 4-week query metric retention in the Query Insights dashboard.
  • 5 new database insight recommendations.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

AlloyDB Omni version 15.5.1 has the following AlloyDB AI features available in Preview:

BigQuery

BigQuery ML now offers the following expanded embedding support features in preview:

Try the new multimodal embedding functionality:

You can now create a data canvas in BigQuery Studio. A data canvas lets you discover, transform, query, and visualize data using natural language. It provides a graphic interface for your analysis that lets you work with data sources, queries, and visualizations in a directed acyclic graph (DAG), giving you a graphical view of your analysis workflow that maps to your mental model. You can iterate on query results and work with multiple branches of inquiry in a single place. This feature is in preview and access can be requested here.

The following Gemini in BigQuery features are now available in Public Preview:

To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.

Bigtable

Bigtable Data Boost, a serverless compute service designed for high-throughput read jobs and queries, is available in Preview.

You can now build distributed counters with Bigtable with write-time aggregates. This feature is available in Preview.

You can control access to data in your Bigtable tables with authorized views. This feature is generally available (GA).

Bigtable app profiles let you configure request priorities to prioritize certain workload data requests over others. This feature is now generally available (GA).

Bigtable now lets you increase the retention period in the garbage collection policy for a column family in a replicated table. For more information, see Changing age-based garbage collection policies.

Cloud Database Migration Service

Database Migration Service support for code conversion with Gemini assistance is now available in preview. For more information, see:

Database Migration service support for homogeneous SQL Server migrations to Cloud SQL for SQL Server is now available in preview. For more information, see Database Migration Service for SQL Server.

Database Migration Service support for Oracle to AlloyDB for PostgreSQL migrations is now generally available. For more information, see Database Migration Service for Oracle to AlloyDB for PostgreSQL.

Database Migration Service conversion workspaces for heterogeneous migrations are now generally available (GA). For more information, see:

Cloud SQL for MySQL

The following Gemini in Databases features are now available in Public Preview:

  • Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
  • Cloud SQL Studio (GA): lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • Monitor active queries: monitor and troubleshoot the queries that are active in your database.
  • Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
  • 4-week query metric retention in the Query Insights dashboard.
  • 17 new database insight recommendations.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

Cloud SQL for MySQL now supports the storage of vector embeddings in MySQL 8.0.36 and later databases. To use this feature, update your instance to MySQL 8.0.36.R20240401.03_00 or later.

After you store vector embeddings in your database, you can then perform K-nearest neighbor (KNN) searches on the dataset along with the rest of your data. Cloud SQL for MySQL also supports the creation of vector search indexes for several different index types using approximate nearest neighbor (ANN) search.

For more information, see Working with vector embeddings using Cloud SQL for MySQL. This feature is in Preview.

Cloud SQL for PostgreSQL

The following Gemini in Databases features are now available in Public Preview:

  • Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
  • Cloud SQL Studio (GA): lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • Monitor active queries: monitor and troubleshoot the queries that are active in your database.
  • Index advisor: a fully managed index advisor that tracks the queries your database handles regularly.
  • 4-week query metric retention in the Query Insights dashboard.
  • 15 new database insight recommendations.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

Cloud SQL for SQL Server

The following Gemini in Databases features are now available in Public Preview:

  • Database Center: an AI-assisted dashboard that gives you one centralized view across your entire database fleet.
  • Cloud SQL Studio (GA): lets authorized users interact directly with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • 9 new database insight recommendations.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

Compute Engine

Generally available: N4 VMs are generally available on the Intel Emerald Rapids CPU with 640 GB DDR5 memory. The N4 machine series offers predefined and custom machine types with extended memory and Hyperdisk Balanced storage.

N4 VMs are available in limited regions and zones.

See VM pricing for cost details.

Generally available: You can plan ahead for VM maintenance on M1, M2, and M3 machine types by viewing their maintenance schedule notifications. For specific machine types within these families, you can also trigger VM maintenance ahead of schedule.

Dataproc

Dataproc Serverless for Spark: The preview release of Advanced troubleshooting, including Gemini-assisted troubleshooting, is now available for Spark workloads submitted with the following or later-released runtime versions:

  • 1.1.55
  • 1.2.0-RC1
  • 2.0.63
  • 2.1.42
  • 2.2.0-RC15

Dataproc Serverless for Spark: Announcing the preview release of Autotuning Spark workloads.

Generative AI on Vertex AI

New Imagen on Vertex AI image generation model and features

The 006 version of the Imagen 2 image generation model (imagegeneration@006) is now available. This model offers the following additional features:

  • Additional aspect ratios (1:1, 3:4, 4:3, 9:16, 16:9)
  • Digital watermark (SynthID) enabled by default
  • Watermark verification*
  • New user-configurable safety features (safety setting, person/face setting)

For more information, see Model versions and Generate images using text prompts.

* The seed field can't be used while digital watermark is enabled.

New Imagen on Vertex AI image editing model and features

The 006 version of the Imagen 2 image editing model (imagegeneration@006) is now available. This model offers the following additional features:

  • Inpainting - Add or remove content from a masked area of an image
  • Outpainting - Expand a masked area of an image
  • Product image editing - Identify and maintain a primary product while changing the background or product position

For more information, see Model versions.

Change in Imagen image generation version 006 (imagegeneration@006) seed field behavior

For the new Imagen image generation model version 006 (imagegeneration@006) the seed field behavior has changed. For the v.006 model a digital watermark is enabled by default for image generation. To be able to use a seed value to get deterministic output you must disable digital watermark generation by setting the following parameter: "addWatermark": false.

For more information, see the Imagen for image generation and editing API reference.

CodeGemma model

The CodeGemma model is available. CodeGemma is a lightweight open model that's part of the Google Gemma model family. CodeGemma is the Gemma model family's code generation and code completion offering. Gemma models are based on Gemini models and intended to be extended by customers.

Grounding Gemini and Grounding with Google Search

The Gemini API now supports Grounding with Google Search in Preview. Currently available for Gemini 1.0 Pro models.

Regional APIs

  • Regional APIs are available in 11 new countries for Gemini, Imagen, and embeddings.
  • US and EU have machine-learning processing boundaries for the gemini-1.0-pro-001, gemini-1.0-pro-002, gemini-1.0-pro-vision-001, and imagegeneration@005 models.

Generative AI on Vertex AI security control update

Security controls are available for the online prediction feature for Gemini 1.0 Pro and Gemini 1.0 Pro Vision.

Gemini 1.5 Pro (Preview)

Gemini 1.5 Pro is available in Preview. Gemini 1.5 Pro is a multimodal model that analyzes text, code, audio, PDF, video, and video with audio.

New text embedding models

The following text embedding models are now in Preview.

  • text-embedding-preview-0409
  • text-multilingual-embedding-preview-0409

When evaluated using the MTEB benchmarks, these models produce better embeddings compared to previous versions. The new models also offer dynamic embedding sizes, which you can use to output smaller embedding dimensions, with minor performance loss, to save on computing and storage costs.

For details on how to use these models, refer to the public documentation and try out our Colab.

System instructions

System instructions are supported in Preview by the Gemini 1.0 Pro (stable version gemini-1.0-pro-002 only) and Gemini 1.5 Pro (Preview) multimodal models. Use system instructions to guide model behavior based on your specific needs and use cases. For more information, see System instructions examples.

Supervised Tuning for Gemini

Supervised tuning is available for the gemini-1.0-pro-002 model.

Online Evaluation Service

Generative AI evaluation supports online evaluation in addition to pipeline evaluation. The list of supported evaluation metrics has also expanded. See API reference and SDK reference.

Generative AI Knowledge Base

The Jump Start Solution: Generative AI Knowledge Base demonstrates how to build a simple chatbot with business- and domain-specific knowledge.

GitLab on Google Cloud

GitLab on Google Cloud is in Preview. The integration enables customers to deploy source from GitLab to Google Cloud run-time environments. The integration simplifies authentication and authorization to Google for GitLab piplines, and uses GitLab and Google CI/CD components. To get started, try the GitLab end-to-end tutorial.

Google Distributed Cloud Virtual for VMware

GKE on VMware 1.16.7-gke.46 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.16.7-gke.46 runs on Kubernetes v1.27.10-gke.500.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

The following issues are fixed in 1.16.7-gke.46.

  • Fixed the known issue where the controlPlaneNodePort field defaults to 30968 when the manualLB spec is empty.

The following vulnerabilities are fixed in 1.16.7-gke.46:

Google Kubernetes Engine

Cloud Tensor Processing Units (TPUs) are now available in GKE Autopilot clusters running version 1.29.2-gke.1521000 or later. To learn more, visit Deploy TPU workloads on GKE Autopilot.

Network Intelligence Center

Flow Analyzer is now available in Preview.

Flow Analyzer lets you quickly and efficiently understand your VPC traffic flows without the need to write complex SQL queries for analyzing VPC Flow Logs.

Spanner

The following Gemini in Databases features are now available in Public Preview:

  • Spanner Studio (GA): lets users interact with the SQL database and run SQL queries from the Google Cloud console to access and manipulate data.
  • Spanner now supports the use of Gemini models with GoogleSQL and PostgreSQL machine learning prediction functions.

To learn how to enable and activate Gemini in Databases, see Set up Gemini in Databases.

Spanner now supports the ML_PREDICT_ROW() function for PostgreSQL. You can use this function to generate predictions using SQL. To learn more about this function and how to use it, see Using Spanner Vertex AI integration functions.

You can now generate ML predictions using the Spanner emulator with GoogleSQL and PostgreSQL.

Spanner GoogleSQL now supports SAFE.ML.PREDICT(), which allows you to return a null instead of an error in your predictions.

You can generate and backfill vector embeddings for textual data (STRING or JSON) stored in Spanner using GoogleSQL partitioned DML and the Vertex AI textembedding-gecko model. For more information, see Generate vector embeddings for textual data in bulk using partitioned DML.

Spanner now supports several new PostgreSQL JSONB functions:

  • spanner.jsonb_query_array()
  • jsonb_build_array()
  • jsonb_build_object()

The PostgreSQL CONCAT() function also supports more than 4 arguments.

For more information, see Supported PostgreSQL functions.

Spanner has extended the array data type with the VECTOR LENGTH parameter (in Preview). This optional parameter sets an array to a fixed size for use in a vector search. For more information, see the PostgreSQL array data type or the GoogleSQL array data type.

Spanner now supports the dot_product() function (in Preview). For more information, see Choose among vector distance functions to measure vector embeddings similarity.`

Spanner now supports the float32 (GoogleSQL) and float4/real (PostgreSQL) data type (in Preview).

Spanner now supports the use of Gemini models with GoogleSQL and PostgreSQL machine learning prediction functions (in Preview).

Spanner now supports using LangChain with the vector store, document loader, and chat message history objects. For more information, see Build LLM-powered applications using LangChain.

Vertex AI Search and Conversation

Vertex AI Search: Document chunking support for more search types (Public preview)

When document chunking is turned on for an unstructured data store, search summaries and search with follow-ups are supported in Public preview.

For information, see Chunk documents for RAG.

Vertex AI Search: Document ranking API (Public preview)

The ranking API takes a list of documents and reranks those documents based on how relevant the documents are to a query. This is a stateless API that does not require you to index documents in advance.

For more information, see Rank and rerank documents.

Vertex AI Search: Check grounding (Public preview)

The check grounding API is available as a Public preview feature.

The check grounding API determines how grounded a piece of text is in a given set of facts. Perfect grounding requires that every statement in the text can be attributed to one or more of the given facts. The API returns support scores and citations.

Additionally, as an experimental feature, the API also generates contradicting citations that show which facts contradict the text and how strongly.

For more information, see Check grounding and the check API.

Vertex AI Search: Answers with summaries and follow-ups (Public preview)

The answer API improves on the search with summary and search with follow-ups features. For example, it better handles complex queries, can do multi-step retrieval, and provides customization of answer styles.

The answer API is supported in Public preview.

For more information, see Get answers and follow-ups.

Vertex AI Search: FHIR data streaming ingestion (Private preview)

Select the import frequency for your healthcare FHIR data. You can either perform a one-time batch import or set up a streaming import. Streaming import is available as a Private preview feature.

For more information, see Create a healthcare search data store.

Vertex AI Search: Autocomplete support for healthcare search (Public preview)

Autocomplete is available as a Public preview feature for healthcare data search. The autocomplete configuration uses a canonical medical data source to generate autocomplete suggestions for healthcare data stores.

For more information, see Configure autocomplete.

Vertex AI Search: Connect Google Drive to Vertex AI Search (GA)

Syncing Google Drive data to Vertex AI Search is available in GA. For more information about creating a Google Drive data store, see Sync from Google Drive.

Vertex AI Search: Connect multiple search apps to the same data store (GA)

Connecting more than one generic search app to a single data store is supported in GA. With this capability, you can create multiple apps that search across the same data without having to ingest that data multiple times.

Vertex AI Search: Blended search (GA)

Blended search, where you can search across multiple data stores using a single search app, is available in GA. For more information about blended search, see About connecting multiple data stores.

Vertex AI Search: Connect Spanner, Cloud SQL, Firestore, and Bigtable to Vertex AI Search (Public preview)

Importing data from Spanner, Cloud SQL, Firestore, and Bigtable to Vertex AI Search is available in Public preview. For more information about creating a Google Drive data store, see Create a search data store.

Vertex AI Search: Media search (GA)

Vertex AI Search for media is Generally available (GA).

You can create media search apps on media data stores. You can connect the media search app to an existing media data store or create a new one. You can also use document metadata to filter search queries of your media content.

Vertex AI Search: Additional languages supported for media search

Vertex AI Search for media is supported in nine languages: Arabic, English, French, German, Hindi, Korean, Japanese, Portuguese, and Spanish.

For more information, see Languages.

Vertex AI Search: Search-as-you-type for media apps (GA)

The search-as-you-type feature is Generally available (GA) for media search apps.

Search results are returned after each character instead of after the full query is entered. Search-as-you-type is ideal for search apps with awkward input devices such as television remotes. You can enable search-as-you-type through the widget UI as well as through the API.

For more information, see Get search-as-you-type results for a media app.

April 08, 2024

AlloyDB for PostgreSQL

You can preview a simplified installation method for AlloyDB Omni. This lets you install and run AlloyDB Omni on your environment using portable open-source tools, such as the docker command-line interface.

AlloyDB Omni version 15.5.1 is now available. This version includes the following features and changes:

The following issue was fixed on April 12, 2024.

Some heavy workloads might cause AlloyDB Omni running in Kubernetes to run out of memory and crash.

To mitigate this issue, make sure that transparent huge pages are enabled on your Kubernetes nodes:

  1. Follow the instructions on Configuring Transparent Huge Pages.
  2. On every node that you enable transparent huge pages on, run the following command:

    echo within_size > /sys/kernel/mm/transparent_hugepage/shmem_enabled

BigQuery

BigQuery Studio is generally available (GA).

BigQuery Studio lets you save, share, and manage versions of code assets such as notebooks and saved queries.

BigQuery DataFrames is generally available (GA).

BigQuery DataFrames is a set of open source Python libraries that implements the pandas and scikit-learn APIs with server-side processing. To get started, you can try BigQuery DataFrames.

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.20.1 (2024-04-01)

Bug Fixes
  • Make pyarrow an optional dependency post-3.20.0 yanked release (#1879) (21714e1)

The BigQuery materialized view recommender analyzes your past query jobs to identify opportunities to apply materialized views to your queries for potential cost savings. You can view all available materialized view recommendations through the BigQuery UI or Recommender API. This feature is in preview.

Cloud Firewall

Cloud NGFW Enterprise, including the intrusion prevention service, is available in General Availability. Use intrusion prevention service to safeguard your workload traffic from threats such as malware, spyware, and command-and-control attacks.

Starting April 9, 2024, you will be charged for the Cloud NGFW Enterprise feature—intrusion prevention service. For more information about billing, see Cloud NGFW pricing.

Cloud Firewall in Google Cloud is now Cloud Next Generation Firewall (NGFW). For more information, see Cloud NGFW.

Cloud Load Balancing

Application Load Balancers now support Certificate Manager allowlisted certificates. For more information, see Mutual TLS authentication.

This capability is in General Availability.

Cloud NAT

Hybrid NAT is now available in Preview.

Cloud SQL for MySQL

Cloud SQL Enterprise Plus edition primary instances with high availability (HA) now require less than one second of downtime for planned maintenance.

Cloud SQL for PostgreSQL

Cloud SQL Enterprise Plus edition primary instances with high availability (HA) now require less than one second of downtime for planned maintenance.

Cloud Shell

Code Transformations for Gemini Code Assist are now available for Public Preview. You can now use an inline text box directly in your code file to do the following:

  • Generate comment lines to document your code.
  • Troubleshoot code with issues.
  • Improve code readability.
  • Make code more efficient.

You can also view context sources of a generated response in the Gemini: Chat pane.

For more information, see Code with Gemini Code Assist.

Cloud Workstations

Code Transformations for Gemini Code Assist are now available for Public Preview. You can now use an inline text box directly in your code file to do the following:

  • Generate comment lines to document your code.
  • Troubleshoot code with issues.
  • Improve code readability.
  • Make code more efficient.

You can also view context sources of a generated response in the Gemini: Chat pane.

For more information, see Code with Gemini Code Assist.

Compute Engine

Pricing change: On January 26, 2024, Red Hat announced a price model update on RHEL and RHEL for SAP for all Cloud providers that scales image subscription costs according to vCPU count. The new pricing model will be reflected on Compute Engine starting July 1, 2024.

For the pricing changes, see Premium images. To learn about your options to optimize subscription costs, see the Red Hat Enterprise Linux pricing FAQs.

On January 26, 2024, Red Hat announced a price model update on RHEL and RHEL for SAP for all Cloud providers that scales image subscription costs according to vCPU count. As a result, starting July 1, 2024, any active commitments for RHEL and RHEL for SAP licenses will be canceled and will not be charged for the remainder of the commitment's term duration.

Google Cloud has notified and will issue adjustments to affected customers.

Generally available: You can limit the run time of VMs by using automatic termination, which automatically stops or deletes a VM after a specific time or duration. Limiting your VMs' run times can help you optimize temporary workloads by minimizing costs and releasing quota. For more information, see Limit the run time of a VM.

As of April 8, 2024, automatic termination will no longer be automatically cleared when a VM is stopped or suspended. Instead, automatic termination has the following behavior:

  • A VM that is configured to automatically terminate after a duration repeats that duration whenever the VM is restarted.

  • A VM that is configured to automatically terminate after a time can only run until that time. If you want to run the VM after that time, you must update the VM to either remove the time or specify a later time.

For more information, see Limit the run time of a VM.

Firestore

Firestore now supports the following additional locations:

  • africa-south1 Johannesburg
  • europe-north1 Finland
  • europe-southwest1 Madrid
  • europe-west10 Berlin
  • europe-west12 Turin
  • europe-west8 Milan
  • southamerica-west1 Santiago
  • us-central1 Iowa
  • us-east5 Columbus

For a full list of supported locations, see Locations.

Firestore in Datastore mode

Firestore in Datastore mode now supports the following additional locations:

  • africa-south1 Johannesburg
  • europe-north1 Finland
  • europe-southwest1 Madrid
  • europe-west10 Berlin
  • europe-west12 Turin
  • europe-west8 Milan
  • southamerica-west1 Santiago
  • us-central1 Iowa
  • us-east5 Columbus

For a full list of supported locations, see Locations.

Google Distributed Cloud Virtual for Bare Metal

Release 1.28.400-gke.77

GKE on Bare Metal 1.28.400-gke.77 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.400-gke.77 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Functionality changes:

  • Updated preflight checks to add a check for networking kernel modules.
  • Updated preflight checks to remove the check for iptables package availability.

Fixes:

  • Fixed a cluster upgrade issue where the lifecycle-controller-deployer Pod was unable to migrate existing GKE on Bare Metal resources to the latest API version. This issue blocked upgrades to earlier version 1.28 releases.

Fixes:

The following container image security vulnerabilities have been fixed in 1.28.400-gke.77:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Release 1.16.7

GKE on Bare Metal 1.16.7 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.7 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Fixes:

  • Fixed an issue with configuring a proxy for your cluster that required you to manually set HTTPS_PROXY and NO_PROXY environment variables on the admin workstation.

The following container image security vulnerabilities have been fixed in 1.16.7:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Kubernetes Engine

(2024-R09) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • There are no new releases in the Stable release channel.

Regular channel

  • There are no new releases in the Regular release channel.

Rapid channel

(2024-R09) Version updates

(2024-R09) Version updates

  • There are no new releases in the Stable release channel.

(2024-R09) Version updates

  • There are no new releases in the Regular release channel.

(2024-R09) Version updates

Memorystore for Redis

Vector search capabilities are now Generally Available on Memorystore for Redis.

Pub/Sub

You can now ingest streaming data from Amazon Kinesis Data Streams into Pub/Sub by using an import topic. For more information about import topics, including required roles and permissions and how to create an import topic, see Create an import topic. The change is being rolled out in a phased manner over the rest of the week.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.128.0 (2024-04-03)

Features
  • Add custom datetime format for Cloud Storage subscriptions (#1970) (7113f06)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.38.2 (#1965) (ec3b386)
  • Update dependency com.google.cloud:google-cloud-storage to v2.36.1 (#1968) (524109c)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.26.1 (#1972) (53c1120)
Documentation

Python

Changes for google-cloud-pubsub

2.21.1 (2024-04-04)

Bug Fixes
  • Set timeout to infinite for publishing with ordering keys enabled (#1134) (67daf3c)
Spanner

You can now add a time to live (TTL)-based deletes filter to your Spanner change streams using the exclude_ttl_deletes option.

You can now add a table modification type filter to your Spanner change streams to exclude INSERT, UPDATE, or DELETE table modifications.

Spanner change streams now support a new value capture type called NEW_ROW_AND_OLD_VALUES. This new type captures all new values for both modified and unmodified columns, and old values for modified columns.

April 05, 2024

Advisory Notifications

Advisory Notifications for users using Google Cloud without an organization is now in General Availability. Advisory Notifications now lets users opt in to or out of optional notification types.

AlloyDB for PostgreSQL

The following extensions are added to the extensions supported by AlloyDB.

  • autoinc
  • insert_username
  • moddatetime
  • pg_background
  • pg_squeeze
  • tcn

The extension pgvector is updated to version 0.6.0.

BigQuery

You can now use BigLake to access Delta Lake tables. For more information, see Create Delta Lake BigLake tables. This feature is available in preview.

Cloud Billing

The Cloud Billing FinOps hub is now Generally Available

Use the FinOps hub to monitor and share your current savings, explore recommended opportunities to optimize costs, and plan your optimization goals. The FinOps hub dashboard generates recommendations based on historical usage, including recent usage and current commitments, and helps you gauge how well you're using Google Cloud tools to monitor and save costs.

Learn about using FinOps hub.

Cloud Database Migration Service

Database Migration Service now supports physical backup files created by using the Percona XtraBackup utility for homogeneous MySQL to Cloud SQL for MySQL migrations. For more information, see Migrate your databases by using a Percona XtraBackup physical file.

Cloud Storage

Custom constraints for Cloud Storage are now available. You can use custom constraints to enforce policies on Cloud Storage resources, such as a policy that enforces all buckets to have Object Versioning enabled.

Dataflow

The following Dataflow templates are generally available (GA):

Firestore

Support for Customer-managed encryption keys (CMEK). This feature is in Preview.

Firestore in Datastore mode

Support for Customer-managed encryption keys (CMEK). This feature is in Preview.

Google Cloud Architecture Center

(New guide) Use Google Cloud Armor, load balancing, and Cloud CDN to deploy programmable global front ends: Provides an architecture that uses a global front end incorporating Google Cloud best practices to help scale, secure, and accelerate the delivery of internet-facing applications.

Google Kubernetes Engine

GPU NVIDIA Multi-Process Service (MPS) is available in version 1.27.7-gke.1088000 and later, which allows multiple workloads to share a single NVIDIA GPU hardware accelerator with NVIDIA MPS.

Memorystore for Redis Cluster

Added support for new node types, including smaller and larger nodes. For more details, see Cluster and node specification.

Added support for AOF and RDB persistence (Preview). For more details, see Persistence overview.

Added support for instance configurations (Preview). For more details, see Supported instance configurations.

SAP on Google Cloud

SAP BTP edition of the ABAP SDK for Google Cloud

Version 1.0 of the SAP BTP edition of ABAP SDK for Google Cloud is generally available (GA). With the BTP edition of the SDK, developers can create innovative solutions using Google Cloud APIs in their SAP BTP, ABAP environment.

For more information, see:

April 04, 2024

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

BigQuery

The allow_non_incremental_definition option and max_staleness option for materialized views are now generally available (GA). The allow_non_incremental_definition option supports an expanded range of SQL queries to create materialized views, and the max_staleness option provides consistently high performance with controlled costs when processing large, frequently changing datasets.

You can now perform model monitoring in BigQuery ML. The following model monitoring functions are now in preview:

  • ML.DESCRIBE_DATA: compute descriptive statistics for a set of training or serving data.
  • ML.VALIDATE_DATA_SKEW: compute the statistics for a set of serving data, and then compare them to the statistics for the data used to train a BigQuery ML model in order to identify anomalous differences between the two data sets.
  • ML.VALIDATE_DATA_DRIFT: compute and compare the statistics for two sets of serving data in order to identify anomalous differences between the two data sets.
  • ML.TFDV_DESCRIBE: compute fine-grained descriptive statistics for a set of training or serving data. This function provides the same behavior as the TensorFlow tfdv.generate_statistics_from_csv API.
  • ML.TFDV_VALIDATE: compute and compare the statistics for training and serving data, or two sets of serving data, in order to identify anomalous differences between the two data sets. This function provides the same behavior as the TensorFlow validate_statistics API.

BigQuery data clean rooms with analysis rules and enhanced usage metrics are now generally available (GA). Data clean rooms provide a security-enhanced and privacy-preserving environment for multiple parties to share and augment data without moving or revealing the underlying data.

Join restrictions, list overlap, differential privacy with privacy budgeting, and aggregation thresholding are now enforceable in BigQuery data clean rooms using analysis rules.

Cloud Data Fusion

Cloud Data Fusion is available in the africa-south1 region. For more information, see Pricing.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for MySQL

For Cloud SQL Enterprise Plus edition, you can now use advanced disaster recovery (DR) to simplify recovery and fallback processes after you perform a cross-regional failover. With advanced DR, you can:

  • Designate a cross-region disaster recovery (DR) replica
  • Perform replica failover
  • Restore your original deployment by using zero data loss switchover

You can also use switchover to simulate disaster recovery without data loss.

For more information, see Advanced disaster recovery (DR) and Use advanced disaster recovery (DR). This feature is in Preview.

Compute Engine

Generally available: Simplify block storage management for Compute Engine instances with Hyperdisk Storage Pools. A Hyperdisk Storage Pool is a pre-purchased collection of disk capacity, throughput, and IOPS which you can then provision to your applications as needed. By managing disks in aggregate, you can save costs while achieving expected capacity and performance growth. For more information, see About Hyperdisk Storage Pools.

Container Optimized OS

cos-105-17412-294-62

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v23.0.3 v1.7.13 v470.239.06(default),v550.54.14(latest)

Updated app-emulation/containerd to 1.7.13.

Upgraded net-misc/chrony to v4.5.

Upgraded sys-apps/makedumpfile to v1.7.4.

Upgraded app-admin/node-problem-detector to v0.8.17.

Upgraded app-admin/localtoast to v1.1.7.

Add NVIDIA GPU drivers R550 branch and update latest to 550.54.14.

Downgraded app-admin/localtoast to v1.1.5.

Fix bug in google-guest-agent service enablement.

Fixed CVE-2024-26591 in the Linux kernel.

Fixed CVE-2024-26589 in the Linux kernel

Fixed CVE-2024-26585 in the Linux kernel.

Fixed CVE-2023-52439 in the Linux kernel.

Fixed CVE-2023-52434 in the Linux kernel.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.57
  • 1.2.1
  • 2.0.65
  • 2.1.44
  • 2.2.1

Added bigframes Python package by default in the Dataproc Serverless for Spark runtime versions 1.2 and 2.2

Dialogflow

Vertex AI Conversation: You can now create a data store in one language that is connected to an agent that uses different languages.

Google Kubernetes Engine

A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane.

For more information, see the GCP-2024-022 security bulletin.

April 03, 2024

Anthos clusters on AWS

A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For more information, see the GCP-2024-022 security bulletin.

Anthos clusters on Azure

A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For more information, see the GCP-2024-022 security bulletin.

Apigee X

On April 3, 2024, we released an updated version of Apigee.

With this release, Apigee expanded its support for data residency to additional regions in Asia-Pacific and the Middle East. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

For a list of supported geographic locations, see Apigee locations.

Batch

You can set maximum time limits for tasks and runnables. For more information, see Limit run times for tasks and runnables using timeouts.

When a job fails due to exceeding a timeout, the job's logs don't indicate whether the failure was caused by the relevant task's timeout or the relevant runnable's timeout. For more information, including a workaround, see Known issues.

BigQuery

Collation now supports the following generally available (GA) features:

  • The underscore in the LIKE operator.
  • Comparison support for the STRUCT data type with the following operators and conditional expressions: =, !=, IN and CASE.

You can now configure materialized views with tables enabled for change data capture (CDC) streaming update and delete operations.

Chronicle

Curated Detections has been enhanced with new detection content for Cloud Threats category. These new rule sets identify threats in AWS environments and are generally available to customers with a Chronicle Security Operations Enterprise and Enterprise Plus license.

Chronicle Security Operations

On or after May 1, 2024, in an effort to improve enrichment quality, the enrichment process using telemetry events and entities will prioritize values set by parsers over values from aliases in unenriched events. If a parser does not set the value, the enrichment process will set the enriched value to using aliases.

Curated Detections rule packs covering AWS threats are generally available to Chronicle Enterprise and Enterprise Plus customers.

Cloud Load Balancing

The cross-region internal Application Load Balancer supports backends in multiple regions, provides seamless cross-region failover using Cloud DNS routing policies, and is globally accessible by clients from any Google Cloud region, on premise, or other clouds. Supports Google-managed certificates using Cloud Certificate Manager and Certificate Authority Service.

For details, see the Internal Application Load Balancer overview.

To set up a cross-region internal Application Load Balancer, see the following pages:

This capability is in General Availability.

The cross-region internal proxy Network Load Balancer supports backends in multiple regions, provides seamless cross-region failover, and is globally accessible by clients from any Google Cloud region, on premise, or other clouds.

For details, see the Internal proxy Network Load Balancer overview.

To set up a cross-region internal proxy Network Load Balancer, see the following pages:

This capability is in General Availability.

Cloud Logging

The Logging query language now supports the cast and regexp_extract functions. For more information, see the Logging query language documentation.

Cloud SQL for MySQL

You can now migrate your external MySQL 5.7 and 8.0 databases into Cloud SQL for MySQL by using Percona XtraBackup physical files. This feature is in Preview.

For more information, see Migrate to Cloud SQL from an XtraBackup physical file.

Cloud SQL for PostgreSQL

You can now migrate data in the tables of your database in parallel. There's a performance improvement because Cloud SQL can transfer the data with parallel processes within a database. You can set the speed that Cloud SQL transfers this data to min, optimal, or max.

Cloud Storage

Managed folders are now available in the Google Cloud Console.

You can now use managed folders in your Cloud Storage buckets using the Cloud Console. You can create, list, move, and delete your managed folders in the Console, as well as set IAM policies. To learn more, see Create and manage managed folders.

Compute Engine

Compute Engine is not affected by CVE-2024-3094. For more information, see the the GCP-2024-021 security bulletin.

Config Connector

Config Connector version 1.115.0 is now available.

Improved support for AlloyDB, by adding new fields to AlloyDBCluster and AlloyDBInstance.

AlloyDBCluster

  • Added spec.clusterType field.

  • Added spec.deletionPolicy field.

  • Added spec.secondaryConfig field.

AlloyDBInstance

  • Added spec.instanceTypeRef field.
Dialogflow

Dialogflow CX: Language auto detect is now available for chat conversations. You can configure Dialogflow CX to detect an end-user's language and automatically respond in that same language. See the language reference page for a list of languages available for this feature.

Firestore

You can now use Firestore to perform K-nearest neighbor (KNN) vector searches. This feature is in Preview.

Google Cloud Architecture Center

(New guide) Infrastructure for a RAG-capable generative AI application using GKE: Design the infrastructure to run a generative AI application with retrieval-augmented generation (RAG) using GKE, Cloud SQL, and open source tools like Ray, Hugging Face, and LangChain.

Google Cloud Armor

The Cloud Armor premium service tier "Cloud Armor Managed Protection Plus" has been renamed to "Cloud Armor Enterprise." This change is being made to reflect the evolution of Cloud Armor's enterprise features. SKU IDs and pricing are unchanged. The name change does not impact the enrollment status of existing projects, or any features that were part of Managed Protection Plus. Learn more about Cloud Armor Enterprise.

Cloud Armor Enterprise Paygo (formerly Managed Protection Plus Paygo) is now Generally Available. Learn more about Cloud Armor Enterprise service tiers.

Google Distributed Cloud Virtual for Bare Metal

A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For more information, see the GCP-2024-022 security bulletin.

Google Distributed Cloud Virtual for VMware

A Denial-of-Service (DoS) vulnerability (CVE-2023-45288) was recently discovered in multiple implementations of the HTTP/2 protocol, including the golang HTTP server used by Kubernetes. The vulnerability could lead to a DoS of the Google Kubernetes Engine (GKE) control plane. For more information, see the GCP-2024-022 security bulletin.

Google Kubernetes Engine

The GKE compliance dashboard now offers compliance evaluation for CIS Kubernetes Benchmark 1.5, Pod Security Standards (PSS) Baseline, and PSS Restricted standards in Preview. To learn more, see About the compliance dashboard.

GKE threat detection is now available in Preview. Threats against the Kubernetes control plane impacting your GKE Enterprise clusters are now visible in the GKE security posture dashboard. To learn more, see About GKE threat detection.

SAP on Google Cloud

BigQuery Connector for SAP version v2.6

Version 2.6 of the BigQuery Connector for SAP is generally available (GA). This version offers several enhancements and bug fixes, including the addition of the Create Table tool, the Mass Field Conversion tool, a custom transaction designed to only display the BigQuery Connector for SAP settings, and support for replicating cluster tables to BigQuery.

For more information, see What's new with BigQuery Connector for SAP.

April 02, 2024

AlloyDB for PostgreSQL

AlloyDB Studio is now generally available (GA). AlloyDB Studio includes an Explorer pane that integrates with an enhanced query editor, letting you browse, query, and modify your AlloyDB databases with this single interface. For more information, see Manage your data using AlloyDB Studio.

Apigee X

On April 2, 2024, we announced an increase in the rate limits for the Spike Arrest policy.

The limit on the rate you can specify increased from 1,000 requests per second, 60,000 requests per minute to 4,000 requests per second, 240,000 requests per minute.

See the Spike Arrest section of the Limits page for information on Spike Arrest limits.

Artifact Registry

Artifact Analysis automatic scanning for Ruby, Rust, .NET and PHP vulnerabilities in container images is now generally available. If the Container Scanning API is enabled, it scans container images pushed to Artifact Registry for Ruby, Rust, .NET and PHP vulnerabilities, in addition to already supported operating system and language package vulnerabilities.

Artifact Analysis returns Ruby, Rust, .NET and PHP vulnerability results for images that have a supported or unsupported operating system. When you push new versions of images to the registry, you might see more successful vulnerability scans against images without a supported operating system.

For more information, see Container scanning overview.

BigQuery

The following BigQuery ML features are now in preview:

Try tuning and evaluating an LLM with the Customize an LLM by using supervised fine tuning how-to topic.

Chronicle

On or after May 1, 2024, in an effort to improve enrichment quality, the enrichment process using telemetry events and entities will prioritize values set by parsers over values from aliases in unenriched events. If a parser does not set the value, the enrichment process will set the enriched value to using aliases.

Cloud Data Fusion

The Google Sheets plugin version 1.4.2 (bundled with the Google Drive plugins) is available in all Cloud Data Fusion versions. The release includes the following changes:

  • Macros are supported for the following OAuth fields: Client ID, Client secret, and Refresh token (PLUGIN-1762).
  • You can specify a single file ID in the File identifier field (PLUGIN-1763).
  • Added an Access token field, which supports macros (PLUGIN-1764).
  • You can turn on auto detection for the number of rows and columns (PLUGIN-1766).
Cloud SQL for MySQL

You can now scale up the compute size (vCPU, memory) of a Cloud SQL Enterprise Plus edition primary instance with near-zero downtime.

Cloud SQL for PostgreSQL

Version 0.6.0 of the pgvector extension that's listed in the March 27 release note isn't available yet. Use version 0.5.1 of this extension.

You can now scale up the compute size (vCPU, memory) of a Cloud SQL Enterprise Plus edition primary instance with near-zero downtime.

Cloud SQL for SQL Server

You can now use SSL mode instead of the legacy require_ssl setting to specify the encryption requirements for connections to your Cloud SQL for SQL Server instances. For more information, see Enforce SSL/TLS encryption.

Dataform

You can now use Customer-Managed Encryption Keys (CMEK) to protect repositories in Dataform. CMEK in Dataform is available in preview. For more information, see Use customer-managed encryption keys.

Dataproc

The following previously released sub-minor versions of Dataproc on Compute Engine images have been rolled back and can only be used when updating existing clusters that already use them:

  • 2.0.97-debian10, 2.0.97-rocky8, 2.0.97-ubuntu18
  • 2.1.45-debian11, 2.1.45-rocky8, 2.1.45-ubuntu20, 2.1.45-ubuntu20-arm
  • 2.2.11-debian12, 2.2.11-rocky9, 2.2.11-ubuntu22
Dialogflow

Dialogflow CX: Call companion is now generally available with new user interface settings.

Dialogflow CX: Dialogflow CX phone gateway is now generally available.

Vertex AI Conversation: Data stores now support parse and chunk configuration.

Document AI

Fine tuning generative AI models within the Custom Extractor is now supported in GA. For more information, see custom processors and fine tuning pricing.

Eventarc

Eventarc support for creating triggers for direct events from Cloud Deploy is generally available (GA).

Generative AI on Vertex AI

Model Garden supports all Text Generation Inference supported models in HuggingFace:

Google Kubernetes Engine

Observability for Google Kubernetes Engine: Added a dashboard for Tensor Processing Unit (TPU) metrics on the Observability tab of both the cluster listing and cluster details pages for GKE clusters. The charts on this dashboard are populated with data only if the cluster has TPU nodes and GKE system metrics is enabled. For more information, see View observability metrics.

Looker Studio

Search Ads 360 connector deprecation

After April 30, 2024, you will no longer be able to create new reports from this connector. Please start using the New Search Ads 360 connector.

To learn more about this change, read the Connect to Search Ads 360 (deprecated) Help Center article.

SAP on Google Cloud

ABAP SDK for Google Cloud version v1.6

Version 1.6 of the ABAP SDK for Google Cloud is generally available (GA). This version brings in expanded support for more Google Cloud APIs, including support for multi-modal LLMs such as Gemini, SDK feature enhancements, and bug fixes.

For more information, see What's new with the ABAP SDK for Google Cloud.

Secret Manager

To learn more, see Delay destruction of secret versions.

Security Command Center

Enterprise tier released to General Availability

The Enterprise tier, which transforms Security Command Center into a cloud-native application protection platform (CNAPP) that combines cloud security and enterprise security operations with multicloud support, is released to General Availability.

The following features and capabilities of the Enterprise tier are new to Security Command Center:

  • Multicloud support: You can now connect Security Command Center to Amazon Web Services for the following capabilities:
    • Detect threats and vulnerabilities
    • Assess the risk exposure of your high-value AWS resources
    • Assess compliance with security standards
  • A new Security Operations console for global security operations tasks
  • SIEM and SOAR capabilities for security operations
    • Security investigation and event management (SIEM) capabilities:
      • Ingest and normalize logs from Google Cloud, AWS, Security Command Center findings, and resource metadata from multiple sources
      • Detect the most important cloud threats with curated threat detection
      • Search across consolidated SIEM data
    • Security operations and response (SOAR) capabilities:
      • Manage detections, investigations, and responses with cases
      • Automate response workflows with playbooks
      • Focus on posture and threat findings with dedicated views in the Security Operations console
      • Integrate with IT service management products, such as Jira and ServiceNow, for posture management
      • Search across consolidated SOAR data
  • The following attack exposure scoring features are in General Availability:
  • Vulnerability and misconfiguration detections
    • Security Health Analytics includes the following enhancements:
      • New misconfiguration detectors for AWS resources
      • Detectors are mapped to new security standards
    • You can now manage the remediation of critical and high severity vulnerability and misconfiguration findings using cases that are automatically opened for you.
  • Threat detection and investigation
    • Detect threats in your AWS deployments
    • Investigate and respond to incidents with SIEM-like capabilities across 90 days of cloud logs
    • Manage the investigation of and response to threats by using cases
    • Define response workflows and automated actions in response to threats by using playbooks
  • Mandiant Attack Surface Management integration
    • Mandiant Attack Surface Management scans your external attack surfaces to identify vulnerability and misconfiguration findings
  • Sensitive Data Protection integration
    • The Risk overview page of Security Command Center in the Google Cloud console now shows data security findings from the Sensitive Data Protection discovery service
    • Findings from Sensitive Data Protection that indicate the sensitivity and data risk levels of your data can inform the automated assignment of resource values for the attack path simulation feature
  • Gemini artificial intelligence features
    • Natural language search for threat findings
    • AI investigation widget for cases
  • Compliance, security standards
    • Support for AWS security standards
  • Validate infrastructure as code (IaC) against organization policies and Security Health Analytics detectors. The IaC validation feature lets you determine whether your new or modified resource definitions violate the existing policies that are applied to your Google Cloud resources.
  • Integration with Assured Open Source Software The paid tier of Assured OSS is included with your Enterprise tier license, so that you can enhance your code security by using the open source software packages that Google uses for its own developer workflows.

With the Enterprise tier, severity levels of certain findings are now variable

In the Enterprise tier of Security Command Center, the default severity level of an active vulnerability or misconfiguration finding can change if the finding's attack exposure score changes. If you are a user of the Premium tier and you upgrade to the Enterprise tier, check any automated or manual procedures that rely on the value of the severity property to ensure that they can support a variable severity value.

For more information, see Severities that vary based on attack exposure score.

Sensitive Data Protection

If you opted to publish your data profiles to Security Command Center, you can configure Security Command Center to prioritize resources automatically according to the sensitivity of the data that the resources contain. For more information, see Set resource priority values automatically by data sensitivity.

If your discovery scan configuration isn't set to publish data profiles to Security Command Center, see Enable publishing to Security Command Center in an existing configuration.

Service Extensions

Service Extensions is Generally Available for callout extensions for most Google Cloud Application Load Balancers.

You can also configure Cloud Load Balancing callout extensions by using the Console.

April 01, 2024

Apigee X

On April 1, 2024, we released an updated version of Apigee.

With this release, Apigee expanded its support for data residency to additional regions in Canada. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

For a list of supported geographic locations, see Apigee locations.

Assured Workloads

You can now create Assured Workloads folders from Resource Manager's Manage resources page in the Google Cloud console. See Creating and managing folders for more information.

Backup and DR

Backup and DR Service added support to automatically protect your compute engine instances using Google Cloud tags. The dynamic protection tags feature is supported for backup/recovery appliances running on version 11.0.10.417 or later. You can check the appliance version from Manage > Appliances page.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.5.2 (2024-03-27)

Bug Fixes
  • Set projectId in jobs emitted by load streams (#1346) (bd8254c)

Go

Changes for bigquery/storage/apiv1beta1

1.60.0 (2024-03-27)

Features
  • bigquery/analyticshub: Support selective sharing on data clean room Listings (a3bb7c0)
  • bigquery/datatransfer: Add UnenrollDataSources API which gives users a programmatic way to unenroll data sources (a86aa8e)
  • bigquery/storage: Add the RANGE type to the google.cloud.bigquery.storage.v1.TableFieldSchema (0195fe9)
Bug Fixes
  • bigquery/storage/managedwriter: Fix flowcontrol refund on error (#9649) (a07bf1d)
  • bigquery/storage/managedwriter: Retry improvements (#9642) (48a9258)
  • bigquery: Update protobuf dep to v1.33.0 (30b038d)
Documentation
  • bigquery/datatransfer: Update unenrollDataSources API documentation (#9449) (da644cc)
  • bigquery/storage: Mark BigQueryWrite v1beta2 as deprecated (d130d86)

Python

Changes for google-cloud-bigquery

3.20.0 (2024-03-27) - YANKED

Reason this release was yanked:

undeclared dependency on pyarrow

Features
  • Add fields parameter to set_iam_policy for consistency with update methods (#1872) (08b1e6f)
Bug Fixes
  • Correct type checking (#1848) (2660dbd)
  • Update error logging when converting to pyarrow column fails (#1836) (0ac6e9b)
  • Updates a number of optional dependencies (#1864) (c2496a1)
  • Use an allowlist instead of denylist to determine when query_and_wait uses jobs.query API (#1869) (e265db6)

You can now enable, disable, and analyze history-based optimizations for queries. This feature is in preview.

BigQuery Studio is now available in the South Carolina (us-east1) region to manage versions of code assets such as notebooks and saved queries.

The BigQuery Data Transfer Service for Search Ads 360 now supports the new Search Ads 360 Reporting API. You can use the Search Ads 360 connector to specify custom Floodlight variables and custom columns when transferring Search Ads 360 data to BigQuery. This feature is now generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.37.0 (2024-03-27)

Features
Bug Fixes
  • Update the accounting of partial batch mutations (#2149) (4158094)
Dependencies
Carbon Footprint

Scope 2 market-based emissions data is now launched in Preview. This metric represents purchased electricity, incorporating Google's annual renewable energy purchases. Scope 2 emissions on this page are estimated using annual emissions factors from government sources (IEA, EPA & AIB). You can learn more here about the methodology and the difference between location-based and market-based emission metrics.

Scope 2 market-based emissions data is available only from January 2023 onwards and can be accessed in:

Please note that data already exported to BigQuery for previous months will still have Scope 2 market-based emissions data as NULL in your exported tables. To see the newly-released market-based data, schedule a manual data backfill for the desired time period. Note that there is a half-month lag of our data release. For example, to backfill January and February 2023 data, run the backfill for February 15, 2023 and March 15, 2023, which will update the data for January and February 2023 in your BigQuery table.

Cloud Load Balancing

You can now configure advanced traffic management using flexible pattern matching. This feature allows you to use wildcard syntax anywhere in your path matcher configuration. You can use this feature to customize origin routing for different types of traffic and request and response behaviors. In addition, you can now use results from your pattern matching to rewrite the path that is sent to the origin.

Pattern matching with wildcards is now supported for the following products:

  • Global external Application Load Balancer (launched previously)
  • Regional external Application Load Balancer
  • Cross-region internal Application Load Balancer
  • Regional internal Application Load Balancer
  • Traffic Director

For details, see URL maps overview: Wildcards and pattern matching operators in path templates for route rules.

This capability is available in General availability.

Cloud SQL for MySQL

If your Cloud SQL Enterprise edition instance stores the transaction logs used for point-in-time recovery (PITR) on disk, then when you do an in-place upgrade to Cloud SQL Enterprise Plus edition, the storage location for the transaction logs is switched to Cloud Storage. For more information, see Upgrade an instance to Cloud SQL Enterprise Plus edition by using in-place upgrade.

To check where your instance stores the transaction logs used for PITR, see Use point-in-time recovery (PITR)

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.40.0 (2024-03-29)

Features
Bug Fixes
  • storage: Retry errors from last recv on uploads (#9616) (b6574aa)
  • storage: Update protobuf dep to v1.33.0 (30b038d)
Performance Improvements
  • storage: Remove protobuf's copy of data on unmarshalling (#9526) (81281c0)

Google Cloud Storage now offers Dual-region Google Egress Bandwidth quotas per dual-region location. See Bandwidth usage in Cloud Storage.

Container Optimized OS

cos-dev-117-18342-0-0

Kernel Docker Containerd GPU Drivers
COS-6.1.83 v24.0.9 v1.7.10 v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded app-admin/google-guest-configs to v20240307.00.

Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.

Upgraded app-containers/cni-plugins to v1.4.1.

Upgraded app-admin/node-problem-detector to v0.8.17.

Upgraded app-admin/google-osconfig-agent to v20240320.00.

Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.

Upgraded app-admin/google-guest-agent to v20240314.00.

Update app-containers/nvidia-container-toolkit to v1.14.6.

Upgraded chromeos-base/debugd-client to v0.0.1-r2662.

Upgraded chromeos-base/vm_protos to v0.0.1-r563.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r613.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2889.

Upgraded chromeos-base/shill-client to v0.0.1-r4408.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2404.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2753.

Upgraded chromeos-base/hiberman-client to v0.0.1-r470.

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2788.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r610.

Upgraded app-benchmarks/bootchart to v0.9.2-r5.

Updated the Linux kernel to v6.1.83.

Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.

Fixed a bug in google-guest-agent service enablement.

Downgraded app-misc/ca-certificates to v20230311.3.96.1.

cos-109-17800-147-54

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated app-containers/nvidia-container-toolkit to v1.14.6.

Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.

Upgraded sys-apps/makedumpfile to v1.7.4.

Upgraded app-admin/fluent-bit to v1.9.10.

Upgraded app-admin/node-problem-detector to v0.8.17.

Upgraded net-misc/chrony to v4.5.

Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.

Fixed a bug in google-guest-agent service enablement.

Fixed CVE-2024-26584 in the Linux kernel.

Fixed CVE-2024-26585 in the Linux kernel.

cos-beta-113-18244-1-33

Kernel Docker Containerd GPU Drivers
COS-6.1.77 v24.0.9 v1.7.10 v535.161.07(default),v550.54.14(latest),v470.239.06(R470 for compatibility with K80 GPUs)

Update app-containers/nvidia-container-toolkit to v1.14.6.

Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.

cos-101-17162-386-59

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v20.10.24 v1.6.28 v470.239.06(default),v550.54.14(latest)

Added NVIDIA GPU drivers R550 branch and update latest to 550.54.14.

Dataproc Metastore

Dataproc Metastore now supports managed migrations.

Managed migration is an automated feature that helps you migrate data from a self-managed Hive Metastore to a Dataproc Metastore service, without any sizable down time.

Dataproc Metastore now supports autoscaling. Autoscaling automatically increases or decreases the scaling factor required to run your workloads.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/datastore

8.6.0 (2024-03-25)

Features
  • Add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionStats (#1241) (6c409d5)
  • Nodejs transaction redesign feature branch (#1235) (1585d4a)
Bug Fixes
  • deps: Update dependency async-mutex to ^0.5.0 (#1240) (0ba1281)

Java

Changes for google-cloud-datastore

2.19.0 (2024-03-25)

Features
Policy Intelligence

Policy Troubleshooter for IAM currently doesn't fetch tags for regional resources, such as Google Kubernetes Engine (GKE) clusters. As a result, if you have IAM policies with tag-based conditions and you try to use Policy Troubleshooter to troubleshoot access to regional resources, you might get inaccurate results. Our engineering team is working to resolve this issue.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.21.0 (2024-03-26)

Features
  • Add custom datetime format for Cloud Storage subscriptions (#1131) (4da6744)
SAP on Google Cloud

Google Cloud's Agent for SAP version 3.2

Version 3.2 of Google Cloud's Agent for SAP is generally available (GA). This version introduces the default collection of Workload Manager evaluation metrics for new agent installations, configuration commands for updating the agent configuration, and enhancements to the Backint, disk snapshot, and Process Monitoring features.

For more information, see What's new with Google Cloud's Agent for SAP.

Security Command Center

The following Security Health Analytics misconfiguration detectors have changed to check for overly restrictive flag values that might prevent error messages from being written to the logs:

  • SQL_LOG_ERROR_VERBOSITY
  • SQL_LOG_MIN_ERROR_STATEMENT_SEVERITY

For the flag values that the detectors check for, see:

Virtual Private Cloud

You can use Packet Mirroring to collect IPv6 traffic. This feature is available in General Availability.

March 30, 2024

Network Intelligence Center

General Availability: Network Topology provides dedicated views and insights of VMs and instance groups that generate higher egress is now . You can further filter the traffic based on the following traffic types: all egress, cross-zonal egress, egress to internet, and hybrid egress. For more information, see Network Topology overview.

March 29, 2024

AlloyDB for PostgreSQL

Fixed the issue causing AlloyDB clusters created using the Google Cloud CLI, the AlloyDB Admin API, or Terraform to have PostgreSQL 14 compatibility by default, instead of PostgreSQL 15 compatibility.

Apigee X

On March 29, 2024, we released an updated version of Apigee (1-12-0-apigee-2).

With this release, Apigee expanded its support for data residency to additional regions in the European Union. Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

For a list of supported geographic locations, see Apigee locations.

New Apigee API Monitoring Metrics

An new suite of metrics for monitoring Apigee proxies and target endpoints is now available. With improved scalability and accuracy, the new suite can support large workloads and withstand underlying infrastructure changes.

Apigee's API Monitoring tables and dashboards have been updated to include the following new metrics, which can be used to configure alerts and create custom dashboards:

proxy/request_count
proxy/response_count
proxy/latencies
target/request_count
target/response_count
target/latencies
Bug ID Description
322843888 Fixed issue with incorrect proxy routing when using base paths in proxy chaining.
293933387 KVM list operation now permits entries with null or empty values.
239523766 Removed Unable to evaluate jsonVariable, returning null error string from ExtractVariable Policy logging.
285592278 Fixed issue with deduction of recurring fees from prepaid balances.
237656263 Resolved issue with async mode in the ServiceCallout policy when the <Response> element is removed.
321744310 Added support for caching JSON results retrieved from the ExtractVariables policy.
295341973 Resolved issue causing delay in updating southbound SSL certificates in truststore and keystore references.
Chronicle Chronicle SOAR

Release 6.2.52 is now in General Availability.

Cloud Database Migration Service

Database Migration Service now supports faster migrations of large PostgreSQL databases to AlloyDB for PostgreSQL.

For information about creating migration jobs using the high-performance parallelism settings, see Create a migration job to a new destination instance and Create a migration job to an existing destination instance.

Cloud Storage

The Storage Control API is now available for use. The Storage Control API lets you perform metadata-specific, control plane, and long-running operations. To learn more about the Storage Control API and operations you can perform, see Storage Control API overview.

Dataproc

Dataproc Serverless for Spark: runtime version 2.2 will become the default Dataproc Serverless for Spark runtime version on May 3, 2024.

Deep Learning Containers

M119 release

  • Fixed an issue wherein Dataproc extensions caused JupyterLab to crash when remote kernels weren't available.
Deep Learning VM Images

M119 release

  • Fixed an issue wherein Dataproc extensions caused JupyterLab to crash when remote kernels weren't available.
Dialogflow

Starting on April 17, 2024, the Dialogflow CX and Dialogflow ES traffic with audio will gradually route away from the classic phone_call speech model to the new conformer-based speech models for the following language tags: en-au, en-gb, de, de-de, es, es-es, es-us, fr, fr-ca, fr-fr, it, it-it, ja, pt-br. For more information, see Dialogflow ES migration documentation and Dialogflow CX migration documentation.

Dialogflow CX: You can now enable smart endpointing.

Generative AI on Vertex AI

The MedLM-large model infrastructure has been upgraded to improve latency and stability. Responses from the model might be slightly different.

Retail API

Vertex AI Retail Search: Search analytics v2 improvements

  • Enhanced dashboard experience: Leverages Looker for a more interactive and informative analysis of your search and browse performance.
  • Detailed metrics: Gain granular insights with per-search/per-browse metrics, along with metrics tied to search/browse visits.
  • Full funnel reporting: Analyze page-views, add-to-cart events, purchases, and revenue to understand the entire customer conversion journey.
  • Flexible analysis: Filter data by date ranges and device types to tailor your analysis.
Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.58.0 (2024-03-06)

Features
  • spanner/admin/instance: Add instance partition support to spanner instance proto (ae1f547)
  • spanner: Add field for multiplexed session in spanner.proto (a86aa8e)
  • spanner: SelectAll struct spanner tag annotation match should be case-insensitive (#9460) (6cd6a73)
  • spanner: Update TransactionOptions to include new option exclude_txn_from_change_streams (0195fe9)

1.59.0 (2024-03-13)

Features
  • spanner/spansql: Support Table rename & Table synonym (#9275) (9b97ce7)
  • spanner: Add support of float32 type (#9525) (87d7ea9)
Bug Fixes
  • spanner: Add JSON_PARSE_ARRAY to funcNames slice (#9557) (f799597)

1.60.0 (2024-03-19)

Features
  • spanner: Allow attempt direct path xds via env var (e4b663c)

Java

Changes for google-cloud-spanner

6.61.0 (2024-03-04)

Features
Bug Fixes
  • Flaky test issue due to AbortedException. (#2925) (cd34c1d)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.27.0 (#2935) (f8f835a)
  • Update dependency org.json:json to v20240303 (#2936) (1d7044e)
Documentation
  • Samples and tests for backup Admin APIs and overall spanner Admin APIs. (#2882) (de13636)
  • Update all public documents to use auto-generated admin clients. (#2928) (ccb110a)

6.62.0 (2024-03-19)

Features
Bug Fixes
Performance Improvements
Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.38.0 (#2942) (ba665bd)
  • Update dependency com.google.cloud:google-cloud-trace to v2.37.0 (#2944) (b5e608e)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#2952) (1e45237)
  • Update opentelemetry.version to v1.36.0 (#2945) (e70b035)
Documentation
  • samples: Add tag to statement timeout sample (#2931) (2392afe)

Node.js

Changes for @google-cloud/spanner

7.5.0 (2024-03-04)

Features
  • spanner: Add emulator support for the admin client autogenerated API samples (#1994) (e2fe5b7)
Bug Fixes

Python

Changes for google-cloud-spanner

3.43.0 (2024-03-06)

Features
Documentation
  • Samples and tests for admin backup APIs (#1105) (5410c32)
  • Samples and tests for admin database APIs (#1099) (c25376c)
  • Update all public documents to use auto-generated admin clients. (#1109) (d683a14)
  • Use autogenerated methods to get names from admin samples (#1110) (3ab74b2)

3.44.0 (2024-03-13)

Features
Bug Fixes
  • Correcting name of variable from table_schema to schema_name (#1114) (a92c6d3)
Documentation
Vertex AI Workbench

M119 release

The M119 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Fixed an issue wherein Dataproc extensions caused JupyterLab to crash when remote kernels weren't available.

March 28, 2024

Apigee Integrated Portal

On March 28, 2024 we released an updated version of Apigee integrated portal.

Bug ID Description
324872865 Fixed scrolling issue with API documentation display when navigating to the overview page.
Assured Workloads

The following compliance programs now support the following products. See supported products for more information:

  • Australia Regions with Assured Support:
    • Access Transparency
  • Canada Regions and Support:
    • Access Transparency
  • EU Regions and Support:
    • Access Approval
    • Certificate Authority Service
    • Cloud Monitoring
    • Cloud Run
    • Firestore
    • Sensitive Data Protection
  • FedRAMP Moderate:
    • Artifact Registry
    • Cloud Workstations
  • Israel Regions and Support:
    • Dataflow
    • Memorystore for Redis
  • Japan Regions:
    • Access Approval
    • Access Transparency
  • US Regions and Support:
    • Access Transparency
BigQuery

Query optimization using search indexes is now applied to comparisons of string literals and indexed data, including the equal (=), IN, and LIKE operators and the STARTS_WITH function. This feature is generally available (GA).

Capacity Planner

Preview: Capacity planner supports the following for data aggregated by organization ID:

  • View and export the actual and forecasted usage data of the VMs and persistent disks in your organization.

  • Generate gcloud CLI commands to create future reservation requests based on the actual or forecasted usage data of your VMs by organization.

For more information, see the following pages:

Chronicle SOAR

Release 6.2.53 is currently in Preview.

Issue when filtering Cases in Cases Page (ID #49689809)

Case filter is_not not working as expected (ID #00279039)

Unsupported providers causing playbooks not to run (ID #00262970)

Playbook block missing when trying to add it to a case (ID #00273133)

Report Scheduler not sending out reports as planned (ID #00277914)

Cloud Logging

Pie charts are now available for visualizing data in the Log Analytics page. For more information, see Change chart type.

Cloud Monitoring

Uptime checks now support authentication by using a service account and a generated OpenID Connect (OIDC) token, as an alternative to providing a username and password. For more information, see Create public uptime checks.

Cloud Run

All jobs are now subject to maintenance events, not just jobs longer than one hour, which increases reliability for jobs under 1 hour. These maintenance events are transparent and don't require any changes to your container.

Cloud SQL for MySQL

You can now simulate a planned maintenance update with near-zero downtime on your Cloud SQL Enterprise Plus primary instance without updating your database. For more information, see About maintenance on Cloud SQL instances.

Cloud SQL for PostgreSQL

You can now simulate a planned maintenance update with near-zero downtime on your Cloud SQL Enterprise Plus primary instance without updating your database. For more information, see About maintenance on Cloud SQL instances.

Config Connector

Config Connector version 1.114.1 is now available.

SQLInstance and ComputeBackendService now have additional safeguards against populating plain-text secrets back into the object.

Fixed resource deletion of AlloyDBInstance and EdgeContainerNodePool when their "parent objects" no longer exist.

Initial support (alpha stability) for pausing reconciliation, by setting spec.actuationMode: Paused in the ConfigConnectorContext.

Initial support (alpha stability) for defaulting state-into-spec to absent (the recommended setting), by setting spec.stateIntoSpec: Absent in the ConfigConnectorContext.

AccessContextManagerServicePerimeterResource is promoted from alpha to beta

Added support for ComputeNetworkFirewallPolicyAssociation (v1beta1) resource.

Added support for APIKeysKey (v1alpha1) resource.

BigQueryDataSet

  • Added access[].iamMember field.

ComputeAddress

  • Added status.observedState.address field.

ComputeTargetHttpsProxy

  • Added spec.certificateManagerCertificates field.

DNSRecordSet

  • Added spec.routingPolicy field.

GKEHubFeatureMembership

  • Added spec.policycontroller field.
Dataflow

The Dataflow right fitting feature is now supported by non-Prime batch pipelines.

Dataproc

Note: the above subminor image versions were rolled back on April 2, 2024

Dataproc on Compute Engine: New Hadoop Google Secret Manager Credential Provider feature introduced in latest Dataproc on Compute Engine 2.0 image versions.

Filestore

You can use CMEK organization policies to manage key usage with your new Filestore resources. This feature is now generally available.

Google Cloud Architecture Center

(New guide) Model development and data labeling with Google Cloud and Labelbox: Provides guidance for building a standardized pipeline to help accelerate the development of ML models.

(New guide) Jump Start Solution: Generative AI RAG with Cloud SQL: Deploy a retrieval augmented generation (RAG) application with vector embeddings and Cloud SQL.

(New guide) Build and deploy generative AI and machine learning models in an enterprise: Describes the generative AI and machine learning blueprint, which deploys a pipeline for creating AI models.

Looker Studio

Looker Studio release notes moved to Google Cloud

We've changed how we deliver product release notes. Looker Studio release notes are available solely on the Google Cloud release notes platform.

Release notes prior to this change are preserved in the historical release notes page in the Looker Studio Help Center.

Label fields available in the New Search Ads 360 connector

You can now include the following New Search Ads 360 fields in your reports:

  • Label (Keyword)
  • Label (Ad)

Learn more about the New Search Ads 360 connector.

Sensitive Data Protection

The SWITZERLAND_SOCIAL_SECURITY_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI Search and Conversation

Vertex AI Search: Autocomplete updates

Autocomplete is Generally available (GA) for the US and EU multi-regions as well for the global region.

Autocomplete supports access transparency. This means that, when access transparency is enabled, if Google personal access your autocomplete data, this is recorded in the Access Transparency logs.

For information about autocomplete, see Configure autocomplete, and for information about Access Transparency, see Enable Access Transparency in Vertex AI Search.

Vertex AI Search: Structured data stores (GA)

Use of data stores containing structured data is Generally available (GA). Additionally, two new field value types are allowed for structured data stores: geolocation and datetime.

For information about structured data stores, see Structured data in Prepare for ingesting and Schemas: auto-dectection versus providing you own.

Vertex AI Search: Boost search results (Public preview)

Boosting search results using custom numerical attributes and according to freshness is available in Public preview.

For more information, see Boost search results.

Vertex AI Search: Extractive segments and relevance scores (GA)

Extractive segments and relevance scores for extractive segments are GA.

For more information, see Extractive segments.

Vertex AI Search: Document chunking and parsing improvements (Public preview)

The following improvements have been introduced for document chunking and parsing:

  • Adjacent chunks: When returning chunks in search responses, you can return chunks from immediately before and after the relevant chunk in the source document. Doing so can improve context and accuracy.
  • Page span: Chunk metadata in search responses includes the span of pages where the chunk appeared in the source document.
  • List chunks: List all chunks from a specific source document.
  • Get chunks: Get a specific chunk.
  • Get processed documents in JSON: Get a parsed document or a chunked document in JSON format.
  • Bring your own chunks (Preview with allowlist): Upload data that you've already chunked. Contact your Google account team if you're interested in trying this feature.

For more information, see Parse and chunk documents.

Vertex AI Search: Media recommendations analytics (GA)

Analytics for media recommendations are GA. You can view analytics for your media recommendations apps in the Google Cloud console.

For more information, see View analytics.

Video Stitcher API

Added a new tokenConfig field to the Media CDN key. Set this field to sign the URL using the Media CDN token.

reCAPTCHA Enterprise

reCAPTCHA Enterprise account defender for mobile applications is now generally available (GA).

You can use this feature to detect and prevent account-related fraudulent activities on mobile applications.

March 27, 2024

BigQuery

An updated version of JDBC driver for BigQuery is now available.

Chronicle SOAR

Remote Agent Release 1.5.0 is currently in Preview.

Support for future major upgrades

Currently, Google supports minor upgrades which make changes to the remote agent code only.

We have now added support for the customer to carry out a major upgrade which requires changes to the entire OS or libraries in the machine.

You will receive clear instructions before a major upgrade. These must be followed very carefully in order to ensure the Remote Agent can continue to work with your machine.

Support for updating custom environment variables (ID #47675122)

You can now configure environment variables on the agent.

Remote connector logs are now written to the following path:

/opt/SiemplifyAgent/Integrations/<integration name>/Connectors/<connector instance>/remote_script.log

Cloud Database Migration Service

A new migration job status called Running with errors is available for heterogeneous Oracle migrations in Database Migration Service. This status represents migration jobs that encounter errors, but continue replicating data for unaffected objects and attempt to retry faulty operations.

For more information, see Migration job statuses for Oracle to AlloyDB for PostgreSQL and Migration job statuses for Oracle to Cloud SQL for PostgreSQL.

Database Migration Service now supports faster migrations of large PostgreSQL databases to Cloud SQL for PostgreSQL.

For information about creating migration jobs using the high-performance parallelism settings, see Create a migration job to a new destination instance and Create a migration job to an existing destination instance.

Cloud Load Balancing

Typically with HTTPS communication, the authentication works only one way: the client verifies the identity of the server. For applications that require the load balancer to authenticate the identity of clients that connect to it, regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store that the load balancer uses to validate the client certificate's chain of trust.

For details, see the following:

This capability is in Preview.

Global external Application Load Balancer and global external Application Load Balancer (classic) already support frontend mTLS(General Availability).

Cloud SQL for PostgreSQL

The pgvector extension is upgraded from version 0.5.1 to version 0.6.0. Use this extension to store and search for vector embeddings in PostgreSQL databases. For more information, see Configure PostgreSQL extensions.

To use this version of the extension, update your instance to [PostgreSQL version].R20240130.00_07. For more information, see Self-service maintenance.

The rollout of the following items in the February 7 release note is now complete:

  • Extensions
  • Flags
  • Minor versions
  • Extension versions
  • Plugin versions
Container Optimized OS

cos-beta-113-18244-1-31

Kernel Docker Containerd GPU Drivers
COS-6.1.77 v24.0.9 v1.7.10 v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs)

Upgraded app-admin/node-problem-detector to v0.8.17.

Upgraded localtoast to 1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.

Upgraded app-admin/fluent-bit to v1.9.10.

Upgraded app-admin/sosreport to v4.7.0.

Upgraded app-admin/localtoast to v1.1.7.

Added infiniband and mlx5 device drivers.

Fixed bug in google-guest-agent service enablement.

Fixed CVE-2024-26584 in the Linux kernel.

Fixed CVE-2024-26585 in the Linux kernel.

Fixed CVE-2023-52434 in the Linux kernel.

Fixed CVE-2024-26583 in the Linux kernel.

Fixed CVE-2024-26582 in the Linux kernel.

Fixed CVE-2023-52435 in the Linux kernel.

cos-101-17162-386-57

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v20.10.24 v1.6.28 v470.239.06(default),v535.161.07(latest)

Fixed bug in google-guest-agent service enablement.

Fixed CVE-2024-26591 in the Linux kernel.

Fixed CVE-2024-26589 in the Linux kernel

Fixed CVE-2024-26585 in the Linux kernel.

Fixed CVE-2023-52439 in the Linux kernel.

Fixed CVE-2023-52434 in the Linux kernel.

Fixed CVE-2023-52435 in the Linux kernel.

Fixed CVE-2023-52443 in the Linux kernel.

cos-97-16919-450-41

Kernel Docker Containerd GPU Drivers
COS-5.10.208 v20.10.24 v1.6.21 v470.239.06(default),v535.161.07(latest)

Fixed bug in google-guest-agent service enablement.

Fixed CVE-2024-26589 in the Linux kernel.

Fixed CVE-2024-26585 in the Linux kernel.

Fixed CVE-2023-52439 in the Linux kernel.

Fixed CVE-2023-52434 in the Linux kernel.

Fixed CVE-2023-52435 in the Linux kernel.

Fixed CVE-2023-52443 in the Linux kernel.

cos-109-17800-147-41

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed CVE-2023-52434 in the Linux kernel.

Fixed CVE-2024-26583 in the Linux kernel.

Fixed CVE-2024-26582 in the Linux kernel.

Fixed CVE-2023-52435 in the Linux kernel.

cos-105-17412-294-48

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v23.0.3 v1.7.10 v470.239.06(default),v535.161.07(latest)

Fixed CVE-2023-52435 in the Linux kernel.

Fixed CVE-2023-52443 in the Linux kernel.

cos-dev-117-18313-0-0

Kernel Docker Containerd GPU Drivers
COS-6.1.80 v24.0.9 v1.7.10 v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs)

Fixed integrity-fs dm-crypt creation flakiness.

Dataplex

Data insights in Dataplex is available in Preview. Data insights offers an automated and intuitive way to explore and understand your data. It uses Gemini large language models to generate queries based on the metadata of a table, and lets you uncover patterns, assess data quality, and perform statistical analysis.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.56
  • 1.2.0
  • 2.0.64
  • 2.1.43
  • 2.2.0

Announcing the General Availability (GA) release of Dataproc Serverless for Spark runtime versions 1.2 and 2.2, which include the following components:

  • Spark 3.5.1
  • BigQuery Spark Connector 0.36.1
  • Cloud Storage Connector 3.0.0
  • Conda 24.1
  • Java 17
  • Python 3.12
  • R 4.3
  • Scala 2.12 (1.2 runtime) and Scala 2.13 (2.2 runtime)

Dataproc Serverless for Spark:

  • Upgraded Spark to version 3.5.1 in the latest 1.2 and 2.2 runtimes.
  • Upgraded Conda to version 24.1 in the latest 1.2 and 2.2 runtimes.
  • Upgraded Spark BigQuery connector to version 0.36.1 in the latest 1.2 and 2.2 runtimes.
Firestore

Firestore now supports using range and inequality filters on multiple fields in a single query. This feature is in Preview.

Support for Query Explain. This feature is in Preview.

Query Explain lets you submit queries and receive detailed query plan, billing and performance statistics on query execution in return. It helps you understand how your queries are executed, showing you inefficiencies.

It functions like the EXPLAIN [ANALYZE] operation in many relational database systems.

For more information, see the guide for Query Explain.

Firestore in Datastore mode

Datastore now supports using range and inequality filters on multiple fields in a single query. This feature is in Preview.

Support for Query Explain. This feature is in Preview.

Query Explain lets you submit queries and receive detailed query plan, billing and performance statistics on query execution in return. It helps you understand how your queries are executed, showing you inefficiencies.

It functions like the EXPLAIN [ANALYZE] operation in many relational database systems.

For more information, see the guide for Query Explain.

Google Cloud Architecture Center

(New guide) Jump Start Solution: Generative AI Knowledge Base: Demonstrates how to build an extractive question-answering (EQA) pipeline to produce content for an internal knowledge base.

AI and machine learning resources: Added introduction information with guiding links to our generative AI and traditional AI resources.

Google Distributed Cloud Virtual for VMware

GKE on VMware 1.15.10-gke.32 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.15.10-gke.32 runs on Kubernetes v1.26.13-gke.1100.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

The following issue is fixed in 1.15.10-gke.32:

  • Fixed the known issue where the controlPlaneNodePort field defaults to 30968 when the manualLB spec is empty.

The following vulnerabilities are fixed in 1.15.10-gke.32:

March 26, 2024

Apigee X

On March 26, 2024, we released an updated version of Apigee (1-12-0-apigee-1).

New Apigee API Monitoring Metrics

An new suite of metrics for monitoring Apigee proxies and target endpoints is now available. With improved scalability and accuracy, the new suite can support large workloads and withstand underlying infrastructure changes.

Apigee's API Monitoring tables and dashboards have been updated to include the following new metrics, which can be used to configure alerts and create custom dashboards:

proxy/request_count
proxy/response_count
proxy/latencies
target/request_count
target/response_count
target/latencies
Bug ID Description
322843888 Fixed issue with incorrect proxy routing when using base paths in proxy chaining.
293933387 KVM list operation now permits entries with null or empty values.
239523766 Removed Unable to evaluate jsonVariable, returning null error string from ExtractVariable Policy logging.
285592278 Fixed issue with deduction of recurring fees from prepaid balances.
237656263 Resolved issue with async mode in the ServiceCallout policy when the <Response> element is removed.
321744310 Added support for caching JSON results retrieved from the ExtractVariables policy.
295341973 Resolved issue causing delay in updating southbound SSL certificates in truststore and keystore references.
App Engine flexible environment Go

Go 1.22 is now generally available.

Starting in Go version 1.22 and later:

  • You can't use go get outside of a module in the legacy GOPATH mode (GO111MODULE=off).
  • Go recommends that you use a go.mod file for managing dependencies.

For more information, see Specify dependencies.

App Engine standard environment Go

Go 1.22 is now generally available.

Starting in Go version 1.22 and later:

  • You can't use go get outside of a module in the legacy GOPATH mode (GO111MODULE=off).
  • Go recommends that you use a go.mod file for managing dependencies.

For more information, see Specify dependencies.

BigQuery

The Help me code tool lets you use natural language to generate a SQL query that can then be run in BigQuery. This feature is now in preview.

The following Generative AI features are now in preview:

Try these features with the Generate text that describes visual content how-to topic.

Duet AI in BigQuery is now Gemini for BigQuery. See our blog post for more information.

Chronicle Security Operations

Gemini in Security Operations

Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.

Cloud Composer

The Logs in Cloud Logging only feature is available in all regions:

  • In newly created Cloud Composer environments, Airflow task logs are now stored only in Cloud Logging by default.
  • You can disable this feature for a new or an existing environment. In this case, Airflow task logs are saved both to Cloud Logging and to the environment's bucket.

In new environments with Airflow 2.6.3 and 2.7.3 the default values of the following Airflow configuration options are changed to provide more optimized Cloud Composer environments:

  • [scheduler]job_heartbeat_sec to 30
  • [scheduler]scheduler_health_check_threshold to 60
  • [scheduler]scheduler_heartbeat_sec to 15

If you want to override the [scheduler]scheduler_heartbeat_sec option's value, then also adjust the [scheduler]scheduler_health_check_threshold option, as described in Cloud Composer documentation.

Cloud Composer 2.6.6 images are available:

  • composer-2.6.6-airflow-2.7.3
  • composer-2.6.6-airflow-2.6.3 (default)
  • composer-2.6.6-airflow-2.5.3

Cloud Composer versions 2.1.11 and 1.20.11 have reached their end of full support period.

Cloud Data Fusion

The Amazon Redshift batch source connector version 1.11.1 is available in Preview in Cloud Data Fusion 6.10.0 and later. This source lets you load batch data from your Redshift dataset to a destination, such as BigQuery.

The Amazon Redshift batch source connector version 1.10.6 is available in Preview in Cloud Data Fusion 6.9 versions. This source lets you load batch data from your Redshift dataset to a destination, such as BigQuery.

Cloud Data Fusion is available in the following regions:

  • asia-south2
  • me-central2

For more information, see Pricing.

Cloud Functions

Cloud Functions (2nd gen) now supports the Go 1.22 runtime at the General Availability release level.

Cloud Logging

You can now configure your aggregated sink to be intercepting, which prevents logs from being passed through the Log Router of child resources. For more information, see Collate and route organization-level logs to supported destinations.

Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.

Cloud Monitoring

Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.

Cloud SQL for PostgreSQL

You can now integrate Cloud SQL and Vertex AI. This integration lets you apply large language models (LLMs), which are hosted in Vertex AI, to a Cloud SQL for PostgreSQL database, version 12 and later. For more information, see Integrate Cloud SQL with Vertex AI.

Colab Enterprise

Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.

Contact Center AI Platform

Version 3.13 is released

All release notes published on this date are part of version 3.13.

Agent alias

Agents can use aliases instead of their real names when communicating with end-users. Admins can configure agent aliases manually or with a bulk upload. Agents can also configure their own aliases. The agent alias feature is available when using the mobile and web SDKs. For more information, see Agent alias.

Country code of the outbound phone number is included with the added party's phone number

When an agent adds a party to a call, the country code from the outbound phone number is automatically included with the added party's phone number.

Calls waiting indicator

The call adapter includes a calls waiting indicator that indicates the number of calls in the queue waiting to be answered. You can find the calls waiting indicator in the Calls tab of the call adaptor.

Time stamp in the chat adapter displays seconds

The message time stamp in the chat adapter displays seconds.

Virtual task assistant for chats

The virtual task assistant is available for chats. Configuration and use are similar to that of the virtual task assistant for calls. Available for the web SDK only. For more information, see Virtual task assistants.

Configure SSO for your email channel using OAuth credentials from Google Cloud

You can configure single sign-on (SSO) for your Contact Center AI Platform email channel using OAuth 2.0 credentials from Google Cloud. For more information, see Configure your email channel for OAuth with Google Cloud.

Deflections are available for agent-to-agent calls

You can configure agent-to-agent calls to deflect to voicemail after a period of time that you set. You can also include these "voice internal" calls in your call reports. For more information, see Turn on deflections.

Support phone number is included for incoming calls

The incoming call screen shows the support phone number that the end-user used to call your support center. For more information, see Receive an inbound call.

Support for multiple data parameters in API requests to the DAPs for your IVR queues

You can capture data in the headers of incoming Session Initiation Protocol (SIP) calls and pass them in API requests to the Direct Access Points (DAPs) for your Interactive Voice Response (IVR) queues. For more information, see API DAPs.

Fixed an issue that resulted in an error being returned whenever an agent tried to send a blended SMS message, despite preset SMS being disabled.

Fixed an issue where the queue-level call music section was not displayed to users with a custom role.

Fixed an issue where calls sometimes got stuck in a queued state when an agent had a poor network connection.

Fixed an issue where the Copy CRM Link button in the call adapter sometimes copied the CRM ID instead of the URL.

Fixed an issue where the Assign Agents button wasn't working on top-level queues.

Fixed an issue where using keyboard shortcuts or arrow keys to scroll in a window did not allow scrolling beyond a single screen of text.

Fixed an issue where a CRM page did not load in the Call Center AI Platform portal.

Google Cloud Architecture Center

(New guide) Cross-silo and cross-device federated learning on Google Cloud: Provides guidance to help you create a federated learning platform that supports either a cross-silo or cross-device architecture.

Migrate to Virtual Machines

Preview: Migrate to Virtual Machines supports the ARM64 migration journey. This feature lets you migrate ARM virtual machine (VM) instances from AWS and Azure cloud services to ARM VM instances on Compute Engine, and is supported for the following operating systems:

  • Debian 11 and 12
  • RHEL 9
  • Rocky Linux 8 and 9
  • SLES 15 SP5
  • Ubuntu 20.04 and 22.04
Spanner

Duet AI in Google Cloud is now Gemini for Google Cloud. See our blog post for more information.

You can now optimize your writes by setting the maximum delay time of your Spanner write requests between 0 and 500 milliseconds. For more information, see Throughput optimized writes.

March 25, 2024

AlloyDB for PostgreSQL

The following issue was fixed on March 29, 2024.

AlloyDB clusters created using the Google Cloud CLI, the AlloyDB Admin API, or Terraform have PostgreSQL 14 compatibility by default, instead of PostgreSQL 15 compatibility.

To mitigate this issue, take either one of the following steps:

  • Specify PostgreSQL version 15 when creating a cluster, instead of relying on the default value.
  • Use the Google Cloud console to create the cluster.
Artifact Registry

The software bill of materials (SBOM) feature is now Generally Available (GA). To learn more, see SBOM overview.

Artifact Analysis support for Vulnerability Exploitability eXchange (VEX) statements now includes the capability to upload VEX statements for multiple versions of an image. You can specify whether to associate a VEX statement with one image digest, or all versions of an image. This feature is in Preview. To learn more, see Upload VEX statements.

Backup and DR

Backup and DR Service added support to view daily scheduled compliance logs in Cloud Logging.

Backup and DR Service added support to view daily scheduled compliance reports in BigQuery.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.38.2 (2024-03-21)

Dependencies
  • Update actions/checkout action (#3190) (940e4f6)
  • Update arrow.version to v15.0.1 (#3189) (fb6284e)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.39.0 (#3186) (9e705a1)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240229-2.0.0 (#3188) (a018424)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.43.0 (#3187) (497ff29)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#3196) (61f23a3)
  • Update github/codeql-action action to v2.24.6 (#3178) (8843cae)
  • Update github/codeql-action action to v2.24.7 (#3194) (2e2d730)
  • Update github/codeql-action action to v2.24.8 (#3198) (bd81a56)
Chronicle

Chronicle Applied Threat Intelligence helps you identify and respond to threats. When enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an error when a match is found. The following are some of the features of Applied Threat Intelligence.

  • Event-level enrichment: All telemetry in Chronicle is enriched with Google Threat Intelligence which is a combination of Mandiant and Virus Total, including all threat intelligence associations like campaigns and actors.

  • Sophisticated indicator matching: Curated out-of-the-box detections that deliver sophisticated indicator matching using augmented prioritization logic, noise reduction based on customer environment context, and other correlation techniques to maximize signal to noise.

  • Active breach alerting: Uses Mandiant's incident response intelligence to alert on potential active breaches delivering on our no patient 1 vision.

  • Curated behavioral detections for emerging threats: To protect against newly emerging risks and tactics, techniques, and procedures (TTPs), Applied Threat Intelligence uses real-time insights.

  • DIY detection engineering and response automation: Access to Fusion intelligence (formerly known as Mandiant Fusion) for the following.

    • Customer authoring of rules
    • Customer development of response playbooks
  • Curated views for Investigation and triage Insights: Applied Threat Intelligence provides curated views that show valuable associations between an indicator and threat actor, threat campaign, or malware, statistics about a threat observed in customer environments. These views are invaluable for all security operations workflows.

For more information about Applied Threat Intelligence, see Applied Threat Intelligence overview.

Chronicle Security Operations

Chronicle Applied Threat Intelligence helps you identify and respond to threats. When enabled, it ingests IOCs curated by Mandiant Threat Intelligence with an IC-Score greater than 80 and generates an error when a match is found. The following are some of the features of Applied Threat Intelligence.

  • Event-level enrichment: All telemetry in Chronicle is enriched with Google Threat Intelligence which is a combination of Mandiant and Virus Total, including all threat intelligence associations like campaigns and actors.

  • Sophisticated indicator matching: Curated out-of-the-box detections that deliver sophisticated indicator matching using augmented prioritization logic, noise reduction based on customer environment context, and other correlation techniques to maximize signal to noise.

  • Active breach alerting: Uses Mandiant's incident response intelligence to alert on potential active breaches delivering on our no patient 1 vision.

  • Curated behavioral detections for emerging threats: To protect against newly emerging risks and tactics, techniques, and procedures (TTPs), Applied Threat Intelligence uses real-time insights.

  • DIY detection engineering and response automation: Access to Fusion intelligence (formerly known as Mandiant Fusion) for the following.

    • Customer authoring of rules
    • Customer development of response playbooks
  • Curated views for Investigation and triage Insights: Applied Threat Intelligence provides curated views that show valuable associations between an indicator and threat actor, threat campaign, or malware, statistics about a threat observed in customer environments. These views are invaluable for all security operations workflows.

For more information about Applied Threat Intelligence, see Applied Threat Intelligence overview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Compute Engine
    • compute.googleapis.com/NetworkEdgeSecurityService
  • Database Migration
    • datamigration.googleapis.com/ConversionWorkspace
  • Redis
    • redis.googleapis.com/Cluster
Cloud Composer

Cloud Composer 1 entered the post-maintenance mode. Google will not release any further updates to Cloud Composer 1, including new versions of Airflow, bugfixes, and security updates. We recommend planning migration to Cloud Composer 2.

In Cloud Composer versions from 2.1.0 to 2.6.4, task instances that succeeded in the past can be marked as FAILED in some cases. We recommend to upgrade to Cloud Composer version 2.6.5 or later where this issue is fixed. For more information, see the related known issue.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.16.2 (2024-03-20)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.0 (#1560) (d52e623)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#1563) (81aa3e6)
Cloud SQL for MySQL

Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in GA.

Cloud SQL for PostgreSQL

Private Service Connect now includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances. Both features are in GA.

Cloud SQL for SQL Server

You can now use Private Service Connect to connect to a Cloud SQL for SQL Server instance. This solution allows you to connect to the instance from multiple VPC networks that belong to different groups, teams, projects, or organizations.

Private Service Connect includes support for cross-region read replicas. You can also choose an availability type (REGIONAL or ZONAL) for Private Service Connect-enabled instances.

All features are in GA.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.9.0 (2024-03-18)

Features
  • Add ability to configure and utilize soft-delete and restore (#2425) (7da5a7d)

Java

Changes for google-cloud-storage

2.36.1 (2024-03-20)

Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240311-2.0.0 (#2446) (27b4780)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#2450) (bf35a9a)

Python

Changes for google-cloud-storage

2.16.0 (2024-03-18)

Features
Container Optimized OS

cos-beta-113-18244-1-7

Kernel Docker Containerd GPU Drivers
COS-6.1.77 v24.0.9 v1.7.10 v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Updates to Major Packages:

Updated cos-gpu-installer to v2.2.0. Some key features of this update include:

  • Switched precompiled driver and signature location to COS build artifacts for M109.
  • This fixes a permissions issue in the GPU driver install directory with OSS drivers.
  • Added major version specification for GPU driver installation.

Update default and latest NVIDIA GPU drivers to v535.154.05.

Updated sys-apps/systemd to v254.9.

Updated docker-credential-gcr to v2.1.22.

Updated app-containers/docker-cli to v24.0.5.

Updated app-emulation/kubernetes to v1.29.1.

Updated app-containers/containerd to v1.7.10.

Updated app-containers/runc to v1.1.12.

Upgraded app-emulation/cloud-init to v23.4.3.

Upgraded app-admin/oslogin to v20231004.00.

Upgraded app-admin/google-osconfig-agent to v20240126.00.

Upgraded app-admin/google-guest-agent to v20240213.00.

Upgraded app-admin/google-guest-configs to v20240122.00.

Updated app-admin/sosreport to v4.6.1.

Updated latest GPU driver to v535.104.05.

Updated GPU drivers to v535.54.03 (R535 LTSB NVIDIA branch).

Upgraded app-containers/docker-credential-helpers to v0.8.1.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_backlog_ack_defer: 1
  • Changed: fs.epoll.max_user_watches: 1809920 -> 1809474
  • Changed: fs.fanotify.max_user_marks: 67577 -> 67560
  • Changed: fs.file-max: 812606 -> 812400
  • Changed: fs.inotify.max_user_watches: 63456 -> 63441
  • Changed: kernel.threads-max: 63520 -> 63504
  • Changed: net.core.optmem_max: 20480 -> 131072
  • Changed: net.ipv4.tcp_mem: 94092 125456 188184 -> 94068 125424 188136
  • Changed: net.ipv4.udp_mem: 188184 250912 376368 -> 188136 250848 376272
  • Changed: net.ipv6.route.max_size: 4096 -> 2147483647
  • Changed: user.max_cgroup_namespaces: 31760 -> 31752
  • Changed: user.max_fanotify_marks: 67577 -> 67560
  • Changed: user.max_inotify_watches: 63456 -> 63441
  • Changed: user.max_ipc_namespaces: 31760 -> 31752
  • Changed: user.max_mnt_namespaces: 31760 -> 31752
  • Changed: user.max_net_namespaces: 31760 -> 31752
  • Changed: user.max_pid_namespaces: 31760 -> 31752
  • Changed: user.max_time_namespaces: 31760 -> 31752
  • Changed: user.max_user_namespaces: 31760 -> 31752
  • Changed: user.max_uts_namespaces: 31760 -> 31752
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
  • Added: net.netfilter.nf_flowtable_tcp_timeout: 30
  • Added: net.netfilter.nf_flowtable_udp_timeout: 30
  • Changed: fs.file-max: 812608 -> 812606
  • Added: net.ipv4.tcp_shrink_window: 0
  • Added: net.ipv6.conf.all.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.default.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
  • Added: kernel.io_uring_disabled: 0
  • Changed: fs.file-max: 812619 -> 812608
  • Changed: kernel.threads-max: 63519 -> 63520
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3
  • Changed: user.max_cgroup_namespaces: 31759 -> 31760
  • Changed: user.max_ipc_namespaces: 31759 -> 31760
  • Changed: user.max_mnt_namespaces: 31759 -> 31760
  • Changed: user.max_net_namespaces: 31759 -> 31760
  • Changed: user.max_pid_namespaces: 31759 -> 31760
  • Changed: user.max_time_namespaces: 31759 -> 31760
  • Changed: user.max_user_namespaces: 31759 -> 31760
  • Changed: user.max_uts_namespaces: 31759 -> 31760
  • Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
  • Changed: fs.file-max: 812400 -> 812392
  • Changed: kernel.threads-max: 63504 -> 63503
  • Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
  • Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
  • Changed: user.max_cgroup_namespaces: 31752 -> 31751
  • Changed: user.max_ipc_namespaces: 31752 -> 31751
  • Changed: user.max_mnt_namespaces: 31752 -> 31751
  • Changed: user.max_net_namespaces: 31752 -> 31751
  • Changed: user.max_pid_namespaces: 31752 -> 31751
  • Changed: user.max_time_namespaces: 31752 -> 31751
  • Changed: user.max_user_namespaces: 31752 -> 31751
  • Changed: user.max_uts_namespaces: 31752 -> 31751
  • Changed: fs.file-max: 812620 -> 812619
  • Added: fs.overflowgid: 65534
  • Added: fs.overflowuid: 65534

New Features and Changes in the Linux Kernel:

Added additional option to existing kernel cmdline flag that moves protected stateful partition integrity tags to memory.

Fixed a kernel crash that occurred when running Postgres databases.

Enabled TDX Guest support in the Linux Kernel.

Updated the Linux kernel to v6.1.77.

New Features and Changes in the Image:

Changed default umask value for a user to 027.

Removed legacy logging agent (fluentd).

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Enhanced integrity-fs with disk resize and dm-clone.

Removed deprecated R525 NVIDIA GPU drivers.

Added support for dm-zero and dm-clone.

Sosreport now includes GPU Installer logs.

Fixed a performance issue that was observed in Postgres databases.

Fixed a container performance issue that occurred after running systemctl start cloud-audit-setup.

Updated NVIDIA GPU drivers.

Backported support for TCP RTO configuration in networkd.

Enable portmapper registration reporting for lsof. This also fixes an issue where lsof is missing from SOS reports.

Add compiler mitigations to mitigate memory corruption vulnerabilities.

Sequence named before nss-lookup.target.

Restore systemd-logind restart behavior when dbus restarts.

Fixed an issue where symlinks could not be moved.

Fixed an issue where IPv6 networking would fail under high CPU load.

Fixed an issue with NFS reconnects on GKE.

The get_metadata_value script will now retry if it experiences a connection error.

Enabled persistence mode with Nvidia GPU driver installation.

Fixed an issue in ip6tables where the -C option did not work correctly.

Simplified GPU driver installation by remounting driver installation path as executable from cos-extensions.

Added support for user.* xattr on tmpfs.

Added automatic generation of known modules list to image build process.

Include nvidia plugin into sosreport.

Added support for iSCSI targets and RAM block devices.

Fixed a time-to-login slowdown introduced by cloud-init changes.

CVE/Security Fixes:

Fixed CVE-2024-21626 in app-containers/runc.

Upgraded app-editors/vim to v9.0.2167 and app-editors/vim-core to v9.0.2167. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535.

Updated dev-lang/go to v1.21.5. This fixes CVE-2023-45285 and CVE-2023-39326.

Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.

Upgraded sys-apps/dbus to v1.12.28. This fixes CVE-2023-34969.

Fixed CVE-2023-49083 in package dev-python/cryptography.

Fixed CVE-2023-6622, CVE-2023-5197, CVE-2023-42753, CVE-2023-4921, CVE-2023-4623, CVE-2023-4194, CVE-2024-23851, CVE-2024-26581 in the Linux kernel.

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

Updated dev-go/net to v0.17.0. This resolves CVE-2023-44487 and CVE-2023-39325.

Fixed CVE-2023-4911 in sys-libs/glibc.

Fixed CVE-2023-38039 in net-misc/curl.

Fixed CVE-2023-5345 and CVE-2023-42756 in COS kernel.

Fixed CVE-2023-32636, CVE-2023-29499, CVE-2023-32643, CVE-2023-32665, CVE-2023-32611 in glib and glib-utils.

Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.

Fixed CVE-2023-4016 in sys-process/procps.

Updated dev-go/yaml to v3.0.1. This resolves CVE-2022-28948.

Fixed CVE-2022-40896 in pygments.

Fixed CVE-2023-24329 and CVE-2023-40217 in dev-lang/python.

Fixed ncurses upgrade to 6.4p20220423. This resolves CVE-2023-29491.

Upgraded dev-db/sqlite to v3.45.1-r1. This also fixes CVE-2023-7104.

Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549, CVE-2023-40551, CVE-2023-40547, and CVE-2023-40550 in sys-boot/shim.

Upgrade docker to v24.0.9. This fixes CVE-2024-24557.

Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.

Fixed CVE-2024-0684 in sys-apps/coreutils.

Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853 and CVE-2023-38545.

Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.

Updated default GPU driver to v470.199.02 and latest GPU driver to v525.125.06. This resolves CVE-2023-25515 and CVE-2023-25516.

Updates for Minor Packages:

Upgraded dev-libs/nss to v3.97.

Upgraded net-libs/gnutls to v3.8.3.

Upgraded dev-python/jinja to v3.1.3.

Upgraded app-admin/node-problem-detector to v0.8.15.

Upgraded app-eselect/eselect-iptables to v20220320.

Upgraded sys-libs/libcap-ng to v0.8.4-r1.

Upgraded net-misc/rsync to v3.2.7-r4.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded net-libs/libtirpc to v1.3.4-r1.

Upgraded app-admin/sudo to v1.9.15_p5.

Upgraded app-misc/jq to v1.7.1.

Upgraded sys-apps/pv to v1.8.5.

Upgraded sys-process/lsof to v4.99.3.

Upgraded dev-util/bsdiff to v4.3.1-r42.

Updated net-misc/openssh to v9.6_p1-r1.

Upgraded sys-apps/less to v643-r1.

Upgraded chromeos-base/mojo_service_manager to v0.0.1-r271.

Upgraded net-misc/socat to v1.8.0.0.

Upgraded dev-python/jsonpatch to v1.33.

Upgraded dev-python/pyyaml to v6.0.1-r1.

Upgraded dev-lang/python-exec to v2.4.10.

Upgraded dev-python/six to v1.16.0-r1.

Upgraded dev-python/configobj to v5.0.8.

Upgraded dev-python/nose to v1.3.7_p20221026.

Upgraded dev-python/mock to v5.1.0.

Upgraded dev-python/pyserial to v3.5-r2.

Upgraded sys-apps/hwdata to v0.376.

Upgraded sys-fs/xfsprogs to v6.5.0.

Upgraded dev-python/pygobject to v3.46.0.

Upgraded sys-devel/libtool to v2.4.6-r7.

Upgraded dev-libs/double-conversion to v3.2.1.

Upgraded net-fs/cifs-utils to v7.0-r1, Upgraded sys-libs/talloc to v2.4.1.

Upgraded app-arch/unzip to v6.0_p27-r1.

Upgraded sys-apps/dmidecode to v3.5-r3.

Upgraded dev-util/gn to v2121.

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2787.

Updated dev-embedded/libftdi to v1.5-r5.

Upgraded sys-apps/coreutils to v9.4.

Upgraded sys-process/procps to v4.0.4.

Updated dev-go/go-tools to v0.11.1_p20230712.

Upgraded app-arch/pigz to v2.8.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r2.

Upgraded app-arch/tar to v1.35.

Upgraded app-arch/xz-utils to v5.4.6-r1.

Upgraded app-misc/ca-certificates to v20230311.3.97.

Upgraded net-dns/c-ares to v1.26.0.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded sys-apps/ethtool to v6.7.

Upgraded sys-apps/file to v5.45-r4.

Upgraded sys-libs/libcap to v2.69-r1.

Upgraded sys-libs/timezone-data to v2024a.

Upgraded sys-libs/zlib to v1.3.1-r1.

Upgraded dev-libs/libusb to v1.0.27.

Upgraded dev-libs/expat to v2.6.0.

Upgraded sys-apps/acl to v2.3.2.

Updated gzip to v1.13.

Upgraded sys-auth/pambase to v20240128.

Upgraded net-misc/chrony to v4.5.

Upgraded app-containers/cni-plugins to v1.4.0.

Upgraded sys-apps/makedumpfile to v1.7.4.

Upgraded chromeos-base/system_api to v0.0.1-r5643.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2385.

Upgraded chromeos-base/hiberman-client to v0.0.1-r455.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2859.

Upgraded chromeos-base/dlcservice-client to v0.0.1-r884.

Upgraded chromeos-base/vm_protos to v0.0.1-r552.

Upgraded chromeos-base/shill-client to v0.0.1-r4325.

Upgraded chromeos-base/minijail to v18-r135.

Upgraded chromeos-base/debugd-client to v0.0.1-r2641.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2722.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r601.

Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.

Upgraded dev-util/puffin to v1.0.0-r450.

Upgraded sys-fs/squashfs-tools to v4.6.1.

Upgraded sys-apps/sandbox to v2.29-r1.

Dataplex

Automated cataloging of Vertex AI feature store is available in Preview. With this integration, you can discover Vertex AI feature groups and features across projects and regions using the Console or Dataplex API. Dataplex fully automates the process of ingesting and indexing metadata, while performing source IAM permission checks, providing a governed single-pane-of-glass experience for data and AI artifacts across Cloud services.

Dialogflow

Dialogflow CX: The Override request-level speech model has been added to advanced speech settings. This can be used to override the speech model provided in a runtime API request.

Vertex AI Conversation data stores: Gemini-pro 1.0 is now officially in General Availability. The model includes optimized prompting, delivering enhanced results with minimal latency impact. Please note: prompt optimization is currently focused on English, with other languages to follow.

Vertex AI Conversation data stores: The text-bison-001 model and fine-tuned text-bison@001 options will be deprecated by Vertex AI on July 6th. Please transition as soon as possible to the default option or another model available in the settings.

Dialogflow CX: DTMF for telephony integrations is now available for preview.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-ndb

2.3.1 (2024-03-16)

Bug Fixes
  • grpc: Fix large payload handling when using the emulator. (#975) (d9162ae)
  • Remove uses of six. #913 (#958) (e17129a)
  • Show a non-None error for core_exception.Unknown errors. (#968) (66e61cc)
Documentation
  • Document how to run system tests against the emulator. (#963) (47db5b9)
  • Note to use functools.wrap instead of utils.wrapping. (#966) (5e9f3d6)
  • Tell users of utils.wrapping to use functools.wraps (#967) (042645b)

Java

Changes for google-cloud-datastore

2.18.6 (2024-03-18)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.37.0 (#1355) (bcc5668)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.0 (#1372) (09db2a7)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#1373) (c6e63e5)
  • Update dependency com.google.errorprone:error_prone_core to v2.26.0 (#1361) (9442766)
  • Update dependency com.google.errorprone:error_prone_core to v2.26.1 (#1363) (05fe5bc)
  • Update dependency com.google.guava:guava-testlib to v33.1.0-jre (#1368) (0195345)
Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.127.3 (2024-03-20)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.36.0 (#1955) (d25d14a)
  • Update dependency com.google.cloud:google-cloud-core to v2.36.1 (#1962) (96c1c97)
  • Update dependency com.google.cloud:google-cloud-storage to v2.36.0 (#1957) (0d8c182)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.0 (#1956) (183df2c)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.28.1 (#1960) (faa45a4)
  • Update dependency com.google.protobuf:protobuf-java-util to v4 (#1951) (243ec9a)

Python

Changes for google-cloud-pubsub

2.20.3 (2024-03-21)

Documentation
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.12.0 (2024-03-19)

Features
Sensitive Data Protection

From February 12 through 27, 2024, a bug caused Sensitive Data Protection to inaccurately set the free-text scores of certain data profiles to 0, where they should have been higher. This bug is now resolved. All affected data profiles have been reprofiled.

For more information about the discovery service, see Data profiles.

March 22, 2024

Artifact Registry

Effective March 22, 2024, Artifact Registry npm repositories enforce not including uppercase letters in package names in order to match npmjs naming rules. Packages with uppercase letters in their names pushed to Artifact Registry prior to this date aren't affected by this change unless you want to push them to a new repository.

BigQuery

The March 20, 2024 release notes announced the preview for user-defined aggregate functions, but user-defined aggregate functions are not yet supported.

Chronicle

Chronicle has added a new rule set to Cloud Threat Detections , called Serverless Threats, that detects activity associated with potential compromise or abuse of server-less resources in Google Cloud, such as Cloud Run and Cloud Functions.

Chronicle now supports direct ingestion and parsing of reCAPTCHA Enterprise logs from Google Cloud.

Chronicle Security Operations

Chronicle now supports direct ingestion and parsing of reCAPTCHA Enterprise logs from Google Cloud.

There is no longer a limit on the number of feeds you can create for the same log type in Feed Management.

Chronicle has added a new rule set to Cloud Threat Detections , called Serverless Threats, that detects activity associated with potential compromise or abuse of server-less resources in Google Cloud, such as Cloud Run and Cloud Functions.

Cloud Run

Direct VPC egress (Preview) is now available in the following additional regions:

  • africa-south1
  • asia-south1
  • asia-southeast2
  • australia-southeast2
  • europe-central2
  • europe-west2
  • europe-west6
  • europe-west8
  • europe-west9
  • europe-west10
  • me-central1
  • me-central2
  • southamerica-west1
  • us-east5
  • us-west2
  • us-west3
  • us-west8

Cloud Run services can now connect to a Firestore database using integrations (Preview).

Cloud Run services can now connect to Vertex AI to access generative AI models using integrations (Preview).

Cloud Workstations

Support for GPUs is generally available (GA). For more information, see Available GPUs.

Cloud Workstations supports the following machine type:

  • a2-megagpu-16g

For more information, see Available machine types, REST workstationConfigs, or RPC google.cloud.workstations.v1beta GceInstance.

Compute Engine

Generally available: Disaster recovery with Persistent Disk Async Replication has been expanded to allow you to replicate data on a disk in one region to any other region within the same continent.

Also, the following performance and capacity enhancements are available:

  • Data replication change rate increased to 2 GiB/min from 250 MB/min.
  • Maximum provisioned disk size increased to 32 TB from 5 TB per disk.
  • The number of disks per project increased to 1000 from 100.
  • The number of disks per consistency group increased to 128 from 64.
Container Optimized OS

cos-dev-117-18269-0-0

Kernel Docker Containerd GPU Drivers
COS-6.1.79 v24.0.9 v1.7.10 v535.154.05(default, latest),v470.223.02(R470 for compatibility with K80 GPUs)

Upgraded app-admin/sosreport to v4.7.0.

Upgraded app-containers/docker-credential-helpers to v0.8.1.

Upgraded app-emulation/cloud-init to v23.4.3.

Upgraded app-admin/google-guest-agent to v20240213.00.

Upgraded app-admin/google-osconfig-agent to v20240126.00.

Upgraded sys-auth/pambase to v20240128.

Upgraded net-misc/chrony to v4.5.

Upgraded app-containers/cni-plugins to v1.4.0.

Updated sys-apps/systemd to v254.9.

Updated app-emulation/kubernetes to v1.29.1.

Updated docker-credential-gcr to v2.1.22.

Upgraded app-admin/google-guest-agent to v20240122.00.

Upgraded app-admin/google-guest-configs to v20240122.00.

Upgraded app-admin/google-osconfig-agent to v20240123.01.

Upgraded sys-apps/makedumpfile to v1.7.4.

Updated app-containers/runc to v1.1.12.

Updated app-emulation/cloud-init to v23.4.2.

Updated app-admin/sosreport to v4.6.1.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r602.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2723.

Upgraded chromeos-base/shill-client to v0.0.1-r4341.

Upgraded chromeos-base/system_api to v0.0.1-r5653.

Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2861.

Upgraded chromeos-base/hiberman-client to v0.0.1-r456.

Upgraded chromeos-base/minijail to v18-r136.

Upgraded chromeos-base/system_api to v0.0.1-r5643.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2385.

Upgraded chromeos-base/hiberman-client to v0.0.1-r455.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2859.

Upgraded chromeos-base/dlcservice-client to v0.0.1-r884.

Upgraded chromeos-base/vm_protos to v0.0.1-r552.

Upgraded chromeos-base/shill-client to v0.0.1-r4325.

Upgraded chromeos-base/minijail to v18-r135.

Upgraded chromeos-base/debugd-client to v0.0.1-r2641.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2722.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r601.

Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.

Upgraded chromeos-base/debugd-client to v0.0.1-r2634.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2721.

Upgraded chromeos-base/shill-client to v0.0.1-r4308.

Upgraded dev-util/puffin to v1.0.0-r450.

Upgraded chromeos-base/dlcservice-client to v0.0.1-r872.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2369.

Upgraded chromeos-base/hiberman-client to v0.0.1-r446.

Upgraded sys-fs/squashfs-tools to v4.6.1.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2849.

Upgraded sys-apps/sandbox to v2.29-r1.

Upgraded app-arch/xz-utils to v5.4.6-r1.

Upgraded app-misc/ca-certificates to v20230311.3.97.

Upgraded net-dns/c-ares to v1.26.0.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded sys-apps/ethtool to v6.7.

Upgraded sys-apps/file to v5.45-r4.

Upgraded sys-libs/libcap to v2.69-r1.

Upgraded sys-libs/timezone-data to v2024a.

Upgraded sys-libs/zlib to v1.3.1-r1.

Upgraded dev-libs/libusb to v1.0.27.

Upgraded dev-libs/expat to v2.6.0.

Upgraded dev-db/sqlite to v3.45.1-r1.

Upgraded net-misc/curl to v8.5.0-r3.

Upgraded sys-apps/acl to v2.3.2.

Updated gzip to v1.13.

Updated cos-gpu-installer to v2.2.0.

Added automatic generation of known modules list to image build process.

Include nvidia plugin into sosreport.

Added support for iSCSI targets and RAM block devices.

Fixed a time-to-login slowdown introduced by cloud-init changes.

Upgrade docker to v24.0.9. This fixes CVE-2024-24557.

Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in sys-boot/shim.

Fixed CVE-2023-40551 in sys-boot/shim.

Fixed CVE-2023-40547 in sys-boot/shim.

Updated dev-libs/openssl to v3.0.13. This resolves CVE-2024-0727 and CVE-2023-6129.

Fixed CVE-2024-0684 in sys-apps/coreutils.

Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.

Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.

Fixed CVE-2024-23851 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.epoll.max_user_watches: 1809474 -> 1809452
  • Changed: fs.file-max: 812400 -> 812392
  • Changed: kernel.threads-max: 63504 -> 63503
  • Changed: net.ipv4.tcp_mem: 94068 125424 188136 -> 94065 125423 188130
  • Changed: net.ipv4.udp_mem: 188136 250848 376272 -> 188133 250847 376266
  • Changed: user.max_cgroup_namespaces: 31752 -> 31751
  • Changed: user.max_ipc_namespaces: 31752 -> 31751
  • Changed: user.max_mnt_namespaces: 31752 -> 31751
  • Changed: user.max_net_namespaces: 31752 -> 31751
  • Changed: user.max_pid_namespaces: 31752 -> 31751
  • Changed: user.max_time_namespaces: 31752 -> 31751
  • Changed: user.max_user_namespaces: 31752 -> 31751
  • Changed: user.max_uts_namespaces: 31752 -> 31751

Sensitive Data Protection

The discovery and inspection services, which support BigQuery, now support tables that contain columns with INTERVAL, RANGE<DATE>, RANGE<DATETIME>, and RANGE<TIMESTAMP> data types.

For more information about sensitive data discovery, see Data profiles.

For more information about sensitive data inspection for BigQuery, see Inspect a BigQuery table.

March 21, 2024

Anthos Config Management

The constraint template library includes a new template: K8sPSSRunAsNonRoot. For reference, see the Constraint template library.

Policy Controller bundles have been updated to the following versions: cis-gke-v1.4.0: 202402.0-preview, nist-sp-800-190: 202402.0, nist-sp-800-53-r5: 202402.0, pci-dss-v3.2.1: 202402.0, pss-baseline-v2022: 202402.0, pss-restricted-v2022: 202402.0. For reference, see Policy Controller bundles overview.

Fixed a regression introduced in 1.16.0 that limits the length of the Secret name referenced in the spec.git.secretRef.name field of the RootSync object.

Fixed a regression introduced in 1.17.0 that caused Config Sync to sometimes fail to pull the latest commit from a Git branch by upgrading git-sync (Config Sync dependency for pulling from git) from v4.1.0 to v4.2.1.

Backup and DR

Backup and DR Service 11.0.10.417 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.

Backup and DR Service 11.0.10 includes an operating system upgrade from CentOS 7 to Rocky Linux 8. As CentOS 7 will reach its End of Life (EOL) on June 24, 2024, you must upgrade to 11.0.10 before the EOL date to continue receiving security updates.

To upgrade to 11.0.10, you should take a snapshot of the appliance's boot disk. If your backup/recovery appliance is on 11.0.5 or below, then you need to upgrade to 11.0.9 before successfully upgrading to 11.0.10. See 11.0.9 release notes to know how to back up the boot disk.

Backup and DR Service added support to access historical reports. Learn more.

BigQuery

You can now add Salesforce Data Cloud data to BigQuery. This feature is generally available (GA).

Incremental materialized views now support LEFT OUTER JOIN and UNION ALL. This feature is in preview.

Bigtable

You can now view Bigtable cost data with instance granularity in the Google Cloud Billing detailed export to BigQuery. For more information, see Structure of detailed cost data export.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Compute Engine

Generally available: In a managed instance group (MIG), you can set metadata and labels for all VMs in the group without the need to create a new instance template. For more information, see Override instance template properties with an all-instances configuration.

Generally available: In a managed instance group (MIG), you can turn off repairs to inspect failed and unhealthy VMs, to implement your own repair logic, or to monitor the application health without triggering repairs by MIG. For more information, see Turn off repairs in a MIG.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.96-debian10, 2.0.96-rocky8, 2.0.96-ubuntu18
  • 2.1.44-debian11, 2.1.44-rocky8, 2.1.44-ubuntu20, 2.1.44-ubuntu20-arm
  • 2.2.10-debian12, 2.2.10-rocky9, 2.2.10-ubuntu22
Google Distributed Cloud Virtual for Bare Metal

Release 1.28.300-gke.131

GKE on Bare Metal 1.28.300-gke.131 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.300-gke.131 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Functionality changes:

  • Updated preflight checks to add a check for networking kernel modules.

  • Updated preflight checks to remove the check for iptables package availability.

  • Increased the default memory limit for node-exporter.

Fixes:

  • Fixed an issue with configuring a proxy for your cluster that required you to manually set HTTPS_PROXY and NO_PROXY environment variables on the admin workstation.

The following container image security vulnerabilities have been fixed in 1.28.300-gke.131:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Release 1.15.11

GKE on Bare Metal 1.15.11 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.15.11 runs on Kubernetes 1.26.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

The following container image security vulnerabilities have been fixed in 1.15.11:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Distributed Cloud Virtual for VMware

GKE on VMware 1.28.300-gke.123 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.28.300-gke.123 runs on Kubernetes v1.28.4-gke.1400.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

  • Increased the default memory limit for node-exporter.
  • Updated the AIS version to hybrid_identity_charon_20240228_0730_RC00.

The following issues are fixed in 1.28.300-gke.123:

  • Fixed the issue where the admin cluster backup did a retry on non-idempotent operations.
  • Fixed the known issue where the controlPlaneNodePort field defaulted to 30968 when the manualLB spec was empty.
  • Fixed the known issue that caused the preflight check to fail when the hostname wasn't in the IP block file.
  • Fixed the known issue that caused Kubelet to be flooded with logs stating that "/etc/kubernetes/manifests" does not exist on the worker nodes.

The following vulnerabilities are fixed in 1.28.300-gke.123:

Security Command Center

Security Command Center detectors are now mapped to the following additional compliance frameworks:

  • CIS Critical Security Controls v8
  • Cloud Controls Matrix v 4
  • HIPAA
  • ISO 27001 (2022)
  • NIST 800-53 (rev 5)
  • NIST Cybersecurity Framework (v 1.0)
  • PCI-DSS 4.0
  • SOC 2 (2017)
VPC Service Controls

Preview stage support for the following integration:

reCAPTCHA Enterprise

reCAPTCHA Enterprise platform logs are now available in Chronicle. Users can now view their reCAPTCHA assessment and annotation data in a structured and searchable data format in Chronicle. For more information, see Collect reCAPTCHA Enterprise logs.

March 20, 2024

AlloyDB for PostgreSQL

Updated the default major version of PostgreSQL compatibility for new AlloyDB clusters to PostgreSQL 15.

Bare Metal Solution

You can now create and manage VRFs for the networks in your Bare Metal Solution environment. This feature is generally available (GA).

BigQuery

The maximum notebook size has been increased from 10 MB to 20 MB. Notebooks are available in preview.

You can now view lists of all saved queries and all notebooks in your project. These features are available in preview.

Chronicle

There is no longer a limit on the number of feeds you can create for the same log type in Feed Management.

Chronicle SOAR

Release 6.2.52 is currently in Preview.

Case filter and URL now in a reciprocal relationship

In the Cases page, the filter and the URL now directly affect each other. Changing the filter changes the URL, and conversely, changing the URL changes the filter. You can take advantage of this feature by setting a filter for cases and putting the newly created URL in an external dashboard. Clicking on this link would then take you directly to the filtered case queue.

Incident Manager appearing in navigation even though user doesn"t have license (ID #49062139)

lastLoginTime returns wrong date for SAML users (ID #00278010)

Wrong error message returned for environment alias duplicates (ID #00271405)

Playbooks with async actions longer than 7 days can't be saved even though time set to 14 days in IDE (ID #00269032)

Clicking on events configuration opens the wrong mapping & modeling rules

Chronicle Security Operations

Chronicle has expanded Cloud Threat Detections to create a detection when findings from Security Command Center Event Threat Detections, Cloud Armor, Sensitive Actions Service, and Custom modules for Event Threat Detection are identified. These detections are available through the following rule sets: CDIR SCC Cloud IDS, CDIR SCC Cloud Armor, CDIR SCC Impact, CDIR SCC Enhanced Persistence, CDIR SCC Enhanced Defense Evasion, and CDIR SCC Custom Module.

Case filter and URL now in a reciprocal relationship

In the Cases page, the filter and the URL now directly affect each other. Changing the filter changes the URL, and conversely, changing the URL changes the filter. You can take advantage of this feature by setting a filter for cases and putting the newly created URL in an external dashboard. Clicking on this link would then take you directly to the filtered case queue.

Cloud Composer

The Logs in Cloud Logging only feature is gradually rolled out to all regions:

  • New Cloud Composer environments now save Airflow task logs only in Cloud Logging by default.
  • Existing environments are not changed. If you upgrade an existing environment, it keeps saving logs to the environment's bucket.
  • You can enable and disable saving logs to the environment's bucket for an existing environment.

Currently the feature is rolled out to the following regions: africa-south1, asia-east1, asia-east2, asia-northeast2, asia-south2, asia-southeast2, australia-southeast2, europe-central2, europe-southwest1, europe-west10, europe-west12, europe-west2, europe-west3, europe-west4, europe-west6, europe-west8, me-central1, me-central2, me-west1, northamerica-northeast2, southamerica-west1, us-east5, us-east7, us-south1, and us-west4.

Cloud Healthcare API

The Healthcare Natural Language API supports the following entity mention types in Preview:

  • Oncology
  • Social determinants of health (SDOH)
  • Protected health information (PHI)
Cloud Key Management Service

Certificate bundles for verifying attestations for Cloud HSM keys are deprecated. You can no longer download certificate bundles as of March 20, 2024.

Certificate bundles have been replaced by certificate chains. To learn how to use certificate chains to verify attestations for Cloud HSM keys, see Verifying the attestation manually.

Cloud Load Balancing

The Google Cloud Console has launched a new wizard experience to walk you through the process of selecting a new load balancer. The new wizard walks you through all the available options (internal or internet-facing, proxy or passthrough, global or regional) and guides you to the appropriate load balancer for your use-case.

Try out the new wizard in the Google Cloud Console at Create a load balancer.

Container Optimized OS

cos-105-17412-294-46

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v23.0.3 v1.7.10 v470.239.06(default),v535.161.07(latest)

Upgraded app-editors/vim to v9.0.2167, Upgraded app-editors/vim-core to v9.0.2167.

Fixed CVE-2024-0727 in dev-libs/openssl.

Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.

Fixed CVE-2023-52447 in the Linux kernel.

cos-101-17162-386-47

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v20.10.24 v1.6.28 v470.239.06(default),v535.161.07(latest)

Fixed CVE-2024-0727 in dev-libs/openssl.

Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.

Fixed CVE-2023-52447 in the Linux kernel.

cos-97-16919-450-34

Kernel Docker Containerd GPU Drivers
COS-5.10.208 v20.10.24 v1.6.21 v470.239.06(default),v535.161.07(latest)

Fixed CVE-2024-0727 in dev-libs/openssl.

Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.

Fixed CVE-2023-52447 in the Linux kernel.

cos-109-17800-147-38

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs)

Added support for iSCSI targets and RAM block devices.

Updated app-editors/vim to 9.0.2167. This fixed CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2024-22667.

Dataproc

Announcing the Preview release of Dataproc Serverless for Spark 1.2 runtime:

  • Spark 3.5.0
  • BigQuery Spark Connector 0.35.1
  • Cloud Storage Connector 3.0.0
  • Conda 23.11
  • Java 17
  • Python 3.12
  • R 4.3
  • Scala 2.12

New Dataproc Serverless for Spark runtime versions:

  • 1.1.55
  • 1.2.0-RC1
  • 2.0.63
  • 2.1.42
  • 2.2.0-RC15

Dataproc Serverless for Spark:

  • Upgraded Spark RAPIDS plugin to version 24.2.0 in the latest runtimes.
  • Upgraded Spark to version 3.3.4 in the latest 1.1 and 2.0 runtimes.
  • Backported SPARK-44198 in the latest 1.2 and 2.2 runtimes.
Google Cloud Architecture Center

(New guide) Design storage for AI and ML workloads in Google Cloud: Select the recommended storage options for your AI and ML workloads.

Google Kubernetes Engine

(2024-R08) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • The following versions are now available in the Stable channel:
  • Version 1.26.10-gke.1101000 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1041000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.16-gke.1041000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.13-gke.1144000
    • 1.27.9-gke.1092000
    • 1.28.5-gke.1217000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1006000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1570000
    • 1.26.14-gke.1044000
    • 1.27.11-gke.1062000
    • 1.28.3-gke.1286000
    • 1.28.7-gke.1100000
    • 1.29.2-gke.1217000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1596000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1076000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1118000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.7-gke.1026000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.

(2024-R08) Version updates

(2024-R08) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.13-gke.1144000
    • 1.27.9-gke.1092000
    • 1.28.5-gke.1217000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.14-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.14-gke.1006000 with this release.

(2024-R08) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1570000
    • 1.26.14-gke.1044000
    • 1.27.11-gke.1062000
    • 1.28.3-gke.1286000
    • 1.28.7-gke.1100000
    • 1.29.2-gke.1217000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1596000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1076000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1118000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.7-gke.1026000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.7-gke.1026000 with this release.

(2024-R08) Version updates

  • The following versions are now available in the Stable channel:
  • Version 1.26.10-gke.1101000 is no longer available in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.24 to version 1.25.16-gke.1041000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.25.16-gke.1041000 with this release.
Security Command Center

New misconfiguration detectors for AlloyDB for PostgreSQL clusters released to General Availability.

Security Health Analytics, a built-in service of Security Command Center, released new detectors to General Availability. The following detectors, which are available only with the Premium tier of Security Command Center, detect misconfigurations in AlloyDB for PostgreSQL clusters and instances:

  • ALLOYDB_AUTO_BACKUP_DISABLED: Automated backups are not enabled in AlloyDB for PostgreSQL cluster.
  • ALLOYDB_LOG_ERROR_VERBOSITY: Instance database flag log_error_verbosity for AlloyDB for PostgreSQL instance is not set to default or another less restrictive value.
  • ALLOYDB_LOG_MIN_ERROR_STATEMENT_SEVERITY: Instance database flag log_min_error_statement for AlloyDB for PostgreSQL instance is not set to ERROR or lower.
  • ALLOYDB_LOG_MIN_MESSAGES: Instance database flag log_min_messages for AlloyDB for PostgreSQL instance is not set to at minimum warning.

For more information, see SQL vulnerability findings.

Spanner

Leader-aware routing now dynamically routes read-write transactions to the leader region in Spanner multi-region instances, reducing latency and improving performance. For more information, see Leader-aware routing.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.5.0-beta02 is now available for Android and iOS.

This version contains changes to improve the performance and reliability of getClient() and execute().

March 19, 2024

AlloyDB for PostgreSQL

The Quotas documentation is updated to include additional guidance on setting the maximum number of concurrent connections for your database instance size.

App Hub

App Hub is generally available (GA).

Artifact Registry

Fixed the issue causing images copied to Artifact Registry from Container Registry with the automatic migration tool to fail to propagate their creation time to Artifact Registry. Artifact Registry creation time is set to the time the image was uploaded to Container Registry, and update time is set to the time the image is copied to Artifact Registry.

BigQuery

You can now create and run Spark stored procedures that are written in Python, Java, and Scala. You can also use the PySpark editor in BigQuery to create stored Python procedures for Apache Spark. This feature is now generally available (GA).

The minimum duration between scheduled queries has been reduced from 15 minutes to 5 minutes. This feature is generally available.

Bigtable

You can now create daily backups of your Bigtable table by enabling automated backup. This feature is available in Preview. For details, see Automated backup.

Blockchain Node Engine

On March 19, 2024, Blockchain Node Engine upgraded all mainnet Polygon nodes in preparation for the Napoli (PIP-33) Hardfork.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • NetApp
    • netapp.googleapis.com/Backup
    • netapp.googleapis.com/BackupPolicy
    • netapp.googleapis.com/BackupVault
Cloud Composer

Airflow 2.7.3 is available in Cloud Composer images.

Fixed an issue where past Airflow task instances could be marked as failed in some cases.

Fixed an issue where Airflow task logs for the first try of a task might not be visible in Airflow UI.

BigQueryInsertJobOperator now correctly handles ephemeral tables created with tableDefinitions.

In BigQueryInsertJobOperator, fixed the handling of parsing errors during Lineage emission when the query is too long or deeply nested.

The apache-airflow-providers-google package is upgraded to version 10.16.0 in images with Airflow 2.6.3, and images with Airflow 2.7.3 have this version. For more information about changes, see the apache-airflow-providers-google changelog from version 10.15.0 to version 10.16.0.

The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.0.1 in images with Airflow 2.6.3, and images with Airflow 2.7.3 have this version.

Cloud Composer 2.6.5 images are available:

  • composer-2.6.5-airflow-2.7.3
  • composer-2.6.5-airflow-2.6.3 (default)
  • composer-2.6.5-airflow-2.5.3

Cloud Composer versions 2.1.10, 2.1.9, 1.20.10, and 1.20.9 have reached their end of full support period.

Cloud Composer 2.6.5 is a version with an extended upgrade timeline.

Cloud Run

You can now mount an NFS file share as a volume for Cloud Run services and jobs. (In Preview)

Cloud SQL for MySQL

Cloud SQL Enterprise Plus edition now supports the me-central2 (Dammam) region.

Cloud SQL for PostgreSQL

Cloud SQL Enterprise Plus edition now supports the me-central2 (Dammam) region.

Dialogflow

Dialogflow CX now provides the offers and deals prebuilt component.

Vertex AI Conversation data store tools now support filter and userMetadata example parameters.

Dialogflow CX request-scoped parameters now supports the $request.user-utterance parameter to reference the end-user utterance.

Eventarc

Eventarc support for creating triggers for direct events from Network Services is generally available (GA).

Google Kubernetes Engine

Cilium cluster-wide network policies are now generally available with the following GKE versions:

  • 1.28.6-gke.1095000 or later
  • 1.29.1-gke.1016000 or later

You can now control your GKE workloads' ingress and egress traffic cluster-wide, without being bound to a namespace for your network policies. This new capability is intended to streamline network policies for GKE platform administrators looking for a uniform way to apply policies across namespaces or application teams.

Cilium cluster-wide network policy is available in all GKE editions.

To learn more, read Control cluster-wide communication using network policies.

Workloads running on GKE clusters with COS-based nodes may experience DNS resolution issues. The likelihood of impact is low and not all clusters are impacted. The issue is resolved on the following minimal GKE node versions:

  • For 1.27: 1.27.11-gke.1118000
  • For 1.28: 1.28.7-gke.1100000
  • For 1.29: 1.29.2-gke.1217000

Clusters with a node version that is lower than 1.27.3-gke.1200 are not affected.

Spanner

Statistics for active partitioned data manipulation language (DML) queries are now generally available. You can get insights on active partitioned DMLs queries and their progress from statistics tables in your Spanner database. For more information, see Active partitioned DMLs statistics.

VPC Service Controls

Beta stage support for the following integration:

Preview stage support for the following integration:

March 18, 2024

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.5.1 (2024-03-14)

Bug Fixes
  • Add better documentation around usage of BigQueryTimestamp class and .timestamp method. (2b2c3e0)
  • BigQueryTimestamp should keep accepting floats #1339 (2b2c3e0)
  • Restores BigQueryTimestamp behavior to accept a numeric value in the constructor representing epoch-seconds. The affected 7.5.0 version would parse a numeric value as epoch-microseconds. (2b2c3e0)

Python

Changes for google-cloud-bigquery

3.19.0 (2024-03-11)

Features
Bug Fixes
  • Add google-auth as a direct dependency (713ce2c)
  • Augment universe_domain handling (#1837) (53c2cbf)
  • deps: Require google-api-core>=1.34.1, >=2.11.0 (713ce2c)
  • Supplementary fix to env-based universe resolution (#1844) (b818992)
  • Supplementary fix to env-based universe resolution (#1847) (6dff50f)

You can now undelete a dataset that is within your time travel window to recover it to the state that it was in when it was deleted. This feature is in preview.

These BigQuery features are now generally available (GA):

Text analysis configuration options for the following:

The following advanced processing functions:

You can now perform hierarchical forecasts in BigQuery ML time series models, which let you aggregate and roll up values for all time series in the model. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.36.0 (2024-03-13)

Features
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-logging

3.10.0 (2024-03-13)

Features
  • Allow users to explicitly configure universe domain (#846) (e998a21)
Bug Fixes
  • Added placeholder kwargs to StructuredLogHandler (#845) (9bc0a37)
  • Allowed for a partial override of loggers that get excluded from setup_client (#831) (870c940)
  • Remove usage in including_default_value_fields to prepare for protobuf 5.x (#866) (66a534d)
  • Use value of cluster-location in GKE for tagging location (#830) (c15847c)
Documentation
  • Added documentation for Django/Flask integrations and dictConfig (#848) (c65ec92)
Cloud Monitoring

You can now use Duet AI for Developers to help you create a synthetic monitor. This feature is in Public Preview. For more information, see Create a synthetic monitor.

Cloud Storage

You can now use the GCS FUSE file cache feature, a client-based read cache that lets repeat file reads to be served from a faster cache storage of your choice. To learn more about caching, see GCS FUSE caching documentation.

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.39.1 (2024-03-11)

Bug Fixes
  • storage: Add object validation case and test (#9521) (386bef3)

Java

Changes for google-cloud-storage

2.36.0 (2024-03-15)

Features
  • Add Custom Part Metadata Decorator to ParallelCompositeUploadConfig (#2434) (43b8006)
  • Add hierarchical namespace and folders features (#2445) (8074fff)
  • Add soft delete feature (#2403) (989f36f)
Bug Fixes
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240307-2.0.0 (#2442) (1352203)
  • Update dependency net.jqwik:jqwik to v1.8.4 (#2447) (110b80c)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.42.0 (#2441) (80745d4)
Cloud Tasks

The BufferTask method for creating tasks is now at General Availability (GA).

For tasks that have HTTP targets (as opposed to App Engine targets), the option to set routing for tasks at the queue level is now at General Availability (GA). If you set routing at the queue level, you do not have to set routing for each individual task. To learn more, see Configure routing.

Compute Engine

Generally available: The organization-wide patch status dashboard and organization-wide OS policy compliance reports in VM Manager are now generally available.

Config Controller

Config Controller now uses the following versions of its included products:

Container Registry

Container Registry is scheduled to be shut down and superseded by Artifact Registry on March 18, 2025. For more information and transition options, see Deprecations.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.6 (2024-03-14)

Bug Fixes
  • dataflow: Update protobuf dep to v1.33.0 (30b038d)
Deep Learning Containers

M118 release

  • Pytorch 2.1.0 with CUDA 12.1 and Python 3.10 container images are now available.
  • Pytorch 2.2.0 with CUDA 12.1 and Python 3.10 container images are now available.
Deep Learning VM Images

M118 release

  • Restored legacy gpu image families for TensorFlow 2.12 through 2.14, and for PyTorch 2.0.
  • Pytorch 2.1.0 with CUDA 12.1 and Python 3.10 VM images are now available.
  • Pytorch 2.2.0 with CUDA 12.1 and Python 3.10 VM images are now available.
  • R images (Experimental) updated to R 4.3.3.
  • Updated Nvidia drivers of older Deep Learning VM images to R535.
Dialogflow

The Dialogflow ES and Dialogflow CX us-dialogflow.googleapis.com endpoint and locations/us resource location, which served as aliases for global resources, will be discontinued on April 16, 2024. For more information, see the email announcement.

The following prebuilt components have been added to Dialogflow CX:

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

This is a beta release of the Pub/Sub client that includes OpenTelemetry Tracing.

Python

Changes for google-cloud-pubsub

2.20.2 (2024-03-15)

Documentation
  • samples: Add Create Topic with Kinesis IngestionDataSourceSettings Sample (#1120) (83dc9ff)
  • samples: Update Topic with Kinesis Ingestion Settings (#1123) (e0e2d83)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.11.6 (2024-03-14)

Bug Fixes
  • secretmanager: Update protobuf dep to v1.33.0 (30b038d)
Vertex AI

Vector Search heuristics-based compaction

Vector Search uses heuristics-based metrics assess whether to trigger compaction. This prevents unnecessary compaction, and thus reduces cost. For general information about compaction, see Compaction.

Vertex AI Workbench

M118 release

The M118 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Pytorch 2.1.0 with CUDA 12.1 and Python 3.10 user-managed notebooks instances are now available.
  • Pytorch 2.2.0 with CUDA 12.1 and Python 3.10 user-managed notebooks instances are now available.
  • Updated Nvidia drivers of older user-managed notebooks images to R535.

The M118 release of Vertex AI Workbench managed notebooks includes the following:

  • Updated Nvidia drivers to R535, which fixed a bug where the latest PyTorch 2.0 kernel didn't work due to outdated drivers.

M118 release

The M118 release of Vertex AI Workbench instances includes the following:

  • Updated Nvidia drivers to R535.

March 15, 2024

Access Approval

Access Approval supports Google Distributed Cloud Edge in the GA stage.

Access Transparency

Access Transparency supports the following services in the GA stage:

  • Google Distributed Cloud Edge
  • IAM workforce identity pools
AlloyDB for PostgreSQL

The Back up and restore AlloyDB Omni documentation is updated to include pgBackRest, an open-source solution included with the AlloyDB Omni Docker container.

Anthos Service Mesh

The rollout of managed Anthos Service Mesh version 1.17 to the stable channel has completed.

Anti Money Laundering AI

Improved the party de-registration process. You can now remove parties without prediction intent (that is, those parties not included in a create prediction results request) within a 45-day window following registration.

Artifact Registry

Artifact Registry remote repositories support basic authentication to user-defined and preset upstream sources for Docker, Maven, npm, and Python formats.

To create a remote repository using a preset or user-defined upstream source, see Create remote repositories. For more information on remote repository authentication, see Configure authentication to remote repositories.

Images copied to Artifact Registry from Container Registry with the automatic migration tool are failing to propagate their upload time to Artifact Registry, and instead have their upload time value set to zero, resulting in an upload time of early 1970. If you have cleanup policies that delete images based on upload time, this might mean all your copied images are deleted. We are actively working on a fix for this issue.

Carbon Footprint

Emissions reported for Google Kubernetes Engine (GKE) declined starting in February 2024. This change is a result of an update to Google's internal cost allocation, which determines how shared infrastructure costs are attributed to individual services. According to our methodology (Technical details - Electricity use), these internal costs are used to apportion electricity consumption and carbon emissions to services, so changes in cost apportionment result in corresponding changes to carbon apportionment and reporting for that service.

Chronicle

Chronicle has expanded Cloud Threat Detections to create a detection when findings from Security Command Center Event Threat Detections, Cloud Armor, Sensitive Actions Service, and Custom modules for Event Threat Detection are identified. These detections are available through the following rule sets: CDIR SCC Cloud IDS, CDIR SCC Cloud Armor, CDIR SCC Impact, CDIR SCC Enhanced Persistence, CDIR SCC Enhanced Defense Evasion, and CDIR SCC Custom Module.

Chronicle SOAR

Release 6.2.5.0 is now in General Availability.

Dataflow

You can now use worker utilization hints to tune horizontal autoscaling for streaming pipelines.

Added new autoscaling metrics:

  • Autoscaling rationale chart: explains the factors driving autoscaling decisions
  • Worker CPU utilization chart: shows current user worker CPU utilization and customer autoscaling hint value
  • Timer backlog per stage: shows an estimate of time needed to materialize the output for windows whose timer has expired
  • Parallel processing: the number of keys available for parallel processing
Datastream

Datastream now supports SQL Server as a source. The feature is in Preview. For more information, see Streamlining data integration with SQL Server source support in Datastream and the Datastream documentation.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-1085

For more information, see the GCP-2024-018 security bulletin.

Identity and Access Management

You can use the iam.serviceAccountKeyExposureResponse organization policy constraint to help manage leaked service account credentials.

Vertex AI Search and Conversation

Vertex AI Search: Sync from Google Drive (Preview with allowlist)

Connecting to Google Drive as a data source for Vertex AI Search is available as a Preview with allowlist feature. For more information, see Sync from Google Drive.

March 14, 2024

Apigee UI

On March 14, 2024 we released an updated version of the Apigee UI.

Bug ID Description
320739232 An issue was fixed where an incorrect error message was displayed after an API proxy or shared flow was undeployed.
Chronicle

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • Akamai WAF (AKAMAI_WAF)
  • Alcatel Switch (ALCATEL_SWITCH)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Auth0 (AUTH_ZERO)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS Config (AWS_CONFIG)
  • AWS GuardDuty (GUARDDUTY)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure App Service (AZURE_APP_SERVICE)
  • Azure Key Vault logging (AZURE_KEYVAULT_AUDIT)
  • BIND (BIND_DNS)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Box (BOX)
  • Chrome Management (N/A)
  • Cisco AMP (CISCO_AMP)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco VPN (CISCO_VPN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloudflare (CLOUDFLARE)
  • Cofense (COFENSE_TRIAGE)
  • Corelight (CORELIGHT)
  • CrowdStrike Falcon (CS_EDR)
  • CSV Custom IOC (CSV_CUSTOM_IOC)
  • Custom Application Access Logs (CUSTOM_APPLICATION_ACCESS)
  • Cybergatekeeper NAC (CYBERGATEKEEPER_NAC)
  • Extreme Wireless (EXTREME_WIRELESS)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • Falco IDS (FALCO_IDS)
  • FireEye (FIREEYE_ALERT)
  • FireEye ETP (FIREEYE_ETP)
  • ForgeRock Identity Cloud (FORGEROCK_IDENTITY_CLOUD)
  • FortiGate (FORTINET_FIREWALL)
  • GCP_APP_ENGINE (GCP_APP_ENGINE)
  • HP Procurve Switch (HP_PROCURVE)
  • IAM Context (N/A)
  • IBM DB2 (DB2_DB)
  • IBM Mainframe Storage (IBM_MAINFRAME_STORAGE)
  • IBM Security Access Manager (IBM_SAM)
  • Illumio Core (ILLUMIO_CORE)
  • Imperva (IMPERVA_WAF)
  • Infoblox (INFOBLOX)
  • JAMF CMDB (JAMF)
  • KerioControl Firewall (KERIOCONTROL)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mobile Endpoint Security (LOOKOUT_MOBILE_ENDPOINT_SECURITY)
  • Mongo Database (MONGO_DB)
  • Netscout OCI (NETSCOUT_OCI)
  • Netskope (NETSKOPE_ALERT)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Network Policy Server (MICROSOFT_NPS)
  • Nutanix Prism (NUTANIX_PRISM)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • OpenCanary (OPENCANARY)
  • Ordr IoT (ORDR_IOT)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Prisma Cloud (PAN_PRISMA_CLOUD)
  • PerimeterX Bot Protection (PERIMETERX_BOT_PROTECTION)
  • Phishlabs (PHISHLABS)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Pulse Secure (PULSE_SECURE_VPN)
  • RH-ISAC (RH_ISAC_IOC)
  • SailPoint IAM (SAILPOINT_IAM)
  • Salesforce (SALESFORCE)
  • Sap Business Technology Platform (SAP_BTP)
  • Security Command Center Threat (N/A)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • Shibboleth IDP (SHIBBOLETH_IDP)
  • Sourcefire (SOURCEFIRE_IDS)
  • Splunk Attack Analyzer (SPLUNK_ATTACK_ANALYZER)
  • STIX Threat Intelligence (STIX)
  • Symantec CloudSOC CASB (SYMANTEC_CASB)
  • Symantec DLP (SYMANTEC_DLP)
  • Tanium Asset (TANIUM_ASSET)
  • Thinkst Canary (THINKST_CANARY)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • Wazuh (WAZUH)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • wiz.io (WIZ_IO)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • XAMS by Xiting (XITING_XAMS)
  • Zscaler CASB (ZSCALER_CASB)
  • Zscaler DLP (ZSCALER_DLP)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)

The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

  • Aruba Switch (ARUBA_SWITCH)
  • Azure AD Password Protection (AZURE_AD_PASSWORD_PROTECTION)
  • Azure Front Door (AZURE_FRONT_DOOR)
  • Babelforce (BABELFORCE)
  • Cloudaware (CLOUDAWARE)
  • Coalition Control API (COALITION)
  • Crowdstrike Identity Protection Services (CS_IDP)
  • Cymulate (CYMULATE)
  • Dell ECS Enterprise Object Storage (DELL_ECS)
  • Google Cloud NGFW Enterprise (GCP_NGFW_ENTERPRISE)
  • Google Cloud Secure Web Proxy (GCP_SWP)
  • HaveIBeenPwned (HIBP)
  • HPE BladeSystem C7000 (HPE_BLADESYSTEM_C7000)
  • HP OpenView (HP_OPENVIEW)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM-i Operating System (IBM_I)
  • Multicom Switch (MULTICOM_SWITCH)
  • Nextthink Finder (NEXTTHINK_FINDER)
  • Palo Alto Cortex XDR Management Audit (PAN_XDR_MGMT_AUDIT)
  • PingIdentity Directory Server Logs (PING_DIRECTORY)
  • Prisma SD-WAN (PRISMA_SD_WAN)
  • Redhat Jboss (REDHAT_JBOSS)
  • SafeBreach (SAFEBREACH)
  • Scality Ring Audit (SCALITY_RING_AUDIT)
  • Sendsafely (SENDSAFELY)
  • Solace Pub Sub Cloud (SOLACE_AUDIT)
  • Sonicwall Secure Mobile Access (SONICWALL_SMA)
  • Sonrai Enterprise Cloud Security Solution (SONRAI)
  • Tenemos Journey Manager System Event Publisher (TENEMOS_MANAGER_SYSTEMEVENT)
  • TrueFort Platform (TRUEFORT)
  • Ubiquiti Accesspoint (UBIQUITI_ACCESSPOINT)
  • WithSecure Cloud Protection (WITHSECURE_CLOUD)
  • WithSecure Elements Connector (WITHSECURE_ELEMENTS)
  • YAMAHA ROUTER RTX1200 (YAMAHA_ROUTER)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Chronicle Security Operations

Forwarder troubleshooting guide is now available to help you diagnose and resolve common issues that may arise while using the Chronicle Linux forwarder.

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • Akamai WAF (AKAMAI_WAF)
  • Alcatel Switch (ALCATEL_SWITCH)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Auth0 (AUTH_ZERO)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS Config (AWS_CONFIG)
  • AWS GuardDuty (GUARDDUTY)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure App Service (AZURE_APP_SERVICE)
  • Azure Key Vault logging (AZURE_KEYVAULT_AUDIT)
  • BIND (BIND_DNS)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Box (BOX)
  • Chrome Management (N/A)
  • Cisco AMP (CISCO_AMP)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco VPN (CISCO_VPN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloudflare (CLOUDFLARE)
  • Cofense (COFENSE_TRIAGE)
  • Corelight (CORELIGHT)
  • CrowdStrike Falcon (CS_EDR)
  • CSV Custom IOC (CSV_CUSTOM_IOC)
  • Custom Application Access Logs (CUSTOM_APPLICATION_ACCESS)
  • Cybergatekeeper NAC (CYBERGATEKEEPER_NAC)
  • Extreme Wireless (EXTREME_WIRELESS)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • Falco IDS (FALCO_IDS)
  • FireEye (FIREEYE_ALERT)
  • FireEye ETP (FIREEYE_ETP)
  • ForgeRock Identity Cloud (FORGEROCK_IDENTITY_CLOUD)
  • FortiGate (FORTINET_FIREWALL)
  • GCP_APP_ENGINE (GCP_APP_ENGINE)
  • HP Procurve Switch (HP_PROCURVE)
  • IAM Context (N/A)
  • IBM DB2 (DB2_DB)
  • IBM Mainframe Storage (IBM_MAINFRAME_STORAGE)
  • IBM Security Access Manager (IBM_SAM)
  • Illumio Core (ILLUMIO_CORE)
  • Imperva (IMPERVA_WAF)
  • Infoblox (INFOBLOX)
  • JAMF CMDB (JAMF)
  • KerioControl Firewall (KERIOCONTROL)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mobile Endpoint Security (LOOKOUT_MOBILE_ENDPOINT_SECURITY)
  • Mongo Database (MONGO_DB)
  • Netscout OCI (NETSCOUT_OCI)
  • Netskope (NETSKOPE_ALERT)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Network Policy Server (MICROSOFT_NPS)
  • Nutanix Prism (NUTANIX_PRISM)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • OpenCanary (OPENCANARY)
  • Ordr IoT (ORDR_IOT)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Prisma Cloud (PAN_PRISMA_CLOUD)
  • PerimeterX Bot Protection (PERIMETERX_BOT_PROTECTION)
  • Phishlabs (PHISHLABS)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Pulse Secure (PULSE_SECURE_VPN)
  • RH-ISAC (RH_ISAC_IOC)
  • SailPoint IAM (SAILPOINT_IAM)
  • Salesforce (SALESFORCE)
  • Sap Business Technology Platform (SAP_BTP)
  • Security Command Center Threat (N/A)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • Shibboleth IDP (SHIBBOLETH_IDP)
  • Sourcefire (SOURCEFIRE_IDS)
  • Splunk Attack Analyzer (SPLUNK_ATTACK_ANALYZER)
  • STIX Threat Intelligence (STIX)
  • Symantec CloudSOC CASB (SYMANTEC_CASB)
  • Symantec DLP (SYMANTEC_DLP)
  • Tanium Asset (TANIUM_ASSET)
  • Thinkst Canary (THINKST_CANARY)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • Wazuh (WAZUH)
  • Windows Defender ATP (WINDOWS_DEFENDER_ATP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • wiz.io (WIZ_IO)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • XAMS by Xiting (XITING_XAMS)
  • Zscaler CASB (ZSCALER_CASB)
  • Zscaler DLP (ZSCALER_DLP)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)

The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

  • Aruba Switch (ARUBA_SWITCH)
  • Azure AD Password Protection (AZURE_AD_PASSWORD_PROTECTION)
  • Azure Front Door (AZURE_FRONT_DOOR)
  • Babelforce (BABELFORCE)
  • Cloudaware (CLOUDAWARE)
  • Coalition Control API (COALITION)
  • Crowdstrike Identity Protection Services (CS_IDP)
  • Cymulate (CYMULATE)
  • Dell ECS Enterprise Object Storage (DELL_ECS)
  • Google Cloud NGFW Enterprise (GCP_NGFW_ENTERPRISE)
  • Google Cloud Secure Web Proxy (GCP_SWP)
  • HaveIBeenPwned (HIBP)
  • HPE BladeSystem C7000 (HPE_BLADESYSTEM_C7000)
  • HP OpenView (HP_OPENVIEW)
  • IBM DS8000 Storage (IBM_DS8000)
  • IBM-i Operating System (IBM_I)
  • Multicom Switch (MULTICOM_SWITCH)
  • Nextthink Finder (NEXTTHINK_FINDER)
  • Palo Alto Cortex XDR Management Audit (PAN_XDR_MGMT_AUDIT)
  • PingIdentity Directory Server Logs (PING_DIRECTORY)
  • Prisma SD-WAN (PRISMA_SD_WAN)
  • Redhat Jboss (REDHAT_JBOSS)
  • SafeBreach (SAFEBREACH)
  • Scality Ring Audit (SCALITY_RING_AUDIT)
  • Sendsafely (SENDSAFELY)
  • Solace Pub Sub Cloud (SOLACE_AUDIT)
  • Sonicwall Secure Mobile Access (SONICWALL_SMA)
  • Sonrai Enterprise Cloud Security Solution (SONRAI)
  • Tenemos Journey Manager System Event Publisher (TENEMOS_MANAGER_SYSTEMEVENT)
  • TrueFort Platform (TRUEFORT)
  • Ubiquiti Accesspoint (UBIQUITI_ACCESSPOINT)
  • WithSecure Cloud Protection (WITHSECURE_CLOUD)
  • WithSecure Elements Connector (WITHSECURE_ELEMENTS)
  • YAMAHA ROUTER RTX1200 (YAMAHA_ROUTER)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Cloud Composer

In Airflow 2.6.3 offered in Cloud Composer versions earlier than 2.6.2, task statuses can be deleted as a result of the #31179 Airflow issue. If you use Airflow 2.6.3, we recommend to upgrade to Cloud Composer version 2.6.2 or later where this issue is fixed.

Cloud Data Fusion

Salesforce plugin version 1.6.3 is available in Cloud Data Fusion versions 6.8.0 and later. The release includes the following changes:

  • Fixed an issue in the Salesforce sink plugin causing an unsupported type datetime error for DateTime type fields in the input schema. In this version, the Salesforce sink plugin supports datetime and decimal logical types (PLUGIN-1749).
  • Fixed an issue in all Salesforce plugins causing a pipeline to fail when using an OAuth macro because the oAuth macro value didn't get passed to the plugin as intended. In this version, all Salesforce plugins support an OAuth macro (PLUGIN-1767).
  • At the time of failure on the Salesforce sink side, if the Error handling property is set to the Fail on error option, the Salesforce job is aborted, which stops newer batches from being added to the job due to spark retry settings in CDAP (PLUGIN-1768).
  • To make debugging easier, additional debug logs and batch results in logs are available.
Cloud Run

Direct VPC egress now supports Cloud NAT with Public NAT IP addresses (in Preview).

Cloud SQL for SQL Server

A new maintenance version rollout is currently underway for all supported SQL Server versions.

If you have configured a maintenance window for your instance, then the updates will occur according to the timeframe that you set in the window. Otherwise, the updates will occur within the next few weeks. The new maintenance version is [SQL Server version].R20240216.01_RC00.

To learn how to check your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.95-debian10, 2.0.95-rocky8, 2.0.95-ubuntu18
  • 2.1.43-debian11, 2.1.43-rocky8, 2.1.43-ubuntu20, 2.1.43-ubuntu20-arm
  • 2.2.9-debian12, 2.2.9-rocky9, 2.2.9-ubuntu22

New Dataproc Serverless for Spark runtime versions:

  • 1.1.54
  • 2.0.62
  • 2.1.41
  • 2.2.0-RC14

Added the bigframes (BigQuery DataFrames) Python package in the Dataproc Serverless for Spark 2.1 runtime.

Google Cloud Architecture Center

Design an optimal storage strategy for your cloud workload: Added guidance about data transfer options.

Google Distributed Cloud Edge

This is a patch release of Google Distributed Cloud Edge (version 1.6.1).

The following new features have been introduced in this release of Distributed Cloud Edge:

  • Multi-rack deployments. Distributed Cloud Edge now supports aggregating the resources of multiple Distributed Cloud Edge Racks into a single zone. You can now create clusters that span nodes across multiple Distributed Cloud Edge Racks. A single multi-rack deployment supports one Distributed Cloud Edge Base Rack and up to 10 Distributed Cloud Edge Standalone Racks. For more information, see How Distributed Cloud Edge works.

  • Distributed Cloud Edge Base Rack. We are now shipping a new form factor of Distributed Cloud Edge Rack hardware, the Distributed Cloud Edge Base Rack. This form factor is a pair of existing Distributed Cloud Edge Standalone Rack hardware with the addition of four network switches that aggregate network traffic from up to 10 Distributed Cloud Edge Standalone Racks.

  • Prometheus integration. You can now use the Prometheus metrics solution to collect Distributed Cloud Edge metrics and workload metrics on local control plane clusters running in survivability mode. For more information, see Collect metrics with Prometheus.

  • Node labels. You can now assign unique labels to individual nodes when creating a node pool. For more information, see Create a node pool.

The following changes have been introduced in this release of Distributed Cloud Edge:

  • Cloud control plane clusters can no longer be created in subsequent releases of Distributed Cloud Edge. Distributed Cloud Edge version 1.6.1 is the last release of Distributed Cloud Edge in which you can create Cloud control plane clusters. Creation of cloud control plane clusters will be disabled in the next minor release of Distributed Cloud Edge. Existing cloud control plane clusters will continue to run workloads.

  • Release channel requirement for specifying cluster software versions. If you want to specify a Distributed Cloud Edge software version when creating a cluster, you must now set the cluster's release channel to NONE. If you do not specify a release channel or explicitly set it to REGULAR, the cluster automatically upgrades to the latest version of Distributed Cloud Edge software and specifying a software version is not possible.

This release of Distributed Cloud Edge contains the following known issues:

  • Nodes can get stuck in Ready,SchedulingDisabled state after applying configuration changes. Applying or deleting the NodeSystemConfigUpdate or SriovNetworkNodePolicy resources can result in a node that's stuck in the Ready, Scheduling Disabled state after it reboots. To resolve this issue, see Troubleshoot Distributed Cloud Edge.

  • Deleting clusters and node pools fails when a node is not ready. If a node in a cluster or node pool that you want to delete is in the NotReady state, the deletion can fail. Contact Google Support to remedy this condition.

  • Nodes using Symcloud Storage report the file system as read-only after reboot. When multiple nodes that use Symcloud Storage reboot at once in a cluster, they can incorrectly mark the file system as read-only. Contact Google Support to remedy this condition.

Google Distributed Cloud Edge management software has been updated.

Google Kubernetes Engine

A previous version of the GKE logging agent that rolled out in GKE version 1.28.7-gke.1100000 contained a security vulnerability. This version has been immediately removed.

VPC Service Controls

Preview stage support for the following integration:

March 13, 2024

AlloyDB for PostgreSQL

AlloyDB now supports continuous backup and recovery, and scheduled backups on secondary clusters. When you create a secondary cluster, any backup plans on the primary cluster are automatically copied to the new secondary cluster. For more information, see About cross-region replication.

Anti Money Laundering AI

Released a new v4 engine versions for the commercial line of business, with more reliable tuning performance, in particular for small datasets.

Apigee X

As of March 13, 2024, the conversion of Apigee API Management organizations with Pay-as-you-go pricing provisioned before October 1, 2023, to Pay-as-you-go organizations that use updated attributes for pricing is complete, with the exception of one organization that requires customer action.

The Apigee API Analytics add-on is enabled in converted organizations.The Analytics add-on can be disabled if it is not required. In addition, you can update your Pay-as-you-go environment types using the API.

For more information on the updated pricing and enhanced features now available for these organizations, see Pay-as-you-go (updated attributes) overview.

Updated pricing attributes will be reflected in March invoices. For billing questions related to this change, contact Google Cloud Billing support.

Chronicle SOAR

Release 6.2.51 is currently in Preview.

Jobs Enhancement

When updating an integration, the jobs will now be updated automatically. This does not apply to any legacy jobs that were created before October 2023.

The Marketplace integration will clearly identify the legacy jobs that are affected and provide instructions on how to proceed.

In addition, legacy jobs are now marked as such in the Jobs Scheduler page so that you can take action and resolve issues beforehand.

APIs now documented

The following APIs are not new, but with this Release are now formally documented in Swagger:

AddOrUpdateEnvironmentRecords

RemoveEnvironmentRecords

Searching for cases from the last week doesn't produce results (ID #00269819)

Email HTML Templates > Show Email Template not rendering styles (ID #00249556)

SDK call for create entity failure displays the wrong error message (ID #48950075)

Chronicle Security Operations

In the Entity Explorer page, Case Distribution has been renamed to Alert Distribution.

Jobs Enhancement

When updating an integration, the jobs will now be updated automatically. This does not apply to any legacy jobs that were created before October 2023.

The Marketplace integration will clearly identify the legacy jobs that are affected and provide instructions on how to proceed.

In addition, legacy jobs are now marked as such in the Jobs Scheduler page so that you can take action and resolve issues beforehand.

Cloud Billing

You can now view granular Bigtable usage in the Cloud Billing Detailed export to BigQuery

You can now view granular Bigtable instance cost data in the Google Cloud Billing detailed export. Use the resource.global_name field in the export to view and filter your detailed Bigtable instance usage.

Review the schema of the Detailed cost data export.

You can now view granular Memorystore for Redis usage in the Cloud Billing Detailed export to BigQuery

You can now view granular Memorystore for Redis cost data in the Google Cloud Billing detailed export. Use the resource.global_name and resource.name fields in the export to view and filter your detailed Memorystore for Redis usage.

Review the schema of the Detailed cost data export.

Cloud Composer

All preview versions of Cloud Composer 2 are past their security notifications end date and are not supported. If your environment uses a preview version of Cloud Composer 2, then please upgrade this environment to a supported version or re-create it using the latest version of Cloud Composer 2.

If you see frequent scheduler restarts in your Airflow 2.6.3 environment and the [scheduler]job_heartbeat_sec Airflow configuration option is set to a non-default value, you can fix this issue either by upgrading to Cloud Composer version 2.6.4 or by removing this option's override, so that it uses the default value.

Cloud SQL for SQL Server

Cloud SQL now supports SQL Server Reporting Services (SSRS) on your instances. For more information, see Use SSRS for creating reports.

Compute Engine

Generally available: You can use SSH-in-browser to connect to TPU VMs. For more information, see Connecting to a Cloud TPU.

Dataform

The 3.0.0-beta.0 version of the open-source Dataform framework is available. This update introduces significant changes, including, but not limited to, the following:

  • Deprecation of dataform.json in favor of workflow_settings.yaml
  • Stateless package installation by @dataform/cli
  • Warehouse-agnostic compilation output

You don't need to take immediate action to update your Dataform code.

For more information, see the 3.0.0-beta.0 release on GitHub.

Looker

Looker 24.4 includes the following changes, features, and fixes.

Expected Looker (original) deployment start: Monday, March 18, 2024

Expected Looker (original) final deployment and download available: Thursday, March 28, 2024

Expected Looker (Google Cloud core) deployment start: Monday, March 18, 2024

Expected Looker (Google Cloud core) final deployment: Monday, April 1, 2024

Query IDs can no longer be used to fetch queries or create render tasks through the API. The Get All Running Queries API endpoint is now restricted to admins only. Query slugs that are generated by Looker will be 32 characters instead of 7.

Chrome is starting to deprecate third-party cookies as of January 2024. Because of Looker's dependency on third-party cookies to establish embed user sessions, this may impact your embed use case. For more information, see the Chrome is deprecating third-party cookies notice.

Previously, custom visualizations would not call the updateAsync function after the vis config is updated via the custom visualization API. Now, the function will be called. If a custom visualization is set up to update the vis config every time updateAsync is called, it could cause excessive refreshes.

If your custom visualization is fails to load after this update, double check your custom visualization code for unnecessary vis config updates. If you have a Looker (original) instance, you can also enable the Custom Vis Reliable Render Labs feature which causes Looker to suppress excess refresh behavior in custom visualizations.

The Performant Field Picker feature is now generally available.

When an instance has no projects, Looker will more prominently prompt users to create a model.

In the Create a model wizard, your selections are now saved even if you close steps without having completed the model creation process.

Adding a query slug to source queries in the merge query API response GET merge_queries/<merge_query_id> returns the query slug in addition to the ID.

The save_content permission now has two child permissions, save_dashboards and save_looks. These permissions let Looker admins exert finer control over the kinds of content that users can save.

Only users who have access to dashboard extensions will be shown the Add Extension tile.

Subtotals have been fixed for queries with order_by_field references in query streaming pathways. This feature now performs as expected.

An issue where embed secrets might have been visible to non-admin users has been fixed. This feature now performs as expected.

Looker now ignores all blank filter strings, including IS NOT.

An issue has been fixed that caused small decimals to be displayed in scientific notation even when formatting was disabled. This feature now performs as expected.

An issue has been fixed where the PDT Context Override toggle was improperly reflecting the ON state when it had been cleared prior. This feature now performs as expected.

Performant field picker sorting behavior has been fixed. This feature now performs as expected.

Downloading results from SQL Runner now only downloads the file and does not open the file in a new browser tab.

Filter expressions including user attributes and OR logical conditions were being incorrectly populated when generating SQL. This feature now performs as expected.

A change in the Snowflake dialect was ported to Kotlin to maintain parity. Snowflake column names with mixed cases are now properly quoted.

Filter suggestion requests have been reduced while the user is typing. Because normal typing will invoke fewer requests, the load on the server will be reduced.

An issue that caused single value change indicators to not render in Safari when dashboards scrolled has been fixed. This feature now performs as expected.

The LookML Validator no longer hangs on a connection that references a deleted or malformed user attribute. The Validator also surfaces a detailed error when the user tests the connection.

An issue has been fixed where extension documents would appear when hiding Looker document links was disabled. This feature now performs as expected.

Content Validator has added support for field replacement within custom measure filters (across Looks, dashboard elements, and merge queries).

Queries with order_by_field references and subtotals should render correctly in downloads / run_query APIs.

Looker should now correctly handle cases where the sorts query had an empty string or was entirely empty.

Previously, the All Results option was unavailable for schedules on Looks. This feature now performs as expected.

On the new Admin - Users page, Looker Support users were shown as having never logged in even for currently logged-in users. This issue has been fixed and this feature now performs as expected.

LookML-defined fields that are used in field filters will not be rejected from a set when the field requiring them is rejected from that set. This feature now performs as expected.

Previously, the Errors and Broken Content dashboard appeared twice in the admin panel. This feature now performs as expected.

A data validation message is now returned for waterfall charts when there are multiple measures and a hidden dimension.

Looker now shows a clearer warning message when a user attempts to download a query with dimension fill and All Results enabled.

Looker no longer imposes the Explore row limit of 5,000 on queries that are run using the run inline query API endpoint.

Previously, the lookml_model_explore API endpoint would return a 500 error in certain cases. This feature now performs as expected.

Errors about UI downloads are now more descriptive, similar to descriptive API error messages.

Internal encryption has been migrated from AES-128 to AES-GCM-256 encryption.

The Disallow Numeric Query IDs legacy feature has been added to let users opt in to or out of query API changes.

The Advanced Features for New Schedules Page Labs feature is now available. This lets you sort and filter the list of scheduled plans on the Admin - Schedules page.

Previously, when a dashboard was scheduled using PNG format and one of the tiles contained an empty note, the schedule would fail. This feature now works as expected.

The Export function has been re-enabled, which lets Looker admins export data from a Looker (original) instance for import into a Looker (Google Cloud core) instance.

Incorrect quoting in Snowflake views has been fixed.

IAM checks for ephemeral users were disabled as a result of rendering issues for users who were logged in with SAML in Looker (Google Cloud core).

Resource Manager

You can add tags at the time of creating folders and projects. These tags can be added as key-value pairs. For more information, see Add tags during folder creation and Add tags during project creation. This feature is currently in preview.

Storage Transfer Service

Support for transfers from cloud and on-premises Hadoop Distributed File System (HDFS) sources is now generally available (GA).

HDFS support allows for use cases such as migrating from on-premises storage to Cloud Storage, archiving data to free up on-premises storage space, replicating data to Google Cloud for business continuity, or transferring data to Google Cloud for analysis and processing.

See Transfer from HDFS to Cloud Storage for details.

March 12, 2024

AlloyDB for PostgreSQL

AlloyDB Language Connectors are now generally available (GA). These language connectors are libraries that provide automated mutual TLS connections, IAM-based authorization, and Automated IAM Authentication when connecting to an AlloyDB instance. For more information about language connectors, see AlloyDB Language Connectors overview.

Anti Money Laundering AI

Added a new metric to AML AI, providing insight into the importance of each feature family to an AML AI Model. This metric is available in new v4 engine versions. It allows you to:

  • Act on model monitoring outputs in the context of their importance to a model
  • Check the contribution of your Party Supplementary Data to a model
App Engine standard environment Go

You can't use the latest version of dev_appserver.py to locally run your applications for runtimes that reached end of support. To continue using an archived version of dev_appserver.py, see Use the local development server after runtimes reach the end of support.

App Engine standard environment Java

You can't use the latest version of dev_appserver.py to locally run your applications for runtimes that reached end of support. To continue using an archived version of dev_appserver.py, see Use the local development server after runtimes reach the end of support.

App Engine standard environment PHP

You can't use the latest version of dev_appserver.py to locally run your applications for runtimes that reached end of support. To continue using an archived version of dev_appserver.py, see Use the local development server after runtimes reach the end of support.

App Engine standard environment Python

You can't use the latest version of dev_appserver.py to locally run your applications for runtimes that reached end of support. To continue using an archived version of dev_appserver.py, see Use the local development server after runtimes reach the end of support.

Blockchain Node Engine

On March 12, 2024, Blockchain Node Engine upgraded all mainnet Ethereum nodes in preparation for the Dencun Hardfork.

Certificate Manager

Certificate Manager supports integration with regional external Application Load Balancers and regional internal Application Load Balancers. This feature is generally available (GA). For more information, see Certificate Manager overview.

Chronicle

Forwarder troubleshooting guide is now available to help you diagnose and resolve common issues that may arise while using the Chronicle Linux forwarder.

Cloud Composer

Fixed creation and upgrades in environments that have environment variables with special symbols.

Cloud Composer 2.6.4 images are available:

  • composer-2.6.4-airflow-2.6.3 (default)
  • composer-2.6.4-airflow-2.5.3

Cloud Composer versions 2.1.8 and 1.20.8 have reached their end of full support period.

Cloud Data Fusion

The Cloud Data Fusion version 6.9.2.3 patch revision is generally available (GA). 6.9.2.3 includes the following fixes:

  • Skipped running MetadataConsumerSubscriberService when Dataplex Data Lineage Integration is disabled (CDAP-20947).

  • Fixed an issue causing runtime arguments of pipeline triggers to not propagate to downstream pipelines (CDAP-20943).

  • Fixed an issue causing pipelines to fail in starting state when the system worker service is intermittently unavailable (CDAP-20956).

  • Fixed an issue causing pipelines to fail in starting state when the Compute Engine metadata server is intermittently unavailable (CDAP-20955).

Cloud Load Balancing

The global external Proxy Network Load Balancer is implemented on globally distributed GFEs and supports advanced traffic management capabilities. This load balancer can be configured to handle either TCP or SSL traffic by using either a target TCP proxy or a target SSL proxy respectively. Global external proxy Network Load Balancers support backends such as instance groups, hybrid NEGs, and Private Service Connect NEGs. For details, see the External proxy Network Load Balancer overview.

To set up a global external Proxy Network Load Balancer, see the following pages:

This capability is in General Availability.

Regional external Application Load Balancers and regional internal Application Load Balancers now support Certificate Manager certificates. For more information, see Certificates and Google Cloud load balancers.

This capability is in General Availability.

Cloud Storage

You can now view granular bucket-level cost data in the Cloud Billing Detailed data export.

Cloud Translation

For AutoML datasets, you can tag segment pairs when importing them through the Google Cloud console.

You can request document translations with multi-regional endpoints.

Compute Engine

Generally available: You can scale a single VM into a managed instance group (MIG), which is a group of VMs that you can manage as a single entity. A MIG can make your workload scalable and highly available using features like autoscaling, autohealing, regional (multiple zones) deployment, and automatic updating.

For more information, see Create a MIG from an existing VM.

Container Registry

New tooling is available to upgrade from Container Registry to Artifact Registry. For more information on the available tools, see Automate migration to Artifact Registry.

Dataform

Granting repository access to all authenticated users is available. For more information, see Grant public access to a repository.

Retail API

Vertex AI Search for retail: Renamed in the console and documentation

The Google Cloud console has been updated to show the current product name for Vertex AI Search for retail.

You might see the old names (Retail or Retail API) in some places—for example, in the documentation. Google is in the process of updating content to reflect the new branding.

Vertex AI Search and Conversation

Vertex AI Search: Vertex AI Search for healthcare (GA)

Vertex AI Search for healthcare is Generally available (GA). Healthcare search lets you query healthcare records stored in FHIR data stores. For more information, see Vertex AI Search. With healthcare search, you can:

Vertex AI Search: Specify a parser for unstructured content (Public preview)

You can control how documents are parsed when they are uploaded to Vertex AI Search. Parser specification is available in Public preview.

Vertex AI Search provides a digital parser (GA), an OCR parser for PDFs (Public preview), and a layout parser (Public Preview). During data store creation for generic search apps with unstructured data, you can set a default parser for the data store and an override parser for specific file types.

For more information, see Parse documents.

Vertex AI Search: Turn on document chunking (Public preview)

To use Vertex AI Search for retrieval-augmented generation (RAG) for LLMs, you can turn on document chunking when creating a data store. Document chunking is available in Public preview.

When document chunking is turned on, your documents are split into chunks when you ingest documents into your data store, and your search app can return chunks of data in search results instead of full documents. Using chunked data for RAG increases relevance for LLM answers and reduces computational load for LLMs. Document chunking is in Public preview. For more information, see Chunk documents for RAG.

Vertex AI Search: Connect ServiceNow as a data source (Private preview)

You can connect ServiceNow as a third-party data source for Vertex AI Search. For more information, see Connect a third-party data source.

March 11, 2024

Anthos Service Mesh

1.20.4-asm.0 is now available for in-cluster Anthos Service Mesh.

You can now download 1.20.4-asm.0 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.20.4 subject to the list of supported features. Anthos Service Mesh 1.20.4-asm.0 uses Envoy v1.28.1.

1.19.8-asm.2 is now available for in-cluster Anthos Service Mesh.

You can now download 1.19.8-asm.2 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.19.8 subject to the list of supported features. Anthos Service Mesh 1.19.8-asm.2 uses Envoy v1.27.3.

1.18.7-asm.11 is now available for in-cluster Anthos Service Mesh.

You can now download 1.18.7-asm.11 for in-cluster Anthos Service Mesh. It includes the features of Istio 1.18.7-asm.11 subject to the list of supported features. Anthos Service Mesh 1.18.7-asm.11 uses Envoy v1.26.7.

There is a known issue where new installations of Managed Anthos Service Mesh in the rapid channel on GKE Autopilot clusters may fail. For affected versions and mitigation, see the GKE release note.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.38.1 (2024-03-07)

Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.38.0 (#3159) (d6c65ab)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.42.0 (#3160) (e31b5b7)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.27.0 (#3176) (b93e62e)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.1 (#3153) (436f58c)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#3154) (b68ab42)
  • Update github/codeql-action action to v2.24.5 (#3165) (8ac7722)

Python

Changes for google-cloud-bigquery

3.18.0 (2024-02-29)

Features
  • Support nullable boolean and Int64 dtypes in insert_rows_from_dataframe (#1816) (ab0cf4c)
  • Support slot_ms in QueryPlanEntry (#1831) (d62cabb)
Bug Fixes
  • Keyword rendering and docstring improvements (#1829) (4dfb920)
Documentation
  • samples: Updates to urllib3 constraint for Python 3.7 (#1834) (b099c32)
  • Update client_query_w_named_params.py to use query_and_wait API (#1782) (89dfcb6)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.35.1 (2024-03-07)

Dependencies

2.35.0 (2024-03-05)

Features
  • Add authorized view bindings to Cloud Bigtable data APIs and messages (#2144) (ae89709)
Bug Fixes
  • Per-connection metrics issue when using a different Bigtable project (#2143) (8dbd680)
Cloud Billing

Tags data for Google Cloud Storage buckets is available in both the Standard usage cost export and the Detailed usage cost export.

To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see more about tags and query examples with tags.

Cloud Logging

You can now use SQL JOIN and UNION operators on the Log Analytics page to combine tables in multiple Google Cloud projects.

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.16.1 (2024-03-07)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.37.0 (#1553) (15b05fc)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.27.0 (#1552) (6c5464d)
Cloud TPU

Cloud TPU now supports TensorFlow 2.16.1. For more information see the TensorFlow 2.16.1 release notes.

Compute Engine

Generally available: Hyperdisk Balanced is available with C3 and H3 VMs. Hyperdisk Balanced is a good fit for a wide range of use cases such as LOB applications, web applications, and medium-tier databases that don't require the performance of Hyperdisk Extreme. For more information, see About Hyperdisk.

Container Optimized OS

cos-109-17800-147-33

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.161.07(default, latest),v470.239.06(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm

Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.

cos-105-17412-294-40

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v23.0.3 v1.7.10 v470.239.06(default),v535.161.07(latest)

Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm

Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.

cos-101-17162-386-43

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v20.10.24 v1.6.28 v470.239.06(default),v535.161.07(latest)

Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm

Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.

cos-97-16919-450-30

Kernel Docker Containerd GPU Drivers
COS-5.10.208 v20.10.24 v1.6.21 v470.239.06(default),v535.161.07(latest)

Updated cos-gpu-installer to v2.2.1. Fixed cached driver installation error with network disabled. Added force-fallback flag, major version specification for GPU driver installation and fixed ordering of kernel module loading for nvidia-modeset and nvidia-drm

Updated NVIDIA GPU drivers to v470.239.06 and v535.161.07. This fixes CVE‑2024‑0074, CVE-2024-0075 and CVE-2022-42265.

Dataflow

You can now use committed use discounts (CUDs) with Dataflow streaming jobs. Committed use discounts provide discounted prices in exchange for your commitment to continuously use a certain amount of Dataflow compute resources for a year or longer.

Dataform

Dataform is available in the africa-south1 region. For more information, see Locations.

Dialogflow

From March 18 to April 15, 2024 (new dates for the same migration announced earlier), for certain language tag and speech setting combinations, the Dialogflow CX and Dialogflow ES traffic with audio will gradually route away from the classic Speech-to-Text models behind the command_and_search, default, phone_call, and video model identifiers to the new conformer-based speech models.

If your Dialogflow agents have audio traffic and use one of the following language tags: en, en-us, en-au, en-gb, en-in, de, es, es-es, es-us, fr, fr-ca, fr-fr, it, ja, nl, pt-br, read more about Dialogflow CX speech model migration and Dialogflow ES speech model migration.

Error Reporting

Error Reporting can now analyze logs routed by project sinks to different projects than the source project. For more information, see Route logs to supported destinations.

Google Cloud Deploy

Cloud Deploy support for deploy automation is now generally available.

Google Cloud Marketplace Partners

If you've turned on Marketplace reports in Producer Portal, you now receive proactive email notifications from Google when reports are delayed, have inaccurate data, or have been regenerated. For steps to set up reports and receive these notifications, see Set up to receive reports.

Google Cloud VMware Engine

Google Cloud VMware Engine now leverages Cloud Logging to provide status updates about hardware health and VMware management components. The logs are available in Logs Explorer with the following log name:

  • projects/PROJECT_ID/logs/vmwareengine.googleapis.com%2Falerts

These logs are also available in the Google Cloud VMware Engine UI on the Dashboard in Logs.

Google Kubernetes Engine

Private clusters created on GKE versions 1.29.0-gke.1384000 and later use Private Service Connect (PSC) for nodes to privately communicate with the control plane. There is no price increase for using GKE private clusters running on PSC.

For private clusters created with a different GKE version, the clusters continue to use VPC Peering for node-to-control plane communication.

Secret Manager add-on for GKE is now available. With the add-on, you can access the secrets stored in Secret Manager as volumes mounted in Kubernetes Pods. The add-on is supported on Standard and Autopilot clusters versioned 1.29 and later. For more info, see Use Secret Manager add-on with GKE.

Opportunistic bursting and lower Pod minimums are now available on newly created GKE Autopilot clusters at version 1.29.2-gke.1060000 or later, and on existing clusters created at 1.26 or later that have been fully upgraded (including all nodes) to 1.29.2-gke.1060000 or later. To learn more, see Configure Pod bursting on GKE.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.3.3 (2024-03-03)

Bug Fixes

Go

Changes for pubsub/apiv1

1.37.0 (2024-03-07)

Features
Documentation
  • pubsub: Check for nil responses for receive examples (#9516) (6deb969)

Java

Changes for google-cloud-pubsub

1.127.1 (2024-03-04)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.38.0 (#1931) (357c901)
  • Update dependency com.google.cloud:google-cloud-core to v2.35.0 (#1936) (785e6d1)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.27.0 (#1937) (75e7e5e)

Python

Changes for google-cloud-pubsub

2.20.1 (2024-03-06)

Bug Fixes

2.20.0 (2024-03-05)

Features
  • Add include_recaptcha_script for as a new action in firewall policies (#1109) (54041a5)
Documentation
  • samples: Correct type and description of timeout parameter in subscriber quickstart (#1051) (141a473)

2.19.8 (2024-03-05)

Bug Fixes
  • deps: Exclude google-auth 2.24.0 and 2.25.0 (#1102) (165c983)

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.127.2 (2024-03-10)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.37.0 (#1938) (1435c4e)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.38.1 (#1944) (76317e1)
  • Update dependency com.google.cloud:google-cloud-storage to v2.35.0 (#1942) (989f7ba)
  • Update dependency com.google.cloud:google-cloud-storage to v2.35.0 (#1946) (b94989d)
SAP on Google Cloud

New SAP HANA certification: Hyperdisk Balanced usage with C3 machine types

For use with SAP HANA on Google Cloud, SAP has certified using Hyperdisk Balanced with c3-standard-44, and c3-highmem machine types with 44 vCPUs or more.

For more information, see:

Spanner

Table renaming is now generally available. This feature lets you rename tables in place or safely swap names using synonyms. For more information, see Manage table names.

March 08, 2024

Chronicle SOAR

Release 6.2.49 is now in General Availability.

Dataflow

Streaming jobs created after March 7, 2024 automatically encrypt all user data with customer-managed encryption keys (CMEK). To enable this encryption for jobs created before March 7, 2024, drain or cancel the job, and then restart it.

Dataproc Metastore

Dataproc Metastore now supports scheduled backups. Backups can be scheduled to run at user-specified cron job intervals, including running daily, weekly, or monthly.

Google Kubernetes Engine

For GKE versions later than 1.29.1-gke.1760000, the NEG, Ingress, L4 internal load balancer with subsetting, and L4 RBS controllers will skip processing the nodes missing the topology.kubernetes.io/zone label until the zone information is ready. The load balancer controllers will no longer block sync operations when a node is introduced without the label.

Managed ASM installation and node scaling fails on GKE Autopilot clusters on versions between 1.28.6-gke.1095000 and 1.28.7-gke.1025000 and on versions between 1.29.1-gke.1016000 and 1.29.1-gke.1781000. To mitigate this issue, upgrade the cluster to version 1.28.7-gke.1026000 or later, or 1.29.2-gke.1060000 or later.

With 2024-R07, clusters created in the Rapid channel are defaulting to an affected version. To avoid creating a cluster on an affected version, manually specify version 1.28.7-gke.1026000 or later, or 1.29.2-gke.1060000 or later when creating clusters in the Rapid channel.

Recommender

Recommendation Hub is a centralized page on Google Cloud that helps you view all of your recommendations in one place. We recently made improvements to the page, including enabling organization and folder-view of recommendations, custom sorting and filtering of recommendations, and more. For more information, see documentation

Vertex AI

Vertex AI Feature Store

The following features of Vertex AI Feature Store are now available in Preview:

  • Integration of Vertex AI Feature Store with Dataplex: Online store instances, feature views, and feature groups are now automatically registered as data assets in Data Catalog, a Dataplex feature that catalogs metadata from these resources. You can use the metadata search capability of Dataplex to search for and view the metadata of these resources. For more information, see Search for resource metadata in Data Catalog.

  • **Service account configuration for feature views: **You can configure a feature view to use a dedicated service account. By default, every feature view uses the service account configured for your project. For more information, see Configure the service account for a feature view.

  • Multiple entity IDs for a feature view: While creating or updating a feature view, you can specify multiple entity ID columns. For more information, see Create a feature view.

March 07, 2024

Chronicle SOAR

Release 6.2.50 is currently in Preview.

In the Entity Explorer page, Case Distribution has been renamed to Alert Distribution.

This change makes the information easier to understand. (ID #48941723)

Docker hub login is not needed and as such this instruction has been removed from the platform. (ID #49611790)

Users with a single character in their last name are unable to login (ID #49008785)

Alerts are being grouped into cases after the time specified in the platform.

Inline CSS with styles and classes are not supported in Insights. Note that Scripts are not supported for security reasons. (ID #00273271)

Custom integration settings: existing script dependencies don't show up (ID #49703871)

Unable to create new playbook blocks (ID #00275270)

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Configuration Manager API
    • config.googleapis.com/Deployment
Cloud Billing

Create your first budget with one click

You can now create your first budget and receive budget alerts in one step using the Create a budget alert panel on the Billing Overview page. The tool shows you recommended budget amounts based on your usage patterns, and you will receive alerts when your actual spend reaches 50%, 75%, 100%, and 150% of your selected budget. You can later edit these settings in the Manage budgets and alerts section.

Learn more about budgets.

Cloud Build

Cloud Build repositories (2nd gen) now supports integration with Bitbucket Cloud and Bitbucket Data Center. These features are generally available.

Cloud Logging

Log buckets in the africa-south1 region can now be upgraded to use Log Analytics. For more information, see Supported regions.

Cloud Monitoring

You can display events, such as the crash of a GKE pod, on your dashboards. This feature is now GA. This feature is available for dashboards managed by Cloud Monitoring, and for the observability dashboards managed by Compute Engine, Google Kubernetes Engine and Cloud Run.

Cloud Run

Charts on the metrics dashboard of Cloud Run services now display deployment events.

Container Optimized OS

cos-97-16919-450-26

Kernel Docker Containerd GPU Drivers
COS-5.10.208 v20.10.24 v1.6.21 v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.

Updated dev-libs/libxml2 to version 2.11.7. This fixes CVE-2024-25062.

Fixed CVE-2024-23851 in the Linux kernel.

Fixed CVE-2024-26581 in the Linux kernel.

Fixed CVE-2022-3566 in the Linux kernel.

Fixed CVE-2022-3567 in the Linux kernel.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.53
  • 2.0.61
  • 2.1.40
  • 2.2.0-RC13

Dataproc Serverless for Spark: Upgraded Cloud Storage connector to 2.2.20 version in the latest 1.1, 2.0, and 2.1 runtimes.

Google Cloud VMware Engine

Beginning mid-March 2024, the VMware Engine operations team will upgrade VMware components to newer versions. Users affected by this upgrade will receive an email with planned maintenance dates and times.

For details about the upgrade and steps to prepare, see Latest service annoucements.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-3611

For more information, see the GCP-2024-017 security bulletin.

Starting in GKE 1.29.2-gke.1035000, you can configure Identity-Aware Proxy (IAP) with Google Managed OAuth Client for load balancers configured through GKE Ingress. To learn more, see Ingress configuration on Google Cloud.

(2024-R07) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1360000
    • 1.26.13-gke.1052000
    • 1.29.0-gke.1381000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.

Rapid channel

  • Version 1.29.1-gke.1589017 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1537000
    • 1.26.14-gke.1006000
    • 1.27.11-gke.1018000
    • 1.28.6-gke.1456000
    • 1.29.0-gke.1381000
    • 1.29.1-gke.1589000
    • 1.29.2-gke.1060000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1570000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.

You can now preload data or container images in new nodes to get fast workload deployment and auto scaling. This feature is available in Preview starting from GKE version 1.28.3-gke.1067000.

(2024-R07) Version updates

(2024-R07) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1360000
    • 1.26.13-gke.1052000
    • 1.29.0-gke.1381000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1460000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1144000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.

(2024-R07) Version updates

  • Version 1.29.1-gke.1589017 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1537000
    • 1.26.14-gke.1006000
    • 1.27.11-gke.1018000
    • 1.28.6-gke.1456000
    • 1.29.0-gke.1381000
    • 1.29.1-gke.1589000
    • 1.29.2-gke.1060000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1570000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1044000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1062000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589017 with this release.

(2024-R07) Version updates

  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.11-gke.1055000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.11-gke.1055000 with this release.
Secret Manager

For more information, see Use Secret Manager add-on with Google Kubernetes Engine.

Sensitive Data Protection

The discovery service of Sensitive Data Protection now supports Cloud SQL. You can run discovery at the organization, folder, or project level to generate data profiles of your Cloud SQL tables. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.

To get started on profiling Cloud SQL data, see the following:

For more information about sensitive data discovery, see Data profiles.

VPC Service Controls

General availability support for the following integration:

Virtual Private Cloud

Internal ranges are available in General Availability. Internal ranges let you allocate blocks of private IP addresses in VPC networks and specify how those addresses can be used.

March 06, 2024

Access Approval

Access Approval supports Serverless VPC Access in the Preview stage.

Application Integration

Application Integration now supports config variables. Config variables let you to build CICD for your integration. This feature is in preview.

BigQuery

The INFORMATION_SCHEMA.WRITE_API_TIMELINE* views, containing per minute aggregated BigQuery Storage Write API ingestion statistics, are now generally available (GA).

Duet AI in BigQuery can now assist with Python code generation and code completion. This feature is in preview.

Channel Services

Partners selling Workspace can now use the BigQuery Export (Rebilling) feature to programmatically access their Workspace billing data. By setting up a BigQuery dataset and enabling the export, you can get billing data pushed to you as it becomes available, including Channel Service-specific identifiers, and any CRM IDs you may have configured for your customers.

You can use BigQuery to programmatically access your billing data, generate customer invoices, and perform Business Intelligence analysis. You can also create a Looker Studio Dashboard to provide cost management dashboards to your customers.

For Partners that sell both Google Cloud and Google Workspace, you can have all your billing data centralized with a unified BigQuery table schema.

Learn more in the following documentation:

Cloud Functions

Cloud Functions (1st gen) now supports custom service accounts for Cloud Build, at the Preview release level.

Container Optimized OS

cos-101-17162-386-37

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v20.10.24 v1.6.28 v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-24557 in app-emulation/docker.

Fixed CVE-2024-23851 in the Linux kernel.

cos-109-17800-147-28

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-23851 in the Linux kernel.

cos-105-17412-294-36

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v23.0.3 v1.7.10 v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-23851 in the Linux kernel.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.94-debian10, 2.0.94-rocky8, 2.0.94-ubuntu18
  • 2.1.42-debian11, 2.1.42-rocky8, 2.1.42-ubuntu20, 2.1.42-ubuntu20-arm
  • 2.2.8-debian12, 2.2.8-rocky9, 2.2.8-ubuntu22

Dataproc on Compute Engine: Upgraded Cloud Storage connector version to 2.2.20 for 2.0 and 2.1 images.

Dataproc on Compute Engine: Mounted Java cacerts into containers by default when the Docker-on-YARN feature is enabled.

Dialogflow

Vertex AI Conversation now supports the Dialogflow CX Messenger integration for preview.

Eventarc

Eventarc support for creating triggers for direct events from Batch is generally available (GA).

SAP on Google Cloud

Generally available: Guided Deployment Automation in Workload Manager for SAP

The Guided Deployment Automation tool in Workload Manager is generally available (GA). You can use this tool to configure and deploy supported SAP workloads directly from the Google Cloud console, or choose to generate and download the equivalent Terraform and Ansible code.

The GA launch adds support for custom OS images, Shared VPC configurations, and increased deployment customization.

For more information, see About Guided Deployment Automation.

Workload Manager

Generally Available: Workload Manager now supports deploying SAP workloads on Google Cloud. You can configure and deploy a SAP S/4HANA system using the Guided Deployment Automation tool in Workload Manager. For more information, see About Guided Deployment Automation.

reCAPTCHA Enterprise

reCAPTCHA Enterprise for WAF integration with Cloudflare is now available in Preview. For more information, see Integrate reCAPTCHA Enterprise for WAF with Cloudflare .

March 05, 2024

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Backup for GKE

Backup for GKE is now available in three new regions: africa-south1, europe-west10, and us-west8.

Cloud Composer

Cloud Composer 2.6.3 release was rolled back. If you have an environment that was created with a composer-2.6.3-airflow-* image, you can later upgrade it to a newer version.

Cloud Run

You can now apply minimum instance configuration at the service level (in Preview).

Cloud SQL for MySQL

You can now upgrade network architecture for your HA-enabled instances in a region, even if you have multiple instances in your network and region. For more information, see Upgrade an instance to the new network architecture.

Cloud SQL for PostgreSQL

You can now upgrade network architecture for your HA-enabled instances in a region, even if you have multiple instances in your network and region. For more information, see Upgrade an instance to the new network architecture.

Cloud SQL for SQL Server

You can now upgrade your Cloud SQL instances to use the new network architecture to get additional capabilities not available in the old network architecture. For more information, see Upgrade an instance to the new network architecture.

Dialogflow

Vertex AI Conversation generative agent creation with playbooks is now available for public preview. Try it by following the quickstart.

Firestore in Datastore mode

You can now use the Firestore emulator to test Firestore in Datastore mode behavior. Use gcloud emulators firestore start with --database-mode=datastore-mode.

Identity and Access Management

To improve performance, we've removed the ability to expand abbreviated permissions in the predefined roles table. You can still filter the predefined roles table based on the full list of permissions included in a role.

Vertex AI

Create an empty index with Vector Search

You can create an empty index in Vector Search for batch and for streaming. No embedding data is required at index creation time, which enables faster startup time. To learn more, see Manage indexes.

Vertex AI Search and Conversation

Vertex AI Search: Watch time duration objective for media recommendations apps

When you create a media recommendations app, you can select watch duration per session as a business objective. Optimizing for watch duration per session maximizes the duration of media consumption.

For more information, see Watch duration per session.

March 04, 2024

AlloyDB for PostgreSQL

You can now use Key Access Justifications when working with external CMEK keys. This lets you view and manage external key access requests.

Anthos Service Mesh

Managed Anthos Service Mesh 1.18 has completed its rollout in the rapid channel. See Managed Anthos Service Mesh release channels for more information.

Anti Money Laundering AI

AML AI has improved handling of supplementary risk indicators included in your datasets. This includes:

  • Release of new engine versions within both v003 and v004, improving usability of party supplementary data. You can now use letters, numbers, and underscores for the party supplementary data ID.
  • Addition of new data validations for party supplementary data IDs.

Save time and cost when adopting new EngineVersions:

  • For new engine versions, including versions in v003 and v004, you can now inherit hyperparameters from an existing engine config instead of re-tuning. This leads to quicker creation, and there are no additional costs for tuning.
  • All of your existing engine versions can be used as a source for inheriting hyperparameters.
  • See Configure an Engine to find out more about how this works.
Apigee Advanced API Security

On March 4, 2024 we released an updated version of Advanced API Security.

New conditions for security actions

You can now create security actions based on the following condition types (in addition to the condition types for Detection rules and IP addresses that were already available):

  • API keys
  • API products
  • Access tokens
  • Developers
  • Developer apps
  • User agents

These new conditions are not available with Apigee hybrid at this time.

See Create a security action to learn more.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.5.0 (2024-02-21)

Features

You can now selectively refresh the metadata cache for BigLake tables by using the BQ.REFRESH_EXTERNAL_METADATA_CACHE system procedure. This feature is generally available (GA).

Cloud SQL for PostgreSQL

The new maintenance version listed in the February 7th entry for PostgreSQL extensions, flags, minor versions, extension versions, and plugin versions is [PostgreSQL version].R20240130.00_05.

Dataproc

Dataproc Serverless for Spark: Extended Spark metrics collected for a batch now include executor:resultSize, executor:shuffleBytesWritten, and executor:shuffleTotalBytesRead.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-ndb

2.3.0 (2024-03-01)

Features
  • Add field information when raising validation errors. (#956) (17caf0b)
  • Add Python 3.12 (#949) (b5c8477)
  • Add support for google.cloud.ndb.version (#929) (42b3f01)
  • Add support for server side NOT_IN filter. (#957) (f0b0724)
  • Allow queries using server side IN. (#954) (2646cef)
  • Introduce compatibility with native namespace packages (#933) (ccae387)
  • Use server side != for queries. (#950) (106772f)
Bug Fixes
  • Compressed repeated to uncompressed property (#772) (dab9edf)
  • Repeated structured property containing blob property with legacy_data (#817) (#946) (455f860)
Documentation
Google Cloud Architecture Center Google Cloud Deploy

Cloud Deploy support for custom targets is now generally available.

Google Cloud Marketplace Partners

When you create a new private offer, or replace an existing private offer, you select a payment frequency for how your customer is charged. This can be monthly, quarterly, annually, or custom. For more information, visit Payment frequency for private offers.

Google Distributed Cloud Virtual for Bare Metal

Release 1.28.200-gke.118

GKE on Bare Metal 1.28.200-gke.118 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.28.200-gke.118 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Fixes:

  • Fixed an issue where upgrades are blocked because cluster-operator can't delete stale, failing preflight check resources.

Fixes:

The following container image security vulnerabilities have been fixed in 1.28.200-gke.118:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Release 1.15.10

GKE on Bare Metal 1.15.10 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.15.10 runs on Kubernetes 1.26.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

GKE on Bare Metal version 1.15.10 and later has been qualified on and supports Red Hat Enterprise Linux (RHEL) version 8.9.

Fixes:

The following container image security vulnerabilities have been fixed in 1.15.10:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Kubernetes Engine

NVIDIA H100 (80 GB) GPUs are now available in GKE Autopilot mode in versions 1.28.6-gke.1369000 or later, and 1.29.1-gke.1575000 or later.

GPU workloads running in Autopilot mode can now be configured using the Accelerator Compute Class. This configuration supports resource reservations, Compute Engine committed use discounts, and a new pricing model in GKE versions 1.28.6-gke.1095000 and later, and 1.29.1-gke.1143000 and later.

(2024-R06) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

  • There are no new releases in the Regular release channel.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1460000
    • 1.26.13-gke.1144000
    • 1.27.10-gke.1207000
    • 1.28.6-gke.1369000
    • 1.29.1-gke.1575000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1018000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1018000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589000 with this release.

(2024-R06) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1460000
    • 1.26.13-gke.1144000
    • 1.27.10-gke.1207000
    • 1.28.6-gke.1369000
    • 1.29.1-gke.1575000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.24 to version 1.25.16-gke.1537000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.14-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.11-gke.1018000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.11-gke.1018000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1589000 with this release.

(2024-R06) Version updates

(2024-R06) Version updates

(2024-R06) Version updates

  • There are no new releases in the Regular release channel.
Migrate to Virtual Machines

Preview: Migrate to Virtual Machines lets you import a virtual disk image to a Compute Engine image. If you have virtual disk images with software and configurations that you need, you can save time by importing these virtual disk images to Compute Engine images, and use this image to create virtual machine instances or persistent disks.

Generally available: You can now use Customer-Managed Encryption Keys (CMEK) in Migrate to Virtual Machines to do the following:

  • Protect data stored by Migrate to Virtual Machines during the migration process.
  • Protect data of the migrated VMs created by clone and cut-over operations for all sources - AWS, Azure, and VMware.
Network Intelligence Center

Network Analyzer now includes an insight that gives a summary of the IP address utilization of all the Private Service Access ranges. This insight is also available in Recommender API. For more information, see PSA IP address utilization summary.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.36.2 (2024-02-28)

Bug Fixes
  • pubsub: Fix out of order issue when exactly once is enabled (#9472) (e89fd6c)
Documentation
  • pubsub: Small fix in Pub/Sub ingestion comments (a86aa8e)

Java

Changes for google-cloud-pubsub

1.127.0 (2024-02-28)

Features
  • Add an API method for reordering firewall policies (#1868) (2039f7e)
  • Add universe domain support for Java (#1904) (1e316d3)
  • Next release from main branch is 1.126.0 (#1933) (255d8bc)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.37.2 (#1918) (b8846f9)
  • Update dependency com.google.cloud:google-cloud-storage to v2.34.0 (#1917) (4a7d6b9)
  • Update dependency com.google.protobuf:protobuf-java-util to v3.25.3 (#1919) (4bf13bb)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#1923) (cd704bd)

Python

Changes for google-cloud-pubsub

2.19.7 (2024-02-24)

Bug Fixes
  • deps: Require google-api-core&gt;=1.34.1 (#1080) (1a5a134)
Sensitive Data Protection

A new detection model is available for the LOCATION infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version to latest when including the LOCATION infoType in your InspectConfig.

You can still use the old model by setting InfoType.version to stable or leaving it unset when using the LOCATION infoType. In 30 days, the new model will be promoted to stable.

Spanner

Spanner now supports a new client library interface. The new interface leverages auto-generated admin clients instead of hand-written admin clients for improved efficiency and maintainability. While the older client library interface remains supported, all new Spanner admin features released after March 1, 2024 will be available exclusively through the new client library interface. All code samples in the Spanner documentation are updated to use the new client library interface. The older client interface code samples are archived in GitHub for Java, Node.js, Python, and PHP.

Vertex AI

Vertex AI Prediction

You can now use A3 machine types to serve predictions.

Workflows

An issue that allowed jumps in or out of parallel branches, parallel loops, and for loops is resolved. Only these jumps are allowed:

February 29, 2024

AlloyDB for PostgreSQL

AlloyDB AI is now generally available (GA).

AlloyDB Omni version 15.5.0 is now available. This version includes the following features and changes:

  • When installing AlloyDB Omni using its command-line tool, you can now specify the TCP port that the instance accepts connections on.
  • Automated failover for highly available (HA) Kubernetes-based clusters is available in Preview.
  • The following extensions are updated:
    • Updated pg_cron to version 1.6.
    • Updated pg_repack to version 1.5.0.
    • Updated pgfincore to version 1.3.1.
    • Updated pglogical to version 2.4.4.
    • Updated pgvector to version 0.5.1.
  • The following extensions are now included:
    • Added autoinc version 1.0.
    • Added insert_username version 1.0.
    • Added moddatetime version 1.0.
    • Added tcn version 1.0.
  • Updated core PostgreSQL compatibility to version 15.5.
  • Applied security fix CVE-2024-0985 from PostgreSQL.
  • Various bug fixes and performance improvements.

The return value of the embedding() function of google_ml_integration has changed. The embedding() function now returns an array of REAL values, and not a VECTOR value. This allows you to install and use the extension without the requirement of installing pgvector as well.

If you wrote application code that uses embedding() during the Preview of AlloyDB AI, then you might need to update it to add explicit casting from the REAL[] data type to the VECTOR data type. For more information, see Work with vector embeddings.

A revised quickstart helps you install and run AlloyDB Omni on a Debian or Ubuntu system using a handful of commands.

BigQuery

The following BigQuery cross-cloud features are now generally available (GA):

The consolidated SQL translator API combines the interactive and batch translator into a single workflow, improving the efficiency and stability of your translation jobs created using the API. This feature is available in preview.

Data Catalog

Data Catalog is now available in the Frankfurt (aws-eu-central-1), Sydney (aws-ap-southeast-2) and Washington (azure-westus2) regions. For more information on region and feature availability, see regions.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.52
  • 2.0.60
  • 2.1.39
  • 2.2.0-RC12
Document AI

The Custom Extractor supports three levels of nesting so you can easily extract structured data from complex documents and tables (earnings reports, tax forms, invoices, resumes, etc.). Learn how to use three levels of nesting.

The Custom Extractor with generative AI is now available in the asia-southeast1 (Singapore) regions. For more information, see Custom processors.

See the model type, generative or custom, powering a Custom Extractor processor version by getting the model type from the processorVersions API.

Google Distributed Cloud Virtual for VMware

GKE on VMware 1.16.6-gke.40 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.16.6-gke.40 runs on Kubernetes v1.27.8-gke.1500.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

The following issues are fixed in1.16.6-gke.40:

  • Fixed the known issue that caused kubelet to be flooded with logs stating that /etc/kubernetes/manifests does not exist on the worker nodes.
  • Fixed the known issue that caused a preflight check to fail when the hostname isn't in the IP block file.
  • Fixed the manual load balancer issue where the IngressIP is overwritten with the Spec.LoadBalancerIP even if it is empty.
  • Fixed the known issue where a 1.15 user master machine encountered an unexpected recreation when the user cluster controller was upgraded to 1.16.

The following vulnerabilities are fixed in1.16.6-gke.40:

Memorystore for Redis

Added support for vector store and vector search capabilities (Preview). For more details, see About vector search.

Security Command Center

Security Command Center API v2 released to Preview

The Security Command Center API v2, which enables data residency control and includes the /locations/LOCATION field in resource names, is released to Preview.

For more information, see the REST reference Security Command Center API Overview.

Data residency for Security Command Center release to Preview

Security Command Center data residency control is released to Preview. Security Command Center supports the following data locations:

  • European Union (eu)
  • United States (us)
  • Global (global)

For more information, see Data residency.

Spanner

Spanner regional endpoint is now available in me-central2. You can use regional endpoints if your data location must be restricted and controlled to comply with regulatory requirements. For more information, see Global and regional service endpoints.

February 2024 Client libraries release note

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.56.0 (2024-01-30)

Features
  • spanner/admin/database: Add proto descriptors for proto and enum types in create/update/get database ddl requests (97d62c7)
  • spanner/spansql: Add support for CREATE VIEW with SQL SECURITY DEFINER (#8754) (5f156e8)
  • spanner: Add FLOAT32 enum to TypeCode (97d62c7)
  • spanner: Add max_commit_delay API (af2f8b4)
  • spanner: Add proto and enum types (00b9900)
  • spanner: Add SelectAll method to decode from Spanner iterator.Rows to golang struct (#9206) (802088f)

1.57.0 (2024-02-13)

Features
  • spanner: Add OpenTelemetry implementation (#9254) (fc51cc2)
  • spanner: Support max_commit_delay in Spanner transactions (#9299) (a8078f0)
Bug Fixes
  • spanner: Enable universe domain resolution options (fd1d569)
  • spanner: Internal test package should import local version (#9416) (f377281)
  • spanner: SelectAll struct fields match should be case-insensitive (#9417) (7ff5356)
  • spanner: Support time.Time and other custom types using SelectAll (#9382) (dc21234)
Documentation
  • spanner: Update the comment regarding eligible SQL shapes for PartitionQuery (e60a6ba)

Java

Changes for google-cloud-spanner

6.57.0 (2024-01-29)

Features
  • Add FLOAT32 enum to TypeCode (#2800) (383fea5)
  • Add support for Proto Columns (#2779) (30d37dd)
  • spanner: Add proto descriptors for proto and enum types in create/update/get database ddl requests (#2774) (4a906bf)
Bug Fixes
  • Remove google-cloud-spanner-executor from the BOM (#2844) (655000a)
Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.22.0 (#2785) (f689f74)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.23.0 (#2801) (95f064f)
Documentation

6.58.0 (2024-02-08)

Features
  • Open telemetry implementation (#2770) (244d6a8)
  • spanner: Support max_commit_delay in Spanner transactions (#2854) (e2b7ae6)
  • Support Directed Read in Connection API (#2855) (ee477c2)
Bug Fixes
Dependencies
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.24.0 (#2856) (968877e)

6.59.0 (2024-02-15)

Features
  • Support public methods to use autogenerated admin clients. (#2878) (53bcb3e)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.25.0 (#2888) (8e2da51)
Documentation
  • README for OpenTelemetry metrics and traces (#2880) (c8632f5)
  • Samples and tests for database Admin APIs. (#2775) (14ae01c)

6.60.0 (2024-02-21)

Features
  • Add an API method for reordering firewall policies (62319f0)
  • spanner: Add field for multiplexed session in spanner.proto (62319f0)
  • Update TransactionOptions to include new option exclude_txn_from_change_streams (#2853) (62319f0)
Bug Fixes
  • Add ensureDecoded to proto type (#2897) (e99b78c)
  • spanner: Fix write replace used by dataflow template and import export (#2901) (64b9042)
Dependencies
  • Update dependency com.google.cloud:google-cloud-trace to v2.36.0 (#2749) (51a348a)
Documentation
  • Update comments (62319f0)
  • Update the comment regarding eligible SQL shapes for PartitionQuery (62319f0)

6.60.1 (2024-02-23)

Dependencies
  • Update dependency com.google.cloud:google-cloud-monitoring to v3.37.0 (#2920) (a3441bb)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.0 (#2861) (a652c3b)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#2919) (8800a28)
  • Update dependency org.json:json to v20240205 (#2913) (277ed81)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.2 (#2868) (71a65ec)
  • Update opentelemetry.version to v1.35.0 (#2902) (3286eae)

Node.js

Changes for @google-cloud/spanner

7.3.0 (2024-02-08)

Features
Bug Fixes
  • deps: Update dependency google-gax to v4.1.0 (#1981) (2a36150)
  • deps: Update dependency google-gax to v4.2.0 (#1988) (005589a)
  • deps: Update dependency google-gax to v4.2.1 (#1989) (d2ae995)
  • deps: Update dependency google-gax to v4.3.0 (#1990) (e625753)

7.4.0 (2024-02-23)

Features
  • spanner: Add PG.OID support (#1948) (cf9df7a)
  • Untyped param types (#1869) (6ef44c3)
  • Update TransactionOptions to include new option exclude_txn_from_change_streams (#1998) (937a7a1)
Bug Fixes

Python

Changes for google-cloud-spanner

3.42.0 (2024-01-30)

Features
  • Add FLOAT32 enum to TypeCode (5b94dac)
  • Add max_commit_delay API (#1078) (ec87c08)
  • Add proto descriptors for proto and enum types in create/update/get database ddl requests (5b94dac)
  • Fixing and refactoring transaction retry logic in dbapi. Also adding interceptors support for testing (#1056) (6640888)
  • Implementation of run partition query (#1080) (f3b23b2)
Bug Fixes
  • Few fixes in DBAPI (#1085) (1ed5a47)
  • Small fix in description when metadata is not present in cursor's _result_set (#1088) (57643e6)
  • spanner: Add SpannerAsyncClient import to spanner_v1 package (#1086) (2d98b54)
Documentation
  • Samples and tests for auto-generated createDatabase and createInstance APIs. (#1065) (16c510e)
Vertex AI

Vector Search feature launch

Update streaming index metadata: With this launch, you can directly update restricts and numeric restricts of data points inside StreamUpdate indexes without the compaction cost of a full update. To learn more, see Update dynamic metadata.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.5.0-beta01 is now available for iOS.

This version contains the following changes:

  • The new minimum iOS version is iOS 12.
  • New exception type is added for devices without a network connection: NO_NETWORK_FOUND.

February 28, 2024

AlloyDB for PostgreSQL

AlloyDB now supports the use of Google Cloud tags on cluster and backup resources. Tags are key-value pairs you can apply to your resources for granular IAM permissions. To learn more, see Organize resources using tags. To use tags now, see Attach and manage tags on AlloyDB resources.

Anti Money Laundering AI

Added a new engine version page so you can keep track of the latest engine version releases.

Backup and DR

Backup and DR Service is now integrated with Cloud Monitoring. You can analyze metrics and set custom email alerts. Learn more.

Backup and DR Service has added a new reporting system based on the built-in Google Cloud services: Cloud Monitoring, Cloud Logging, and BigQuery. Learn more.

You can now view prebuilt reports in BigQuery. Learn more.

You can now view comprehensive job related reporting data through backup and recovery job logs in Cloud Logging. Learn more.

BigQuery

Materialized views can now reference logical views. This feature is in preview.

The ability to perform anomaly detection with BigQuery ML multivariate time series (ARIMA_PLUS_XREG) models is now in preview. This feature enables you to detect anomalies in historical time series data or in new data with multiple feature columns. Try this new feature by using the Perform anomaly detection with a multivariate time-series forecasting model tutorial.

The following statements are now generally available (GA) with billing enabled:

  • CREATE TABLE AS SELECT
  • CREATE TABLE IF NOT EXISTS AS SELECT
  • CREATE OR REPLACE TABLE AS SELECT
  • INSERT INTO SELECT

These statements let you filter data from files in Amazon S3 and Azure Blob Storage before transferring results into BigQuery tables.

Cloud Composer

Cloud Composer 2.6.3 release started on February 28, 2024. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet

(Cloud Composer 2 in select regions) Cloud Composer shows the account selection and consent screens when opening Airflow UI for an environment.

If you have the "Don't allow users to access any third-party apps" setting enabled in Google Workspace, then configure access to the "Apache Airflow in Cloud Composer" app in Google Workspace, so that your Google Workspace users can still access Airflow UI in Cloud Composer environments. For more information, see Allow access to Airflow UI in Google Workspace.

(Cloud Composer 2 in select regions) Reduced the propagation time of the revoked Cloud IAM permission that blocks access to Airflow UI.

In new environments with Airflow 2.6.3, the default values of the following Airflow configuration options are changed to provide more optimized Cloud Composer environments:

  • [scheduler]job_heartbeat_sec to 30
  • [scheduler]scheduler_heartbeat_sec to 15

Fixed a problem where the IAM policy of a custom environment's bucket is replaced when an environment is created.

The apache-airflow-providers-google package is upgraded to version 10.15.0 in images with Airflow 2.6.3. For more information about changes, see the apache-airflow-providers-google changelog from version 10.14.0 to version 10.15.0.

Cloud Composer 2.6.3 images are available:

  • composer-2.6.3-airflow-2.6.3 (default)
  • composer-2.6.3-airflow-2.5.3
Confidential Space

Data collaborators can now check if memory monitoring is enabled on a Confidential VM running a Confidential Space workload.

A new Confidential Space image (240200) is now available. This image provides support for data collaborators to add memory monitoring as part of their attestation assertions.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.93-debian10, 2.0.93-rocky8, 2.0.93-ubuntu18
  • 2.1.41-debian11, 2.1.41-rocky8, 2.1.41-ubuntu20, 2.1.41-ubuntu20-arm
  • 2.2.7-debian12, 2.2.7-rocky9, 2.2.7-ubuntu22

Dataproc on Compute Engine: The new Secret Manager credential provider feature is available in the latest 2.1 image versions.

Dataproc on Compute Engine:

  • Upgraded Zookeeper to 3.8.3 for Dataproc 2.2.
  • Upgraded ORC for Hive to 1.15.13 for Dataproc 2.1.
  • Upgraded ORC for Spark to 1.7.10 for Dataproc 2.1.
  • Extended expiry for the internal Knox Gateway certificate from one year to five years from cluster creation for Dataproc images 2.0, 2.1, and 2.2.

Dataproc on Compute Engine: Fixed ZooKeeper startup failures in image 2.2 HA (High Availability) clusters that use fully qualified hostnames.

Deep Learning VM Images

M117 release

  • Added the CUDA version (CUDA 11.8) to the TensorFlow 2.12, 2.13, and 2.14 image names and image family names. For example, tf-2-12-gpu is renamed tf-2-12-cu118.
Google Cloud Architecture Center

(New guide) Configure networks for FedRAMP and DoD in Google Cloud: Provides configuration guidance to help you comply with design requirements for FedRAMP High and DoD IL2, IL4, and IL5 when you deploy Google Cloud networking policies.

(New guide) Infrastructure for a RAG-capable generative AI application using Vertex AI: Design infrastructure to run a generative AI application with retrieval-augmented generation (RAG) to help improve the factual accuracy and contextual relevance of LLM-generated content.

Google Cloud VMware Engine

Beginning on March 12, 2024, the VMware Engine operations team will perform essential maintenance of the network infrastructure to improve equipment robustness and apply security patches. Users affected by this upgrade will receive an email with planned maintenance dates and times.

For details about the upgrade and steps to prepare, see Service annoucements.

Google Kubernetes Engine

The Performance Compute Class, designed for running whole-machine CPU workloads, is available in Autopilot mode from versions 1.28.6-gke.1369000 and 1.29.1-gke.1575000 and later.

SAP on Google Cloud

Disk snapshot based backup and recovery for SAP HANA

From version 3.0, you can use the disk snapshot feature of Google Cloud's Agent for SAP to perform backup and recovery operations for SAP HANA systems running on Google Cloud.

For more information, see Disk snapshot based backup and recovery for SAP HANA.

Security Command Center

Virtual Machine Threat Detection, a built-in service of Security Command Center Premium, has launched a new detector, Defense Evasion: Rootkit, in Preview.

The detector monitors virtual machines and generates a finding if a combination of signals matching a known kernel-mode rootkit is present.

For more information, see Virtual Machine Threat Detection overview.

Vertex AI Search and Conversation

Vertex AI Search: Add metadata to your web index (Public preview)

If advanced website indexing is enabled in your data store, you can add metadata to the data store schema to enrich your indexing.

For more information, see Add metadata for advanced site indexing.

Vertex AI Search: Automatic web page refresh (Public preview)

With advanced website indexing, Vertex AI Search performs conditional, automatic refresh.

For more information, see Refresh web pages.

Vertex AI Search: Apply tuned search to some queries (Public preview)

You can specify whether you want a query to use the tuned search model or the non-tuned search model. This is particularly helpful for testing the difference between the two versions of the model.

Previously, the tuned search model was enabled (or disabled) for all queries against the data store.

For more information, see Test tuned search and use it for individual search queries.

Vertex AI Search: Access controlled data sources (Public preview)

Access control for BigQuery, Cloud Storage, and Confluence data is available in Public preview. This feature allows you to limit the data that users can view in your search app's results. Google uses your identity provider to identify the end user performing a search and determine if they have access to the documents that are returned as results. Google Identity and third-party identity provider federation are supported.

For more information, see Use data source access control.

Vertex AI Search: Blended search (Public preview)

Blended search, where multiple data stores can be connected to a single generic search app, is available in Public preview. This feature allows you to use one generic search app to search across multiple sources and types of data.

For more information, see About connecting multiple data stores.

Vertex AI Search: Search analytics (GA)

Search analytics are GA for global data stores. For data stores in US and EU multi-regions, viewing analytics is in Public Preview.

For more information, see View analytics.

Vertex AI Workbench

M117 release

The M117 release of Vertex AI Workbench instances includes the following:

  • Removed the Cloud Storage browser in the left side pane in favor of the existing Mount shared storage button.

February 27, 2024

AlloyDB for PostgreSQL

You can now use Automatic IAM Authentication with the AlloyDB Language Connectors (Preview) to connect to your cluster. For more information, see Connect using the AlloyDB Language Connectors.

BigQuery

You can now use time series and range functions to support time series analysis. This feature is in preview.

You can now use data manipulation language (DML) statements to efficiently delete entire partitions. If a DELETE statement targets all rows in a partition, then the entire partition is deleted without scanning bytes or consuming slots. This feature is now generally available (GA).

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Colab Enterprise

VPC Service Controls has general availability support in Colab Enterprise.

For more information, see Use VPC Service Controls.

Container Optimized OS

cos-101-17162-386-33

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v20.10.24 v1.6.28 v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Updated app-emulation/containerd to 1.6.28.

Upgraded net-misc/curl to version 8.6.0. This fixes CVE-2024-0853.

Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.

Fixed CVE-2024-26581 in the Linux kernel.

Fixed CVE-2022-3566 in the Linux kernel.

Fixed CVE-2022-3567 in the Linux kernel.

Fixed CVE-2024-1086 in the Linux kernel.

cos-109-17800-147-22

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.9 v1.7.13 v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Upgraded Docker to v24.0.9. This fixes CVE-2024-24557.

Fixed CVE-2024-0684 in sys-apps/coreutils.

Fixed CVE-2024-26581 in the Linux kernel.

cos-105-17412-294-34

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v23.0.3 v1.7.10 v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-26581 in the Linux kernel.

Dataflow

Dataflow now supports at-least-once streaming mode. You can use this mode to achieve lower latency and reduced costs for workloads that can tolerate duplicate records. This feature is generally available (GA). For more information, see Set the pipeline streaming mode.

Google Cloud VMware Engine

Purchasing commitments for node types is now generally available. For more information, see Purchasing commitments for node types.

Google Distributed Cloud Virtual for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

GKE on VMware 1.15.9-gke.20 is now available. To upgrade, see Upgrading GKE on VMware. GKE on VMware 1.15.9-gke.20 runs on Kubernetes v1.26.10-gke.2000.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

Sensitive Data Protection

An improvement was made in the way Sensitive Data Protection calculates the predicted infoType of the data that it profiles. The service now considers correlations between the detected infoTypes, where one infoType is a subset of another. For more information, see Predicted infoType.

For more information about data profiling, see Data profiles.

VPC Service Controls

General availability support for the following integration:

Preview stage support for the following integration:

February 26, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-0193

For more information, see the GCP-2024-013 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-6932

For more information, see the GCP-2024-011 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-6931

For more information, see the GCP-2024-010 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-6817

For more information, see the GCP-2024-004 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-0193

For more information, see the GCP-2024-013 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-6932

For more information, see the GCP-2024-011 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-6931

For more information, see the GCP-2024-010 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

  • CVE-2023-6817

For more information, see the GCP-2024-004 security bulletin.

App Engine flexible environment Go

Go 1.22 is now available in preview.

App Engine flexible environment Java App Engine flexible environment PHP App Engine standard environment Go

Go 1.22 is now available in preview.

App Engine standard environment Java App Engine standard environment PHP BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.38.0 (2024-02-22)

Features
  • Add MetadataCacheStatistics to Job QueryStatistics (#3133) (f3f387b)
Dependencies
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240211-2.0.0 (#3152) (e5d6888)
  • Update github/codeql-action action to v2.24.3 (#3148) (a0a7b01)
  • Update github/codeql-action action to v2.24.3 (#3150) (042fcf0)
  • Update github/codeql-action action to v2.24.4 (#3161) (531b1a0)

The BigQuery Data Transfer Service can now transfer data from the following data sources:

Transfers from these data sources are supported in preview.

The following SQL features are now generally available (GA):

The GROUP BY ALL clause, which groups rows by inferring grouping keys from the SELECT items, is now in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.34.0 (2024-02-21)

Features
  • Add the export logic for per-connection error rate metric (#2121) (d053f2d)
  • Create the backbone of counting errors per connection each minute. (#2094) (7d27816)
Dependencies
  • Update actions/setup-java action to v4 (#2106) (a694296)
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.30.0 (#2126) (f613bd0)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.25.0 (#2113) (ba1973e)
  • Update dependency com.google.truth.extensions:truth-proto-extension to v1.4.1 (#2119) (0a7ad66)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.1 (#2122) (99ec284)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#2123) (12d961a)
Buildpacks

Starting in Go version 1.22 and later, you can no longer use GOPATH for installing dependencies. To manage dependencies, you use a go.mod file. For more information about Go versions, and managing dependencies for vendor directories, see GOPATH and Modules in Go documentation.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • GKE Hub
    • gkehub.googleapis.com/Fleet
    • gkehub.googleapis.com/Scope
    • gkehub.googleapis.com/Namespace
    • gkehub.googleapis.com/MembershipBinding
    • gkehub.googleapis.com/RBACRoleBinding
  • AI Platform
    • aiplatform.googleapis.com/NotebookRuntime
    • aiplatform.googleapis.com/NotebookRuntimeTemplate
Cloud Composer

Starting February 27, 2024, in the us-central1, europe-west1, europe-west2, europe-west3, europe-west6, us-east1, and us-east4 regions it is possible to create new Cloud Composer 1 environments only in projects that already have Cloud Composer 1 environments.

In all other existing or newly created projects in these regions, it is possible to create only Cloud Composer 2 environments. This change is a part of the preparation for Cloud Composer 1 end of support, as communicated earlier and described in the Versioning overview.

Cloud Functions

Cloud Functions now supports the PHP 8.3 and Java 21 runtimes at the General Availability release level for 2nd gen functions.

Cloud Functions now supports the Go 1.22 runtime at the Preview release level.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.16.0 (2024-02-20)

Features
  • Add an API method for reordering firewall policies (#1538) (9cd6b96)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.25.0 (#1535) (7fde779)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.0 (#1528) (b3e4f9b)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.0 (#1456) (f27713e)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.1 (#1542) (af784bc)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.2 (#1530) (20981dc)
Confidential VM

Live migration is now available on new Confidential VM instances that meet the following configuration criteria:

  • An N2D machine type with AMD EPYC Milan CPU platform

  • AMD SEV Confidential Computing technology

  • An operating system image that supports live migration

Dataform

Dataform is available in the us-south1 region. For more information, see Locations.

Eventarc

Eventarc is available in the us-west8 (Phoenix, Arizona, North America) region.

Google Distributed Cloud Virtual for VMware

GKE on VMware 1.28.200-gke.111 is now available. To upgrade, see Upgrading Anthos clusters on VMware. GKE on VMware 1.28.200-gke.111 runs on Kubernetes v1.28.4-gke.1400.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on VMware.

The following issues are fixed in 1.28.200-gke.111:

  • Fixed the known issue that caused a preflight check to fail when the hostname isn't in the IP block file.
  • Fixed the known issue where the storage policy field is missing in the admin cluster configuration template.
  • Fixed the manual load balancer issue where the IngressIP is overwritten with the Spec.LoadBalancerIP even if it is empty.
  • Fixed the issue that preflight jobs might be stuck in the pending state.
  • Fixed the known issue where nfs-common is missing from the Ubuntu OS image.

The following vulnerabilities are fixed in 1.28.200-gke.111:

Google Kubernetes Engine

This note was updated on March 20, 2024. The links to the security bulletins related to CVE-2024-0193 and CVE-2023-3610 have been updated.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-0193

For more information, see the GCP-2024-012 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-3610

For more information, see the GCP-2024-013 security bulletin.

GKE now supports Gemma (2B, 7B), Google's new state-of-the-art open models. To learn more, refer to the following guides:

Deployment to GKE is also supported via Vertex AI Model Garden as part of our Hugging Face, Vertex AI, and GKE integration.

Migrate to Virtual Machines

Generally available: Migrate to Virtual Machines lets you migrate virtual machine (VM) disks to Persistent Disk volumes on Google Cloud. The migrated disks can be attached to a new VM during the migration process, or an existing VM after the migration is complete.

Policy Intelligence

The IAM recommender offers role recommendations for BigQuery datasets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.19.6 (2024-02-23)

Bug Fixes

2.19.5 (2024-02-22)

Bug Fixes
Spanner

The following GoogleSQL JSON functions are now generally available (GA):

  • LAX_BOOL: Attempts to convert a JSON value to a SQL BOOL value.
  • LAX_FLOAT64: Attempts to convert a JSON value to a SQL FLOAT64 value.
  • LAX_INT64: Attempts to convert a JSON value to a SQL INT64 value.
  • LAX_STRING: Attempts to convert a JSON value to a SQL STRING value.
  • BOOL: Converts a JSON boolean to a SQL BOOL value.
  • FLOAT64: Converts a JSON number to a SQL FLOAT64 value.
  • INT64: Converts a JSON number to a SQL INT64 value.
  • STRING: Converts a JSON string to a SQL STRING value.
  • JSON_TYPE: Gets the JSON type of the outermost JSON value and converts the name of this type to a SQL STRING value.
Text-to-Speech

Studio voices are now GA.

Casual voices are now in preview.

Vertex AI

Structured logging support for Vertex AI custom training. For details, see Write code to return container logs.

Ground Multimodal Models

Model grounding for gemini-pro is available in Preview. Use grounding to connect the gemini-pro model to unstructured text data stores in Vertex AI Search. Grounding lets models access and use the information in the data repositories to generate more enhanced and nuanced responses. For more information, see Ground multimodal models.

Vertex AI Search and Conversation

Vertex AI Search: Use Terraform to create search apps

You can use Terraform to create search apps for your Vertex AI Search.

For information, see Create a search app.

Virtual Private Cloud

The VPC documentation has been updated with a new page that describes which services in Google Cloud include support for IPv6. For more information, see IPv6 support in Google Cloud.

February 24, 2024

Google Distributed Cloud Virtual for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-0193

For more information, see the GCP-2024-013 security bulletin.

February 23, 2024

Application Integration

Application Integration now supports private triggers that enable you to break large flows into various subflows. This feature is in preview.

Chronicle

Chronicle now supports the timestamp.get_date() function. For more information and example usage, see YARA-L 2.0 language syntax.

Cloud Load Balancing

Global external Application Load Balancers now let you customize your own error responses when an HTTP error status code (4xx and 5xx) is generated. You can customize error responses for errors generated by both the load balancer and the backend instances. You can also customize error responses for error response codes that are generated when traffic is denied by Cloud Armor.

For more information, see the following pages:

This feature is available in Preview.

Google Kubernetes Engine

(2024-R05) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • There are no new releases in the Stable release channel.

Regular channel

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1268000
    • 1.26.12-gke.1111000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1052000 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1497000
    • 1.26.13-gke.1189000
    • 1.27.10-gke.1152000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1207000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1207000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1575000 with this release.

(2024-R05) Version updates

(2024-R05) Version updates

  • There are no new releases in the Stable release channel.

(2024-R05) Version updates

  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.25.16-gke.1268000
    • 1.26.12-gke.1111000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.24 to version 1.25.16-gke.1360000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.13-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.13-gke.1052000 with this release.

(2024-R05) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.25.16-gke.1497000
    • 1.26.13-gke.1189000
    • 1.27.10-gke.1152000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.10-gke.1207000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.10-gke.1207000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.1-gke.1575000 with this release.
Transcoder API

You can now set an exact frame rate on the output video. For more information, see Frame rate conversion strategies.

February 22, 2024

Anthos Config Management

The constraint template library includes a new template: K8sRestrictAdmissionController. For reference, see the Constraint template library.

The constraint template library includes a new template: K8sCronJobAllowedRepos. For reference, see the Constraint template library.

Added the authentication type k8sserviceaccount for syncing from OCI images and Helm charts hosted in Artifact Registry. For more details, see Grant Config Sync read-only access to OCI and Grant Config Sync read-only access to Helm.

Simplified the steps to export metrics to Cloud Monitoring. For more details, see Configure Cloud Monitoring with Workload Identity.

Fixed the unrecognized label error in the otel-collector configuration that caused kustomize metrics to be rejected.

Batch

In the Google Cloud console, the Job list page has been updated to reduce latency. Although the console no longer summarizes the statuses of your jobs, you can filter based on job state when you view a list of your jobs.

Fixed the issue causing latency when listing jobs in projects that contain more than 10,000 jobs.

BigQuery

The following BigQuery text embedding features are now generally available (GA):

Certificate Manager

Certificate Manager supports the management of certificates independently in each project with separate authorization. You can also issue regional managed certificates with Certificate Manager. This is a public preview feature. For more information, see Certificate Manager overview.

Chronicle SOAR

Release 6.2.49 is currently in Preview.

In the IDE, using CrowdStrikeFalcon - Execute command and selecting scope as internal hosts and external hosts does not work (ID #00250316)

The following APIs have been deprecated and will be deleted in 6 months.

  • GET /api/external/v1/connectors/GetConnectorsData
  • POST /api/external/v1/connectors/DeleteConnector
  • POST /api/external/v1/connectors/AddOrUpdateConnector
  • POST /api/external/v1/connectors/UpdateConnectorFromIde
  • POST /api/external/v1/connectors/GetConnectorStatus

For each API above, there are one or more alternative endpoints that you can use as shown below:

Instead of
GET /api/external/v1/connectors/GetConnectorsData

Use one of the following:

  • GET /api/external/v1/connectors/template-cards
    Provides basic information per each accessible connector definition.

  • POST /api/external/v1/connectors/template
    Retrieves detailed information regarding a specific connector definition.

  • GET /api/external/v1/connectors/cards
    Provides basic information per each accessible connector.

  • GET /api/external/v1/connectors/{identifier}
    Retrieves detailed information regarding a specific connector instance.

Instead of
POST /api/external/v1/connectors/DeleteConnector
Use
DELETE /api/external/v1/connectors/{identifier}

Instead of
POST /api/external/v1/connectors/AddOrUpdateConnector
Use
POST /api/external/v1/connectors

Instead of
POST /api/external/v1/connectors/UpdateConnectorFromIde
Use
POST /api/external/v1/connectors/update-from-ide

Instead of
POST /api/external/v1/connectors/GetConnectorStatus
Use
GET /api/external/v1/connectors/{identifier}/statistics

Chronicle Security Operations

The following APIs have been deprecated and will be deleted in 6 months.

  • GET /api/external/v1/connectors/GetConnectorsData
  • POST /api/external/v1/connectors/DeleteConnector
  • POST /api/external/v1/connectors/AddOrUpdateConnector
  • POST /api/external/v1/connectors/UpdateConnectorFromIde
  • POST /api/external/v1/connectors/GetConnectorStatus

For each API above, there are one or more alternative endpoints that you can use as shown below:

Instead of
GET /api/external/v1/connectors/GetConnectorsData

Use one of the following:

  • GET /api/external/v1/connectors/template-cards
    Provides basic information per each accessible connector definition.

  • POST /api/external/v1/connectors/template
    Retrieves detailed information regarding a specific connector definition.

  • GET /api/external/v1/connectors/cards
    Provides basic information per each accessible connector.

  • GET /api/external/v1/connectors/{identifier}
    Retrieves detailed information regarding a specific connector instance.

Instead of
POST /api/external/v1/connectors/DeleteConnector
Use
DELETE /api/external/v1/connectors/{identifier}

Instead of
POST /api/external/v1/connectors/AddOrUpdateConnector
Use
POST /api/external/v1/connectors

Instead of
POST /api/external/v1/connectors/UpdateConnectorFromIde
Use
POST /api/external/v1/connectors/update-from-ide

Instead of
POST /api/external/v1/connectors/GetConnectorStatus
Use
GET /api/external/v1/connectors/{identifier}/statistics

Cloud Billing

Between February 13, 2024 and February 22, 2024, some SKU IDs for your support subscriptions have changed. Use the following table to check whether you're affected by this change. If you have reports or BigQuery queries that depend on these IDs, edit them to use the new SKU IDs.

Subscription Legacy SKU IDs New SKU IDs
Premium Base Tier 1: F08D-670F-E528

Base Tier 2: 3ADC-4232-8F2F

Base Tier 3: 768B-9B76-8BFA

Variable: E4F5-0256-E0EE

Base Tier 1: 5D14-41DF-B7BF

Base Tier 2: A73A-2FBD-A226

Base Tier 3: 7EFE-705D-1818

Variable: 5467-9D2D-5B98

TAM Additional Coverage:

Included: 39DA-470F-1873

Additional Coverage:

Tier 1: 1D0C-C18F-A3E9

Tier 2: A4ED-26C4-BE0A

Tier 3: 7625-C72D-58B1

Additional Coverage:

Included: FECC-20EE-2595

Additional Coverage:

Tier 1: 164C-4F75-934A

Tier 2: C9E4-CC90-085B

Tier 3: 0401-A11E-7A40

Enhanced

Base: D61B-E147-B8A6

Variable: 8D85-10F1-28B3

Base: 7F2E-344B-FBDD

Variable: 0D7A-4FBF-FA55

Gold

Base: 118A-4BF5-51E1

Base: 0AD0-476B-879E

Silver

Base: 5D8F-0D17-AAA2

Base: F5D2-4995-B3D7

Learn about reports that you can use to analyze your costs.

Cloud Composer

Fixed a problem where one DAG run could potentially delete task instances from other DAG runs if run_id was the same (backported #32684 from a later Airflow version).

Cloud Composer 2.6.2 images are available:

  • composer-2.6.2-airflow-2.6.3 (default)
  • composer-2.6.2-airflow-2.5.3
Cloud Workstations

Cloud Workstations supports Image Streaming, which provides faster workstations startup by reducing image pull time.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.51
  • 2.0.59
  • 2.1.38
  • 2.2.0-RC11
Filestore

NFSv4.1 protocol support, integrated with Managed Service for Microsoft Active Directory, is now available in Preview for Filestore enterprise and zonal instances.

Looker Studio

Show field descriptions in table chart headers

You can now let report viewers access field descriptions in tooltips when the Show field descriptions option is enabled for table charts. Show field descriptions is automatically enabled for charts that are connected to a Looker or Search Ads 360 data source. Field descriptions are sourced from the Description column in the data source.​

Learn more about table chart header options.

Looker Studio release notes moving to Google Cloud

We're changing how we deliver product release notes. Beginning in a few weeks, Looker Studio release notes will be available solely on the Google Cloud release notes platform.

Cloud release notes offer enhanced features, such as RSS feed support and programmatic access using BigQuery. These features make it easier for customers to stay informed about feature updates. Additionally, Google Cloud customers will have the convenience of accessing updates for related products like Looker and BigQuery in a centralized location.

Release notes prior to this change are preserved in the historical release notes page.

Visit the Cloud Looker Studio release notes now.

Pub/Sub

If you have filtering enabled, the backlog metrics only include data from messages that match the filter. To learn more, see How filters affect backlog metrics.

Storage Transfer Service

Storage Transfer Service has added preview support for transferring managed folders between Cloud Storage buckets. Permissions on managed folders are copied between buckets when using this option.

See Transfer Cloud Storage managed folders for details.

February 21, 2024

Chronicle

Fixed an issue that prevents you from using the list, percentile, and percentile_distinct functions when you create a custom measure in your dashboard.

Chronicle SOAR

Remote Agents Release 1.4.9 is currently in Preview.

The Docker image to pull for this release is 1.4.9.2

Upgrade agents from 1.3.8 on RHEL not working as expected (ID #00243884)

Publisher memory usage issue (ID #00273756)

Compute Engine

Preview: With managed workload identities for Compute Engine, you can implement mutually authenticated and encrypted communications between any two Compute Engine VMs. Workload applications running on the configured VMs can use the X.509 credentials for per-VM mTLS. These mTLS certificates are automatically rotated and managed for you by Certificate Authority Service.

For more information, see Authenticate workloads to other workloads over mTLS.

Contact Center AI Platform

Version 3.11 is released

All release notes published on this date are part of version 3.11.

Cold chat transfer

Agents can do a "cold transfer" for a chat. With a cold chat transfer, the agent assigns a chat session to a new agent or a queue, and then immediately leaves the chat without waiting for the new agent to join. This helps agents efficiently transfer chats without being bound to them. For more information, see Transfer a Chat.

Support for partial response in Dialogflow

CCAI Platform supports the partial response option in Dialogflow. This is particularly useful when the virtual agent needs to call a webhook that will likely take a while to run. With partial response enabled, Dialogflow can immediately send an initial fulfillment message to the end-user, such as, "One moment while I look that up." This way, while the webhook runs and the final fulfillment message is generated, the end-user expects a short wait instead of assuming that there is a problem. For information about configuring this capability in Dialogflow, see Partial response for streaming API.

Added new response fields for indicating agent availability to the manager/api/v1/agents/current_status and apps/api/v1/wait_times APIs. These indicate the number of assigned agents, logged-in agents, available agents, and breakthrough agents.

Fixed an issue that prevented copying an IVR menu structure.

Fixed an issue where the automatic redirect to a PSTN number used a direct PSTN dial instead of the configured BYOC SIP dial settings.

Fixed an issue where the account ID in search results did not refresh after removing search input.

Fixed an issue preventing the editing of user permissions for Microsoft Teams users.

Updated virtual task assistants to support an unlimited number of data parameters.

Fixed an issue where the Contact Name displayed 'Chat User' instead of the end-user's name.

Fixed an issue where the Agent and Supervisor filters on the Agents page displayed as All undefined.

Fixed an issue where the file name was not visible when the user held the pointer over the compose-email pane.

Fixed the error message that displays when an administrator disables an email queue with an invalid IMAP connection.

Fixed an issue where holiday-hours messages didn't play when the support center or queues were outside of their hours of operation.

Dataflow

You can now use Gemma models in your Apache Beam inference pipelines. For more information, see Use Gemma open models with Dataflow.

Dataform

Support for VPC Service Controls is generally available (GA).

Google Kubernetes Engine

The GKE Stateful HA Operator is now available in GA starting in GKE versions 1.28.5-gke.1113000 and later, or 1.29.0-gke.1272000 and later. The GKE Stateful HA Operator is enabled in new Autopilot clusters and opt-in for new Standard clusters.

Immersive Stream for XR

Upgrade to Unreal Engine 5.3.

  • Cloud builder in ISXR Content now uses Unreal Engine version 5.3.2.
  • Only the latest version of the Template Project (3.0.0) is compatible with the latest builder in the Content.

Optimized the Unreal Template Project.

  • Simplified logic in blueprints.
  • Easier to use events for mode switching.
  • New demos for Session ID and AR Virtual Background.
  • Now you can integrate files from the template directly into your existing Unreal projects to work on Immersive Stream for XR in both 3D and AR modes.
Spanner

The OpenCensus libraries are archived. Spanner now supports OpenTelemetry, and we recommend all OpenCensus users to migrate to OpenTelemetry for your observability needs. For more information, see Examine latency in a Spanner component with OpenTelemetry.

VPC Service Controls

General availability support for the following integration:

Vertex AI

Gemma open models are available

Gemma models, a family of lightweight, open models built from the same research and technology used to create the Gemini models, are available to run on your hardware, mobile devices, or hosted services. To learn more, see Use Gemma open models and the Gemma Model Garden card.

reCAPTCHA Enterprise

reCAPTCHA Enterprise Mobile SDK v18.4.2 is now available for iOS.

This version contains fixes for the following stability issues:

reCAPTCHA Enterprise Mobile SDK v18.5.0-beta01 is now available for Android.

This version contains the following changes:

  • Support for Android API 19 is removed.
  • Dependency on OkHttp 4.11.0 is added.
  • New exception type is added for devices without a network connection: NO_NETWORK_FOUND.

February 20, 2024

AlloyDB for PostgreSQL

You can now configure instances to use 128 vCPUs and 864 GB of RAM per node.

Chronicle

Google has added Tokyo (Japan) as a new region for Chronicle customers. Chronicle can now store customer data in this region. This also adds a new regional endpoint for Chronicle APIs at https://asia-northeast1-backstory.googleapis.com.

Chronicle Security Operations

Google has added Tokyo (Japan) as a new region for Chronicle customers. Chronicle can now store customer data in this region. This also adds a new regional endpoint for Chronicle APIs at https://asia-northeast1-backstory.googleapis.com.

The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

  • A10 Load Balancer (A10_LOAD_BALANCER)
  • Anomali (ANOMALI_IOC)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS EC2 Hosts (AWS_EC2_HOSTS)
  • AWS EC2 Instances (AWS_EC2_INSTANCES)
  • AWS EC2 VPCs (AWS_EC2_VPCS)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure DevOps Audit (AZURE_DEVOPS)
  • Azure Firewall (AZURE_FIREWALL)
  • BIND (BIND_DNS)
  • BloxOne Threat Defense (BLOXONE)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Carbon Black (CB_EDR)
  • Cato Networks (CATO_NETWORKS)
  • CENSYS (CENSYS)
  • Check Point (CHECKPOINT_FIREWALL)
  • Chrome Management (N/A)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Prime (CISCO_PRIME)
  • Cisco Secure Workload (CISCO_SECURE_WORKLOAD)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud Run (GCP_RUN)
  • Cloudflare (CLOUDFLARE)
  • CommVault Commcell (COMMVAULT_COMMCELL)
  • Compute Context (N/A)
  • Corelight (CORELIGHT)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CSV Custom IOC (CSV_CUSTOM_IOC)
  • Cybereason EDR (CYBEREASON_EDR)
  • Dataminr Alerts (DATAMINR_ALERT)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • FireEye ETP (FIREEYE_ETP)
  • Forescout NAC (FORESCOUT_NAC)
  • ForgeRock OpenAM (OPENAM)
  • IBM WebSEAL (IBM_WEBSEAL)
  • Imperva (IMPERVA_WAF)
  • Imperva Database (IMPERVA_DB)
  • Infoblox RPZ (INFOBLOX_RPZ)
  • ISC DHCP (ISC_DHCP)
  • Juniper (JUNIPER_FIREWALL)
  • Linux Sysmon (LINUX_SYSMON)
  • LogonBox (LOGONBOX)
  • ManageEngine ADAudit Plus (ADAUDIT_PLUS)
  • Micro Focus iManager (MICROFOCUS_IMANAGER)
  • Microsoft AD (WINDOWS_AD)
  • Microsoft ATA (MICROSOFT_ATA)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft IIS (IIS)
  • Netskope (NETSKOPE_ALERT)
  • Netskope CASB (NETSKOPE_CASB)
  • Ntopng (NTOPNG)
  • Office 365 (OFFICE_365)
  • OpenCanary (OPENCANARY)
  • OpenSSH (OPENSSH)
  • OSSEC (OSSEC)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Quest Active Directory (QUEST_AD)
  • Recordia (RECORDIA)
  • Sangfor Next Generation Firewall (SANGFOR_NGAF)
  • SAP SM20 (SAP_SM20)
  • Security Command Center Threat (N/A)
  • SEPPmail Secure Email (SEPPMAIL)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Solaris system (SOLARIS_SYSTEM)
  • STIX Threat Intelligence (STIX)
  • Symantec CloudSOC CASB (SYMANTEC_CASB)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Veritas NetBackup (VERITAS_NETBACKUP)
  • VMware ESXi (VMWARE_ESX)
  • Watchguard EDR (WATCHGUARD_EDR)
  • WindChill (WINDCHILL)
  • Windows Defender AV (WINDOWS_DEFENDER_AV)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • wiz.io (WIZ_IO)
  • Zeek JSON (BRO_JSON)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • Zscaler Private Access (ZSCALER_ZPA)

The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

  • Arista Guardian For Network Identity (ARISTA_AGNI)
  • HPE Aruba Networking Central (ARUBA_CENTRAL)
  • Blackberry Workspaces (BLACKBERRY_WORKSPACES)
  • Barracuda CloudGen Firewall (BARRACUDA_CLOUDGEN_FIREWALL)
  • Blackberry Workspaces (BLACKBERRY_WORKSPACES)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cyderes IOC (CYDERES_IOC)
  • Dataiku DSS Logging (DATAIKU_DSS_LOGS)
  • Edgecore Networks (EDGECORE_NETWORKS)
  • Fisglobal Quantum (FISGLOBAL_QUANTUM)
  • ForgeRock Identity Cloud (FORGEROCK_IDENTITY_CLOUD)
  • Forgerock OpenIdM (FORGEROCK_OPENIDM)
  • FS-ISAC IOC (FS_ISAC_IOC)
  • Genetec Audit (GENETEC_AUDIT)
  • HiBob (HIBOB)
  • Imperva Audit Trail (IMPERVA_AUDIT_TRAIL)
  • KerioControl Firewall (KERIOCONTROL)
  • Looker Audit (LOOKER_AUDIT)
  • Mobile Endpoint Security (LOOKOUT_MOBILE_ENDPOINT_SECURITY)
  • ManageEngine PAM360 (MANAGE_ENGINE_PAM360)
  • Melissa (MELISSA)
  • Microsoft CASB Files & Entities (MICROSOFT_CASB_CONTEXT)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Network Policy Server (MICROSOFT_NPS)
  • Power BI Activity Log (MICROSOFT_POWERBI_ACTIVITY_LOG)
  • Nxlog Agent (NXLOG_AGENT)
  • Nxlog Fim (NXLOG_FIM)
  • Opus Codec (OPUS)
  • Oracle NetSuite (ORACLE_NETSUITE)
  • Pega Automation (PEGA)
  • Qualys Knowledgebase (QUALYS_KNOWLEDGEBASE)
  • RealiteQ (REALITEQ)
  • SAP Webdispatcher (SAP_WEBDISP)
  • Serpico (SERPICO)
  • Software House Ccure9000 (SOFTWARE_HOUSE_CCURE9000)
  • Spirion (SPIRION)
  • Spur data feeds (SPUR_FEEDS)
  • Swift (SWIFT)
  • Technitium DNS (TECHNITIUM_DNS)
  • Tetragon Ebpf Audit Logs (TETRAGON_EBPF_AUDIT_LOGS)
  • Trend Micro Email Security Advanced (TRENDMICRO_EMAIL_SECURITY)
  • Tridium Niagara Framework (TRIDIUM_NIAGARA_FRAMEWORK)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • Wallarm Webhook Notifications (WALLARM_NOTIFICATIONS)
  • Winscp (WINSCP)
  • XAMS by Xiting (XITING_XAMS)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Chronicle now supports the timestamp.get_date() function. For more information and example usage, see YARA-L 2.0 language syntax.

Cloud Billing

US-based billing accounts only: In August 2023, Google Cloud Marketplace transitioned to the Agency model for marketplace services for US partners and US customers. As part of this change, the remittance information has changed on your Google Cloud invoices and in the Google Cloud console.

As part of this change, you can see the following information in your Cloud Billing tools:

Cloud Logging

You can now configure and save a Log Analytics chart directly in Monitoring. For more information, see Add charts generated from a Log Analytics query.

For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents:

Cloud Monitoring

For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents:

Cloud SQL for PostgreSQL

Cloud SQL Enterprise Plus edition now supports versions 12 and 13 of PostgreSQL. For more information, see Introduction to Cloud SQL editions.

Cloud Trace

For information and recommendations about how to instrument your applications to collect metrics, logs, and traces, see the following documents:

Container Optimized OS

cos-105-17412-294-29

Kernel Docker Containerd GPU Drivers
COS-5.15.146 v23.0.3 v1.7.10 v470.223.02 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-24557 in app-emulation/docker.

Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.

Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.

Fixed CVE-2022-3566 in the Linux kernel.

Fixed CVE-2022-3567 in the Linux kernel.

cos-109-17800-147-15

Kernel Docker Containerd GPU Drivers
COS-6.1.75 v24.0.5 v1.7.13 v535.154.05 (default),v535.154.05(latest),v470.223.02(R470 for compatibility with K80 GPUs)

Updated app-containers/containerd to v1.7.13.

Upgraded net-misc/curl to v8.6.0. This fixes CVE-2024-0853.

Updated dev-libs/libxml2 to v2.11.7. This fixes CVE-2024-25062.

Deep Learning Containers

M117 release

  • Fixed an issue wherein the latest container had a deprecation-public-image tag. In this release and future releases, this tag will only be on the deprecated containers.
  • Fixed a problem wherein the user couldn't access the vulnerabilities result of each container.
Dialogflow

The previously announced migration from Standard NLU to Advanced NLU will no longer occur on March 1, 2024. For more information, see the email announcement

Dialogflow CX agents now default to advanced NLU.

Dialogflow CX channel-specific response messages are now available for the following integrations: Google Chat, LINE, Messenger from Meta, Workplace from Meta, Slack. See the integration documentation for details.

Google Distributed Cloud Virtual for Bare Metal

Release 1.16.6

GKE on Bare Metal 1.16.6 is now available for download. To upgrade, see Upgrade clusters. GKE on Bare Metal 1.16.6 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of GKE on Bare Metal.

Fixes:

  • Fixed an issue where upgrades are blocked because cluster-operator can't delete stale, failing preflight check resources.

  • Cleaned up stale etcd-events membership to enhance control plane initialization reliability in the event of a node join failure.

Fixes:

The following container image security vulnerabilities have been fixed in 1.16.6:

Known issues:

For information about the latest known issues, see GKE on Bare Metal known issues in the Troubleshooting section.

Google Kubernetes Engine

You can now use the GKE API to apply Resource Manager tags to your GKE nodes. GKE attaches these tags to the underlying Compute Engine VMs. You can use these tags to selectively enforce Cloud Firewall network firewall policies. This feature is generally available in GKE version 1.28 and later.

Kubernetes Engine best practice observability packages, including control plane logs, control plane metrics, and kube state metrics are now enabled by default for new managed GKE Enterprise clusters to ensure availability of necessary data when it's needed for troubleshooting or optimization. Control plane metrics and kube state metrics are included in GKE Enterprise Edition at no additional charge.

GKE now delivers insights and recommendations if your cluster's Certificate Authority (CA) is expired or will expire in the next 180 days. To learn more, see Find clusters with expiring or expired credentials.

A bug in the image streaming feature might cause containers to fail because of a missing file or files.

Containers running on a node with image streaming enabled on the following versions might fail to start or run with errors informing that certain files don't exist. The following are examples of such errors:

  • No such file or directory
  • Executable file not found in $PATH

The following GKE versions are impacted:

  • For 1.27: 1.27.10-gke.1077000 and later
  • For 1.28: All 1.28 versions
  • For 1.29: All 1.29 versions

GKE is working on fixing the issue. In the meantime, if you are impacted by this issue, please disable image streaming.

Security Command Center

Manual control of finding state deprecated for vulnerabilities and misconfigurations

Starting October 21, 2024, you will no longer be able to manually update the state of vulnerability or misconfiguration findings that are issued by Security Health Analytics or VM Manager. Security Command Center will return an error message on manual attempts to change the values of the state. Security Command Center will also begin preventing the manual creation of findings under the exact same name as a source that is automatically managed by Security Command Center in order to prevent the creation of findings that can never be resolved.

For more information, see Finding states.

Pane on Overview page that supports postures for Vertex AI released to Preview

A pane on the Overview page lets you monitor for vulnerabilities that were found by the Security Health Analytics custom modules that apply to Vertex AI, and lets you view any drift from the Vertex AI organization policies that are defined in a posture.

For more information, see Monitor posture drift.

February 19, 2024

Application Integration

Data masking in logs

You can now prevent sensitive data from appearing the integration execution logs. For more information, see Mask sensitive data in logs.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.59.1 (2024-02-12)

Bug Fixes
  • bigquery: Align return time.Time values to UTC (#9411) (4ac005d)

Java

Changes for google-cloud-bigquery

2.37.2 (2024-02-14)

Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.37.0 (#3132) (3a1efc2)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240203-2.0.0 (#3126) (5e28419)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.41.0 (#3135) (9ab79ec)
  • Update dependency com.google.cloud:google-cloud-shared-dependencies to v3.25.0 (#3140) (e61a7bc)
  • Update github/codeql-action action to v2.24.1 (#3139) (4b3a429)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.33.0 (2024-02-12)

Features
  • Define the metrics for collecting per connection error count. (#2088) (b212bbf)
Bug Fixes
  • Deflake backup integration tests due to deleteBackup timeouts (#2105) (0948da7)
  • Extend timeouts for deleting snapshots, backups and tables (#2108) (df1d307)
Dependencies
  • Autogen: Set packed = false on field_behavior extension (#2101) (7c438c6)
  • Update actions/setup-java action to v4 (#2099) (a6c7c77)
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.29.0 (#2109) (ef88519)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.24.0 (#2085) (3851a5e)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.0 (#2091) (2516a09)
  • Update protobuf to 25.2 in WORKSPACE (#2086) (3eafcee)
Chronicle SOAR

The following items have been added to Release Notes 6.2.48.

The AI Investigation widget is now available in Europe. For more information, refer to AI Investigation widget.

Timeout for automatic and manual python-run operations failing after 5 minutes even though it's defined for a longer time in the platform (ID #00243596, #00213817, #45379045, #48348087, #00245583. #00227758, #00250153)

Automatic actions/operations now run for up to the time defined in the platform (maximum of 20 minutes).

The 5 minute timeout still applies for the following manual operations:

  • Run manual action
  • Run connector once
  • IDE - Play Item
Chronicle Security Operations

The AI Investigation widget is now available in Europe. For more information, refer to AI Investigation widget.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.3.2 (2024-02-13)

Bug Fixes
  • Update minimum google-gax versions for auth fixes (#1888) (08acade)

Java

Changes for google-cloud-pubsub

1.126.6 (2024-02-14)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.33.0 (#1912) (9691c6f)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.25.0 (#1913) (9636c55)

1.126.5 (2024-02-12)

Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.37.1 (#1898) (fc0dc96)
  • Update dependency com.google.cloud:google-cloud-storage to v2.33.0 (#1900) (0efceb4)
  • Update dependency org.graalvm.buildtools:junit-platform-native to v0.10.0 (#1887) (2bfa5cc)
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.0 (#1888) (5017789)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.2 (#1891) (231ba51)
Workflows

The maximum number of concurrent workflow executions has increased from 3,000 to 5,000.

February 16, 2024

Anthos Config Management

Upgraded git-sync (Config Sync dependency for pulling from git) from v3.6.9 to v4.1.0 to pick up enhancements, such as improved efficiency and race condition fixes. This contains a breaking change that short commit SHA is no longer accepted in the spec.git.revision field of RootSync and RepoSync. If you want to sync from a Git commit, use a full commit SHA in the spec.git.revision field. For more details, please refer to Configuration for the Git repository. This release note was updated February 16, 2024 with a correction to the version number.

Backup and DR

Backup and DR Service 11.0.9.429 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.

The upcoming 11.0.10 release includes an important OS change. If your backup appliance was originally installed as version 11.0.5 or older (before July 2023), then the 11.0.9 upgrade includes an additional automated procedure to prepare for the coming upgrade by making some adjustments to the backup appliance's boot disk partitions. This additional procedure takes about 30 minutes.

If the upgrade is disrupted, there is a chance that the backup/recovery appliance might become non-functional. To prepare for this risk, it is highly recommended that you take a snapshot of the backup appliance boot disk before upgrading the appliance to 11.0.9. If the backup appliance is not back online after the upgrade, contact the Backup and DR support team. Here is a brief guide for how to take the snapshot:

  1. In the Backup and DR management console, click Manage > Appliances and write down or screen-capture the appliance names.
  2. In the Google Cloud console of your workload project, click Compute Engine > VM instances.
  3. Identify the backup appliance VM instance with the same name as that shown in the Backup and DR management console.
  4. Take a snapshot of the backup appliance boot disk. If you need assistance taking the snapshot, contact the Backup and DR support team.
  5. Contact the Backup and DR support team if the appliance becomes non-functional after the upgrade. The support team will determine the best way to mitigate the problem.
    Caution: Do NOT try to restore the bootdisk from the snapshot without assistance from Support. Doing so may damage the appliance and make it unrecoverable.
  6. Delete the snapshot once you confirm that the appliance is online using version 11.0.9.

SAP HANA databases running in Compute Engine instances can now be backed up as Persistent Disk snapshots of the Compute Engine instance. For more information, see protect and recover an SAP HANA database running in a Compute Engine instance.

Backup and DR Service now supports Google Cloud VMware Engine Storage only nodes. Learn more.

Added basic connector support for the following OSes. See Support matrix.

  • RHEL 8.9
  • RHEL 9.3
  • Rocky Linux 8.9
  • Rocky Linux 9.3
  • Rocky Linux Optimized for Google Cloud 8.9
  • Rocky Linux Optimized for Google Cloud 9.3

Added Change Block Tracking (CBT) support for the following OSes. See Support matrix.

  • SLES 15 SP5
  • SLES for SAP 15 SP5
  • Chronicle SOAR

    Release 6.2.47 is now in General Availability.

    Dataproc

    Dataproc on Compute Engine: The internalIpOnly cluster configuration setting now defaults to true for clusters created with 2.2 image versions. Also see Create a Dataproc cluster with internal IP addresses only.

    Document AI

    Enterprise Document OCR version 2.0, pretrained-ocr-v2.0-2023-06-02, is now Generally Available and ready for production workloads.

    Please migrate OCR workloads to this new processor version.

    Google Cloud VMware Engine

    VMware Engine ve2-standard-128 node type is generally available in us-east4 region. For more information on the node type, see Node types. To use the node type in us-east4 region, contact your Google account team.

    Google Distributed Cloud Virtual for VMware

    The following vulnerability was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

    • CVE-2023-6932

    For more information, see the GCP-2024-011 security bulletin.

    Google Kubernetes Engine

    The following GKE versions might cause Ubuntu node pools to enter an unhealthy state. Don't create or upgrade your Ubuntu node pools using these versions:

    • 1.25.16-gke.1497000
    • 1.26.13-gke.1189000

    The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

    • CVE-2023-6932

    For more information, see the GCP-2024-011 security bulletin.

    Sensitive Data Protection

    The HTTP_USER_AGENT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

    February 15, 2024

    BigQuery

    The following Generative AI features are now generally available (GA):

    After you run a query in the query editor, in the Chart tab, you can now see a visualization of your query results. This feature is generally available (GA).

    Chronicle

    The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable.

    • A10 Load Balancer (A10_LOAD_BALANCER)
    • Anomali (ANOMALI_IOC)
    • Apache (APACHE)
    • Arcsight CEF (ARCSIGHT_CEF)
    • AWS CloudWatch (AWS_CLOUDWATCH)
    • AWS EC2 Hosts (AWS_EC2_HOSTS)
    • AWS EC2 Instances (AWS_EC2_INSTANCES)
    • AWS EC2 VPCs (AWS_EC2_VPCS)
    • Azure AD (AZURE_AD)
    • Azure AD Directory Audit (AZURE_AD_AUDIT)
    • Azure DevOps Audit (AZURE_DEVOPS)
    • Azure Firewall (AZURE_FIREWALL)
    • BIND (BIND_DNS)
    • BloxOne Threat Defense (BLOXONE)
    • Blue Coat Proxy (BLUECOAT_WEBPROXY)
    • Carbon Black (CB_EDR)
    • Cato Networks (CATO_NETWORKS)
    • CENSYS (CENSYS)
    • Check Point (CHECKPOINT_FIREWALL)
    • Chrome Management (N/A)
    • Cisco IronPort (CISCO_IRONPORT)
    • Cisco Meraki (CISCO_MERAKI)
    • Cisco Prime (CISCO_PRIME)
    • Cisco Secure Workload (CISCO_SECURE_WORKLOAD)
    • Citrix Netscaler (CITRIX_NETSCALER)
    • Cloud Audit Logs (N/A)
    • Cloud Load Balancing (GCP_LOADBALANCING)
    • Cloud Run (GCP_RUN)
    • Cloudflare (CLOUDFLARE)
    • CommVault Commcell (COMMVAULT_COMMCELL)
    • Compute Context (N/A)
    • Corelight (CORELIGHT)
    • CrowdStrike Detection Monitoring (CS_DETECTS)
    • CSV Custom IOC (CSV_CUSTOM_IOC)
    • Cybereason EDR (CYBEREASON_EDR)
    • Dataminr Alerts (DATAMINR_ALERT)
    • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
    • F5 BIGIP LTM (F5_BIGIP_LTM)
    • FireEye ETP (FIREEYE_ETP)
    • Forescout NAC (FORESCOUT_NAC)
    • ForgeRock OpenAM (OPENAM)
    • IBM WebSEAL (IBM_WEBSEAL)
    • Imperva (IMPERVA_WAF)
    • Imperva Database (IMPERVA_DB)
    • Infoblox RPZ (INFOBLOX_RPZ)
    • ISC DHCP (ISC_DHCP)
    • Juniper (JUNIPER_FIREWALL)
    • Linux Sysmon (LINUX_SYSMON)
    • LogonBox (LOGONBOX)
    • ManageEngine ADAudit Plus (ADAUDIT_PLUS)
    • Micro Focus iManager (MICROFOCUS_IMANAGER)
    • Microsoft AD (WINDOWS_AD)
    • Microsoft ATA (MICROSOFT_ATA)
    • Microsoft Azure Activity (AZURE_ACTIVITY)
    • Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
    • Microsoft Exchange (EXCHANGE_MAIL)
    • Microsoft IIS (IIS)
    • Netskope (NETSKOPE_ALERT)
    • Netskope CASB (NETSKOPE_CASB)
    • Ntopng (NTOPNG)
    • Office 365 (OFFICE_365)
    • OpenCanary (OPENCANARY)
    • OpenSSH (OPENSSH)
    • OSSEC (OSSEC)
    • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
    • Palo Alto Networks Firewall (PAN_FIREWALL)
    • Palo Alto Panorama (PAN_PANORAMA)
    • Quest Active Directory (QUEST_AD)
    • Recordia (RECORDIA)
    • Sangfor Next Generation Firewall (SANGFOR_NGAF)
    • SAP SM20 (SAP_SM20)
    • Security Command Center Threat (N/A)
    • SEPPmail Secure Email (SEPPMAIL)
    • ServiceNow CMDB (SERVICENOW_CMDB)
    • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
    • Solaris system (SOLARIS_SYSTEM)
    • STIX Threat Intelligence (STIX)
    • Symantec CloudSOC CASB (SYMANTEC_CASB)
    • Symantec Web Security Service (SYMANTEC_WSS)
    • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
    • Veritas NetBackup (VERITAS_NETBACKUP)
    • VMware ESXi (VMWARE_ESX)
    • Watchguard EDR (WATCHGUARD_EDR)
    • WindChill (WINDCHILL)
    • Windows Defender AV (WINDOWS_DEFENDER_AV)
    • Windows DNS (WINDOWS_DNS)
    • Windows Event (WINEVTLOG)
    • Windows Event (XML) (WINEVTLOG_XML)
    • wiz.io (WIZ_IO)
    • Zeek JSON (BRO_JSON)
    • Zscaler (ZSCALER_WEBPROXY)
    • Zscaler CASB (ZSCALER_CASB)
    • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
    • Zscaler Private Access (ZSCALER_ZPA)

    The following log types, without a default parser, were added. Each is listed by product name and log_type value, if applicable.

    • Arista Guardian For Network Identity (ARISTA_AGNI)
    • HPE Aruba Networking Central (ARUBA_CENTRAL)
    • Blackberry Workspaces (BLACKBERRY_WORKSPACES)
    • Barracuda CloudGen Firewall (BARRACUDA_CLOUDGEN_FIREWALL)
    • Blackberry Workspaces (BLACKBERRY_WORKSPACES)
    • Cisco EStreamer (CISCO_ESTREAMER)
    • Cyderes IOC (CYDERES_IOC)
    • Dataiku DSS Logging (DATAIKU_DSS_LOGS)
    • Edgecore Networks (EDGECORE_NETWORKS)
    • Fisglobal Quantum (FISGLOBAL_QUANTUM)
    • ForgeRock Identity Cloud (FORGEROCK_IDENTITY_CLOUD)
    • Forgerock OpenIdM (FORGEROCK_OPENIDM)
    • FS-ISAC IOC (FS_ISAC_IOC)
    • Genetec Audit (GENETEC_AUDIT)
    • HiBob (HIBOB)
    • Imperva Audit Trail (IMPERVA_AUDIT_TRAIL)
    • KerioControl Firewall (KERIOCONTROL)
    • Looker Audit (LOOKER_AUDIT)
    • Mobile Endpoint Security (LOOKOUT_MOBILE_ENDPOINT_SECURITY)
    • ManageEngine PAM360 (MANAGE_ENGINE_PAM360)
    • Melissa (MELISSA)
    • Microsoft CASB Files & Entities (MICROSOFT_CASB_CONTEXT)
    • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
    • Network Policy Server (MICROSOFT_NPS)
    • Power BI Activity Log (MICROSOFT_POWERBI_ACTIVITY_LOG)
    • Nxlog Agent (NXLOG_AGENT)
    • Nxlog Fim (NXLOG_FIM)
    • Opus Codec (OPUS)
    • Oracle NetSuite (ORACLE_NETSUITE)
    • Pega Automation (PEGA)
    • Qualys Knowledgebase (QUALYS_KNOWLEDGEBASE)
    • RealiteQ (REALITEQ)
    • SAP Webdispatcher (SAP_WEBDISP)
    • Serpico (SERPICO)
    • Software House Ccure9000 (SOFTWARE_HOUSE_CCURE9000)
    • Spirion (SPIRION)
    • Spur data feeds (SPUR_FEEDS)
    • Swift (SWIFT)
    • Technitium DNS (TECHNITIUM_DNS)
    • Tetragon Ebpf Audit Logs (TETRAGON_EBPF_AUDIT_LOGS)
    • Trend Micro Email Security Advanced (TRENDMICRO_EMAIL_SECURITY)
    • Tridium Niagara Framework (TRIDIUM_NIAGARA_FRAMEWORK)
    • VeridiumID by Veridium (VERIDIUM_ID)
    • Wallarm Webhook Notifications (WALLARM_NOTIFICATIONS)
    • Winscp (WINSCP)
    • XAMS by Xiting (XITING_XAMS)

    For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

    Chronicle SOAR

    Release 6.2.48 is currently in Preview.

    Playbook condition branch name field can now hold up to 150 characters (ID #48159735)

    Just-in-Time User Provisioning configuration not available in Okta configuration. (ID #49263630)

    IDE - creating an integration or manager with the same name as an existing one results in the wrong error message (ID #47233004)

    Save button not showing when adding lots of list items to the List type action parameter (ID #00266458)

    Cloud Composer

    Starting February 16, 2024, in the asia-east2, asia-northeast1, asia-northeast2, asia-northeast3, asia-south1, and australia-southeast1 regions it is possible to create new Cloud Composer 1 environments only in projects that already have Cloud Composer 1 environments.

    In all other existing or newly created projects in these regions, it is possible to create only Cloud Composer 2 environments. This change is a part of the preparation for Cloud Composer 1 end of support, as communicated earlier and described in the Versioning overview.

    The apache-airflow-providers-google package is upgraded to version 10.14.0 in images with Airflow 2.6.3. For more information about changes, see the apache-airflow-providers-google changelog from version 10.13.1 to version 10.14.0.

    Improved the reliability of syncing Airflow tasks logs to the environment bucket. This fix addresses the issue with storing Airflow task log files, which affected environments in some cases.

    Improved the environment component responsible for metrics reporting (composer-monitoring) to minimize the restarts of this component.

    Cloud Composer 2.6.1 images are available:

    • composer-2.6.1-airflow-2.6.3 (default)
    • composer-2.6.1-airflow-2.5.3

    Cloud Composer versions 2.1.6 and 1.20.6 have reached their end of full support period.

    Cloud Healthcare API

    A release was made. Updates may include general performance improvements, bug fixes, and updates to the API reference documentation.

    Cloud Interconnect

    Partner Interconnect supports dual-stack IPv4 and IPv6 in Public Preview. For more information, see IPv6 support.

    Compute Engine

    Preview: You can now use SSH-in-browser to connect to VMs using security keys with OS Login. For more information, see Enable security keys with OS Login.

    Dataflow

    You can now use a turnkey transform to enrich streaming data in your Dataflow pipeline. When you enrich data, you augment the raw data from one source by adding related data from a second source. For more information, see Enrich streaming data.

    Dataform

    Dataform is available in the following regions:

    • asia-east2
    • asia-northeast3
    • asia-southeast2
    • europe-southwest1
    • europe-west12
    • me-central1
    • me-central2
    • northamerica-northeast
    • us-east4
    • us-east5
    • us-west2
    • us-west4

    For more information, see Locations.

    Dataproc

    New Dataproc Serverless for Spark runtime versions:

    • 1.1.50
    • 2.0.58
    • 2.1.37
    • 2.2.0-RC10

    Dataproc Serverless for Spark: Spark Lineage is available for Dataproc Serverless for Spark 1.1 runtime.

    Google Cloud Architecture Center

    Architecting disaster recovery for cloud infrastructure outages: Added information about zonal and regional resilience of Sole Tenant Nodes.

    Google Kubernetes Engine

    HorizontalPodAutoscaler (HPA) and VerticalPodAutoscaler (VPA) may stop autoscaling all workloads in a cluster if it contains misconfigured autoscaling/v2 HPA objects. The issue impacts clusters running earlier patch versions of GKE version 1.27 and 1.28 (for example, 1.27.3-gke.100).

    The fix is available in following cluster versions:

    • 1.27.5-gke.1300 and later
    • 1.28.1-gke.1400 and later
    • 1.29 and later

    We recommend that affected customers upgrade clusters to these versions to prevent HPA and VPA from misbehaving when there is at least one misconfigured HPA object.

    We recommend that affected customers correct misconfigured autoscaling/v2 HPA objects by making sure the fields in spec.metrics.resource.target match, for example:

    • When spec.metrics.resource.target.type is Utilization then target should be averageUtilization;
    • When spec.metrics.resource.target.type is AverageValue then target should be averageValue.

    For more details on how to configure autoscaling/v2 HPA objects, see the HorizontalPodAutoscaler Kubernetes documentation.

    Identity and Access Management

    Managed workload identities let you bind strongly attested identities to your Compute Engine workloads. The feature is in Preview. Google Cloud provisions X.509 credentials, issued from Certificate Authority Service, that can be used to reliably authenticate your workload with other workloads over mutual TLS (mTLS) authentication. For more information, see Managed workload identities overview.

    Sensitive Data Protection

    The BLOOD_TYPE infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

    Vertex AI

    The Vertex AI Gemini 1.0 Pro and Gemini 1.0 Pro Vision multimodal language models are available Generally Available (GA). They have also been made available in the following regions: europe-west1, europe-west2, europe-west3, europe-west4, and europe-west9.

    For more information, see the following topics:

    Vertex AI Search and Conversation

    Vertex AI Search: Stable Gemini Pro answer generation model

    gemini-pro@001/answer_gen/v1 is available as a stable, generally available model for answer generation. For information about all available models for answer generation, see Specify the summarization model.

    February 14, 2024

    Carbon Footprint

    Beginning with the release of January 2024 data, Google Cloud Carbon Footprint will adopt a biannual methodology refresh schedule, with updates planned for January and July data releases each year.

    For the January 2024 data release (in mid-February 2024), we have made the updates below and updated carbon model to version 10:

    Data accuracy:

    • Improve internal machine-level power readings for storage machines. Update allocation of energy from some machines, improving Bigtable data accuracy.
    • Further improve mapping between Google Cloud services and internal resource use, particularly for a few Networking SKUs.
    • Improve Google Cloud region defaults and coverage. location.location/location.region with former NULL values are defined as global, and we improved data for the europe multiregion.

    Corporate data input refresh:

    Service coverage:

    • Reintroduce App Engine and GKE Enterprise/GDC services (formerly Anthos/GDC-V), as internal data mappings have been improved.
    • Remove Looker, Apigee, Chronicle, and AppSheet from covered services of Carbon Footprint, due to potential mis-attribution of carbon to these services. We are actively investigating and working on the improvements. Once internal data mapping improves for a service, we plan to add it back.
    Cloud Interconnect

    Cloud Interconnect supports VLAN attachments with a maximum transmission unit (MTU) up to 8896 bytes. For more information, see Cloud Interconnect MTU and Maximum transmission unit.

    Cloud Translation

    Adaptive translation is Generally Available and adds Portuguese support, raises the limit for input and output characters, and decreases latency in the API and console.

    Cloud Workstations

    Cloud Workstations is available in the europe-west8 region (Milan, Italy, Europe). For more information, see Locations.

    Config Connector

    Config Connector version 1.113.0 is now available.

    Initial support for status.observedState in ContainerCluster, ContainerNodePool and RedisInstance.

    To encourage use of cnrm.cloud.google.com/state-into-spec: absent, you can now use status.observedState in ContainerCluster, ContainerNodePool and RedisInstance. Some important resource information (such as the certificate for connecting to a GKE cluster) is currently only available in spec, and we recommend instead reading this resource information from observedState if available. More fields may be added to observedStatein the future.

    Added support for ComputeNetworkFirewallPolicy (v1beta1) resource.

    Added support for TagsLocationTagBinding (v1alpha1) resource.

    Resource RunJob (CloudRun Job):

    • Added spec.template.vpcAccess.connectorRef field.
    Google Distributed Cloud Virtual for VMware

    The following vulnerability was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

    • CVE-2023-6931

    For more information, see the GCP-2024-010 security bulletin.

    Google Kubernetes Engine

    The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

    • CVE-2023-6931

    For more information, see the GCP-2024-010 security bulletin.

    Looker

    Looker 24.2 includes the following changes, features, and fixes.

    Expected Looker (original) deployment start: Tuesday, February 20, 2024

    Expected Looker (original) final deployment and download available: Thursday, February 29, 2024

    Expected Looker (Google Cloud core) deployment start: Tuesday, February 20, 2024

    Expected Looker (Google Cloud core) final deployment: Tuesday, March 5, 2024

    Planned for Looker 24.4, the Allow Legacy Maps legacy feature will be disabled by default. When the Allow Legacy Maps legacy feature is disabled, any map visualization that uses the Map (Legacy) chart type will be converted to use the Google Maps chart type. This may be a breaking change for some customers who are still using Legacy Maps.

    Duplicate join names will throw a new model-level LookML error during validation.

    A new LookML warning is returned when the convert_tz parameter is used on a LookML field that is configured as type: date_raw. date_raw fields have never supported timezone conversion, so this LookML warning has been added to alert LookML developers.

    For projects that use the new LookML runtime, the LookML validator will now correctly show a model-level error when a join name is duplicated within an Explore. The error already existed for projects that use the legacy LookML runtime, so this update is just to bring the new LookML runtime behavior in line with the legacy LookML runtime.

    The Signed Embed URL generator can now include themes, current parameters, and external group IDs.

    The following permissions are now generally available to use in permission sets: manage_groups, manage_roles, manage_user_attributes, manage_embed_settings, manage_themes, manage_privatelabel.

    A new Dashboard Diagnostics System Activity dashboard is available for troubleshooting the performance of individual dashboards.

    The looker_internal_email_domain_allowlist user attribute is now generally available. This lets admins configure the Email Domain Allowlist for Scheduled Content feature on a per-group basis.

    Looker now supports self-service migration from Looker (original) instances to Looker (Google Cloud core) instances. Looker (original) instances must meet certain prerequisites, and you must have a Looker (Google Cloud core) instance into which you can import.

    Filters on yesno fields will no longer show the "is not" option.

    An XSS security issue in Grid code has been fixed.

    Size-by field rendering for scatter charts has been fixed. This feature now performs as expected.

    An issue where download and Explore options were showing up on drill modals for merged queries when the user did not have permission has been resolved. This feature now performs as expected.

    Previously, text truncation wasn't working properly on headers on small tiles. This feature now performs as expected.

    Waterfall charts now render all available columns as expected.

    BigQuery: Previously, if OAuth tokens were passed through as query parameters rather than in the authentication header, Looker would return the following error: "OAuth token was passed in the query parameter. Please send it in Authorization header instead."

    The BigQuery driver has been updated, so this error will no longer appear.

    The minimum Git command line version has been increased to 2.36.0+.

    The user interface of the Admin Settings - Schedules page has been updated.

    For instances with offline licenses: When an offline license expiration date is less than 14 days away, Looker admins will see a license expiration banner on all Looker pages.

    The Login Consent Configuration option causes a consent screen with a configurable message to be displayed to all users who attempt to sign in to the Looker instance.

    SAP on Google Cloud

    Google Cloud's Agent for SAP version 3.1

    Version 3.1 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements for discovering SAP system information and for the Backint feature of the agent.

    For more information, see What's new with Google Cloud's Agent for SAP.

    Security Command Center

    Support for VPC Service Controls released to General Availability

    You can now protect Security Command Center using VPC Service Controls perimeters. For more information, see VPC Service Controls supported products.