Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

August 30, 2024

Apigee X

On August 30, 2024, we released an updated version of Apigee (1-13-0-apigee-4).

Bug ID Description
N/A Updates to security infrastructure and libraries.
Artifact Registry

Updates to the Artifact Registry API are as follows:

Artifact Registry records metrics and logs for your projects. To explore the available Artifact Registry metrics and logs, view your project in the Metrics Explorer or the Logs Explorer.

For more information about metrics and logs, read Observability in Google Cloud.

Cloud Database Migration Service

Database Migration Service for homogeneous migrations to Cloud SQL for SQL Server now supports differential backup files. For more information, see Supported types of backup files.

Compute Engine

Generally available: When applying a spread placement policy to VMs, you can specify the availability domain in which to place the VMs. Specifying an availability domain lets you decide how to physically locate VMs among each other, which can increase the reliability of your workload by placing VMs in different domains, or try to limit network latency among VMs by placing them in the same domain. Viewing the availability domains of your VMs is also useful for planning, deploying, or upgrading your application, as well as developing your availability SLAs.

For more information, see Create and apply spread placement policies to VMs.

The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu metrics.

The fleetwide and per-instance Observability tabs on the Compute Engine VM instances page now include charts for GPU metrics the from NVIDIA Management Library (NVML). To view the fleetwide GPU charts, select Compute Engine > VM instances > Observability. To view the GPU charts for a VM instance, select Compute Engine > VM instances, click on the name of a VM instance, and then select Observability. These charts are available only for VM instances with attached GPUs, with both the Ops Agent and the NVIDIA GPU driver installed. For information about configuring these VMs, see About the gpu metrics.

Contact Center AI Platform

VPC Service Controls and private egress

You can now use VPC Service Controls with CCAI Platform to help mitigate the risk of data exfiltration from your contact center. When you include a CCAI Platform instance in a VPC Service Controls perimeter, the instance is restricted from exchanging data with Google Cloud services (such as Cloud Storage or Dialogflow) that are outside of the perimeter. You can further secure your instance by including Contact Center AI Platform API in your list of restricted services. You can then create an access level to allow access to only your own administrators. For more information, see VPC Service Controls.

In addition to private ingress, you can now use Private Service Connect to set up private egress from your CCAI Platform instances. For more information, see Set up private egress.

Generative AI on Vertex AI

Gen AI Evaluation Service is Generally Available. To learn more, see the Gen AI Evaluation Service overview.

Google Cloud Architecture Center

(New guide) Select a managed container runtime environment: Learn about managed runtime environments and assess your requirements to choose between Cloud Run and GKE Autopilot.

Google SecOps SIEM

The prioritization logic of Applied Threat Intelligence (ATI) rule set has been improved to remove alerts from events that have a specified security result action of BLOCKED or QUARANTINED. This change only impacts the IP address indicator types for both High and Active Breach priority. For more information, see View details about rule sets.

Looker Studio

Community migration is complete

The Looker Studio Help community migration to Google Cloud is complete. To ask questions and participate in conversations with fellow Looker Studio users and experts, visit the new community.

Memorystore for Valkey

Preview release of Memorystore for Valkey.

Network Connectivity Center

Preset topologies and include export filters are generally available.

Preset topologies let you specify the connectivity configuration across all VPC spokes. You can choose between mesh or star preset topologies. Include export filters lets you limit connectivity by specifying a list of permitted CIDR ranges, thereby blocking all but the permitted IP address ranges.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.65.0 (2024-07-29)

Features
  • spanner: Add RESOURCE_EXHAUSTED to retryable transaction codes (#10412) (29b52dc)
Bug Fixes
  • spanner/test: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • spanner/test: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • spanner/test: Update dependencies (257c40b)
  • spanner: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • spanner: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • spanner: Fix negative values for max_in_use_sessions metrics #10449 (#10508) (4e180f4)
  • spanner: HealthCheck should not decrement num_in_use sessions (#10480) (9b2b47f)
  • spanner: Update dependencies (257c40b)

1.66.0 (2024-08-07)

Features
  • spanner: Add support of multiplexed session support in writeAtleastOnce mutations (#10646) (54009ea)
  • spanner: Add support of using multiplexed session with ReadOnlyTransactions (#10269) (7797022)

1.67.0 (2024-08-15)

Features
  • spanner/admin/database: Add resource reference annotation to backup schedules (#10677) (6593c0d)
  • spanner/admin/instance: Add edition field to the instance proto (6593c0d)
  • spanner: Support commit options in mutation operations. (#10668) (62a56f9)
Bug Fixes
  • spanner/test/opentelemetry/test: Update google.golang.org/api to v0.191.0 (5b32644)
  • spanner: Update google.golang.org/api to v0.191.0 (5b32644)
Documentation
  • spanner/admin/database: Add an example to filter backups based on schedule name (6593c0d)

Java

Changes for google-cloud-spanner

6.72.0 (2024-08-07)

Features
  • Add RESOURCE_EXHAUSTED to the list of retryable error codes (e859b29)
  • Add field order_by in spanner.proto (e859b29)
  • Add QueryCancellationAction message in executor protos (e859b29)
  • Add SessionPoolOptions, SpannerOptions protos in executor protos (e859b29)
  • Add support for multi region encryption config (e859b29)
  • Enable hermetic library generation (#3129) (94b2a86)
  • spanner: Add samples for instance partitions (#3221) (bc48bf2)
  • spanner: Adding EXPECTED_FULFILLMENT_PERIOD to the indicate instance creation times (with FULFILLMENT_PERIOD_NORMAL or FULFILLMENT_PERIOD_EXTENDED ENUM) with the extended instance creation time triggered by On-Demand Capacity Feature (e859b29)
  • spanner: Set manual affinity incase of gRPC-GCP extenstion (#3215) (86b306a)
  • Support Read RPC OrderBy (#3180) (735bca5)
Bug Fixes
  • Make sure commitAsync always finishes (#3216) (440c88b)
  • SessionPoolOptions.Builder#toBuilder() skipped useMultiplexedSessions (#3197) (027f92c)
Dependencies
  • Bump sdk-platform-java-config to 3.33.0 (#3243) (35907c6)
  • Update dependencies to latest (#3250) (d1d566b)
  • Update dependency com.google.auto.value:auto-value-annotations to v1.11.0 (#3191) (065cd48)
  • Update dependency com.google.cloud:google-cloud-trace to v2.47.0 (#3067) (e336ab8)

6.73.0 (2024-08-22)

Features
  • Add option for cancelling queries when closing client (#3276) (95da1ed)
Bug Fixes
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#3277) (c449a91)
  • Update dependency commons-cli:commons-cli to v1.9.0 (#3275) (84790f7)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.41.0 (#3269) (a7458e9)
  • Update dependency org.hamcrest:hamcrest to v3 (#3271) (fc2e343)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.11.0 (#3272) (1bc0c46)
  • Update opentelemetry.version to v1.41.0 (#3270) (88f6b56)
Documentation
  • Create a few code snippets as examples for using Spanner Graph using Java (#3234) (61f0ab7)

Node.js

Changes for @google-cloud/spanner

7.11.0 (2024-07-29)

Features

7.12.0 (2024-08-02)

Features

7.13.0 (2024-08-09)

Bug Fixes

7.14.0 (2024-08-14)

Features
  • spanner: Add resource reference annotation to backup schedules (#2093) (df539e6)
Bug Fixes
  • deps: Update dependency google-gax to v4.3.9 (#2094) (487efc0)

Python

Changes for google-cloud-spanner

3.48.0 (2024-07-30)

Features
  • Add field lock_hint in spanner.proto (9609ad9)
  • Add field order_by in spanner.proto (9609ad9)
  • spanner: Add support for txn changstream exclusion (#1152) (00ccb7a)
Bug Fixes

August 29, 2024

AlloyDB for PostgreSQL

Query federation between BigQuery and AlloyDB is now generally available (GA). This feature lets you use BigQuery to query data stored in AlloyDB databases.

Database server compatibility with PostgreSQL version 16 is now available in Preview. You can create AlloyDB clusters with PostgreSQL 16 compatibility.

Anthos Config Management

The spec.git and spec.enableLegacyFields fields of the ConfigManagement object have been removed. The spec.enableMultiRepo field is now set to true by default, automatically enabling the RootSync API. RootSync provides the same core functionality, along with additional features.

If you currently configure Git settings within a ConfigManagement object, to avoid disruptions, before upgrading you must migrate this configuration to a RootSync object.

Optimized Config Sync resource usage by implementing watch filtering with ApplySet ("applyset.kubernetes.io/" labels and annotations). This reduces reconciler Deployment memory consumption by limiting events and cached objects to those relevant to the managed package. For more information on the resource usage optimization, see Config Sync Watch Filtering v1.18 vs v1.19.

Config Sync now enables loading files from directories beyond the Kustomize root during rendering. For more information, refer to Configure Kubernetes with Kustomize.

Improved support for private registries. If you've configured a private registry for your cluster, Config Sync now automatically detects and updates the image references within its reconciler Deployments to point to the corresponding images in your private registry.

Upgraded bundled Helm version from v3.14.4 to v3.15.3 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

Upgraded the Open Telemetry image from 0.102.0 to 0.103.0 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.

Fixed some inaccuracies in status updates and metrics reports.

BigQuery

The BigQuery Data Transfer Service now supports incremental transfers when you migrate your data from your Teradata data warehouses to BigQuery. This feature is generally available (GA).

Delta Lake BigLake tables are now generally available (GA). Delta Lake is an open source, tabular data storage format that supports petabyte scale data tables.

Dialogflow

Dialogflow CX & ES: Text-to-Speech Journey Voices will get an update in the week of Sept 3. If you select a journey voice in your agent Text-to-Speech settings (CX, ES), only LINEAR16 output audio_encoding (CX, ES) will be supported starting from Sept 3. This model update will also include slight variations in pauses, tone, and so on of the synthesized journey voices.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.0-gke.1930 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.0-gke.1930 runs on Kubernetes v1.30.3-gke.200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

  • For admin and user clusters created at 1.30 and later versions, loadBalancer.Kind needs to be set to either MetalLB or ManualLB.
  • For user clusters created at 1.30 and later versions, enableControlplaneV2 needs to be set to true.
  • The featureGates.GMPForSystemMetrics field in the stackdriver CR is now always on and can't be disabled. It has been default on since 1.16. If you have manually turned it off, this upgrade means a breaking change in some system metrics format. For information on changing this field, see Enabling and disabling Managed Service for Prometheus.

Version changes in 1.30.0-gke.1930:

  • Existing Seesaw load balancers now require TLS 1.2.
  • COS was upgraded to m109
  • Updated Dataplane V2 to use Cilium 1.13

Other changes in1.30.0-gke.1930:

  • Enhanced the upgrade process to include an automatic pre-upgrade check. Before you upgrade your admin or user cluster, the system runs this check to detect known issues. The check also provides guidance to ensure a smooth upgrade experience.
  • Ingress node ports are optional for ControlplaneV2 clusters.
  • Admin clusters created in 1.30 will use Dataplane V2, Google's Container Network Interface (CNI) implementation, which is based on Cilium.
  • Admin clusters upgraded to 1.30 from 1.29 will use Dataplane V2.
  • Removed mTLS on system metrics scrape endpoints, which makes it easier to integrate with 3rd party monitoring systems.
  • Stopped bundling cert-manager and removed the monitoring-operator because system components no longer depend on them. Cert-manager from existing 1.29 clusters will continue running, but stop being managed by Google after upgrading to 1.30. If you don't use cert-manager, you can delete cert-manager after upgrade. New clusters in 1.30 and higher won't come with cert-manager. If you rely on the bundled cert-manager for their own use case, you should install their own in new clusters.
  • The implementation of the preview feature usage metering has changed. Clusters using this feature will continue to function, but we recommend that you use the predefined dashboard, Anthos Cluster Utilization Metering, to understand resource usage at different levels.

​​The following issues were fixed in 1.30.0-gke.1930:

  • Fixed the known issue where cluster creation failed due to the control plane VIP in a different subnet.
  • Fixed the known issue where a user cluster with Binary Authorization failed to come up.
  • Fixed the known issue that caused the Connect Agent to lose connection to Google Cloud after a non-HA to HA admin cluster migration.
  • Fixed the known issue where the admin cluster upgrade failed for clusters created on versions 1.10 or earlier.
  • Fixed the known issue where the Docker bridge IP used 172.17.0.1/16 for COS cluster control plane nodes.
  • Fixed the known issue where the HA admin cluster installation preflight check reported the wrong number of required static IPs.
  • Fixed the known issue that caused multiple network interfaces with the standard CNI didn't work.
  • Fixed a gkeadm preflight check that wasn't validating the VM folder.

The following vulnerabilities were fixed in 1.30.0-gke.1930:

Critical container vulnerabilities:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.30.0-gke.1930

Google Distributed Cloud for bare metal 1.30.0-gke.1930 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.0-gke.1930 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Version 1.16 end of life: In accordance with the Version Support Policy, version 1.16 (all patch releases) of Google Distributed Cloud for bare metal has reached its end of life and is no longer supported.

New and updated features:

  • Preview: Added support for keyless mode for clusters. This feature uses short-lived tokens and Workload Identity Federation for your cluster and workload credentials, instead of the default long-lived service account keys and Kubernetes Secrets. This feature provides improved security and reduces credential maintenance.

  • Preview: Added support for Custom Scheduler Configuration for pods to automatically spread workloads across cluster nodes for increased reliability.

  • GA: Added support for admin and hybrid clusters to manage multiple versions of user clusters concurrently.

  • GA: Added support for node-level private registry configuration for workload images.

  • GA: Updated the bmctl update command to display the difference between the specs in the YAML cluster configuration file and the deployed Cluster resource. The diff covers the specs for both the Cluster resource and the NodePool resource.

  • GA: Added support for rolling back select node pool upgrades.

  • GA: Added support for specifying a session duration for Identity Service-issued tokens. You can set a session duration between 15 and 1440 minutes (24 hours). Shorter sessions provide better security (at the cost of more frequent reauthentication). Longer sessions reduce the frequency for reauthentication (at the cost of reduced security).

  • Preview: Updated the gcloud beta container fleet memberships get-credentials command to use a connect gateway preview feature that lets you run the kubectl attach, cp, and exec commands. For more information, see Limitations.

Functionality changes:

  • Updated the node pool upgrade behavior. Version 1.30 and higher clusters, support all node pool versions from the preceding two minor versions. The preview.baremetal.cluster.gke.io/two-minor-version-node-pool: enable annotation isn't required when upgrading clusters from version 1.29 to version 1.30.

  • Updated the bmctl version command to return the metadata image digest in the response. To print only the metadata image digest only, specify the new --option value metadata-digest.

  • Deprecated the spec.gkeVersion field in the Machine custom resource. Starting with version 1.30.0, the spec.gkeVersion field is set to empty. For accurate version information, use anthosBareMetalVersion (GDC for bare metal version) in the Cluster resource spec or gkeVersion (Kubernetes version) in the Cluster resource status.

  • Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, such as Cluster, NodePool, BareMetalMachine, and BareMetalCluster.

  • Updated registry mirror support to allow you to specify a port for host addresses.

  • Updated the networking preflight check to verify that either the ip_tables or the nf_tables kernel module is available for loading, instead of being explicitly loaded.

  • Updated the stackdriver custom resource to remove the feature gate for using Managed Service for Prometheus for system metrics featureGates.GMPForSystemMetrics. This feature gate has defaulted to on (true) since version 1.16. If you have manually disabled using Managed Service for Prometheus for system metrics, upgrading to version 1.30 might be a breaking change for some system metrics formats.

  • Added checks to validate the SSH client certificate file type before saving the certificate as a Secret.

  • Updated GKE Identity Service custom resource definition to change the description for IdentityServiceOptions and improve formatting.

  • Added preflight checks for available disk space in specific directories:

    • During cluster creation, the following directories are checked:

      • / (the root directory) has at least 4 GiB of free space

      • /var/log/fluent-bit-buffers has at least 12 GiB of free space

      • /var/opt/buffered-metrics has at least 10016 MiB of free space

    • During a cluster upgrade, the following directory is checked:

      • / (the root directory) has at least 2 GiB of free space

  • GA: Adopted the GKE audit policy, instead of the previous unpopulated policy.

Fixes:

  • Fixed an issue where old, inoperable WebHook resources caused problems with cluster upgrades.

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

  • Fixed an issue where service accounts created by using the --create-service-accounts flag with the bmctl create config command don't have enough permissions.

  • Fixed an issue where the kubelet doesn't honor shortened, 1-second grace period for pod deletion during eviction-based draining.

The following container image security vulnerabilities have been fixed in 1.30.0-gke.1930:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.28.900-gke.112

Google Distributed Cloud for bare metal 1.28.900-gke.112 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.900-gke.112 runs on Kubernetes 1.28.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Security Command Center

Dynamic mute rules are generally available

Security Command Center now supports dynamic mute rules, which allow you to mute future and existing findings temporarily until a specified date or indefinitely until a finding no longer matches the configuration. We are adding these rules as an alternative to the original static mute rules that only mute future findings indefinitely.

We recommend using dynamic mute rules exclusively in your mute rule configurations. For instructions on how to migrate your existing mute rules to dynamic mute rules, see Migrate from static to dynamic mute rules.

For a comparison of static and dynamic mute rules, see Types of mute rules.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0 is now available for iOS.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.

August 28, 2024

BigQuery

You can now use the GROUP BY clause and the SELECT DISTINCT clause with the ARRAY and STRUCT data types. This feature is in Preview.

The following Gemini in BigQuery features are now generally available (GA):

To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.

Phrase support for the SEARCH function is now generally available (GA).

Bigtable

The Preview of Data Boost for Bigtable has been expanded to let you use Data Boost compute resources when you read Bigtable data using a Spark application. For more information, see Use the Bigtable Spark connector.

Cloud Load Balancing

The Global external Application Load Balancer and the Classic Application Load Balancer will no longer support TLS sessionID resumption. They continue to support modern forms of TLS resumption.

The TLS protocol supports an optimization which allows a client reconnecting to a server with which it has communicated before to perform a cheaper abbreviated handshake. This optimization is available in several modes, which include the modern PSK and ticket mechanisms, as well as the long-obsolete sessionID mechanism.

The Global external Application Load Balancer and the Classic Application Load Balancer are the only Google Cloud products that currently support the obsolete sessionID mechanism.

This sessionID mechanism is going to be disabled over the next 4-5 weeks. Clients that currently make use of sessionID will transparently fall back to full TLS handshakes. To recover the performance optimization gains, we recommend that you upgrade clients to modern TLS libraries which support the PSK or ticket mechanisms.

Dataplex

Data insights is generally available (GA). Data insights offers an automated way to explore and understand your data. It uses Gemini to generate queries based on the metadata of a table, and helps you uncover patterns, assess data quality, and perform statistical analysis.

You generate data insights in BigQuery. You can view data insights in Dataplex and in BigQuery.

Google Kubernetes Engine

(2024-R32) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.30.3-gke.1639000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1090000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1174000
    • 1.30.3-gke.1225000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1639000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

Regular channel

Stable channel

Extended channel

No channel

(2024-R32) Version updates

  • Version 1.30.3-gke.1639000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1082000
    • 1.28.12-gke.1090000
    • 1.28.12-gke.1179000
    • 1.29.7-gke.1174000
    • 1.30.3-gke.1225000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1148000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.13-gke.1006000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1274000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1639000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1639000 with this release.

(2024-R32) Version updates

(2024-R32) Version updates

(2024-R32) Version updates

(2024-R32) Version updates

Vertex AI Agent Builder

Vertex AI Search: Turn off schema auto-detect for structured data

By default, schema auto-detect dynamically adds new properties to the schema when the property fields are detected on data import.

However, you can turn off the dynamic feature so that only data that corresponds to fields already in the schema get imported. This is good approach for not-so-clean data because you can choose not to import extraneous data that isn't part of your defined schema and that you don't want in your structured data store.

For more information, see About providing your own schema as a JSON object.

Vertex AI Search: Datetime and geolocation detection for structured data

By default, when structured data is imported, fields that are detected in datetime and geolocation format are assigned those types in the schema.

However, you can turn off datetime and geolocation detection so that in the schema the datetime fields are set to type string and the geolocation fields are set to type object.

For more information, see About providing your own schema as a JSON object.

August 27, 2024

Apigee X

Clarification: On July 26 we announced monetization support with data residency. Please note that monetization support with data residency is for non-hybrid organizations only at this time.

For more information, see Introduction to data residency.

Cloud Composer

(Cloud Composer 2) Starting on September 26, 2024, all Cloud Composer environments within a VPC SC perimeter will have no access to public PyPI repositories by default. For details about installing PyPI packages in the VPC SC mode, see Installing PyPI packages.

Cloud Run

The following Cloud Run volume types are now generally available (GA):

  • Mounting an NFS file share as a volume for Cloud Run services and jobs .
  • Mounting a Cloud Storage bucket as a storage volume for Cloud Run services and jobs.
Google Kubernetes Engine

Starting from version 1.30.3-gke.1451000, new and upgraded GKE clusters support the GKE Metrics Server updates where the addon-resizer runs in the cluster's control plane instead of worker nodes.

Security Command Center

Documentation is available for the Security Posture REST API.

Sensitive Data Protection

Regional endpoints are available for Sensitive Data Protection. Regional endpoints help you meet data residency requirements by keeping data at rest, in use, and in transit within your specified region. For more information, see Global and regional endpoints for Sensitive Data Protection.

Regional endpoints for Sensitive Data Protection are available in the following regions:

  • australia-southeast1
  • asia-east1
  • asia-east2
  • asia-northeast1
  • asia-northeast3
  • asia-south1
  • asia-south2
  • asia-southeast1
  • asia-southeast2
  • europe-central2
  • europe-north1
  • europe-southwest1
  • europe-west1
  • europe-west2
  • europe-west3
  • europe-west4
  • europe-west6
  • europe-west8
  • europe-west9
  • me-central1
  • me-central2
  • me-west1
  • southamerica-east1
  • southamerica-west1
  • northamerica-northeast1
  • northamerica-northeast2
  • us-central1
  • us-east1
  • us-east4
  • us-east5
  • us-south1
  • us-west1
  • us-west2
  • us-west3
  • us-west4

August 26, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36978

For more details, see the GCP-2024-049 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36978

For more details, see the GCP-2024-049 security bulletin.

Apigee X

On, August 26, 2024, Apigee announced the GA launch of its non-VPC provisioning option.

With the non-VPC peering provisioning approach, you are not required to provide networks and IP ranges during the Apigee provisioning process. Instead, you use Private Service Connect (PSC) for routing northbound traffic to Apigee and southbound traffic to target services running in your Google Cloud projects. Non-VPC peering is supported for command-line (CLI) steps only. You can perform non-VPC provisioning for subscription, Pay-as-you-go, and evaluation installations of Apigee.

To learn more, see Apigee networking options.

BigQuery

You can now create remote models in BigQuery ML based on the Anthropic Claude model in Vertex AI.

Use the ML.GENERATE_TEXT function with these remote models to perform generative natural language tasks for text stored in BigQuery tables. Try this feature with the Generate text by using the ML.GENERATE_TEXT function how-to topic.

This feature is in preview.

You can now use EXPORT DATA statements to directly export BigQuery data to Bigtable (reverse ETL). This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.43.0 (2024-08-22)

Features
  • Add fields and the BackupType proto for Hot Backups (#2300) (acaa3ff)
  • Allow non default service account in DirectPath (#2312) (09d0f23)
  • bigtable: Remove deprecated Bytes from BigEndianBytesEncoding (#2309) (32f244f)
  • Enable hermetic library generation (#2234) (169aea5)
Bug Fixes
  • Add missing call to EqualsTester#testEquals (#2307) (8b49f9c)
Dependencies
Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • GKE On-prem API
    • gkeonprem.googleapis.com/BareMetalCluster
    • gkeonprem.googleapis.com/BareMetalNodePool
    • gkeonprem.googleapis.com/VmwareCluster
    • gkeonprem.googleapis.com/VmwareNodePool

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Controls Partner APIs
    • cloudcontrolspartner.googleapis.com/Partner
    • cloudcontrolspartner.googleapis.com/Customer
    • cloudcontrolspartner.googleapis.com/Workload
Cloud Functions

The Cloud Run functions (cloud functions v2 API) build process now supports cross-project Artifact Registry repositories for greater configurability. This support is at the Preview release level.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.20.1 (2024-08-22)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#1677) (dbd050c)

Python

Changes for google-cloud-logging

3.11.2 (2024-08-15)

Bug Fixes
  • deps: Require google-cloud-appengine-logging>=0.1.3 (550abca)
  • deps: Require google-cloud-audit-log >= 0.2.4 (550abca)
  • deps: Require opentelemetry-api>=1.9.0 (550abca)
  • Fixed type hinting issue with specifying Transport class (#930) (e2875d6)
Cloud Run

You can now configure traffic routing between Cloud Run and Cloud Run, Google Kubernetes Engine, and Google Compute Engine services using Cloud Service Mesh service routing APIs. Cloud Run also automatically authenticates calls to destination services using service account credentials (In Preview).

Container Optimized OS

cos-dev-121-18632-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.47 v24.0.9 v1.7.20 See List

Upgraded app-admin/google-guest-agent to v20240816.00.

Upgraded app-admin/fluent-bit to v3.1.6.

Upgraded chromeos-base/shill-client to v0.0.1-r4654.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r640.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2799.

Upgraded chromeos-base/debugd-client to v0.0.1-r2710.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2445.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2945.

Upgraded dev-db/sqlite to v3.46.1.

Upgraded sys-fs/xfsprogs to v6.9.0.

Upgraded net-dns/c-ares to v1.33.0.

Upgraded sys-apps/gentoo-functions to v1.7.2.

Updated the Linux kernel to v6.6.47.

Runtime sysctl changes:

  • Added: vm.unprivileged_userfaultfd: 0
  • Changed: fs.file-max: 811814 -> 811752

cos-101-17162-528-16

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 See List

Fixed CVE-2023-0597 in the Linux kernel.

Fixed CVE-2024-42154 in the Linux kernel

Fixed CVE-2024-41087 in the Linux kernel

Fixed CVE-2024-42247 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 813025 -> 813018
  • Changed: kernel.threads-max: 63552 -> 63551
  • Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94137 125519 188274
  • Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188277 251039 376554
  • Changed: user.max_cgroup_namespaces: 31776 -> 31775
  • Changed: user.max_ipc_namespaces: 31776 -> 31775
  • Changed: user.max_mnt_namespaces: 31776 -> 31775
  • Changed: user.max_net_namespaces: 31776 -> 31775
  • Changed: user.max_pid_namespaces: 31776 -> 31775
  • Changed: user.max_time_namespaces: 31776 -> 31775
  • Changed: user.max_user_namespaces: 31776 -> 31775
  • Changed: user.max_uts_namespaces: 31776 -> 31775

cos-beta-117-18613-0-10

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.20 See List

Upgraded app-admin/fluent-bit to v3.1.6.

Upgraded sys-apps/pv to v1.8.12.

Updated google-osconfig-agent to v20240822.00.

cos-105-17412-448-16

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2023-0597 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812707 -> 812685
  • Changed: kernel.threads-max: 63552 -> 63551
  • Changed: net.ipv4.tcp_mem: 94140 125520 188280 -> 94137 125519 188274
  • Changed: net.ipv4.udp_mem: 188280 251041 376560 -> 188277 251039 376554
  • Changed: user.max_cgroup_namespaces: 31776 -> 31775
  • Changed: user.max_ipc_namespaces: 31776 -> 31775
  • Changed: user.max_mnt_namespaces: 31776 -> 31775
  • Changed: user.max_net_namespaces: 31776 -> 31775
  • Changed: user.max_pid_namespaces: 31776 -> 31775
  • Changed: user.max_time_namespaces: 31776 -> 31775
  • Changed: user.max_user_namespaces: 31776 -> 31775
  • Changed: user.max_uts_namespaces: 31776 -> 31775

cos-109-17800-309-24

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Updated google-osconfig-agent to v20240822.00.

cos-113-18244-151-27

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Updated google-osconfig-agent to v20240822.00.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.10.0 (2024-08-20)

Features
  • dataflow: Add support for Go 1.23 iterators (84461c0)
Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.115-debian10, 2.0.115-rocky8, 2.0.115-ubuntu18
  • 2.1.63-debian11, 2.1.63-rocky8, 2.1.63-ubuntu20, 2.1.63-ubuntu20-arm
  • 2.2.29-debian12, 2.2.29-rocky9, 2.2.29-ubuntu22
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for datastore/admin/apiv1

1.19.0 (2024-08-22)

Features

1.18.0 (2024-08-21)

Features
  • datastore: Add support for Go 1.23 iterators (84461c0)
  • datastore: Start generating datastorepb protos (946a5fc)
Bug Fixes
  • datastore: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • datastore: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • datastore: Ignore field mismatch errors (#8694) (6625d12)
  • datastore: Update dependencies (257c40b)
  • datastore: Update google.golang.org/api to v0.191.0 (5b32644)

Java

Changes for google-cloud-datastore

2.21.2 (2024-08-22)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#1547) (8c5f595)
Generative AI on Vertex AI

For controlled generation, you can have the model respond with an enum value in plain text, as defined in your response schema. Set the responseMimeType to text/x.enum. For more information, see Control generated output.

Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

Google Distributed Cloud (software only) for bare metal

Release 1.16.12

Google Distributed Cloud for bare metal 1.16.12 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.12 runs on Kubernetes 1.27.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36978

For more details, see the GCP-2024-049 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-41009

For more details, see the GCP-2024-048 security bulletin.

Looker

To create a Looker (Google Cloud core) instance with Private Service Connect, it is no longer necessary to be added to an allowlist.

Network Intelligence Center

Network Analyzer now includes an insight indicating that the next hop IP address is not assigned to any forwarding rule in the relevant networks. This insight is already available in the Recommender API. For more information, see routes with an invalid next hop insight.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.6.0 (2024-07-12)

Features
  • Add max messages batching for Cloud Storage subscriptions (#1956) (90546f6)
  • Add use_topic_schema for Cloud Storage Subscriptions (#1948) (120fa1b)
Bug Fixes
  • docs samples: Update missing argv in sample metadata for push subscription (#1946) (34b8c03)

Go

Changes for pubsub/apiv1

1.42.0 (2024-08-19)

Features
Bug Fixes
  • pubsub: Update google.golang.org/api to v0.191.0 (5b32644)

Java

Changes for google-cloud-pubsub

1.132.1 (2024-08-20)

Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.42.0 (#2140) (80dca35)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.34.0 (#2141) (273fbf3)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.3 (#2127) (8523b4f)
  • Update dependency org.xerial.snappy:snappy-java to v1.1.10.6 (#2135) (102ff84)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.0 (2024-08-20)

Features
  • secretmanager: Add support for Go 1.23 iterators (84461c0)

August 23, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-41009

For more details, see the GCP-2024-048 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-41009

For more details, see the GCP-2024-048 security bulletin.

Apigee API hub

On August 23, 2024, we updated the Preview release of Apigee API hub.

You can now edit an uploaded API specification's metadata through the Cloud console. See Edit specification metadata.

You can now choose in the Cloud console to restrict the upload of an API specification file that contains errors. By default, specs containing errors are uploaded. See Add a spec to an existing version.

When an Apigee API proxy is auto-registered, its deployment type is now labeled either Apigee X or Apigee hybrid. Existing Apigee proxy deployments registered with API hub will also be labeled with the appropriate type. See Auto-register Apigee proxies.

All API proxy endpoints auto-registered from Apigee will be prefixed with https:// by default. Endpoints for existing API proxies that were added to API hub will be updated.

A validation check has been added to reject an API specification style guide upload if the style guide's extends property contains a URL. See Upload a new style guide.

User interface and performance improvements were made.

Provisioning improvements were made to address potential failures.

Apigee hybrid

hybrid v1.13.0

On August 23, 2024 we released an updated version of the Apigee hybrid software, v1.13.0.

Storing additional secrets in an external secret store

Starting in version v1.13, You can now store AX Hash Salt, Redis password, and Encryption keys in an external secret store like Hashicorp Vault. See Storing Secrets in Vault.

Apigee Operator now runs in the Apigee Kubernetes namespace

Starting in version v1.13, apigee-operator runs in the same name space as the other Apigee hybrid components instead of the apigee-system namespace. You can use apigee or your own custom Apigee namespace. See Upgrading Apigee hybrid to version v1.13.0 and Step 3: Create the apigee namespace.

Improved backup and restore

Starting in version v1.13.0, Apigee hybrid introduces a new backup and restore system. The new system removes the need for pod exec permission and use of a Kubernetes ClusterRole, and requires fewer Kubernetes Service Accounts when using Workload Identity. The new system replaces use of the apigee-cassandra-backup-utility image by using the apigee-hybrid-cassandra-client image. The apigee-cassandra-backup-utility image will no longer be provided starting with this release. See Scheduling backups in a remote server.

Leader election enabled for apigee-watcher component

Starting in version v1.13.0, leader election is enabled for the apigee-watcher component. For proper functioning of the leader election, make sure that the apigee-watcher component uses only one replica set.

Bug ID Description
352070616 Update Go language version.
351868444 Tolerations are now working for Redis's Envoy pod. (Fixed in 1.12.1-hotfix.1)
347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics. (Fixed in 1.11.2-hotfix.1)
347798999 Fixed issue preventing configuration of forward proxy for opentelemetry pods. (Fixed in Apigee hybrid v 1.12.1)
346589998 Check Cassandra DNS hostname resolution during Hybrid region expansion.
345501069 Fixed issue with Hybrid Guardrails resource configuration preventing the Guardails pod from starting. (Fixed in Apigee hybrid v 1.12.1)
341797795 Autofill the Hybrid Guardrails checkpoint value if a checkpoint is not provided. (Fixed in Apigee hybrid v 1.12.1)
340889560 Added csi to the apigee-logger SCC. (Fixed in Apigee hybrid v 1.12.0-hotfix.1)
340248314 Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways. The default value is 75. (Fixed in Apigee hybrid v 1.12.1)
339849002 Hashicorp Vault integration issues fixed for Google Service Account for Cassandra Backup/Restore. (Fixed in Apigee hybrid v 1.12.0-hotfix.1)
324779388 Improved error handling for backup and restore. (Fixed in Apigee hybrid v 1.12.1)
311489774 Removed inclusion of Java in Cassandra client image.. (Fixed in Apigee hybrid v 1.12.1)
310338146 Fixed invalid download directory output from the create-service-account tool. (Fixed in Apigee hybrid v 1.12.1)
300135626 Removed inclusion of Java in Cassandra Backup Utility image. (Fixed in Apigee hybrid v 1.12.1)
297539870 HTTPTargetConnection property io.timeout.millis is now honored correctly when using websockets. (Fixed in 1.11.2-hotfix.2)
239523766 Remove "Unable to evaluate jsonVariable, returning null" logging string from ExtractVariables Policy (Fixed in Apigee hybrid v 1.12.1)
181569113 Fixed an issue in new debug session creation. (Fixed in Apigee hybrid v 1.11.2)
Bug ID Description
N/A Security fixes for apigee-asm-istiod.
This addresses the following vulnerability:
N/A Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerability:
N/A Security fixes for apigee-connect-agent.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-envoy.
This addresses the following vulnerability:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerability:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra-client.
This addresses the following vulnerability:
N/A Security fixes for apigee-mart-server.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-operators.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prom-prometheus.
This addresses the following vulnerability:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerability:
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-udca.
This addresses the following vulnerability:
N/A Security fixes for apigee-watcher.
This addresses the following vulnerability:
N/A Security fixes for cassandra-backup-utility.
This addresses the following vulnerability:
Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Vertex AI
    • aiplatform.googleapis.com/NotebookExecutionJob
Cloud Vision

New label detection model

An improved model is now available for Label Detection. Along with the improved model, the topicality field is now populated correctly.

Specify "builtin/latest" in the model field of a Feature object to use the new model. We'll support both the current model and the new model the next 90 days. After 90 days, the new models will become the default. The current models can still be accessed by specifying "builtin/legacy" for an additional 90 days before they are deprecated.

Compute Engine

Generally available: Hyperdisk Storage Pools with Advanced Performance provisioning help you to manage the performance needs of your Hyperdisk Balanced and Hyperdisk Throughput disks. By creating your disks in a storage pool, you can provision your disks to handle peak performance spikes while also optimizing costs. For more information, see Provisioning types for Hyperdisk Storage Pools.

Document AI

Model pretrained-foundation-model-v1.3-2024-08-31 is available as a Release Candidate (RC) for custom extractor. For more information about available models, see Custom extractor model versions.

Model pretrained-ocr-v2.1-2024-08-07 is available as RC version of the Document AI OCR 2.1 processor. It has three key improvements:

  • Better printed text recognition.
  • More precise checkbox detection.
  • More accurate reading order.
Memorystore for Redis Cluster

Added support for Node level monitoring metrics.

Secret Manager

You can now create regional secrets using Secret Manager. When you create a regional secret, you specify the location where you want it to be stored. Your secret data remains within the chosen location at all times, whether it's at rest, in use, or in transit. This capability allows you to meet data residency requirements, which mandate that data remains within specified geographic boundaries, often due to regulatory or compliance reasons. The feature is in Preview.

For more information, see Data residency and regional secrets.

Vertex AI Agent Builder

Vertex AI Search: Connect Google Cloud Storage datasets to Vertex AI Search (Public preview)

You can create Vertex AI Search data stores that periodically sync with data in Cloud Storage datasets. You can choose how often you want to update your data stores: every day, every 3 days, or every 5 days.

Synchronizing Cloud Storage data to Vertex AI Search is available in Public preview. For more information, see Import from Cloud Storage.

Virtual Private Cloud

VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. This feature is available in Preview. For more information, see VPC Flow Logs.

The live migration feature for bring your own IP v1 has been removed. For new configurations, we recommend that you use bring your own IP v2, which lets you control when prefixes are advertised.

August 22, 2024

AlloyDB for PostgreSQL

AlloyDB Omni now offers in-depth documentation that describes how to install and use AlloyDB Omni in virtual machine (VM) environments. The information in these documents is in addition to the AlloyDB Omni documentation that describes how to install and use AlloyDB Omni in VM and Kubernetes environments. For more information, see Get started with AlloyDB Omni on VMs.

The extension temporal_tables version 1.2.2 has been added to extensions supported by AlloyDB.

The following extensions are updated:

  • Updated pg_partman to version 4.7.4.
  • Updated pgtt to version 3.0.0.
Apigee Integrated Portal

On August 22, 2024 we released a new version of the Apigee integrated portal.

Bug ID Description
350546059 Fixed an issue when displaying OpenAPI Specs in the portal that caused the Example button to show even when no example was present.
Application Integration

New canvas view

In the integration editor layout, you can try the new canvas view to create integration flows. This feature is in preview. The canvas view offers the following benefits:

  • Improved responsiveness of the canvas interaction
  • Clearer view of your integration
  • Minimap view
  • Easier to build integrations
Cloud Composer

(Cloud Composer 3) Fixed the dags backfill Airflow CLI command that was failing with a connection error.

Fixed a bug where executing Airflow CLI commands produced output that was not human-readable.

The apache-airflow-providers-google package was upgraded to version 10.21.1 in Cloud Composer 2 images with Airflow 2.7.3 and 2.9.1, and in all latest Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.21.0 to version 10.21.1.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.5
  • composer-3-airflow-2.7.3-build.14

Cloud Composer 2.9.2 images are available:

  • composer-2.9.2-airflow-2.9.1 (default)
  • composer-2.9.2-airflow-2.7.3

Cloud Composer version 2.4.1 has reached its end of support period.

Cloud Monitoring

Cloud Monitoring has ended support for the ingestion of AWS CloudWatch metrics by using AWS connector projects. This is a breaking change. For information about this deprecation, see Deprecations: AWS CloudWatch metrics in Connector projects.

You can continue to collect AWS CloudWatch metrics by using the open source Prometheus CloudWatch exporter and the Ops Agent. For information about this solution, see Collect AWS CloudWatch metrics by using the Prometheus CloudWatch exporter.

Cloud Run

Cloud Run is now supported by Sovereign Controls by Partners. The set of packages and features provided by Sovereign Controls by Partners lets you use Cloud Run while meeting digital sovereignty requirements and managing your workloads with data sovereignty guarantees.

Cloud Service Mesh

The onboarding path for Managed Cloud Service Mesh with asmcli is deprecated as of August 22, 2024, and support will end in February 2025. This change affects only Google Cloud clusters. Any off-Google Cloud clusters will continue to use asmcli.

To ensure this transition is as smooth as possible, use the gcloud or Cloud Console onboarding paths when creating new clusters before February 2025.

For clusters with existing Cloud Service Mesh deployments, no immediate action is required from you and those deployments remain fully supported.

1.20.8-asm.6 is now available for in-cluster Cloud Service Mesh.

You can now download 1.20.8-asm.6 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.20.8 subject to the list of supported features. Cloud Service Mesh 1.20.8-asm.6 uses Envoy v1.28.5.

1.21.5-asm.5 is now available for in-cluster Cloud Service Mesh.

You can now download 1.21.5-asm.5 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.21.5 subject to the list of supported features. Cloud Service Mesh 1.21.5-asm.5 uses Envoy v1.29.7.

1.22.4-asm.0 is now available for in-cluster Cloud Service Mesh.

You can now download 1.22.4-asm.0 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.4 subject to the list of supported features. Cloud Service Mesh 1.22.4-asm.0 uses Envoy v1.30.4.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.77
  • 1.2.21
  • 2.0.85
  • 2.2.21

Dataproc Serverless for Spark: Subminor version 2.0.85 is the last release of runtime version 2.0, which will no longer be supported and will not receive new releases.

Generative AI on Vertex AI

AI21 Labs

Managed models from AI21 Labs are available on Vertex AI. To use a AI21 Labs model on Vertex AI, send a request directly to the Vertex AI API endpoint. For more information, see AI21 models.

Looker Studio

Conditional formatting for collapsed pivot table charts

You can now apply single color conditional formatting to collapsed pivot table charts.

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

August 21, 2024

Artifact Registry

The following Artifact Registry Cloud Audit Log method names have changed:

  • Docker-EmptyTarBlob is renamed Docker-ServeBlob
  • Docker-GetEmptyTags is renamed Docker-GetTags
  • Docker-HeadEmptyTarBlob is renamed Docker-HeadBlob
  • Kfp-UploadPackage-Redirect is renamed Kfp-UploadPackage
  • Apt-ViewRemoteIndexFile is renamed to indicate the type of file requested:
    • Apt-ViewIndexFile: when a repository metadata file is requested
    • Apt-Contents: when the Contents index file for a specific repository component and architecture type is requested
    • Apt-ViewArchIndexFile: when the Packages index file for a specific repository component and architecture type is requested
  • Apt-ViewRemotePackageFile is renamed Apt-ViewPackageFile
  • Yum-ViewUpstreamFile is renamed to indicate the type of file requested:
    • Yum-ViewIndexKey: when the public key for signing Yum packages is requested
    • Yum-ViewIndexFile: when one of a repository's index files is requested
    • Yum-ViewPackageFile: when a Yum package file is requested

For more information on Artifact Registry logs, see Audit Logging.

BigQuery

Python code completion is now available for all BigQuery projects. This feature is available in preview. To learn how to enable and activate Gemini in BigQuery features, see Set up Gemini in BigQuery.

Certificate Manager

You can now update the "labels" and "descriptions" of your certificate issuance configurations using the Google Cloud CLI or API. For more information, see Manage certificate issuance configuration.

Regional Google-managed certificates are now generally available (GA). For more information, see Certificate Manager overview.

Support for managing certificates independently in each project with separate authorization is now generally available (GA). For more information, see Manage DNS authorizations.

Cloud Functions

Cloud Functions has been renamed to Cloud Run functions.

  • Cloud Functions (1st gen) is now known as Cloud Run functions (1st gen).
  • Cloud Functions (2nd gen) is now known as Cloud Run functions.

Learn more in the blog post.

You can also deploy new functions, and modify existing functions that were created with the Cloud Functions v2 API in Cloud Run. This enables you to customize your function as you would a Cloud Run service.

Cloud Run

You can now configure GPU in your Cloud Run service (Preview).

You can now deploy functions in Cloud Run (Preview). Functions that were created using the Cloud Functions v2 API can now be directly updated in Cloud Run. Note that you must use Google Cloud SDK 489.0.0 version or later if using the gcloud CLI.

Learn more about the different use cases for deploying functions.

Cloud Run now provides security updates for services that are deployed from source when you specify the runtime base image (Preview). Automatic security updates are enabled by default for functions. For details, see Configure automatic base image updates.

Document AI

Date and Currency Normalization for custom extractor

With this release, the model will deduce the region information from the document and use it to disambiguate the date and currency formats in the following ways:

  • This release will enable the support of region based date and currency normalization of entities with datetime and currency data types in Custom Document Extractor (CDE) Generative AI based processor versions v1.1 and v1.2.
  • Currently CDE Generative AI based processor supports date and currency normalization but it defaults to US date format and USD respectively in case the values are ambiguous. In other words, if a date can be parsed in mm/dd/yyyy and dd/mm/yyyy formats, it will use mm/dd/yyyy format for normalization. Similarly if $ can be mean USD or CAD, it would default to USD.

For more information, go to the Entity Normalization page.

Google Kubernetes Engine

GKE support for Hyperdisk ML as an attached persistent disk option is now generally available. Support is available for both Autopilot and Standard clusters running GKE versions 1.30.2-gke.1394000 and later.

Migrate to Virtual Machines

On April 30, 2024, the 4.x versions of Migrate for Compute Engine reached end of life, and the product was deprecated on Google Cloud.

To migrate your virtual machines (VMs) to Compute Engine, use Migrate to Virtual Machines.

Secret Manager

You can attach tags to secrets to conditionally grant or deny access to Secret Manager resources. For example, you can conditionally grant Identity and Access Management (IAM) roles based on whether a secret has a specific tag. This feature is in Preview. For more information, see Create and manage tags.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0 is now available for Android.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.

August 20, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-39503

For more details, see the GCP-2024-047 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-39503

For more details, see the GCP-2024-047 security bulletin.

Backup and DR

Backup and DR Service hotfixes hf-11.0.12.3217, hf-11.0.12.3218, and hf-11.0.12.3219 automatically update backup/recovery appliances. These hotfixes address the following issues:

  • Oracle DB application backups wait indefinitely for in-progress log backups to complete. These log backups, in turn, cannot obtain a lock mutex to discover the backup staging LUNs, resulting in an indefinite hang. This issue occurs when the size of the application transaction logs exceeds the log backup staging size.
  • Cloud stats are repeatedly logged into the enginemgr log and increase log usage.
BigQuery

You can now perform anomaly detection with BigQuery ML multivariate time series (ARIMA_PLUS_XREG) models. This feature lets you detect anomalies in historical time series data or in new data with multiple feature columns. You can try this feature by using the Perform anomaly detection with a multivariate time-series forecasting model tutorial. This feature is generally available (GA).

Config Controller

Config Controller now uses the following versions of its included products:

Container Optimized OS

cos-beta-117-18613-0-3

Kernel Docker Containerd GPU Drivers
COS-6.6.44 v24.0.9 v1.7.20 See List

Updates to Major Packages:

Upgraded app-admin/node-problem-detector to v0.8.19.

Upgraded app-admin/google-guest-configs to v20240607.00.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded app-containers/docker-credential-helpers to v0.8.2.

Upgraded app-admin/google-guest-agent to v20240716.00.

Upgraded app-admin/google-osconfig-agent to v20240501.00.

Upgraded Konlet to v.0.12.0. This fixes an iptables compatibility issue.

Upgraded go to version 1.22.3.

Upgraded sys-boot/grub-lakitu to the FC 39's current version.

Upgraded localtoast to v1.1.7 and opted out of logging-service-running benchmark by default for cis-level2.

Upgraded app-containers/docker, app-containers/docker-test and app-containers/docker-cli to v24.0.9.

Updated app-containers/nvidia-container-toolkit to v1.14.6.

Upgraded app-emulation/cloud-init to v23.4.3.

Updated sys-apps/systemd to v254.9.

Updated app-emulation/kubernetes to v1.30.3.

Updated docker-credential-gcr to v2.1.22.

Updated app-containers/runc to v1.1.12.

Updated net-misc/openssh to v9.6_p1-r1.

Updated toolbox to v20230714.

Upgraded app-admin/fluent-bit to v3.1.3.

New Features and Changes in the Linux Kernel:

Runtime sysctl changes:

  • Added: dev.tty.legacy_tiocsti: 1
  • Added: kernel.io_uring_group: -1
  • Added: kernel.kexec_load_limit_panic: -1
  • Added: kernel.kexec_load_limit_reboot: -1
  • Added: kernel.loadpin.enforce: 1
  • Added: net.core.mem_pcpu_rsv: 256
  • Added: net.core.rps_default_mask: 00
  • Added: net.ipv4.tcp_plb_cong_thresh: 128
  • Added: net.ipv4.tcp_plb_enabled: 0
  • Added: net.ipv4.tcp_plb_idle_rehash_rounds: 3
  • Added: net.ipv4.tcp_plb_rehash_rounds: 12
  • Added: net.ipv4.tcp_plb_suspend_rto_sec: 60
  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Added: net.ipv4.tcp_shrink_window: 0
  • Added: net.ipv4.tcp_syn_linear_timeouts: 4
  • Added: net.ipv4.udp_child_hash_entries: 0
  • Added: net.ipv4.udp_hash_entries: 4096
  • Added: net.ipv6.conf.all.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.default.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.docker0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.eth0.accept_ra_min_lft: 0
  • Added: net.ipv6.conf.lo.accept_ra_min_lft: 0
  • Added: net.ipv6.icmp.error_anycast_as_unicast: 0
  • Added: vm.memfd_noexec: 0
  • Added: kernel.io_uring_disabled: 0
  • Added: fs.overflowgid: 65534
  • Changed: net.core.optmem_max: 131072 -> 20480
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 0 -> 256 256 32 0
  • Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
  • Changed: fs.fanotify.max_user_marks: 67560 -> 67544
  • Changed: fs.file-max: 811776 -> 811724
  • Changed: fs.inotify.max_user_watches: 63441 -> 63425
  • Changed: kernel.threads-max: 63503 -> 63487
  • Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
  • Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
  • Changed: user.max_cgroup_namespaces: 31751 -> 31743
  • Changed: user.max_fanotify_marks: 67560 -> 67544
  • Changed: user.max_inotify_watches: 63441 -> 63425
  • Changed: user.max_ipc_namespaces: 31751 -> 31743
  • Changed: user.max_mnt_namespaces: 31751 -> 31743
  • Changed: user.max_net_namespaces: 31751 -> 31743
  • Changed: user.max_pid_namespaces: 31751 -> 31743
  • Changed: user.max_time_namespaces: 31751 -> 31743
  • Changed: user.max_user_namespaces: 31751 -> 31743
  • Changed: user.max_uts_namespaces: 31751 -> 31743
  • Changed: net.ipv6.route.max_size: 4096 -> 2147483647
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd: 0 -> 3
  • Changed: net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent: 0 -> 3

Added support for iSCSI targets and RAM block devices.

Added support for dm-zero and dm-clone.

Enabled support for MGLRU in the Linux kernel.

Enabled vrf, ip_gre, and ip6_gre modules.

Updated the Linux kernel to v6.6.44.

New Features and Changes in the Image:

Disable NVIDIA persistence mode with -no-verify flag

Added support for TPU v6 devices.

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".

Mount efivarfs fs by default on EFI-enabled systems.

Added igzip CLI tool.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Removed support for NVIDIA 470 drivers.

Fixed bug that cause constant restarts in fluent-bit stackdriver plugin.

Installed the google_optimize_local_ssd script.

Updated NVIDIA GPU drivers to v550.54.15. Fixed a potential corruption when launching kernels on H100 GPUs, which is more likely to occur when the GPU is shared between multiple processes.

Updated NVIDIA GPU drivers to v535.161.08. Fixed a potential corruption when launching kernels on H100 GPUs.

Added NVIDIA GPU drivers R550 branch and updated latest to 550.54.14.

Fixed a bug in google-guest-agent service enablement.

Fixed integrity-fs dm-crypt creation flakiness.

Added automatic generation of known modules list to image build process.

Included nvidia plugin into sosreport.

Fixed a time-to-login slowdown introduced by cloud-init changes.

Changed default umask value for a user to 027.

Removed legacy logging agent (fluentd).

Fragmented nvidia-drivers and nvidia-drivers-open pkg into separate packages per major version.

Enhanced integrity-fs with disk resize and dm-clone.

Removed deprecated R525 NVIDIA GPU drivers.

Added more service logs to the default Cloud Logging configuration.

Allow GPU driver installation on dev-channel images without the -test flag.

CVE/Security Fixes:

Fixed CVE-2024-39894 in net-misc/openssh.

Upgraded sys-apps/dbus to v1.14.10-r192. This fixes CVE-2023-34969.

Upgraded dev-lang/go to v1.22.4. This fixes CVE-2023-39323, CVE-2023-44487, CVE-2023-39325, CVE-2024-24790 and CVE-2024-24789.

Fixed CVE-2024-35195 in dev-python/requests.

Updated R550, latest driver to v550.90.07. This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.

Updated R535, default driver to v535.183.01. This fixes CVE‑2024‑0090 and CVE‑2024‑0092.

Fixed CVE-2024-21626 in github.com/opencontainers/runc in kubelet.

Fixed CVE-2023-4641 in sys-apps/shadow.

Fixed CVE-2023-50387, CVE-2023-50868 in sys-apps/systemd.

Fixed CVE-2023-0687, CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 in sys-libs/glibc.

Upgraded app-arch/lz4 to 1.9.4. Fixes CVE-2021-3520.

Upgraded app-arch/libarchive to version 3.7.4. Fixes CVE-2024-26256.

Fixed CVE-2024-34459 in the libxml2 package.

Updated dev-vcs/git to v2.45.1. This resolves CVE-2024-32002,CVE-2024-32020,CVE-2024-32465,CVE-2024-32004,CVE-2024-32021.

Fixed CVE-2023-32681 in dev-python/requests.

Fixed CVE-2024-3772 in dev-python/pydantic.

Fixed CVE-2023-5388 in dev-libs/nss.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Updated dev-python/pyyaml to version 6.0.1. This fixed CVE-2017-18342, CVE-2020-14343, CVE-2020-1747.

Updated dev-vcs/git to version VERSION. This fixed CVE-2023-22490, CVE-2023-23946, CVE-2023-25652, CVE-2023-25815, CVE-2023-29007.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2023-38545, CVE-2024-7264, CVE-2024-6197.

Updated dev-libs/expat to version 2.6.2. This fixed CVE-2024-28757.

Fixed CVE-2024-28182 in net-libs/nghttp2.

Upgraded docker to v24.0.9. This fixes CVE-2024-24557.

Fixed CVE-2023-40546, CVE-2023-40548, CVE-2023-40549 and CVE-2023-40550 in sys-boot/shim.

Fixed CVE-2023-40551 in sys-boot/shim.

Fixed CVE-2023-40547 in sys-boot/shim.

Updated dev-libs/openssl to v3.0.14. This resolves CVE-2024-0727, CVE-2023-6129, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741 and CVE-2024-5535.

Fixed CVE-2024-0684 in sys-apps/coreutils.

Updated dev-libs/libxml2 to 2.11.7. This fixes CVE-2024-25062.

Fixed CVE-2024-23851 in the Linux kernel.

Fixed CVE-2024-21626 in app-containers/runc.

Upgraded dev-go/crypto to v0.17.0. This fixes CVE-2023-48795.

Updated dev-go/net to v0.27.0. This resolves CVE-2023-44487, CVE-2023-39325 and CVE-2023-45288.

Updated app-editors/vim, app-editors/vim-core to v9.0.2092. This resolves CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752, CVE-2023-4781, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2023-2609, CVE-2023-2610, CVE-2023-2426.

Updated net-libs/nghttp2 to v1.57.0. This resolves CVE-2023-44487 and CVE-2023-35945.

Upgraded sys-fs/mdadm to v4.2. This resolves CVE-2023-28938 and CVE-2023-28736.

Fixed CVE-2023-4016 in sys-process/procps.

Fixed CVE-2023-1255 in the dev-libs/openssl package.

Update dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.

Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.

Fixed CVE-2024-39472 in the linux kernel.

Updates for Minor Packages:

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.

Upgraded chromeos-base/shill-client to v0.0.1-r4612.

Upgraded chromeos-base/debugd-client to v0.0.1-r2707.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.

Upgraded chromeos-base/minijail to v18-r142.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.

Upgraded dev-embedded/libftdi to v1.5-r7.

Upgraded sys-apps/pv to v1.8.10.

Upgraded net-dns/c-ares to v1.31.0.

Upgraded dev-python/pygobject to v3.46.0-r1.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded dev-libs/nss to v3.97.

Upgraded sys-apps/hwdata to v0.383.

Upgraded net-misc/rsync to v3.3.0-r1.

Upgraded sys-apps/findutils to v4.10.0.

Upgraded sys-libs/libseccomp to v2.5.5-r1.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Fixed glibc-2.36 build errors in sys-boot/syslinux.

Upgraded sys-apps/makedumpfile to v1.7.5.

Upgraded app-admin/sosreport to v4.7.1.

Upgraded chromeos-base/chromeos-dbus-bindings to v0.0.1-r2795.

Upgraded sys-apps/rootdev to v0.0.1-r50.

Upgraded dev-util/puffin to v1.0.0-r451.

Upgraded dev-libs/double-conversion to v3.3.0.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded sys-process/procps to v4.0.4-r1.

Upgraded sys-fs/e2fsprogs to v1.47.0-r3.

Upgraded sys-libs/libcap to v2.70.

Upgraded dev-python/jinja to v3.1.4.

Upgraded net-libs/gnutls to v3.8.6.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded sys-fs/xfsprogs to v6.8.0.

Upgraded sys-apps/less to v661.

Upgraded sys-apps/acl to v2.3.2-r1.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded net-libs/libtirpc to v1.3.4-r2.

Upgraded sys-apps/gentoo-functions to v1.6.

Upgraded net-misc/wget to v1.24.5.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-libs/timezone-data to v2024a-r1.

Upgraded sys-libs/libcap-ng to v0.8.5.

Removed net-libs/grpc.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Updated dev-go/pprof to v0.0.0_p20230811.

Updated dev-go/go-tools to v0.16.2_p20231218.

Updated dev-go/term to v0.15.0.

Updated dev-go/go-sys to v0.15.0.

Updated dev-go/sync to v0.5.0.

Updated dev-go/mod to v0.14.0.

Updated dev-go/demangle to v0.0.0_p20230524.

Updated dev-go/go-arch to v0.6.0.

Upgraded chromeos-base/vm_protos to v0.0.1-r563.

Upgraded chromeos-base/hiberman-client to v0.0.1-r470.

Upgraded app-benchmarks/bootchart to v0.9.2-r5.

Downgraded app-misc/ca-certificates to v20230311.3.96.1.

Upgraded sys-auth/pambase to v20240128.

Upgraded net-misc/chrony to v4.5.

Upgraded chromeos-base/system_api to v0.0.1-r5653.

Upgraded chromeos-base/dlcservice-client to v0.0.1-r886.

Upgraded chromeos-base/google-breakpad to v2024.01.16.190249-r226.

Upgraded sys-fs/squashfs-tools to v4.6.1.

Upgraded sys-apps/sandbox to v2.29-r1.

Upgraded app-arch/xz-utils to v5.4.6-r1.

Upgraded dev-util/bsdiff to v4.3.1-r42.

Upgraded app-arch/pigz to v2.8.

Upgraded sys-apps/coreutils to v9.3-r1.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded sys-apps/file to v5.45-r4.

Upgraded sys-libs/timezone-data to v2024a.

Upgraded sys-libs/zlib to v1.3.1-r1.

Updated gzip to v1.13-r1.

Upgraded app-eselect/eselect-iptables to v20220320.

Upgraded sys-libs/libcap-ng to v0.8.4-r1.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded sys-libs/gdbm to v1.24.

Updated protobuf-legacy-api to v1.5.4.

cos-dev-121-18623-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.46 v24.0.9 v1.7.20 See List

Upgraded app-admin/google-guest-configs to v20240725.00.

Upgraded app-containers/docker-credential-gcr to v2.1.23.

Updated app-emulation/kubernetes to 1.30.3.

Upgraded app-admin/google-guest-agent to v20240716.00.

Upgraded app-admin/fluent-bit to v3.1.3.

Upgraded app-emulation/kubernetes to 1.29.7.

Upgraded app-containers/containerd to 1.7.20.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2797.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r638.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2943.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2442.

Upgraded chromeos-base/debugd-client to v0.0.1-r2708.

Upgraded chromeos-base/shill-client to v0.0.1-r4637.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r637.

Upgraded chromeos-base/debugd-client to v0.0.1-r2707.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2796.

Upgraded chromeos-base/shill-client to v0.0.1-r4612.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2942.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2441.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded net-libs/libtirpc to v1.3.4-r3.

Upgraded sys-apps/gentoo-functions to v1.7.1.

Upgraded dev-libs/nss to v3.103.

Upgraded sys-apps/pv to v1.8.12.

Upgraded app-arch/gzip to v1.13-r1.

Upgraded net-libs/gnutls to v3.8.6.

Upgraded net-misc/rsync to v3.3.0-r1.

Upgraded sys-apps/less to v661.

Upgraded sys-libs/gdbm to v1.24.

Upgraded dev-libs/nss to v3.102.

Upgraded the Linux kernel to v6.6.46.

Added more service logs to the default Cloud Logging configuration.

Allowed GPU driver installation on dev-channel images without the -test flag.

Updated protobuf-legacy-api to v1.5.4.

Downgraded sys-apps/ethtool to v6.7.

Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.

Updated dev-go/protobuf to v1.33.0. This fixes CVE-2024-24786.

Updated dev-go/net to v0.27.0. This fixes CVE-2023-45288.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Updated dev-python/setuptools to v70.3.0. This resolves CVE-2024-6345.

Runtime sysctl changes:

  • Changed: fs.file-max: 811776 -> 811814
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-113-18244-151-23

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Upgraded sys-apps/pv to v1.8.12.

Downgraded setuptools to v65.6.3. Cherry-picked upstream fix for CVE-2024-6345.

Fixed CVE-2024-6602 in dev-libs/nss

Runtime sysctl changes:

  • Added: vm.unprivileged_userfaultfd: 0
  • Changed: fs.file-max: 812026 -> 812045
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-109-17800-309-20

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 See List

Fixed CVE-2024-6602 in dev-libs/nss.

Downgraded setuptools to v65.6.3. Cherry-picked upstream fix for CVE-2024-6345.

Runtime sysctl changes:

  • Added: vm.unprivileged_userfaultfd: 0
  • Changed: fs.file-max: 812257 -> 812229
  • Changed: net.ipv4.tcp_rto_min_us: 200000 -> 5000

cos-105-17412-448-12

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 See List

Fixed CVE-2024-6602 in dev-libs/nss.

Runtime sysctl changes:

  • Added: vm.unprivileged_userfaultfd: 0
  • Changed: fs.file-max: 812708 -> 812707

Deep Learning Containers

M124 release

  • Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 container images are now available.
Deep Learning VM Images

M124 release

  • Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 VM images are now available.
Google Kubernetes Engine

1.31 is now available in the Rapid channel

Kubernetes 1.31 is now available in the Rapid channel. For more information about the content of Kubernetes 1.31, read the Kubernetes 1.31 Release Notes.

New features

The following features are new in Kubernetes 1.31:

Deprecated APIs in 1.31

  • The following Beta versions of graduated APIs were deprecated in 1.29 in favor of newer versions:
    • flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration
      • deprecated since 1.29, will no longer be served in 1.32
      • instead, use flowcontrol.apiserver.k8s.io/v1, available since 1.29
  • The status.nodeInfo.kubeProxyVersion field in the Node API is deprecated and will not be populated starting in v1.33. The field is currently populated with the kubelet version, not the kube-proxy version, and might not accurately reflect the kube-proxy version in use. For more information, see KEP-4004.

Deprecated in-tree volume support

  • The Ceph CephFS (kubernetes.io/cephfs) and RBD (kubernetes.io/rbd) volume plugins are deprecated since 1.28 and are removed in 1.31.

  • To determine if you have volumes/pods using RBD or Ceph volumes, run the following commands. If either of them print output, then you are using a deprecated volume type.

    • kubectl describe pv | egrep \-i 'Type: \*(RBD|CephFS)'
    • kubectl describe pod \-A | egrep \-i 'Type: \*(RBD|CephFS)'

  • Switch to use an RBD or CephFS CSI driver (like the CSI drivers provided at https://github.com/ceph/ceph-csi/), or a Google Cloud-managed solution like Filestore.

  • For more information, refer to the OSS Kubernetes announcement and https://github.com/ceph/ceph-csi/

(2024-R31) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1051000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1082000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1082000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1174000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1174000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1058000 with this release.

Regular channel

  • Version 1.29.7-gke.1104000 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

Stable channel

  • Version 1.29.6-gke.1326000 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

Extended channel

  • Version 1.29.7-gke.1104000 is now the default version in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

No channel

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-39503

For more details, see the GCP-2024-047 security bulletin.

The C4 machine family is generally available in the following versions:

  • Standard clusters in version 1.29.2-gke.1521000 and later. To use this family in GKE Standard, you can use the --machine-type flag when creating a cluster or node pool.
  • Autopilot clusters in 1.30.3-gke.1225000 and later. To use this family in GKE Autopilot, you can use the Performance compute class when scheduling your workloads.
  • Cluster autoscaler and node auto-provisioning are supported in 1.30.3-gke.1225000 and later.

(2024-R31) Version updates

  • Version 1.29.7-gke.1104000 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

(2024-R31) Version updates

  • Version 1.29.6-gke.1326000 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

(2024-R31) Version updates

  • Version 1.29.7-gke.1104000 is now the default version in the Extended channel.
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

(2024-R31) Version updates

(2024-R31) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1051000
    • 1.28.12-gke.1052000
    • 1.29.7-gke.1104000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1082000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1082000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1090000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1174000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1174000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.0-gke.1058000 with this release.
Pub/Sub

BigQuery subscriptions with use table schema enabled now support type conversions for DATE, TIME, DATETIME, TIMESTAMP, NUMERIC, and BIGNUMERIC data types. For more information about these conversions, see the Use table schema documentation.

Pub/Sub has increased the limit on schema definition size to 300 KB. For more information, see Resource limits.

Cloud Storage subscriptions now support using the schema of the Pub/Sub topic to which the subscription is attached when writing Avro files. For more information, see the file format documentation.

Secret Manager

Secret Manager add-on for Google Kubernetes Engine (GKE) is now generally available (GA). With the add-on, you can access the secrets stored in Secret Manager as volumes mounted in Kubernetes Pods. You can install the Secret Manager add-on on both Standard clusters and Autopilot clusters. The Secret Manager add-on is a Google managed and officially supported version of the open source Kubernetes Secrets Store CSI driver.

For more information, see Use Secret Manager add-on with Google Kubernetes Engine.

VPC Service Controls

Preview stage support for the following integration:

Vertex AI Workbench

M124 release

The M124 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 user-managed notebooks instances are now available.
  • Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.

August 19, 2024

Access Transparency

Access Transparency supports Filestore in the GA stage.

Apigee X

Timeouts when deploying API proxies and shared flows

The following endpoints may experience timeouts when used with a high volume of queries per second (QPS):

To reduce the likelihood of timeouts, we recommend a target of three QPS when using these endpoints.

To track the status of this issue, see Apigee Known Issues.

BigQuery

You can now view your BigQuery insights and recommendations using the Recommendations page in the Google Cloud console. You can also view your BigQuery insights and recommendations using the following INFORMATION_SCHEMA views:

These features are now in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigtable

2.26.0 (2024-08-12)

Features
  • Add fields and the BackupType proto for Hot Backups (#1010) (b95801f)
  • Add MergeToCell to Mutation APIs (f029a24)
  • Add min, max, hll aggregators and more types (f029a24)
  • Async execute query client (#1011) (45bc8c4)
Bug Fixes
Documentation
  • Add clarification around SQL timestamps (#1012) (6e80190)
  • Corrected various type documentation (f029a24)
Binary Authorization

Setting specific rules in Binary Authorization policies is generally available (GA) as of September 28, 2023.

Cloud Build

Cloud Build support for custom organization policies is now generally available.

Custom organization policies let you define constraints for programmatic, fine-grained control over your organization's resources. You can set these policies at the organization, folder, or project level.

To learn more, see Manage Cloud Build resources with custom constraints.

Compute Engine

Generally available: General purpose C4 VMs on the Intel Emerald Rapids CPU. The C4 machine series offers consistently high performance with up to 192 vCPUs and 1.5 TB of DDR5 memory, and support for Hyperdisk storage.

C4 VMs are available in the following regions and zones:

  • Singapore - asia-southeast1-a,b
  • Belgium - europe-west1-b,c
  • Netherlands - europe-west4-a,b,c
  • Iowa - us-central1-a,b,c
  • South Carolina - us-east1-b,c,d
  • Virginia - us-east4-a,b,c
Contact Center AI Insights

You can now use Quality AI as a preview feature within the Insights console to evaluate contact center conversations and agent performance more efficiently. See the Overview, Basics, Setup Guide, and Best Practices pages for more details.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.114-debian10, 2.0.114-rocky8, 2.0.114-ubuntu18
  • 2.1.62-debian11, 2.1.62-rocky8, 2.1.62-ubuntu20, 2.1.62-ubuntu20-arm
  • 2.2.28-debian12, 2.2.28-rocky9, 2.2.28-ubuntu22

syslog is now available for Dataproc cluster nodes in Cloud Logging. See Dataproc logs for cluster and job log information.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-datastore

2.20.1 (2024-08-14)

Bug Fixes
  • Allow protobuf 5.x; require protobuf >=3.20.2 (#560) (ad50e36)
Google Cloud Architecture Center

(New guide) Use generative AI for utilization management: A reference architecture for health insurance companies to automate prior authorization (PA) request processing and improve their utilization review (UR) processes.

Google Cloud Deploy

Cloud Deploy is now available in the following region: africa-south1 (Johannesburg)

Sovereign Controls by Partners

The Sovereign Controls Foundation by CNTXT and Sovereign Controls Advanced by CNTXT partner offerings are now generally available.

Vertex AI Workbench

The ability to create a Vertex AI Workbench instance based on a custom container is now generally available. Only custom containers derived from the Google-provided base container are supported. For more information, see Create an instance using a custom container.

August 18, 2024

Application Integration

In the Application Integration editor, you can now search, browse, and select tasks and connectors in the Tasks list. For more information, see Add a Connectors task.

Google SecOps SOAR

Release Notes 6.3.16 is currently in Preview.

Unable to edit, delete or export custom integration (ID #52403533)

Remote Agents 2.1.0 is currently in Preview

Agent logs are now consolidated in one location: /opt/SiemplifyAgent/Logs.

Agent source code logs are located in agent.log

python scripts logs are located in python.log

Release 6.3.15 is now in General Availability.

August 17, 2024

Google SecOps SIEM

The documentation for the SIEM product is currently undergoing a makeover. The upper tabs for the table of contents have been removed and the table of contents for SIEM now appears at the bottom of the left hand navigation bar.

In addition, labels have been added to the top of each page that let you know if the specific page is relevant for SIEM. You can click on the label to reach the SIEM table of contents.

Google SecOps SOAR

The documentation for the SOAR product is currently undergoing a makeover. The upper tabs for the table of contents have been removed and the table of contents for SOAR now appears at the bottom of the left hand navigation bar.

In addition, labels have been added to the top of each page that let you know if the specific page is relevant for SOAR. You can click on the label to reach the SOAR table of contents.

August 16, 2024

AlloyDB for PostgreSQL Apigee X

On August 16, 2024, we released an updated version of Apigee (1-13-0-apigee-3).

Bug ID Description
324418891 Added improvements to the MessageLogging policy to avoid potential downtime and deployment failures.
351068926 Updated the error format, fault status, and status code returned (from 500 to 404) in cases where an invalid authorization code causes an error.
Batch

Documentation has been added to explain how to export job information. Exporting a job's information is useful when you want to retain the information after a job is deleted or analyze the information outside of Batch. For more information, see Export job information.

Error Reporting

Error Reporting can now analyze log entries that have been routed to a log bucket in a non-global region, provided the log sink is in the same project as the log bucket.

Google Cloud Architecture Center

(New guide) Migrate from Amazon RDS and Amazon Aurora for MySQL to Cloud SQL for MySQL: Describes how to design, implement, and validate a plan to migrate from Amazon RDS or Amazon Aurora to Cloud SQL for MySQL.

Google Kubernetes Engine

In GKE version 1.29.7-gke.1238000-1.30, and 1.30.3-gke.1571000 or later, node pools use regional instance templates instead of global instance templates. To learn more, see Regional and global instance templates.

Live Stream API

You can now create static overlays and position them on top of a live stream.

SAP on Google Cloud

New SAP certifications: C4 series of general-purpose machine types

For use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads, SAP has certified the Compute Engine C4 series of general-purpose machine types.

For more information, see the following:

Vertex AI Agent Builder

Vertex AI Search: Search tuning (GA)

Search tuning for unstructured data stores is Generally available (GA). You can upload training files to tune the model for your search app.

Search tuning supports Data Residency; you can tune data stores in the US and EU multi-regions as well as global data stores.

For information, see Improve search results with search tuning.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0-beta02 is now available for iOS.

This version contains bug fixes and improvements.

August 15, 2024

Apigee UI

On August 15, 2024, we released an updated version of the Apigee UI.

Bug ID Description
356453519 Fixed issue with the display of shared flow detail pages.

In some cases, detail pages for shared flows with names containing a space (" ") would not display and resulted in UI errors.
355674677 Fixed infinite redirect loop after Subscription org provisioning.

Clicking the Continue button in the final step of the Subscription organization provisioning flow resulted in an infinite redirect loop.
Apigee X

On August 15, 2024 documentation was added describing how to provision Apigee in the Google Cloud console.

See Get started in the Google Cloud console for more information.

Apigee provisioning for Subscription orgs is now performed in the Google Cloud console.

Cloud SQL for MySQL

Extended support pricing is now available for Cloud SQL for MySQL. To view pricing details, see Cloud SQL pricing.

For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

Cloud SQL for PostgreSQL

Extended support pricing is now available for Cloud SQL for PostgreSQL. To view pricing details, see Cloud SQL pricing.

For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

If your Cloud SQL Enterprise edition instance stores the transaction logs used for point-in-time recovery (PITR) on disk, then when you do an in-place upgrade to Cloud SQL Enterprise Plus edition the storage location for the transaction logs is switched to Cloud Storage. For more information, see Upgrade an instance to Cloud SQL Enterprise Plus edition by using in-place upgrade.

To check where your instance stores the transaction logs used for PITR, see Use point-in-time recovery (PITR).

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.76
  • 1.2.20
  • 2.0.84
  • 2.2.20
Dialogflow

Dialogflow CX: You can now configure sensitivity levels of safety filters with respect to different Responsible AI (RAI) categories.

Vertex AI Agents: OpenAPI tool authentication now supports custom client certificates for mutual TLS authentication.

Eventarc

Eventarc support for creating triggers for direct events from Apigee API hub is generally available (GA).

Google Cloud Architecture Center

(New guide) Manage and scale networking for Windows applications that run on managed Kubernetes: Discusses how to manage networking for Windows applications that run on Google Kubernetes Engine using Cloud Service Mesh and Envoy gateways. This reference architecture is accompanied by a deployment guide.

Looker

Looker (Google Cloud core) customers can now create a Looker (Google Cloud core) instance with Private Service Connect. To create a Private Service Connect instance, ensure that you have received confirmation from your sales representative that your project has been added to the allowlist for Private Service Connect.

Looker Studio

New Looker and Looker Studio shared terms and concepts glossary

A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.

Sort list controls by any metric

List controls now support sorting the options on any metric, rather than just the reference metric.

Policy Intelligence

The IAM recommender generates policy insights and role recommendations for the following identities:

  • All identities in a workload identity pool
  • Single identity in a workload identity pool
  • All identities in a workforce identity pool
  • Single identity in a workforce identity pool
  • All Google Kubernetes Engine Pods that use a specific Kubernetes service account

To learn more, see Availability. This feature is generally available.

SAP on Google Cloud

Google Cloud's Agent for SAP version 3.5

Version 3.5 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements to support Workload Manager's observability service for SAP, metric enhancements, and some minor fixes.

For more information, see What's new with Google Cloud's Agent for SAP.

Security Command Center

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by the date August 15, 2024, provides updates to the security operations features of the Enterprise tier of Security Command Center.

For installation instructions, see Update Enterprise use case, August 2024.

Sensitive Data Protection

The PHONE_NUMBER infoType functionality that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model includes US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results.

To enable the new functionality, leave InfoType.version unset, or set it to latest or stable. To use the old functionality, set InfoType.version to legacy. You can continue to use the legacy functionality for 90 days.

August 14, 2024

AlloyDB for PostgreSQL

The AlloyDB Omni Kubernetes Operator version 1.0.0 and later lets you schedule matching new database Pods to nodes to balance node distribution across the AlloyDB Omni cluster and help optimize performance.

BigQuery

You can now get lower latency for small queries with the new short query optimized mode. BigQuery automatically determines which queries may be accelerated while other queries continue to run like before. This feature is now in preview.

Carbon Footprint

Beginning with the release of January 2024 data, Google Cloud Carbon Footprint has adopted a semi-annual methodology improvement schedule, with updates planned for January and July data releases each year.

For the July 2024 data release (in mid-August 2024), we have upgraded the carbon model to version 11 and implemented the following updates:

Updating Scope 1 & 3 emissions from Google's corporate footprint:

  • Updated Scope 1 & 3 allocation factors using latest Google company-wide data from 2024 Google Environmental Report. See the non-electricity emission sources section of methodology documentation on how we apply these Scope 1 & 3 emissions across Google products and services.

  • Notably, expanded the Scope 1 & 3 inventory boundary to include the following for a more comprehensive emissions inventory:

    • HVAC fugitive emissions
    • Additional emissions categories of transmission & distribution (T&D) loss
    • Extraction and transportation of fuels used to generate grid electricity

Updating renewable electricity percentage for Scope 2 market-based emissions from Google's corporate footprint:

  • Updated annual renewable electricity percentage from Google's clean energy procurement, in accordance with 2024 Google Environmental Report, as an input for Scope 2 market-based emissions. Note that Scope 2 location-based emissions are estimated using hourly greenhouse gas emissions factors. Read more about the difference in methodology between Scope 2 location-based and market-based emissions in the methodology document.

Improving allocation of shared internal AI/ML resources:

  • Improved the treatment of central machine learning compute resources and workloads across Google products and services, including corrected central resource impact to the following Google Cloud services:
    • Cloud Natural Language
    • Translate
    • Cloud Vision API
    • Cloud Speech API
    • Cloud Dialogflow API
    • Vertex AI
    • Cloud AutoML
    • Cloud Machine Learning Engine
    • Video Stitcher API
    • Cloud Video Intelligence API
    • Notebooks
    • Cloud Text-to-Speech API

Improving data accuracy:

  • Improved data center PUE mapping and energy allocation to internal services.
Colab Enterprise

The notebook scheduler is now generally available. See Schedule a notebook run.

Google Kubernetes Engine

(2024-R30) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1451000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

Regular channel

  • Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

Stable channel

  • Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

Extended channel

  • Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

No channel

We've identified a potential issue that may cause downtime for traffic coming to your GKE managed Internal passthrough Network Load Balancers, after certain cluster operations like node upgrades. This issue specifically affects clusters with GKE Subsetting and Services with externalTrafficPolicy=Cluster.

This issue is more likely to occur in clusters with more than 25 nodes. To prevent this issue altogether, we recommend updating your Service configuration to use externalTrafficPolicy=Local. If you're already experiencing downtime, scale up the number of pods backing your LoadBalancer to provide immediate relief. A fix for this issue will be available in upcoming GKE releases.

(2024-R30) Version updates

  • Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1451000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

(2024-R30) Version updates

  • Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

(2024-R30) Version updates

  • Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

(2024-R30) Version updates

  • Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

(2024-R30) Version updates

Looker

Looker 24.14 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, August 19, 2024

  • Expected Looker (original) final deployment and download available: Thursday, August 29, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, August 19, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, September 2, 2024

The Edit Connection page URL has been changed from admin/next/connections/:id to admin/next/connections/:id/edit. The Looker UI will not change, but any scripts or hyperlinks that you have created that reference the old URLs may break.

The presumed_looker_employee property is now omitted from the user API response model. If you were relying on this functionality, migrate to use the verified_looker_employee property instead.

The Chart Config Editor now supports a new Sankey chart type.

The Edit button appears only for model sets for which the user has edit access.

The Queries Admin page now contains a SQL Interface tab in the Details pop-up for queries that originate from the Open SQL Interface.

The Chart Config Editor now supports a Venn diagram chart type.

The Open SQL Interface is now generally available and the SQL Interface Looker Labs toggle is removed.

The Looker–Tableau BI Connector is now generally available. You can now use Tableau Desktop to connect to your Looker data.

The Looker IDE now supports Vim and Emacs editors in addition to the default Looker IDE editor. You can set your editor preference in the new IDE Settings page in the Looker IDE.

The Looker IDE now supports text line wrapping in the IDE editor. Line wrapping is now the default behavior. You can turn off line wrap mode in the new IDE Settings page in the Looker IDE.

The Looker IDE now persists a user's IDE state, including the open LookML file in the file browser; the expanded or collapsed status of items in the file browser; the selected item in the IDE navigation bar (such as the file browser, Git actions, object browser, or project settings); and the sidebar item (such as the Quick Help panel, the Metadata panel, and the Project Health panel). You can remove the persistence by clicking the Reset IDE Layout button in the new IDE Settings page of the Looker IDE.

The LookML validator will no longer report inaccessible field errors for fields that are excluded from Explores.

System Activity queries that count Looker employee usage on your instance will no longer count Google employees that don't work on Looker products.

Performance has been improved for model preparation for models that use local import.

An issue has been fixed where some custom fields could not be deleted from the data table in an Explore. This feature now performs as expected.

An issue that caused some schedules to get indefinitely stuck in the scheduler queue has been fixed. This feature now performs as expected.

Previously, Look IDs were not always saved in the query metadata. This issue has been fixed, and this feature now performs as expected.

Previously, an issue caused some table calculations that referenced row totals to not appear in the series editor. This feature now performs as expected.

Previously, an issue could cause one invalid conditional data formatting rule to disable all conditional formatting rules for a series. This feature now performs as expected.

A previous issue with some Liquid variables would unnecessarily pull fields into the SQL query. This feature now performs as expected.

Rather than returning a 500 error as it would have previously, the sync_lookml_dashboard endpoint will now return a 422 with a more informative error message if there is an issue with the LookML dashboard layout.

The custom field editor now displays an error when users attempt to enter a conditional formatting rule with more than three conditions.

Unqualified field references in Liquid will no longer trigger SQL dependencies if the value does not depend on the result set.

An issue has been fixed where an escaped single quote in a LookML string was being treated as the end of the string. The fix enables color formatting to be applied to the entire string.

An issue has been fixed where dashboard filters were applied to tile queries during tile editing. This feature now performs as expected.

An issue has been fixed where LookML details were exposed to users who did not have the see_lookml permission.

An issue has been fixed where Looker would draw incorrect markers in the Google map visualization. This feature now performs as expected.

An issue with Exasol pivot queries has been fixed. This feature now performs as expected.

An issue with the User Activity dashboard has been resolved. This feature now performs as expected.

An issue with SSO logins has been fixed. This feature now performs as expected.

An issue has been fixed where the top-level item in an object tree was sometimes not expanded upon first loading. This feature now performs as expected.

An issue that could cause the LookML Validator to time out has been fixed. This feature now performs as expected.

Previously, a Validation or Query operation might fail if a measure did not have a type and used a sql_distinct_key. This feature now performs as expected.

An issue has been fixed with the Denodo dialect where the TRUNC() function could erroneously return a NULL value. This feature now performs as expected.

HighCharts error codes are now displayed in the UI rather than a blank visualization being rendered.

An issue has been fixed where unlocalized strings were rendered as "Bad Translation Key" when the project localization level was set to "permissive." This feature now performs as expected.

Looker can now use more efficient queries to determine the names of Redshift external schemas.

An issue has been fixed where, previously, a project could not be deleted because of a timeout on the Delete Confirmation page. This feature now performs as expected.

Previously, updating an OAuth client secret when there were multiple connections sometimes failed. This feature now performs as expected.

Previously, the PDT Admin panel could not be filtered by the status "Failed." This feature now performs as expected.

The editing experience in the Chart Config Editor is now more responsive.

A new progress bar, called the Explore query tracker, appears in the Explore UI when a query is running. You can toggle this off in the Labs features under Explore Query Tracker.

For Google BigQuery connections, Looker (Google Cloud core) can automatically use the OAuth application credentials that your Looker admin used when they created the Looker (Google Cloud core) instance. See the Looker (Google Cloud core) documentation for more information.

August 13, 2024

Apigee Advanced API Security

On August 13, 2024 we released an updated version of Advanced API Security.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

Note: This functionality is not available in the me-central2 region at this time. See Available Apigee API Analytics Regions for region information. We will announce with a release note when that region is supported.

Public preview of Risk Assessment v2

This release introduces Risk Assessment v2 in preview. Risk Assessment v2 includes these improvements:

  • Improved reliability: Faster score calculations with recent proxy data.
  • Simplified score display: The new score is a percentage, where 100% means full alignment with the security profile.

For usage information and a list of all improvements and changes in v2, see Risk Assessment v2.

Batch

Cancel jobs is available in Preview.

Batch CentOS (batch-centos) and Batch HPC CentOS (batch-hpc-centos) have reached end of development due to the end of support (EOS) of Compute Engine CentOS 7 images on June 30, 2024.

The final image versions of these Batch OSes—batch-centos-7-official-20240628-00-p00 and batch-hpc-centos-7-official-20240628-00-p00 from June 28, 2024—are only supported until August 27, 2024. By then, migrate any job that uses Batch CentOS or Batch HPC CentOS to a different OS.

The documentation has been updated to clarify that a Batch OS stops being supported when its base Compute Engine OS is deprecated. This restriction only applies to Batch OSes that have not already reached the end of development as of the date of this notice.

For more information, see Restrictions for VM OS images.

Bigtable

You can now enable client-side metrics with the Bigtable client library for Go. Used in conjunction with server-side monitoring metrics, client-side metrics can provide a complete, actionable view of Bigtable performance. For more information, see Set up client-side metrics.

Cloud Billing

The Carbon footprint dashboard in the FinOps hub now includes market-based emissions data (preview)

Scope 2 market-based emissions data (preview) for the Carbon footprint dashboard are now available in the FinOps hub. The market-based emissions metric represents purchased electricity, incorporating Google's annual renewable energy purchases. You can use the data in the Carbon footprint dashboard to optimize your cloud spend and reduce your carbon impact.

Cloud Composer

(Airflow 2.7.3) Improved the reliability of connections between Airflow components and the Redis component.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.4
  • composer-3-airflow-2.7.3-build.13

Cloud Composer 2.9.1 images are available:

  • composer-2.9.1-airflow-2.9.1 (default)
  • composer-2.9.1-airflow-2.7.3
Cloud Database Migration Service

Database Migration Service now supports migrations to MySQL minor version 8.0.37. See Supported source and destination databases in Cloud SQL for MySQL migrations.

Cloud Logging

Introducing log scopes. Log scopes are persistent, project-level resources that list a set of resources to be searched for log entries. For example, you might configure a log scope to contain multiple projects and several log views. If you select your log scope when using the Logs Explorer, it displays the log entries that originate in the specified projects and those in the specified log views.

You can create, edit, and delete log scopes. You can also set one log scope as the default log scope, which determines the resources that the Logs Explorer searches for log entries.

For more information, see Create and manage log scopes.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.400-gke.81 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.400-gke.81 runs on Kubernetes v1.29.6-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Existing Seesaw load balancers now require TLS 1.2.

The following vulnerabilities are fixed in 1.29.400-gke.81:

High-severity container vulnerabilities:

Ubuntu vulnerabilities:

Google Kubernetes Engine

In GKE version 1.30 and later, there is a workaround in the PDCSI driver for privileged workloads that access container namespaces with hostpath. The workaround delays NodeUnstage until attached filesystems are no longer in use. Under certain conditions, the privileged hostpath workloads may cause a container's mount namespace to be retained longer than the container's lifecycle. The workaround addresses an issue where the driver could proceed with detaching a GCE persistent disk even if the block device filesystem is still in use.

With this fix, the PDCSI driver will validate that an attached block device is no longer in use prior to unmounting it from a GKE node.

Custom compute classes are a new set of capabilities in GKE that provide an API for fine-grained control over fallback compute priorities, autoscaling configuration, obtainability and node consolidation. Custom compute classes offer enhanced flexibility and control over your GKE compute infrastructure so that you can ensure optimal resource allocation for your workloads. You can use custom compute classes in GKE version 1.30.3-gke.1451000 and later. To learn more, see About custom compute classes.

Looker

Choosing a hosting option for a Looker (original) instance helps you understand the benefits and limitations of each hosting option — Looker-hosted or customer-hosted — so that you can make the best decision for their organization.

Looker (Google Cloud core) users now have access to the first-ever Learn Assistant panel on Google Cloud console pages. This panel provides tailored documentation and tutorials that are specifically related to the tasks or concepts covered on that console page.

A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.

Spanner

A new multi-region instance configuration is now available in North America - nam16 (Iowa/Northern Virginia/Columbus).

August 12, 2024

Access Approval

Access Approval supports Cloud Armor in the GA stage.

Access Transparency

Access Transparency supports Cloud Armor in the GA stage.

Agent Assist

Customer Manager Encryption Key support is now available in preview for all Agent Assist features in regionalized environments, including all generative AI features. See the documentation for more details.

Apigee X

On August 12, 2024, we released a new version of Apigee.

We changed the maximum number of Apps per developer from 10 to 100. See the Limits page for more detail.

Note that using more than 10 apps per developer will result in latency when accessing flow variables referencing developer.apps.

With this release, Apigee expanded its support for data residency to additional regions in Japan:

  • asia-northeast1 (Tokyo)
  • asia-northeast2 (Osaka)

Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.9.0 (2024-08-01)

Features
  • Add retryOptions passing to underlying Service class (#1390) (a7cd3af)
  • Clean cached rows and responses after conversion (#1393) (3fd28b8)
Bug Fixes

You can now use time series and range functions to support time series analysis. This feature is now generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.42.0 (2024-08-06)

Features
  • Support float32, float64, and array type query params (#2297) (a65640e)
Bug Fixes
  • Adapt toString tests to introduction of java.time in gax (93f66a7)
Dependencies
  • Update shared dependencies (93f66a7)
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-logging

3.11.1 (2024-08-06)

Bug Fixes
Cloud Translation

The translation LLM and adaptive translation now support Arabic, Hindi, and Russian. For the full list of supported languages, see Supported languages.

Container Optimized OS

cos-105-17412-448-8

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 v470.256.02(default),v550.90.07(latest)

Updated app-admin/google-guest-configs to 20240607.00.

Updated app-containers/containerd to 1.7.19.

Upgraded app-containers/cni-plugins to v1.4.1.

Upgraded sys-auth/pambase to v20240128.

Upgraded sys-apps/gentoo-functions to v0.19.

Upgraded dev-libs/nss to v3.100.

Upgraded dev-libs/re2 to v0.2022.12.01.

Upgraded app-arch/unzip to v6.0_p27-r1.

Upgraded dev-python/six to v1.16.0-r1.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded dev-lang/python-exec to v2.4.10.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Disable NVIDIA persistence mode with -no-verify flag.

Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.

Fixed CVE-2023-5678 in dev-libs/openssl.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Fixed CVE-2024-6345 in dev-python/setuptools.

Fixed CVE-2024-39894 in openssh.

Fixed CVE-2024-39472 in the Linux kernel.

Fixed CVE-2024-38577 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812698 -> 812708

cos-101-17162-528-12

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

This is an LTS Refresh release.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Disable NVIDIA persistence mode with -no-verify flag.

Fixed CVE-2024-6602 in dev-libs/nss.

Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Fixed CVE-2024-6345 in dev-python/setuptools.

Updated ncurses to 6.4_p20240414. This resolves CVE-2023-45918.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Fixed CVE-2024-39472 in the Linux kernel.

Fixed CVE-2024-42229 in the Linux kernel.

Fixed CVE-2024-42068 in the Linux kernel.

Fixed CVE-2024-42082 in the Linux kernel.

Fixed CVE-2024-38577 in the Linux kernel.

Fixes CVE-2024-36901 in the Linux kernel.

Fixes CVE-2024-39482 in the Linux kernel.

cos-109-17800-309-13

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/less to v661.

Downgraded sys-apps/ethtool to v6.3.

Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.

Fixed CVE-2024-39472 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812261 -> 812257

cos-113-18244-151-14

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Downgraded sys-apps/ethtool to v6.7.

Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.

Fixed CVE-2024-39472 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812026

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.12 (2024-08-08)

Bug Fixes
  • dataflow: Update google.golang.org/api to v0.191.0 (5b32644)
Dataform

Customer-Managed Encryption Keys (CMEK) in Dataform are generally available (GA). For more information, see Use customer-managed encryption keys.

You can now use Cloud External Key Manager (Cloud EKM) keys to protect Dataform data. Cloud EKM keys in Dataform are generally available (GA). For more information, see Using and managing external keys.

Dataplex

Data lineage list view is available in preview. The lineage list view displays full lineage information in a single table. For more information, see Data lineage list view.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.75
  • 1.2.19
  • 2.0.83
  • 2.2.19
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-datastore

2.20.0 (2024-08-07)

Features
  • Add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionStats (#521) (dfbee2d)
  • Add new_transaction support (#499) (43855dd)
  • Implement query profiling (#542) (1500f70)
  • New PropertyMask field which allows partial commits, lookups, and query results (7fd218b)
Bug Fixes
  • Retry and timeout values do not propagate in requests during pagination (#555) (5e773cb)
  • Using end_cursor instead of skipped_cursor in Iterator to fix rare bug. (#552) (4982f9a)

Java

Changes for google-cloud-datastore

2.21.1 (2024-08-06)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#1531) (9e52395)

2.21.0 (2024-07-31)

Features
Google Kubernetes Engine

(2024-R29) Version updates

There are no GKE cluster version updates in 2024-R29. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

There are no new releases in the Rapid channel.

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

There are no new releases in the Extended channel.

No channel

There are no updates for clusters not enrolled in a release channel.

(2024-R29) Version updates

There are no new releases in the Rapid channel.

(2024-R29) Version updates

There are no new releases in the Regular channel.

(2024-R29) Version updates

There are no new releases in the Stable channel.

(2024-R29) Version updates

There are no new releases in the Extended channel.

(2024-R29) Version updates

There are no updates for clusters not enrolled in a release channel.

Identity and Access Management

You can attach tags to Identity and Access Management (IAM) service accounts to conditionally grant or deny access to specific service accounts. This feature is in Preview. For more information, see Creating and managing tags for service accounts.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.6 (2024-08-08)

Bug Fixes
  • secretmanager: Update google.golang.org/api to v0.191.0 (5b32644)
Security Command Center

Cloud Infrastructure Entitlement Management (CIEM) is generally available

CIEM helps you adhere to the principle of least privilege by providing a comprehensive look at the security of your identity and access configuration. It provides insight into details such as what permissions are associated with a given identity, what roles are not optimal (highly permissive), and what steps you can take to remediate potential misconfigurations.

For more information about CIEM, see Overview of Cloud Infrastructure Entitlement Management.

EC2 Vulnerability Assessment findings now support attack exposure scores

Software vulnerability findings detected by EC2 Vulnerability Assessment for Amazon Web Services are now scored with attack path simulations. Use these attack exposure scores on vulnerabilities to proactively secure the resources that are the most valuable to your business. For more information, see Attack exposure scores.

Virtual Private Cloud

VPC Flow Logs includes the following metadata annotations in General Availability:

  • src_gateway and dest_gateway
  • src_google_service and dest_google_service
  • load_balancing
  • network_service
  • psc

For more information, see Record Format.

August 11, 2024

Google SecOps SOAR

Release 6.3.14 is now in General Availability.

August 10, 2024

Google SecOps SOAR

Release 6.3.15 is currently in Preview.

Unable to upload ZIP files to the Case wall. (ID #52659859)

August 09, 2024

Access Approval

Access Approval supports Storage Transfer Service in the GA stage.

Contact Center AI Platform

Private Service Connect and Organization Policy Service

You can create Contact Center AI Platform (CCAIP) instances that are configured for private access, which restricts access to them over the public internet. You can then set up Private Service Connect, which lets your agents, managers, and CCAIP administrators access the private instances. This is done using your own internal IP address, keeping your traffic within Google Cloud. Private Service Connect doesn't prevent end-users from contacting your contact center as they normally would. Private Service Connect is in Preview. For more information, see Set up Private Service Connect.

You can also use Google Cloud Organization Policy to get centralized, programmatic control over your organization's resources. If you want more granular, customizable control over the specific fields that are restricted in your organization policies, you can create custom constraints. For more information, see Manage Contact Center AI Platform resources using custom constraints .

Generative AI on Vertex AI

Gemini on Vertex AI supports multiple response candidates. For details, see Generate content with the Gemini API.

Google Cloud VMware Engine

VMware Engine ve2-mega-64 node type is generally available in the australia-southeast1 region. For more information on the node type, see Node types. To use the node type in the australia-southeast1 region, contact your Google account team.

Managed Kafka

Apache Kafka for BigQuery is now called Google Cloud Managed Service for Apache Kafka.

NetApp Volumes

Google Cloud NetApp Volumes offers volume replication between the following region pairs for Flex service level:

  • europe-west1 (Belgium) and europe-west8 (Milan)

  • europe-west1 (Belgium) and europe-west9 (Paris)

  • europe-west8 (Milan) and europe-west12 (Turin)

To learn more, see About volume replication.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0-beta01 is now available for iOS.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.

August 08, 2024

AlloyDB for PostgreSQL

Enhanced Query Insights and active queries are now available in Preview for read pool instances.

Apigee X

On August 8, 2024, we announced an increase in the recommended number of API basepaths per Apigee environment or environment group.

The recommended limit of API proxy basepaths per Apigee environment or environment group increased from 1,000 to 3,000. For more information, see the Environment and organization section of the Limits page.

Bug ID Description
329304975, 301845257 Limit on number of basepaths per environment

Fixed issue with the number of total basepaths per environment causing potential failures when deploying API proxy revisions.
BigQuery

The JSON_KEYS function, which extracts unique JSON keys from a JSON expression, is in Preview.

Some JSON functions that take a JSONPath let you specify a mode that allows flexibility in how the JSONPath matches the JSON data structure. This feature is in Preview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Backup and DR Service
    • backupdr.googleapis.com/ManagementServer
  • Google Kubernetes Engine
Cloud Billing

View granular cost data from Secret Manager secret usage in Cloud Billing exports to BigQuery

You can now view granular Secret Manager secret cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed log bucket usage.

Review the schema of the Detailed cost data export.

Tags data for Secret Manager secret usage is available in both the Standard usage cost export and the Detailed usage cost export.

To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see about tags and query examples with tags.

Cloud Composer

The kubelet read-only port in GKE clusters (TCP port 10255) is not used by Cloud Composer. You can define appropriate firewall rules to block external traffic over TCP 10255 in your customer project as described in Modify VPC firewall rules.

Fixed a problem that caused file synchronization between the bucket and Airflow components to be stuck or progress very slowly.

(Airflow 2.9.1) Improved the reliability of connections between Airflow components and the Redis component.

The default version of Airflow is changed to 2.9.1.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.3
  • composer-3-airflow-2.7.3-build.12

Cloud Composer 2.9.0 images are available:

  • composer-2.9.0-airflow-2.9.1 (default)
  • composer-2.9.0-airflow-2.7.3

Cloud Composer version 2.4.0 has reached its end of support period.

Cloud DNS

You can now select internal proxy Network Load Balancers as a health checked target for DNS routing policies in Preview. For more information, see DNS routing policies and health checks.

Google Distributed Cloud (software only) for bare metal

Release 1.29.400-gke.86

Google Distributed Cloud for bare metal 1.29.400-gke.86 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.400-gke.86 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

  • GA: Added support in version 1.29.400-gke.86 and higher for Red Hat Enterprise Linux (RHEL) version 9.2. For more information, see Select your operating system.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Looker Studio

New formatting options for the bin calculated field type

New formatting options for the Bin calculated field type let you customize the appearance of ad hoc numeric tiers. These options include:

  • Interval "[x,y)" — This format displays the range including x, and up to but not including y.
  • Integer "x to y" — This format must be used with discrete integer values (such as age).
  • Relational ">= x and < y" — This format is best used with continuous numbers (such as dollars).
Vertex AI Workbench

M124 release

The M124 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.

M124 release

The M124 release of Vertex AI Workbench instances includes the following:

  • Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.
  • Spark notebooks on Dataproc: The Serverless Spark runtime template creation screen now has an easy-to-use UI for configuring resource allocation, autoscaling, and GPU settings.

August 07, 2024

Apigee X

On August 7, 2024, we published new documentation explaining how to integrate Apigee with a Security Information and Event Management (SIEM) solution. See Integrate Apigee with your SIEM solution for more information.

Backup and DR

Management console is now available in the London (europe-west2), Mumbai (asia-south1), and Los Angeles (us-west2) regions.

Backup and DR Service 11.0.12.322 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.

Backup and DR service now supports restoring Oracle database to any target. Learn more.

Backup and DR Service now supports migrating manual protection to dynamic protection using tags through management console. Learn more.

BigQuery

An updated version of JDBC driver for BigQuery is now available.

You can now create a materialized view over Apache Iceberg table that is partition aligned with the base table. The materialized view only supports time-based partition transformation, for example, YEAR, MONTH, DAY, and HOUR. This feature is in preview.

Cloud Service Mesh

Configuring Cloud Service Mesh for either proxyless gRPC or Envoy proxy deployments with the Kubernetes Gateway API is now available as a preview feature. For more information see, the Overview page.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.28.800-gke.109 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.800-gke.109 runs on Kubernetes v1.28.11-gke.2200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Existing Seesaw load balancers now require TLS 1.2.

Fixed
The following vulnerabilities are fixed in 1.28.800-gke.109:

High-severity container vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud connected

This is a patch release of Google Distributed Cloud connected (version 1.7.1).

Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected:

  • CVE-2024-36971, CVE-2024-36901, CVE-2024-36969, CVE-2024-36902 CVE-2024-36893, CVE-2024-36897, CVE-2024-35984, CVE-2024-35997, CVE-2024-6387 (GCP-2024-040), CVE-2024-38433, CVE-2024-0172

The following Google Distributed Cloud connected components have been updated:

  • GKE on Bare Metal has been updated from version 1.28.500 to version 1.28.700. (This component was formerly known as Anthos Clusters on Bare Metal.)
  • Kubernetes has been updated from version 1.28.8 to version 1.28.10.

The following issues have been resolved in this release of Google Distributed Cloud connected:

  • Nodes no longer get stuck in Ready,SchedulingDisabled state after applying configuration changes. Applying or deleting the NodeSystemConfigUpdate or SriovNetworkNodePolicy resources no longer results in a node that's stuck in the Ready,Scheduling Disabled state after it reboots.

  • Cluster software upgrades are no longer affected by GKE Identity Service (GKE IS) Pods that get stuck in a Failed state after a machine reboot.

  • Virtual machine workloads no longer temporarily go down when upgrading Google Distributed Cloud connected software. The virtual machine workloads now remain running while a Google Distributed Cloud software upgrade completes.

  • Changes to the VMRuntime resource are no longer required before upgrading to Google Distributed Cloud connected version 1.7.1 or higher.

  • Excessive CPU load on nodes undergoing live virtual machine migration during software upgrades has been resolved. When completing a live virtual machine migration during a Google Distributed Cloud connected software upgrade, nodes no longer experience CPU spikes that might affect workloads running on them.

  • Virtual machines no longer lose connectivity to each other during a live migration. When completing a live migration of virtual machines from one node to another, the virtual machines now retain network connectivity to each other across the source and destination nodes.

  • Virtual machines are now properly scheduled after recovery from a network partition. When a loss of network connectivity across multiple nodes occurs and causes a stall in storage I/O operations, the virtual machine fencing logic now properly marks the affected virtual machines as failed. Such virtual machines are now properly scheduled back onto the affected nodes when network connectivity is restored.

This release of Google Distributed Cloud connected contains the following known issues:

  • Virtual machine management can fail after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you might not be able to manage the virtual machines scheduled on the corresponding nodes after you power the machines back up, even though those virtual machine workloads continue to run. To remedy this issue, contact Google Support.

  • The Kubernetes API server might return 404 errors when attempting to access virt-api endpoints. To work around this issue, contact Google Support.

  • Storage operations hang when volume replicas are deleted from a cluster without removing the corresponding Symcloud Storage persistent volume intent. If you delete the volume replicas for a Symcloud Storage persistent volume but do not remove the corresponding intent, TCMU devices on the worker node hang, causing storage operations to stall indefinitely. This can affect both your workload data availability as well core system functionality of Google Distributed Cloud connected. To prevent this, you must always remove a Symcloud Storage persistent volume before deleting its associated volume replicas. If you need to resolve this issue on an affected node, contact Google Support.

  • Cluster deletion can fail due to stale Symcloud Storage data. When attempting to delete a cluster during disaster recovery or cluster reset, the deletion might fail due to the corresponding Symcloud Storage volumes not having been cleaned up. To resolve this issue, contact Google Support.

  • Cluster upgrades might fail with an "ABM upgrade timed out" error. Under certain conditions, if the GKE token expires while a cluster upgrade is in progress, the upgrade fails with an "ABM upgrade timed out" error and a missing gkehub.memberships.update permission is recorded in the logs. If you encounter this issue, contact Google Support.

  • Removing the NodeSelector node label value in the NodeSystemConfigUpdate resource after reconciliation does not reset the node status to default. If you remove the node label value in the NodeSelector field of the NodeSystemConfigUpdate resource after the resource has been successfully reconciled, the node does not revert to its default configuration.

Google Kubernetes Engine

(2024-R28) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1252000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

Regular channel

  • Version 1.29.6-gke.1326000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

Stable channel

Extended channel

  • Version 1.29.6-gke.1326000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

No channel

(2024-R28) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1252000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

(2024-R28) Version updates

  • Version 1.29.6-gke.1326000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

(2024-R28) Version updates

(2024-R28) Version updates

  • Version 1.29.6-gke.1326000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

(2024-R28) Version updates

August 06, 2024

Cloud Workstations

If you specify a source workstation during workstation creation, Cloud Workstations supports cloning of persistent directories. For more information, see REST workstations, RPC google.cloud.workstations.v1beta, or gcloud beta workstations create.

Contact Center AI Platform

Web SDK 2.22 is released

Web SDK 2.22 includes the following updates:

  • Resize text. You can change the font size for any text displayed in the agent adapter.

  • Control link behavior. You can control whether a link opens in the same tab or a new tab.

Container Optimized OS

cos-109-17800-309-7

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-admin/google-guest-configs to 20240607.00.

Upgraded app-containers/containerd to 1.7.19.

Upgraded sys-auth/pambase to v20240128.

Upgraded app-containers/docker, app-containers/docker-test, app-containers/docker-cli to v24.0.9.

Upgraded app-containers/docker-credential-gcr to v2.1.22.

Upgraded app-containers/docker-credential-helpers to v0.8.1.

Upgraded app-containers/cni-plugins to v1.4.1.

Upgraded net-misc/rsync to v3.2.7-r5.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Runtime sysctl changes:

  • Added: net.core.mem_pcpu_rsv: 256

cos-113-18244-151-9

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-admin/google-guest-configs to 20240607.00.

Upgraded app-containers/containerd to 1.7.19.

Upgraded net-misc/rsync to v3.2.7-r5.

Upgraded sys-apps/less to v661.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812030

Google Kubernetes Engine

You can now keep a GKE Standard cluster on a minor version for longer with the Extended release channel. Clusters running 1.27 or later can be enrolled in the Extended channel, and automatically receive security patches during the extended support period after the end of standard support. To learn more, see Get long-term support with the Extended channel.

Vertex AI Agent Builder

Vertex AI Search: Layout parser GA

The layout parser for Vertex AI Agent Builder is Generally available. The layout parser transforms documents in various formats into structured representations. It makes content like paragraphs, tables, lists, and structural elements like headings, page headers, and footers easily accessible.

For more information, see Layout parser.

Vertex AI Search: Generative answers performance improvements

Generative answers have been updated with performance improvements.

  • Re-ranking for generative answers has been updated to decrease response latency.
  • Detection of adversarial queries has been updated for improved accuracy.

August 05, 2024

AlloyDB for PostgreSQL

AlloyDB Omni version 15.5.5 is now generally available (GA). This version includes the following features and changes:

Apigee Advanced API Security

On August 5, 2024 we released an updated version of Advanced API Security.

Shadow API Discovery, which is in preview, now supports the use of tags to label and organize observation results.

For usage information, see Use tags.

Cloud Load Balancing

Regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store to validate the client certificate's chain of trust.

For details, see the following:

This capability is in General Availability.

Global external Application Load Balancer and global external Application Load Balancer (classic) already support frontend mTLS (General Availability).

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

11.2.0 (2024-07-15)

Features
  • Open telemetry integration and span Id fix for nodejs logging library (#1497) (91577e0)

Java

Changes for google-cloud-logging

3.20.0 (2024-08-02)

Features
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#1664) (cb6de76)
Documentation
  • Documentation update for OpenTelemetry and tracing (#1657) (e3c6670)
Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.41.0 (2024-07-31)

Features
  • Enable gRPC client open telemetry metrics reporting (#2590) (d153228)
Bug Fixes
  • Add UnknownHostException to set of retriable exception (#2651) (18de9fc)
  • Update grpc resumable upload error categorization to be more tolerant (#2644) (95697dd)
  • Update Storage#readAllBytes to respect shouldReturnRawInputStream option (#2635) (dc883cc)
  • Update TransferManager downloads to reduce in memory buffering (#2630) (fc2fd75)
  • Use fast calculation for totalRemaining number of bytes from multiple ByteBuffers (#2633) (758b3dd)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240625-2.0.0 (#2616) (b22babb)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240706-2.0.0 (#2634) (1ccaa0c)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#2647) (8196259)
  • Update dependency net.jqwik:jqwik to v1.9.0 (#2608) (a20eb66)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2604) (8c79f39)
  • Update junit-platform.version to v5.10.3 (#2605) (a532ee4)

You can now use parallel downloads with Cloud Storage FUSE to accelerate read performance of large files over 1 GB in size. When enabled, parallel downloads use multiple workers to download a file in parallel, accelerating file reads. For more information, see Improve read performance using parallel downloads.

Colab Enterprise

Fixed an issue in which users weren't able to access the Colab Enterprise UI when Colab Service Status was OFF for everyone in Google Workspace.

Confidential VM

AMD has notified Google about 3 new (2 medium risk, 1 high risk) firmware vulnerabilities affecting SEV-SNP in AMD EPYC 3rd generation (Milan) and 4th generation (Genoa) CPUs (CVE-2023-31355, CVE-2024-21978, and CVE-2024-21980).

For more information, see the GCP-2024-046 security bulletin.

Config Connector

Config Connector version 1.121.0 is now available.

The state-into-spec field now defaults to Absent in any new Config Controller clusters.

Starting in version 1.122, this will be the default for all Config Controller clusters.

Starting in version 1.123, this will be the default for all Config Connector clusters.

DataformRepository (Alpha) now uses direct reconciliation.

BigtableInstance

  • When autoscaling is enabled (spec.cluster[].autoscalingConfig.), does not use numNodes (spec.cluster[].numNodes=2) as that applies only to manual scaling.

BigQueryConnection

  • Added status.observedState field to store the output-only fields which are previously mistakenly defined in spec.

BigQueryTable

  • Added spec.requirePartitionFilter field. This release note was added on August 20.
Contact Center AI Platform

Version 3.23 is released

All release notes published on this date are part of version 3.23.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Cancel partial responses for virtual agents

You can now configure virtual agents (VAs) to enable cancellation of the playback of partial-responses fulfillment when the final fulfillment is returned. For example, if a webhook is called by the VA and partial responses is enabled, the fulfillment is returned to CCAI Platform and it starts playing the message to the end-user. If the final fulfillment is sent by Dialogflow to CCAI Platform while the partial-responses fulfillment is still being played, it is possible to interrupt this playback and play the final fulfillment.

For more information, see Support for partial response in Dialogflow CX.

New force logout endpoint in the Apps API

You can now do a force logout on agents, using agent ID or IP address, by making a POST call to a new Apps API endpoint: POST /apps/api/v1/agent_statuses/force_logout. This endpoint lets you immediately log out an agent who is not currently on a call or chat. If the agent is on a call or chat, they are automatically logged out after the call or chat ends.

Updated agent statuses endpoint

The agent statuses endpoint, apps/api/v1/agent_statuses, now returns an agent's IP address.

Contact lists

Agents can now use contact lists, which improve the organization and accessibility of external contacts. Agents can use a centralized workspace to create a personal contact list or a favorite contact list. Agents can access global and custom lists, depending on how your configure CCAIP. Administrators have the ability to: (1) Manage list visibility at the team or queue level, (2) Bulk upload CSV files containing contact lists, and (3) Add, edit, or delete contacts and destinations, including SIP URI addresses and phone numbers.

Auto answer settings are relocated

The following auto answer settings for calls and chats have been relocated. Functionality remains the same:

Global settings (moved to the Operations Management Routing page):

  • Old Locations:

    • Calls: Settings > Call

    • Chats: Settings > Chat

  • New Locations:

    • Calls: Settings > Operation Management > Routing > Call Routing > Deltacast

    • Chats: Settings > Operation Management > Routing > Chat Routing > Deltacast

Queue-level settings (moved to the Deltacast Settings page):

  • Old Locations:

    • Calls: Settings > Queue > [IVR] [Mobile] [Web]

    • Chats: Settings > Queue > Web

  • New Locations:

    • Calls: Settings > Queue > [IVR] [Mobile] [Web] > Routing > Call Routing > Deltacast

    • Chats: Settings > Queue > Web > Routing > Call Routing > Deltacast

For more information, see Auto answer.

End-of-session transfers for virtual agents

You can now set up a virtual agent (VA) to handle end-of-session interactions. When a live agent ends a session, it's transferred to a VA for wrap-up. You can use end-of-session transfers for interactions such as post-session surveys or feedback. This feature is available for both calls and chats.

Queue-level whisper settings for calls

Whisper settings for calls are now available at the queue level. This feature allows you to turn off whisper messages for specific queues or customize the whisper message. For example, on a billing queue, you could provide agents with instructions such as, "Call coming through the billing queue. Remember to redact if taking any payments." In addition, you can customize the call countdown timer and enable Use countdown at the queue level for calls.

For more information, see Configure whisper announcements at the queue level.

Workforce management

Workforce management (WFM) provides simple, flexible, real-time forecasting, scheduling, and adherence monitoring. Here are some key features:

  • Dynamic scheduling to optimize staffing. Save time by automating scheduling based on expected staffing needs. Allow agents to pick their schedule based on availability and skillset. WFM is customizable so you can create schedules that account for agent skills, time zones, channel coverage, employee time-off requests, and more.

  • Intelligent, flexible forecasting. Quickly create accurate omnichannel forecasts that model staffing requirements using both historical and real-time data. Interval, weekly, and monthly patterns and in-forecast updates provide day-to-day flexibility. You can make changes on the fly, or "set it and forget it."

  • Schedule adherence. WFM helps you avoid costly mistakes by providing agents and managers with real-time access to adherence and performance monitoring. This helps to ensure that agents are in the right place at the right time so there are no gaps in your customer service experience.

For more information, see Workforce management.

Queue-level configuration of the cascade group timer

You can now configure the cascade group timer at the queue level, instead of only at the global level. This would be useful, for example, if you wanted the agents assigned to a VIP queue to have more time to answer before the session is moved to the next cascade group.

For more information, see Configure a cascade group at the queue level.

Queue-level configuration of the percent allocation group timer

You can now configure the percent allocation group timer at the queue level, instead of only at the global level.

For more information, see Percent allocation groups.

Settings version control

Settings version control is a new feature that lets administrators more easily migrate the queue menu structure and settings from one tenant to another. Settings version control consists of two main components: (1) Exporting and importing queue menu structure and settings, and (2) Viewing and managing version history. You can save the current configuration of an existing tenant to a JSON file and then import the file and apply it to a new tenant. You can also create a reusable configuration template, making the creation of new tenants faster and more consistent. The version history feature lets administrators track the change history of a tenant, providing an overview of all previous settings applied. Administrators can revert to previous settings if they are not satisfied with recent changes. Settings version control is in Preview. For more information, see Settings version control.

New quality management (QM) session event field

CCAIP now passes a new field in the session event payload for calls.

The new field is available in the following event payload streams:

  • QM call events

  • External call events

The new session event field is the same as the agent_number field in the CCAIP metadata. This field is passed in the payload for all session events that have an agent participant.

Here is an example of a session event field: "agent_number":"1660"

Fixed an issue where calls would sometimes not ring for an agent while connecting to a caller.

Fixed an issue where agents with chat concurrency set to 1 were incorrectly receiving new chat offers while already handling a chat.

Fixed a co-browse display issue.

Fixed an issue where chats continued to be translated after being transferred to a queue that had live translation turned off.

Fixed an issue where the agent adapter was not triggering events in an iframe when starting or ending a co-browse session.

Fixed an issue where the Telnyx API was throwing an error when verifying a number, preventing BYOC numbers from being added.

Dataform

Access Approval supports Dataform in the GA stage.

Generative AI on Vertex AI

The translation LLM now supports Arabic, Hindi, and Russian. For the full list of supported languages, see the Translate text page.

Google Cloud Architecture Center

Disaster recovery scenarios for data: Added guidance about using the following capabilities to back up and recover self-managed databases deployed in Google Cloud:

Disaster recovery scenarios for applications: Added guidance about using the following capabilities to back up and recover applications deployed in Google Cloud:

NetApp Volumes

For the Flex service level, Google Cloud NetApp Volumes offers its services in the following regions:

  • europe-west8 (Milan)

  • europe-west9 (Paris)

  • europe-west12 (Turin)

To learn more, see NetApp Volumes key features.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

Beta release for the pubsub opentelemetry tracing feature

OpenTelemetry tracing standards are in active development, and thus attributes, links, and span names are EXPERIMENTAL and subject to change or removal without notice.

1.41.0 (2024-08-01)

Features
  • pubsub/pstest: Add Message.Topic field and populate on publish (#10510) (01bf051)
  • pubsub: Add max messages batching for Cloud Storage subscriptions (1bb4c84)
Bug Fixes
  • pubsub: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • pubsub: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • pubsub: Update dependencies (257c40b)

Java

Changes for google-cloud-pubsub

1.132.0 (2024-08-01)

Features
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.41.0 (#2093) (217b8a3)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.0 (#2124) (24ebe24)
  • Update dependency com.google.cloud:google-cloud-core to v2.41.0 (#2120) (1f6428a)
  • Update dependency com.google.cloud:google-cloud-storage to v2.40.1 (#2095) (0d64d6c)
  • Update dependency com.google.cloud:google-cloud-storage to v2.41.0 (#2129) (2348d20)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#2121) (7fbea6d)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.2 (#2091) (9859f11)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2096) (42f12ed)
Documentation

Python

Changes for google-cloud-pubsub

2.23.0 (2024-07-29)

Features
  • Add max messages batching for Cloud Storage subscriptions (#1224) (91c89d3)
Sensitive Data Protection

The ORGANIZATION_NAME infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

The STREET_ADDRESS infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

August 03, 2024

Google SecOps SOAR

Release 6.3.13 is now in General Availability.

August 02, 2024

Apigee Advanced API Security

The preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents is now re-enabled after resolution of the known issue noted on July 19.

For usage instructions, see the Incident details documentation.

Apigee Integration

Redirecting from Apigee Integration to Application Integration

We are converging Apigee Integration and Application Integration. This change involves the following updates:

For more information, see Use Application Integration.

Generative AI on Vertex AI

Vertex AI SDK for Python supports token listing and counting for prompts without the need to make API calls. This feature is available in (Preview). For details, see List and count tokens.

Google Kubernetes Engine

The NVIDIA GPU Operator can now be used as an alternative to fully managed GKE for both Container-Optimized OS and Ubuntu node images. Choose this option to manage your GPU stack if you're looking for a consistent multi-cloud experience, already using the NVIDIA GPU Operator, or have software reliant on it.

Google SecOps SOAR

Release 6.3.14 is currently in Preview.

Unable to rerun a failed playbook step when the parameter is very large. As part of the fix, large parameter values will show as truncated on the platform but will not change the actual value sent to the playbook. (ID #49774296)

The platform does not show the correct error when trying to save a playbook which is open in another tab. (ID #00269661)

Can't remove the remote agent after host/container has stopped (ID #49024310)

List and multi-select parameters not appearing correctly in the IDE (ID # 51995565)

Playbook simulator sometimes not executing actions in the correct order (ID #48264534)

Missing audit log entries when deleting permission groups (ID #51496411)

Vertex AI

The Vertex AI Model Registry now offers Preview support for model copy across different projects. For information about how to copy your model projects and regions, see Copy models in Model Registry.

August 01, 2024

Apigee X

On August 1, 2024, we released an updated version of Apigee (1-13-0-apigee-1).

New flow variables are now available:

  • request.headers.names.string
  • request.queryparams.names.string
  • request.formparams.names.string
  • message.headers.names.string
  • message.queryparams.names.string
  • message.formparams.names.string
  • response.headers.names.string

These context variables can be used to return header, query parameter, and form parameter names in string format that can be used in API proxy logic. Each variable returns a comma-separated list of names.

For more information, see the Flow variables reference.

Bug ID Description
308583363, 332464869 Security fix for apigee-mart.

This addresses the following vulnerabilities:
332465218 Security fix for apigee-runtime.

This addresses the following vulnerabilities:
341994213, 333971421 Security fixes for Cassandra emulator.

These address the following vulnerabilities:
329762216

Security fix for apigee-installer.

This addresses the following vulnerability: CVE-2024-24786
342630443, 342714341, 343202829

Security fixes to address the following vulnerabilities:
Bug ID Description
293150694 <HTTPMonitor> now supports the <UseTargetServerSSLInfo> element and can trust TLS certs from non-public CAs.
329874359 Decreased the default value of <CacheLookupTimeoutInSeconds> from 30 seconds to 12 seconds.
334442202 Added specific and informative error messaging for App query failures resulting from discrepancies between developers and apps.
333919279 Improved reliability for Developer, App and API products APIs.
339169651 Fixed potential HTTP request smuggling vulnerability when using the OPTIONS method.
297539870 <HTTPTargetConnection> property io.timeout.millis is honored when used with WebSockets.
N/A Updated infrastructure and libraries.
BeyondCorp Enterprise

Generally available: The Chrome Enterprise Premium file transfer connector. You can use this feature to scan files that are transferred between different file systems on ChromeOS.

Bigtable

Bigtable supports querying in SQL. This feature is available in Preview. For more information, see Introduction to SQL for Bigtable.

The Bigtable Studio query editor is available in Preview. For more information, see Manage your data using Bigtable Studio.

Bigtable aggregates let you build distributed counters and aggregate your Bigtable data at write time using min, max, sum, or HLL. This feature is generally available (GA). For more information, see Aggregate values at write time.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Compute Engine
    • compute.googleapis.com/InstantSnapshot
Cloud Composer

In July and August 2024, new Cloud Composer 2 environments keep switching to using GKE 1.29 and PSC as a connectivity channel to the GKE control plane. Creating new Cloud Composer 2 private IP environments will require using PSC SERVICE_PRODUCER endpoints, which might be blocked by the Disable Private Service Connect for Consumers organization policy constraint. Previously, this org policy limitation could be addressed by using VPC peerings instead of PSC, but starting from GKE 1.29, this workaround is no longer available.

(Cloud Composer 3 only) The July 24th issue with Airflow upgrade operations for Cloud Composer 3 environments is now fixed. Airflow upgrade operations are now being re-enabled, and should reach all Cloud Composer 3 environments within the next couple of days.

The initial synchronization of DAGs and plugins in Airflow workloads is performed in a separate container and utilizes full resources of the Pod.

(Cloud Composer 3) Fixed an error that happened when values in certain formats were used for Airflow configuration options.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.2
  • composer-3-airflow-2.7.3-build.11

Cloud Composer 2.8.8 images are available:

  • composer-2.8.8-airflow-2.9.1
  • composer-2.8.8-airflow-2.7.3 (default)

Airflow 2.6.3 is no longer included in Cloud Composer 2 images.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for SQL Server

Cloud SQL for SQL Server now offers two editions of Cloud SQL to support your various business and application needs: Cloud SQL Enterprise Plus edition and Cloud SQL Enterprise edition. Each edition provides different performance and availability characteristics to meet the needs of your applications.

Cloud SQL Enterprise Plus edition has new machines for better performance, higher availability, and advanced disaster recovery. Existing instances become Cloud SQL Enterprise edition for SQL Server instances with no changes to pricing or features. You can upgrade existing instances to the Cloud SQL Enterprise Plus edition in-place using the Google Cloud Console, the gCloud CLI, or the API with minimal downtime.

For more information about Cloud SQL editions, see Introduction to Cloud SQL editions.

Cloud Storage

Beginning November 1, 2024, BigQuery users will start seeing charges for Cloud Storage usage as per pricing documentation, which was not metered before due to a billing bug.

Compute Engine

Generally available: You can use instant snapshots to take in-place disk backups that can be restored to new disks in under a minute.

Instant snapshots are ideal for rapid data restoration within the same location as the source disk. For more information, see Instant snapshots.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.16.11-gke.25 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.11-gke.25 runs on Kubernetes v1.27.15-gke.1200.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Existing Seesaw load balancers now require TLS 1.2.

The following vulnerabilities are fixed in 1.16.11-gke.25:

Google Distributed Cloud (software only) for bare metal

Release 1.28.800-gke.111

Google Distributed Cloud for bare metal 1.28.800-gke.111 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.800-gke.111 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, including the following: Cluster, NodePool, BareMetalMachine and BareMetalCluster.

Fixes:

The following container image security vulnerabilities have been fixed in 1.28.800-gke.111:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

You can now enable NCCL Fast Socket on your multi-GPU Autopilot workloads. NCCL Fast Socket is a transport layer plugin designed to improve NVIDIA Collective Communication Library (NCCL) performance on Google Cloud. To enable NCCL Fast Socket on GKE Autopilot, you must use a GKE Autopilot cluster with control plane version 1.30.2-gke.1023000 or later. For more information, see Improve workload efficiency using NCCL Fast Socket.

Autopilot nodes use Google Virtual NIC (gVNIC) for 1.30.2-gke.1023000 and later.

Google SecOps

Customers can now configure direct ingestion of Google Cloud data without using a 1-time Google Security Operations access code. This feature will be launched over a period of several weeks. For more information, see Enable direct ingestion from Google Cloud.

Google SecOps SIEM

Customers can now configure direct ingestion of Google Cloud data without using a 1-time Google Security Operations access code. This feature will be launched over a period of several weeks. For more information, see Enable direct ingestion from Google Cloud.

Looker Studio

Audit logging for Gemini in Looker

You can view Gemini in Looker log events in the Admin Console (Security Investigation Tool). Gemini in Looker can be enabled for Looker Studio Pro subscriptions, which are associated with a Google Cloud project. To see which Google Cloud projects have Gemini in Looker enabled, as well as those with Gemini in Looker's Trusted Tester capabilities, filter the log by choosing the Setting name attribute and view the entries in the Project ID column.

Learn more about Looker Studio log events.

Spanner

Spanner now offers Spanner Graph in Preview, which unites purpose-built graph database capabilities with Spanner. Spanner Graph includes a graph query interface compatible with the ISO GQL (Graph Query Language) standards, and interoperability between relational and graph models. For more information, see the following:

Spanner full-text search (Preview) lets you search a table to find words, phrases, or integers, instead of just searching for exact matches in structured fields. Spanner full-text search capabilities also include making spelling corrections, automating language detection of search input, and ranking search results. To learn more, see the Full-text search overview.

July 31, 2024

AlloyDB for PostgreSQL

Gemini in Databases assistance in AlloyDB for PostgreSQL is now available in Preview for standard and enhanced query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you monitor and troubleshoot your AlloyDB resources. For more information, see Monitor and troubleshoot with Gemini assistance.

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Apigee hybrid

hybrid 1.11.2-hotfix.2

On July 31, 2024 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.2.

Note: This release reflects a change to the component images and not the Helm chart templates. If your hybrid installation is currently on Apigee hybrid v1.11.2, Apply this hotfix with the following steps:

  1. In your overrides file, update the image.url and image.tag properties of ao and runtime: 

    ao:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-operators"
    tag: "1.11.2-hotfix.2"
runtime:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-runtime"
    tag: "1.11.2-hotfix.2"

  2. Install the hotfix release:

    • For Helm-managed releases, update the apigee-operator with the helm upgrade command and your current overrides files: 

      helm upgrade operator apigee-operator/ \
  --namespace apigee-system \
  --atomic \
  -f overrides.yaml

      For each environment in your Apigee org:

      helm upgrade ENV_NAME apigee-env/ \
  --namespace apigee \
  --atomic \
  -f overrides.yaml

    • For apigeectl-managed releases:

      1. install the hotfix release with apigeectl init using your updated overrides file: 

        ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client

        Followed by:

        ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE

      2. Apply the hotfix release with apigeectl apply: 

        ${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs --dry-run=client

        Followed by:

        ${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs
Bug ID Description
351868444 Tolerations are now working for Redis's Envoy pod.
297539870 HTTPTargetConnection property io.timeout.millis is now honored correctly when using websockets.
App Engine flexible environment Ruby App Engine standard environment Ruby BigQuery

When you translate SQL queries from your source database, you can use configuration YAML files to optimize and improve the performance of your translated SQL. This feature is in preview.

Workload management now provides the following benefits:

  • The autoscaler now scales up immediately.
  • The autoscaler now scales more precisely.
  • The autoscaler scales to the nearest multiple of 50 slots, instead of 100.
  • You can now purchase capacity commitments, set baseline slots, and set autoscale max slots in incremental steps of 50 slots.
  • If one minute or more has passed since the most recent increase in capacity, you can now reduce capacity without resetting the one minute minimum. This allows for multiple consecutive decreases without a one minute delay between them.

These features are now generally available (GA).

Cloud DNS

Health checks for external endpoints in Cloud DNS routing policies are now available in Preview.

Cloud Data Fusion

The Python transform plugin version 2.3.1 is available in Cloud Data Fusion version 6.10.1. The release lets you use a macro in the Script plugin property field to pass runtime arguments (CDAP-21054).

Cloud Functions

Cloud Functions now supports the Ruby 3.3 runtime at the General Availability release level.

Cloud Load Balancing

Cloud Load Balancing now supports failover for global, classic, and regional external Application Load Balancers. Failover is handled by creating two or more regional external Application Load Balancers in the regions where you want the traffic to failover to. Only regional external Application Load Balancers can be used as failover backup load balancers.

For details, see Failover for external Application Load Balancers.

This feature is available in Preview.

Cloud SQL for MySQL

Gemini in Databases assistance in Cloud SQL for MySQL is now available in Preview for query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you observe and troubleshoot your Cloud SQL resources. For more information, see Observe and troubleshoot with Gemini assistance.

Cloud SQL for PostgreSQL

Gemini in Databases assistance in Cloud SQL for PostgreSQL is now available in Preview for query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you observe and troubleshoot your Cloud SQL resources. For more information, see Observe and troubleshoot with Gemini assistance.

Cloud Storage

You can now use list caching with Cloud Storage FUSE, which is a cache for directory and file list, or ls, responses that improves list operation speeds. To learn more about list caching and how to enable it, see the Cloud Storage FUSE caching overview page.

You can now use the Google Cloud console to set a default soft delete retention duration. For more information, see Use tags to set a default soft delete retention duration for new buckets.

Container Optimized OS

cos-113-18244-85-65

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Runtime sysctl changes:

  • Changed: fs.file-max: 812041 -> 812026

Dataform

The maximum size limit for repositories encrypted with customer-managed encryption keys (CMEK) is 512 MB. For more information about Dataform quotas and limits, see Quotas and limits. For more information about encrypting Dataform repositories with CMEK, see Use customer-managed encryption keys.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.74
  • 1.2.18
  • 2.0.82
  • 2.2.18

Dataproc Serverless for Spark: Upgraded Spark BigQuery connector to version 0.36.4 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions.

Generative AI on Vertex AI

New Imagen on Vertex AI image generation model and features

The Imagen 3 image generation models (imagen-3.0-generate-001 and the low-latency version imagen-3.0-fast-generate-001) are Generally Available to approved users. These models offer the following additional features:

  • Additional aspect ratios (1:1, 3:4, 4:3, 9:16, 16:9)
  • Digital watermark (SynthID) enabled by default
  • Watermark verification
  • User-configurable safety features (safety setting, person/face setting)

For more information, see Model versions and Generate images using text prompts.

Gemma 2 2B is available in Model Garden. For details, see Use Gemma open models.

The following models have been added to Model Garden:

  • Gemma 2 2B: A foundation LLM by Google Deepmind.
  • Qwen2: An LLM series by Alibaba Cloud.
  • Phi-3: An LLM series by Microsoft.

Resource and deployment settings were made to the following models:

Google Kubernetes Engine

(2024-R27) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.30.2-gke.1587003 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.14-gke.1059002
    • 1.27.15-gke.1125000
    • 1.28.11-gke.1260000
    • 1.28.11-gke.1289000
    • 1.29.6-gke.1038001
    • 1.29.6-gke.1137000
    • 1.30.1-gke.1329003
    • 1.30.2-gke.1394003
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.2-gke.1587003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

Regular channel

  • Version 1.29.6-gke.1254000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

Stable channel

  • Version 1.29.6-gke.1038001 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1042001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

Extended channel

  • Version 1.29.6-gke.1254000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

No channel

GKE Autopilot versions 1.28.6-gke.1317000 and later fixes a known issue for ephemeral storage requests. If the combined ephemeral storage requests across all containers in your workload exceed 10 GiB, your workload will be rejected with an error message. This differs from earlier versions, which admitted the workload if it requested more than 10 GiB while only actually provisioning 10 GiB, which would result in workload eviction when the workload used more than 10 GiB.

To ensure uninterrupted operation with GKE Autopilot versions 1.28.6-gke.1317000 and later, do the following:

  • Verify that containers injected by webhooks don't cause Pods to exceed the maximum Autopilot resource limits.
  • Adjust workload resource requests to account for any containers that may be injected by webhooks.
  • If any Pods are rejected after updating, reduce their ephemeral storage requests to meet the limit for your workload configuration.

To learn more, see Automatic resource management in Autopilot.

(2024-R27) Version updates

  • Version 1.30.2-gke.1587003 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.14-gke.1059002
    • 1.27.15-gke.1125000
    • 1.28.11-gke.1260000
    • 1.28.11-gke.1289000
    • 1.29.6-gke.1038001
    • 1.29.6-gke.1137000
    • 1.30.1-gke.1329003
    • 1.30.2-gke.1394003
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.2-gke.1587003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

(2024-R27) Version updates

  • Version 1.29.6-gke.1254000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

(2024-R27) Version updates

  • Version 1.29.6-gke.1038001 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1042001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R27) Version updates

  • Version 1.29.6-gke.1254000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

(2024-R27) Version updates

You can now keep a GKE Standard cluster on a minor version for longer with the Extended release channel. Clusters running 1.27 or later can be enrolled in the Extended channel, and automatically receive security patches during the extended support period after the end of standard support. To learn more, see Get long-term support with the Extended channel.

Sensitive Data Protection

The DATE_OF_BIRTH infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.64.0 (2024-06-29)

Features
  • spanner: Add field lock_hint in spanner.proto (3df3c04)
  • spanner: Add field order_by in spanner.proto (3df3c04)
  • spanner: Add LockHint feature (#10382) (64bdcb1)
  • spanner: Add OrderBy feature (#10289) (07b8bd2)
  • spanner: Add support of checking row not found errors from ReadRow and ReadRowUsingIndex (#10405) (5cb0c26)
Bug Fixes
  • spanner: Fix data-race caused by TrackSessionHandle (#10321) (23c5fff), refs #10320
  • spanner: Fix negative values for max_in_use_sessions metrics (#10449) (a1e198a)
  • spanner: Prevent possible panic for Session not found errors (#10386) (ba9711f), refs #10385

Java

Changes for google-cloud-spanner

6.70.0 (2024-06-27)

Features
Bug Fixes
  • Do not end transaction span when rolling back to savepoint (#3167) (8ec0cf2)
  • Remove unused DmlBatch span (#3147) (f7891c1)
Dependencies
  • Update dependencies (#3181) (0c787e6)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#3184) (9c85a6f)
  • Update dependency commons-cli:commons-cli to v1.8.0 (#3073) (36b5340)

6.71.0 (2024-07-03)

Features

Node.js

Changes for @google-cloud/spanner

7.9.0 (2024-06-21)

Features
Bug Fixes
  • deps: Update dependency google-gax to v4.3.4 (#2051) (80abf06)
  • deps: Update dependency google-gax to v4.3.5 (#2055) (702c9b0)
  • deps: Update dependency google-gax to v4.3.6 (#2057) (74ebf1e)
  • deps: Update dependency google-gax to v4.3.7 (#2068) (28fec6c)

7.9.1 (2024-06-26)

Bug Fixes

7.10.0 (2024-07-19)

Features
  • Add field lock_hint in spanner.proto (47520e9)
  • Add field order_by in spanner.proto (47520e9)
  • Add QueryCancellationAction message in executor protos (47520e9)
  • Add support for change streams transaction exclusion option for Batch Write (#2070) (2a9e443)
  • Update Nodejs generator to send API versions in headers for GAPICs (47520e9)
Bug Fixes
VPC Service Controls

VPC Service Controls feature: VPC Service Controls supports using identity groups and third-party identities (only single identities) in ingress and egress rules to allow access to resources protected by service perimeters. This feature is available in Preview.

For more information, see Configure identity groups and third-party identities in ingress and egress rules. You can also learn an example of using identity groups and third-party identities in ingress and egress rules.

July 30, 2024

Apigee X

On July 30, 2024, we released an updated version of Apigee.

With this release, Apigee expanded its support for data residency to an additional region in Europe: europe-west6 (Zurich).

Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

For a list of supported geographic locations, see Apigee locations.

Apigee hybrid

hybrid 1.12.1-hotfix.1

On July 30, 2024 we released an updated version of the Apigee hybrid software, 1.12.1-hotfix.1.

Note: This release reflects a change to the component images and not the Helm chart templates. If your hybrid installation is currently on Apigee hybrid v1.12.1, Apply this hotfix with the following steps:

  1. In your overrides file, update the ao.image.url and ao.image.tag properties: 

    ao:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-operators"
    tag: "1.12.1-hotfix.1"

  2. Install the hotfix release. Update the apigee-operator component with the helm upgrade command and your current overrides files: 

       helm upgrade operator apigee-operator/ \
     --namespace apigee-system \
     --atomic \
     -f overrides.yaml
Bug ID Description
351868444 Tolerations are now working for Redis's Envoy pod.
App Engine flexible environment .NET

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Go

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Java

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Node.js

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment PHP

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Python

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Ruby

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment custom runtimes

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Go

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Java

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Node.js

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment PHP

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Python

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Ruby

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

BigQuery

You can now use the output_dimensionality argument of the ML.GENERATE_EMBEDDING function when you use the function with a remote model based on a Vertex AI multimodalembedding model. The output_dimensionality argument lets you specify the number of dimensions to use when generating embeddings. This feature is in Preview.

Cloud Monitoring

You can now troubleshoot Compute Engine issues involving host events, MIG autoscaling and health-check failures, resource-availability errors, and VM performance by using the new "interactive playbook" dashboards in Cloud Monitoring. You can access the playbook dashboards from the Dashboards page by selecting the GCP category or by filtering for "GCE Interactive Playbook".

Cloud SQL for MySQL

You can now use the gcloud CLI or the Cloud SQL Admin API to switch the storage location of transaction logs used for point-in-time recovery (PITR) on your instance from disk to Cloud Storage. For more information, see Use point-in-time recovery and Switch transaction log storage to Cloud Storage.

Container Optimized OS

cos-109-17800-218-88

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-arch/libarchive to version 3.7.4. This fixes CVE-2024-26256.

Fixed CVE-2024-39894.

Fixed CVE-2024-36891 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812285 -> 812261

Generative AI on Vertex AI Identity and Access Management

You can use IAM attributes in custom organization policies to control how your allow policies can be modified. For more information, see Use custom organization policies.

July 29, 2024

Backup for GKE

Backup for GKE now offers committed use discounts (CUDs) that provide 20% discount (one year term) and 45% discount (3 year term) on backup management fee in exchange for your commitment. For more information, see Backup for GKE Committed use discounts.

BigQuery

The RANGE data type is now a supported JSON encoding. This feature is Generally Available (GA).

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.62.0 (2024-07-22)

Features
  • bigquery/analyticshub: Support Direct Table Access Toggle (Egress GA) (b660d68)
  • bigquery/analyticshub: Support public directory self service for Listings/Exchanges (#10485) (b660d68)
  • bigquery: Add rounding mode to FieldSchema (#10328) (1a9e204)
  • bigquery: Json support on managedwriter/adapt pkg (#10542) (978d4a1)
  • bigquery: Support column name character map in load jobs (#10425) (b829327)
Bug Fixes
  • bigquery/storage/managedwriter: Faster context failure on send (#10169) (1fb0e64)
  • bigquery: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • bigquery: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • bigquery: Empty slice instead of nil slice for primitive repeated fields (#7315) (b371210)
  • bigquery: Reduce default backoffs (#10558) (037e9ef)
Documentation
  • bigquery/analyticshub: A comment for message DataExchange is changed (b660d68)
  • bigquery/analyticshub: A comment for message Listing is changed (b660d68)
  • bigquery/datatransfer: Update OAuth links in CreateTransferConfigRequest and UpdateTransferConfigRequest (3df3c04)
  • bigquery: Improve Inserter and StructSaver godoc (#10170) (c1cffb6)
  • bigquery: Update description of query preview feature (#10554) (25c5cbe)

Java

Changes for google-cloud-bigquery

2.42.0 (2024-07-28)

Features
  • Add ability to specify RetryOptions and BigQueryRetryConfig when create job and waitFor (#3398) (1f91ae7)
  • Add additional parameters to CsvOptions and ParquetOptions (#3370) (34f16fb)
  • Add remaining Statement Types (#3381) (5f39b19)
Bug Fixes
Dependencies
  • Update actions/upload-artifact action to v4.3.4 (#3382) (efa1aef)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.48.0 (#3374) (45b7f20)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240616-2.0.0 (#3368) (ceb270c)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240623-2.0.0 (#3384) (e1de34f)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240629-2.0.0 (#3392) (352562d)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.52.0 (#3375) (2115c04)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#3405) (a4a9999)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#3371) (2e804c5)
  • Update github/codeql-action action to v2.25.11 (#3376) (f1e0014)
  • Update github/codeql-action action to v2.25.12 (#3387) (af60b30)
  • Update github/codeql-action action to v2.25.13 (#3395) (95c8d6f)
  • Update github/codeql-action action to v2.25.15 (#3402) (a61ce7d)
  • Update ossf/scorecard-action action to v2.4.0 (#3408) (66777a2)
Documentation

You can now use the administrative jobs explorer to help you quickly monitor jobs activity across your organization. This feature is generally available (GA).

Vector indexes support the TreeAH index type, which uses Google's ScaNN algorithm. The TreeAH index is optimized for batch queries that process hundreds or more query vectors. This feature is in Preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

5.1.2 (2024-07-22)

Bug Fixes
  • Throw away excess data in order to avoid delivering duplicate data (#1453) (069239d)

Java

Changes for google-cloud-bigtable

2.41.0 (2024-07-24)

Features
  • Add MergeToCell to Mutation APIs (#2279) (0ce8a2a)
  • Add support for MergeToCell API (#2258) (191d15c)
  • Add support for new functions (#2287) (dd6583a)
  • Create new environment variable to toggle directpath scoped to cloud bigtable. (#2261) (9062944)
  • Implement ExecuteQuery API for SQL support (#2280) (25218e8)
Dependencies
  • Update dependency com.google.truth.extensions:truth-proto-extension to v1.4.4 (#2282) (d00a9e0)

Python

Changes for google-cloud-bigtable

2.25.0 (2024-07-18)

Features
  • Publish ProtoRows Message (7ac8e14)
  • Publish the Cloud Bigtable ExecuteQuery API (7ac8e14)
Bug Fixes
Capacity Planner

Preview: Capacity planner supports the following for data aggregated by folder ID:

  • View and export the actual and forecasted usage data of the VMs, Persistent Disk volumes, and GPUs in your folder.

  • Generate gcloud CLI commands to create future reservation requests based on the actual or forecasted usage data of your VMs or GPUs by folder.

For more information, see the following pages:

Cloud Database Migration Service

Database Migration Service support for homogeneous MySQL to Cloud SQL for MySQL migrations with physical backup files created by using the Percona XtraBackup utility is now Generally Available (GA).

For more information, see Migrate your databases by using a Percona XtraBackup physical file.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for logging/apiv2

1.11.0 (2024-07-24)

Features
  • logging: OpenTelemetry trace/span ID integration for Go logging library (#10030) (c6711b8)
Bug Fixes
  • logging: Bump google.golang.org/api@v0.187.0 (8fa9e39)
  • logging: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
  • logging: Skip automatic resource detection if a CommonResource (#10441) (fc4c910)
  • logging: Update dependencies (257c40b)
Documentation
  • logging: Documentation for automatic trace/span ID extraction (#10536) (8cf89a3)

Python

Changes for google-cloud-logging

3.11.0 (2024-07-15)

Features
  • OpenTelemetry trace/spanID integration for Python handlers (#889) (78168a3)
Bug Fixes
  • Added environment specific labels to client library when running in Cloud Run Jobs (#877) (9c5e8f0)
  • Added missing import into logger.py (#896) (9ca242d)
  • Added type hints to CloudLoggingHandler constructor (#903) (6959345)
Documentation
  • Add summary_overview template (#878) (b60714c)
  • Changed table in web-framework-integration to bulleted list (#875) (a4aa3a7)
  • Documentation update for OpenTelemetry (#915) (2a0539a)
  • Update dictConfig snippet (#885) (6264107)
Cloud SQL for MySQL

Migrating your external MySQL 5.7 and 8.0 databases into Cloud SQL for MySQL by using Percona XtraBackup physical files is now generally available (GA).

For more information, see Migrate to Cloud SQL from an XtraBackup physical file.

Cloud Service Mesh

Updated August 8, 2024

Cloud Service Mesh with a Traffic Director control plane implementation is incompatible with Envoy version v1.31.0.

If you manually control your Envoy version, do not upgrade to this version as there is an existing issue with connecting to Traffic Director. If you run into issues with v1.31.0, set GRPC_DNS_RESOLVER=native.

If you do not manually control your Envoy version, you don't have to do anything. Google's data plane management will not select this version for you.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-storage

2.18.0 (2024-07-09)

Features
  • Add OpenTelemetry Tracing support as a preview feature (#1288) (c2ab0e0)
Bug Fixes
Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.11 (2024-07-24)

Bug Fixes
  • dataflow: Update dependencies (257c40b)
Dataplex

Metadata import for Dataplex Catalog entries and their aspects is available in preview. For more information, see Import metadata.

Firestore

You can now apply range and inequality filters to multiple fields in a query. This feature is generally available (GA).

For more information, see Query with range and inequality filters on multiple fields overview.

Firestore in Datastore mode

You can now apply range and inequality filters to multiple fields in a query. This feature is generally available (GA).

For more information, see Query with range and inequality filters on multiple fields overview.

Google Cloud Marketplace

Google Private Marketplace and Product Requests are now Generally Available.

  • Google Private Marketplace lets organizations govern their software usage and control costs by ensuring that their users can only procure Google Cloud Marketplace solutions that have been approved by administrators, FinOps, or procurement team members.
  • Product Requests lets your users file requests to use or procure specific products.
Google Cloud VMware Engine

You can now purchase Fully licensed commitments, Fully licensed convertible commitments, and Portable License commitments. For more information, see Purchasing VMware Engine commitments.

Google SecOps SIEM

Curated Detections has been enhanced with new detection content for Cloud Threats to include rule packs covering Microsoft Entra ID, Entra ID Audit and Azure Compute and are in public preview for customers with a Google Security Operations or Enterprise Plus license.

Google SecOps SOAR

Release 6.3.12 is now in General Availability.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.5 (2024-07-24)

Bug Fixes
  • secretmanager: Update dependencies (257c40b)
Security Command Center

Detector for Container Threat Detection released to General Availability

Container Threat Detection, a built-in service available in Security Command Center Premium and Enterprise, has launched a new detector, Unexpected Child Shell, in General Availability.

The detector monitors all process executions and generates a finding if a process that does not normally invoke shells spawns a shell process.

For more information, see Container Threat Detection detectors.

Assign high-value resources based on Sensitive Data Protection insights for Cloud Storage

The attack path simulations feature can now automatically set the resource value of a Cloud Storage resource based on the sensitivity of the data that the bucket contains.

For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.

For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.

Preview of curated detections for Microsoft Azure data

New curated detections in the Cloud Threats category that identify suspicious patterns in Microsoft Azure data are currently available in Preview.

For more information, see curated detections for Microsoft Azure data in the Security Command Center documentation.

July 28, 2024

Google SecOps

Creating a new playbook using prompts is now supported by Gemini. This feature is in public preview. For more information, refer to Create playbooks with Gemini.

July 27, 2024

Google SecOps SOAR

Release 6.3.13 is currently in Preview.

Create a Playbook with Gemini

You can now use Gemini to create Playbooks. Gemini can create a functional playbook based on your prompts. This feature is in public preview. For more information, refer to Create playbooks with Gemini.

Scheduled reports failing due to Microsoft email server authentication token request throttling (ID #00277914)

July 26, 2024

Apigee Advanced API Security

On July 26, 2024, we released an updated version of Advanced API Security.

Advanced API Security now supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Advanced API Security data is stored. For more information, see Introduction to data residency.

Apigee Monetization

On July 26, 2024, we released an updated version of Apigee Monetization.

Monetization functionality, including rate plan creation and managing rate plans for API Products, is now available in the Apigee UI in Cloud Console.

For information, see Manage Rate Plans and Create API Products.

Monetization now supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Monetization data is stored. For more information, see Introduction to data residency.

Cloud SQL for MySQL

IAM group authentication is now generally available (GA) for Cloud SQL for MySQL. You can add IAM groups to Cloud SQL instances and manage database access at the group level. To use IAM group authentication, you must have [MySQL version].R20230909.02_00 or later installed on your instance.

Cloud SQL for PostgreSQL

IAM group authentication is now generally available (GA) for Cloud SQL for PostgreSQL. You can add IAM groups to Cloud SQL instances and manage database access at the group level. To use IAM group authentication, you must have [PostgreSQL version].R20240514.00_04 or later installed on your instance.

Compute Engine

Persistent Disk Asynchronous Replication can now replicate up to 12.5 GB per minute per disk of compressed changed blocks, which is an increase from the previous maximum of 2 GB per minute. This increase helps to support scaled production databases and other demanding workloads. You can read more about PD Async Replication performance in the documentation. There is no action required to use the increased performance - new and existing PD Async Replication disks automatically have more headroom to replicate.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.73
  • 1.2.17
  • 2.0.81
  • 2.2.17
Dialogflow

Dialogflow CX: You can now enable consent-based end-user content redaction. If this setting is enabled, it lets you use a special session parameter to control whether end-user input and parameters are redacted from conversation history and Cloud logging. See the agent settings documentation for details.

Dialogflow CX: Dialogflow now uses corresponding Cloud Text-to-Speech regions for Neural2 voices.

The status of the Dialogflow Speech-to-Text model migrations has changed:

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.300-gke.184 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.300-gke.184 runs on Kubernetes v1.29.6-gke.600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed In 1.29.300-gke.184:

Google Kubernetes Engine

With GKE patch version 1.30.1-gke.115600 and later, if you don't specify the gpu-driver-version flag when creating new GPU node pools, then GKE automatically installs the default GPU driver version that corresponds to the GKE version. If you prefer to manually install the GPU driver, set gpu-driver-version=disabled. To learn more, see Create a GPU node pool.

Google SecOps SIEM

After July 2025, the Enterprise Insights page and the CBN alerts will no longer be available. Use the Alerts and IOCs page to view the alerts. We recommend that you migrate the existing CBN alerts to the YARA-L detection engine.

Sovereign Controls by Partners

The Sovereign Controls by PSN partner offering is now generally available.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0-beta02 is now available for Android.

This version contains Java support for the fetchClient API.

Docker container for password leak detection is now available in Preview.

You can now use Docker container client to detect password leaks and breached credentials to prevent account takeovers (ATOs) and credential stuffing attacks. For more information, see check for breached and leaked credentials using Docker container.

July 25, 2024

Anthos Config Management

Improved error handling in the oci-sync container by adding exponential backoff.

Upgraded bundled Kustomize version from v5.3.0 to v5.4.2 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

Fixed a regression introduced in 1.17.0 that caused Config Sync to crash when connecting to certain Kubernetes clusters. GKE clusters were not affected by this issue. For more details, please refer to Fixed: Config Sync reconciler is crashlooping.

Fixed a regression in 1.17.3 causing SSH authentication failures with GitHub. This was resolved by upgrading the git-sync dependency from v4.2.1 to v4.2.3. For more details, please refer to Fixed: Git SSH Authentication Failure with GitHub.

Apigee X

On July 25, 2024, we released an updated version of Apigee.

This release includes an update to Advanced API Operations Anomaly Detection functionality: the Anomaly Detection functionality is now available in the Apigee UI in Cloud Console and is renamed to "Operations Anomalies."

For information, see the Operations Anomalies overview for information on the functionality in Apigee UI in Cloud Console.

Operations Anomalies supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Operations Anomalies data is stored. For more information, see Introduction to data residency.

BigQuery

You can now use table explorer to examine table data and create data exploration queries. This feature is in preview.

IAM deny policies now support additional permissions, including bigquery.tables.getData which can deny permission to read tables. Consider special cases when you create deny policies for bigquery.tables.getData and other BigQuery permissions. This feature is in preview.

Bigtable

The Preview of automated backup has been expanded to let you enable and disable automated backup in the Google Cloud console. For more information, see the automated backup documentation.

Cloud Composer

Cloud Composer now verifies that the environment's service account is enabled before starting an environment creation operation. As a result, this type of error is reported sooner and the operation does not start.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.1
  • composer-3-airflow-2.7.3-build.10

Cloud Composer 2.8.7 images are available:

  • composer-2.8.7-airflow-2.9.1
  • composer-2.8.7-airflow-2.7.3 (default)
  • composer-2.8.7-airflow-2.6.3

Cloud Composer version 2.3.5 has reached its end of support period.

Cloud Database Migration Service Cloud SQL for MySQL

You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability. The previous limitation on upgrading the network architecture of these instances is removed. To check whether your Cloud SQL instance has high availability enabled, see Verify an instance's high availability configuration.

For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.

Cloud SQL for PostgreSQL

You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability. The previous limitation on upgrading the network architecture of these instances is removed. To check whether your Cloud SQL instance has high availability enabled, see Verify an instance's high availability configuration.

For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.

Cloud SQL for SQL Server

You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability. The previous limitation on upgrading the network architecture of these instances is removed. To check whether your Cloud SQL instance has high availability enabled, see Verify an instance's high availability configuration.

For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.

Cloud Service Mesh

1.22.3-asm.1 is now available for in-cluster Cloud Service Mesh.

You can now download 1.22.3-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.3 subject to the list of supported features.

Cloud Service Mesh 1.22.3-asm.1 uses Envoy v1.30.3.

1.22 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout.

Cloud Translation

The translation LLM has been enhanced with the following changes:

  • In addition to plain text, you can send HTML as input for text translations.
  • When you use the translation LLM for text translations, you can use a glossary with your translation requests.

Adaptive translations with reference sentence pairs support a larger context window, on par with zero-shot translations. For example, when sending a paragraph for translation, Cloud Translation translates the whole paragraph at once instead of translating each sentence one at a time.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.113-debian10, 2.0.113-rocky8, 2.0.113-ubuntu18
  • 2.1.61-debian11, 2.1.61-rocky8, 2.1.61-ubuntu20, 2.1.61-ubuntu20-arm
  • 2.2.27-debian12, 2.2.27-rocky9, 2.2.27-ubuntu22

Enabled user sync by default for clusters using Ranger.

Replaced Spark external packages with connector folder on Dataproc 2.2 clusters.

Fixed a bug that caused intermittent delays and failures in clusters with 3 HDFS.

Google Cloud VMware Engine

VMware Engine ve2 nodes are available in the following additional zones:

  • Sydney, Australia, APAC (australia-southeast1-b)
  • Ashburn, Virginia, North America (us-east4-b)
Google Distributed Cloud (software only) for bare metal

Release 1.29.300-gke.185

Google Distributed Cloud for bare metal 1.29.300-gke.185 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.300-gke.185 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated registry mirror support to allow you to specify a port for host addresses.

  • Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, such as Cluster, NodePool, BareMetalMachine, and BareMetalCluster.

Fixes:

The following container image security vulnerabilities have been fixed in 1.29.300-gke.185:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.16.11

Google Distributed Cloud for bare metal 1.16.11 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.11 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

The following container image security vulnerabilities have been fixed in 1.16.11:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

In GKE version 1.30.2-gke.1100 and later, the _CMDLINE field is removed from kubelet log entries to reduce spamming logs.

If you need to access _CMDLINE information, you have two options:

  1. SSH into the node:

    • SSH into the relevant node.
    • Run the following command: ps aux | grep kubelet.

  2. Search cloud logging:

    • Use the Cloud Logging interface or API.

    • Apply the following filter to search kubelet startup logs:

      resource.type="k8s_node"
log_name="projects/{PROJECT_ID}/logs/kubelet"
resource.labels.cluster_name="{CLUSTER_NAME}"
SEARCH("`FLAG:`")

    Remember to replace {PROJECT_ID} and {CLUSTER_NAME} with the appropriate values for your environment.

(2024-R26) Version updates

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable.

  • Airlock Digital Application Allowlisting (AIRLOCK_DIGITAL)
  • Akamai SIEM Connector (AKAMAI_SIEM_CONNECTOR)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Arista Switch (ARISTA_SWITCH)
  • Aruba (ARUBA_WIRELESS)
  • Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
  • Atlassian Confluence (ATLASSIAN_CONFLUENCE)
  • Auth0 (AUTH_ZERO)
  • AWS CloudTrail (AWS_CLOUDTRAIL)
  • AWS Config (AWS_CONFIG)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure App Service (AZURE_APP_SERVICE)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
  • BIND (BIND_DNS)
  • BloxOne Threat Defense (BLOXONE)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Broadcom SSL Visibility Appliance (BROADCOM_SSL_VA)
  • Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Checkpoint SmartDefense (CHECKPOINT_SMARTDEFENSE)
  • Cimcor | File Integrity Monitoring (CIMCOR)
  • CipherTrust Manager (CIPHERTRUST_MANAGER)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Stealthwatch (CISCO_STEALTHWATCH)
  • Cisco VPN (CISCO_VPN)
  • Citrix Analytics (CITRIX_ANALYTICS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Identity Devices (GCP_CLOUDIDENTITY_DEVICES)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cofense (COFENSE_TRIAGE)
  • Comforte SecurDPS (COMFORTE_SECURDPS)
  • Compute Engine (GCP_COMPUTE)
  • Corelight (CORELIGHT)
  • Cribl Stream (CRIBL_STREAM)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk (CYBERARK)
  • DigitalArts i-Filter (DIGITALARTS_IFILTER)
  • Duo Auth (DUO_AUTH)
  • Duo User Context (DUO_USER_CONTEXT)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • Ergon Informatik Airlock IAM (ERGON_INFORMATIK_AIRLOCK_IAM)
  • ESET AV (ESET_AV)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • Fidelis Network (FIDELIS_NETWORK)
  • FileZilla (FILEZILLA_FTP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • Forgerock OpenIdM (FORGEROCK_OPENIDM)
  • Fortinet FortiAuthenticator (FORTINET_FORTIAUTHENTICATOR)
  • Google App Engine (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • IBM DataPower Gateway (IBM_DATAPOWER)
  • IBM DB2 (DB2_DB)
  • IBM Guardium (GUARDIUM)
  • IBM Security QRadar SIEM (IBM_QRADAR)
  • Imperva Audit Trail (IMPERVA_AUDIT_TRAIL)
  • Ingrian Networks DataSecure Appliance (INGRIAN_NETWORKS_DATASECURE_APPLIANCE)
  • ION Spectrum (ION_SPECTRUM)
  • JAMF Pro (JAMF_PRO)
  • Jenkins (JENKINS)
  • Juniper Junos (JUNIPER_JUNOS)
  • Juniper Mist (JUNIPER_MIST)
  • Juniper MX Router (JUNIPER_MX)
  • Keeper Enterprise Security (KEEPER)
  • Linux Auditing System (AuditD) (AUDITD)
  • Linux Sysmon (LINUX_SYSMON)
  • Lucid (LUCID)
  • Maria Database (MARIA_DB)
  • Microsoft AD (WINDOWS_AD)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mimecast URL Logs (MIMECAST_URL_LOGS)
  • Netapp Storagegrid (NETAPP_STORAGEGRID)
  • Netskope (NETSKOPE_ALERT)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Network Policy Server (MICROSOFT_NPS)
  • Noname API Security (NONAME_API_SECURITY)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Open LDAP (OPENLDAP)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Passwordstate (PASSWORDSTATE)
  • Ping Identity (PING)
  • Portnix CEF (PORTNOX_CEF)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Quest Change Auditor for EMC (QUEST_CHANGE_AUDITOR_EMC)
  • Radware Alteon (RADWARE_ALTEON)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Red Hat Directory Server LDAP (REDHAT_DIRECTORY_SERVER)
  • Riverbed Steelhead (STEELHEAD)
  • RSA SecurID Access Identity Router (RSA_SECURID)
  • Ruckus Networks (RUCKUS_WIRELESS)
  • Salesforce (SALESFORCE)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • SEPPmail Secure Email (SEPPMAIL)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • SiteMinder Web Access Management (CA_SSO_WEB)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Solarwinds Kiwi Syslog Server (SOLARWINDS_KSS)
  • SonicWall (SONIC_FIREWALL)
  • Sonrai Enterprise Cloud Security Solution (SONRAI)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Sysdig (SYSDIG)
  • Tableau (TABLEAU)
  • Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
  • Thinkst Canary (THINKST_CANARY)
  • Thycotic (THYCOTIC)
  • Trend Micro (TIPPING_POINT)
  • Ubika WAAP (UBIKA_WAAP)
  • Ubika Waf (UBIKA_WAF)
  • UPX AntiDDoS (UPX_ANTIDDOS)
  • Vectra Stream (VECTRA_STREAM)
  • Velo Firewall (VELO_FIREWALL)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • Versa Firewall (VERSA_FIREWALL)
  • Virtru Email Encryption (VIRTRU_EMAIL_ENCRYPTION)
  • VMware ESXi (VMWARE_ESX)
  • VMware NSX (VMWARE_NSX)
  • VMware vCenter (VMWARE_VCENTER)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Workday (WORKDAY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • Zscaler Private Access (ZSCALER_ZPA)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Backstage (BACKSTAGE)
  • Bitwarden Password Manager User Context (BITWARDEN_USER_CONTEXT)
  • Boomi App (BOOMI_APP)
  • ChatGPT Audit Logs (CHATGPT_AUDIT_LOGS)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • Coda Io (CODA_IO)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • Fusion Auth (FUSION_AUTH)
  • Google Cloud Abuse Events (GCP_ABUSE_EVENTS)
  • Google Cloud Monitoring Alerts (GCP_MONITORING_ALERTS)
  • Gong (GONG)
  • Grafana (GRAFANA)
  • IBM Cloud Activity Tracker (IBM_CLOUD_ACTIVITY_TRACKER)
  • IBM Cloud System (IBM_CLOUD_SYSTEM)
  • Incident Io (INCIDENT_IO)
  • Kentik DDoS Detection (KENTIK_ALERTS)
  • Lockself Lockpass (LOCKSELF_LOCKPASS)
  • Magic Collaboration Studio (MAGIC_CS)
  • Metaswitch Perimeta (METASWITCH_PERIMETA)
  • Microsoft Defender Endpoint for iOS Logs (MICROSOFT_DEFENDER_ENDPOINT_IOS)
  • 9NowAudit (NINENOW_AUDIT)
  • Oracle Cloud Guard (OCI_CLOUDGUARD)
  • Oort Security Tool (OORT)
  • OpsRamp (OPSRAMP)
  • Ops Genie (OPS_GENIE)
  • People Strong (PEOPLE_STRONG)
  • Pingdom (PINGDOM)
  • Proofpoint Tap Campaign (PROOFPOINT_TAP_CAMPAIGN)
  • Proofpoint Tap Forensics (PROOFPOINT_TAP_FORENSICS)
  • Proofpoint Tap People (PROOFPOINT_TAP_PEOPLE)
  • Proofpoint Tap Threats (PROOFPOINT_TAP_THREATS)
  • Proofpoint Tis IOC (PROOFPOINT_TIS_IOC)
  • Push Security (PUSH_SECURITY)
  • Recordedfuture Alerts (RECORDEDFUTURE_ALERTS)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sentry (SENTRY)
  • Servertech PDUs (SERVERTECH_PDUS)
  • Sprinkledata(DWH) (SPRINKLEDATA_DWH)
  • Tenable Audit (TENABLE_AUDIT)
  • TINTRI (TINTRI)
  • WPass (WPASS)
  • WPEngine (WPENGINE)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

The Google Security Operations alert metadata fields for UDM idm.is_significant and idm.is_alert have been deprecated. Use YARA-L detection rule alerts for alert metadata.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable.

  • Airlock Digital Application Allowlisting (AIRLOCK_DIGITAL)
  • Akamai SIEM Connector (AKAMAI_SIEM_CONNECTOR)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Arista Switch (ARISTA_SWITCH)
  • Aruba (ARUBA_WIRELESS)
  • Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
  • Atlassian Confluence (ATLASSIAN_CONFLUENCE)
  • Auth0 (AUTH_ZERO)
  • AWS CloudTrail (AWS_CLOUDTRAIL)
  • AWS Config (AWS_CONFIG)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure App Service (AZURE_APP_SERVICE)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
  • BIND (BIND_DNS)
  • BloxOne Threat Defense (BLOXONE)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Broadcom SSL Visibility Appliance (BROADCOM_SSL_VA)
  • Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Checkpoint SmartDefense (CHECKPOINT_SMARTDEFENSE)
  • Cimcor | File Integrity Monitoring (CIMCOR)
  • CipherTrust Manager (CIPHERTRUST_MANAGER)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Stealthwatch (CISCO_STEALTHWATCH)
  • Cisco VPN (CISCO_VPN)
  • Citrix Analytics (CITRIX_ANALYTICS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Identity Devices (GCP_CLOUDIDENTITY_DEVICES)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cofense (COFENSE_TRIAGE)
  • Comforte SecurDPS (COMFORTE_SECURDPS)
  • Compute Engine (GCP_COMPUTE)
  • Corelight (CORELIGHT)
  • Cribl Stream (CRIBL_STREAM)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk (CYBERARK)
  • DigitalArts i-Filter (DIGITALARTS_IFILTER)
  • Duo Auth (DUO_AUTH)
  • Duo User Context (DUO_USER_CONTEXT)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • Ergon Informatik Airlock IAM (ERGON_INFORMATIK_AIRLOCK_IAM)
  • ESET AV (ESET_AV)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • Fidelis Network (FIDELIS_NETWORK)
  • FileZilla (FILEZILLA_FTP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • Forgerock OpenIdM (FORGEROCK_OPENIDM)
  • Fortinet FortiAuthenticator (FORTINET_FORTIAUTHENTICATOR)
  • Google App Engine (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • IBM DataPower Gateway (IBM_DATAPOWER)
  • IBM DB2 (DB2_DB)
  • IBM Guardium (GUARDIUM)
  • IBM Security QRadar SIEM (IBM_QRADAR)
  • Imperva Audit Trail (IMPERVA_AUDIT_TRAIL)
  • Ingrian Networks DataSecure Appliance (INGRIAN_NETWORKS_DATASECURE_APPLIANCE)
  • ION Spectrum (ION_SPECTRUM)
  • JAMF Pro (JAMF_PRO)
  • Jenkins (JENKINS)
  • Juniper Junos (JUNIPER_JUNOS)
  • Juniper Mist (JUNIPER_MIST)
  • Juniper MX Router (JUNIPER_MX)
  • Keeper Enterprise Security (KEEPER)
  • Linux Auditing System (AuditD) (AUDITD)
  • Linux Sysmon (LINUX_SYSMON)
  • Lucid (LUCID)
  • Maria Database (MARIA_DB)
  • Microsoft AD (WINDOWS_AD)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mimecast URL Logs (MIMECAST_URL_LOGS)
  • Netapp Storagegrid (NETAPP_STORAGEGRID)
  • Netskope (NETSKOPE_ALERT)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Network Policy Server (MICROSOFT_NPS)
  • Noname API Security (NONAME_API_SECURITY)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Open LDAP (OPENLDAP)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Passwordstate (PASSWORDSTATE)
  • Ping Identity (PING)
  • Portnix CEF (PORTNOX_CEF)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Quest Change Auditor for EMC (QUEST_CHANGE_AUDITOR_EMC)
  • Radware Alteon (RADWARE_ALTEON)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Red Hat Directory Server LDAP (REDHAT_DIRECTORY_SERVER)
  • Riverbed Steelhead (STEELHEAD)
  • RSA SecurID Access Identity Router (RSA_SECURID)
  • Ruckus Networks (RUCKUS_WIRELESS)
  • Salesforce (SALESFORCE)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • SEPPmail Secure Email (SEPPMAIL)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • SiteMinder Web Access Management (CA_SSO_WEB)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Solarwinds Kiwi Syslog Server (SOLARWINDS_KSS)
  • SonicWall (SONIC_FIREWALL)
  • Sonrai Enterprise Cloud Security Solution (SONRAI)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Sysdig (SYSDIG)
  • Tableau (TABLEAU)
  • Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
  • Thinkst Canary (THINKST_CANARY)
  • Thycotic (THYCOTIC)
  • Trend Micro (TIPPING_POINT)
  • Ubika WAAP (UBIKA_WAAP)
  • Ubika Waf (UBIKA_WAF)
  • UPX AntiDDoS (UPX_ANTIDDOS)
  • Vectra Stream (VECTRA_STREAM)
  • Velo Firewall (VELO_FIREWALL)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • Versa Firewall (VERSA_FIREWALL)
  • Virtru Email Encryption (VIRTRU_EMAIL_ENCRYPTION)
  • VMware ESXi (VMWARE_ESX)
  • VMware NSX (VMWARE_NSX)
  • VMware vCenter (VMWARE_VCENTER)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Workday (WORKDAY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • Zscaler Private Access (ZSCALER_ZPA)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Backstage (BACKSTAGE)
  • Bitwarden Password Manager User Context (BITWARDEN_USER_CONTEXT)
  • Boomi App (BOOMI_APP)
  • ChatGPT Audit Logs (CHATGPT_AUDIT_LOGS)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • Coda Io (CODA_IO)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • Fusion Auth (FUSION_AUTH)
  • Google Cloud Abuse Events (GCP_ABUSE_EVENTS)
  • Google Cloud Monitoring Alerts (GCP_MONITORING_ALERTS)
  • Gong (GONG)
  • Grafana (GRAFANA)
  • IBM Cloud Activity Tracker (IBM_CLOUD_ACTIVITY_TRACKER)
  • IBM Cloud System (IBM_CLOUD_SYSTEM)
  • Incident Io (INCIDENT_IO)
  • Kentik DDoS Detection (KENTIK_ALERTS)
  • Lockself Lockpass (LOCKSELF_LOCKPASS)
  • Magic Collaboration Studio (MAGIC_CS)
  • Metaswitch Perimeta (METASWITCH_PERIMETA)
  • Microsoft Defender Endpoint for iOS Logs (MICROSOFT_DEFENDER_ENDPOINT_IOS)
  • 9NowAudit (NINENOW_AUDIT)
  • Oracle Cloud Guard (OCI_CLOUDGUARD)
  • Oort Security Tool (OORT)
  • OpsRamp (OPSRAMP)
  • Ops Genie (OPS_GENIE)
  • People Strong (PEOPLE_STRONG)
  • Pingdom (PINGDOM)
  • Proofpoint Tap Campaign (PROOFPOINT_TAP_CAMPAIGN)
  • Proofpoint Tap Forensics (PROOFPOINT_TAP_FORENSICS)
  • Proofpoint Tap People (PROOFPOINT_TAP_PEOPLE)
  • Proofpoint Tap Threats (PROOFPOINT_TAP_THREATS)
  • Proofpoint Tis IOC (PROOFPOINT_TIS_IOC)
  • Push Security (PUSH_SECURITY)
  • Recordedfuture Alerts (RECORDEDFUTURE_ALERTS)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sentry (SENTRY)
  • Servertech PDUs (SERVERTECH_PDUS)
  • Sprinkledata(DWH) (SPRINKLEDATA_DWH)
  • Tenable Audit (TENABLE_AUDIT)
  • TINTRI (TINTRI)
  • WPass (WPASS)
  • WPEngine (WPENGINE)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

The Google Security Operations alert metadata fields for UDM idm.is_significant and idm.is_alert have been deprecated. Use YARA-L detection rule alerts for alert metadata.

Sensitive Data Protection

Sensitive Data Protection can now apply tags to your profiled resources based on their calculated data sensitivity. Using these tags, you can configure IAM conditions that automatically grant or deny IAM access to resources based on the sensitivity of the data in those resources.

For more information, see Control IAM access to resources based on data sensitivity.

Vertex AI Agent Builder

Vertex AI Search: Domain verification (GA)

Domain verification for advanced website indexing using domain association is Generally available (GA). You can use domain association to associate your Vertex AI Search data store to the specified domain. This is useful when you're not the owner of the specified domain or when you don't have access to the Google Search console needed to verify the domain.

For more information, see Verify website domains.

July 24, 2024

Cloud Composer

2024-08-01 Update: This issue has been resolved. For more information, see the release note from August 1st 2024.

(Cloud Composer 3 only) We are currently experiencing an issue with the Airflow upgrade operations for Cloud Composer 3 environments. Upgrading Airflow builds for Cloud Composer 3 is temporarily disabled as we continue our work to restore Airflow upgrade functionalities.

Data Catalog

Column-level data lineage for BigQuery is available in Preview for allowlisted users. The existing data lineage feature tracks how BigQuery data moves through your systems at the table level. Column-level lineage extends this feature to let you track BigQuery data movement at the column level.

To sign up for access, fill out the Column-level lineage sign-up form.

Dataplex

Column-level data lineage for BigQuery is available in Preview for allowlisted users. The existing data lineage feature tracks how BigQuery data moves through your systems at the table level. Column-level lineage extends this feature to let you track BigQuery data movement at the column level.

To sign up for access, fill out the Column-level lineage sign-up form.

Generative AI on Vertex AI

Mistral AI

Managed models from Mistral AI are available on Vertex AI. To use a Mistral AI model on Vertex AI, send a request directly to the Vertex AI API endpoint. For more information, see Mistral AI models.

Google Cloud Architecture Center

File storage on Compute Engine: Added guidance about Filestore Regional.

(New guide) Architect your workloads: Design resilient, single-region environments on Google Cloud.

Google Cloud VMware Engine

New VMware Engine ve2 node types are available in the australia-southeast1, us-central1, and us-east4 regions:

HCI node types

  • ve2-standard-96
  • ve2-mega-96
  • ve2-mega-128

Storage only node types

  • ve2-standard-so
  • ve2-mega-so

See VMware Engine node types for more information on node types.

Google Kubernetes Engine

In GKE versions starting from 1.29.4-gke.1542000 and earlier than 1.29.7-gke.1008000, while Anthos Service Mesh is enabled, Pods that utilize Google Cloud Storage FUSE CSI driver volumes might encounter scheduling issues, with this error message:

Pod "your-pod-name" is invalid: [spec.volumes[x].name: Duplicate value: "gke-gcsfuse-tmp", spec.initContainers[x].name: Duplicate value: "gke-gcsfuse-sidecar"]

This issue has been resolved in GKE version 1.29.7-gke.1008000.

Google SecOps

The Incident Manager in Google Security Operations will be fully decommissioned on July 22, 2025. Google Cloud will provide full support and maintenance until July 22, 2025 but no new features will be released.

Google SecOps SOAR

The Incident Manager in Google Security Operations will be fully decommissioned on July 22, 2025. Google Cloud will provide full support and maintenance until July 22, 2025 but no new features will be released.

Managed Kafka

Client library samples for Python are now added to all relevant pages. For more information, see Apache Kafka for BigQuery client libraries.

Migrate to Virtual Machines

Generally available: Migrate to Virtual Machines lets you import a machine image from a virtual appliance. You can use machine images to store the configuration, metadata, permissions, and data from one or more disks for a virtual machine (VM) instance running on Compute Engine.

Vertex AI Workbench

M123 release

The M123 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.
  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.
Virtual Private Cloud

The following producer load balancers now support all Private Service Connect monitoring metrics:

  • Regional internal Application Load Balancer
  • Regional internal proxy Network Load Balancer

Predefined dashboards for monitoring Private Service Connect connections have been enhanced:

July 23, 2024

BigQuery

Starting September 17, 2024, the bigquery.datasets.update permission check when creating or updating authorized datasets will be removed. For more information, see Required permissions and roles for authorized datasets.

You can now configure SAP Datasphere connections with network attachments to help secure connections. SAP Datasphere connections are in preview.

Manifest files are now supported for Amazon S3 and Azure Blob Storage. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Monitoring
    • monitoring.googleapis.com/UptimeCheckConfig
Cloud Monitoring

Starting October 22, 2024, Monitoring Query Language (MQL) will no longer be a recommended query language for Cloud Monitoring, and we will begin to turn off certain usability features. For more information, see the deprecation note for MQL.

Cloud Storage

You can now use tags to set a default soft delete retention duration on newly created buckets in your organization. To learn how to customize a default soft delete retention duration, see Set a default soft delete retention duration.

Datastream

Datastream support for SQL Server as a source is now generally available (GA). For more information, see the documentation.

Generative AI on Vertex AI

Llama 3.1

The Llama 3.1 405B model is available in Preview on Vertex AI. Llama 3.1 405B provides capabilities from synthetic data generation to model distillation, steerability, math, tool use, multilingual translation, and more. For more information, see Llama models.

Google Kubernetes Engine

(2024-R26) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

Rapid channel

Extended channel

(2024-R26) Version updates

(2024-R26) Version updates

(2024-R26) Version updates

(2024-R26) Version updates

Google SecOps SOAR

Release 6.3.11 is now in General Availability.

Release 6.3.12 is currently in Preview.

Logs of newly created jobs are not accessible (ID #51865082)

Trying to export case reports results in an error (ID #52316269)

Saved filters in Cases screen disappear (ID #50834432)

Integration update might fail in an environment with an extremely high number of playbooks (ID #51785856)

Storage Transfer Service

We've released a lighter weight (~50% reduction in image size) and more secure version of the transfer agent container image. If you're running agents that were installed on or before June 17th, 2024, we highly recommend that you delete those agents and install new agents into your agent pool. Any existing transfers using that pool will resume once the new agents are installed.

Vertex AI Agent Builder

Vertex AI Search: Widget uses new method for generative answers

The search widget now uses the search and answer methods together, instead of the older search with summaries for Search with an answer and the converse method for Search with follow-ups.

The answer method is expected to improve the quality of the results.

For general information about the answer method, see Get answers and follow-ups.

July 22, 2024

AlloyDB for PostgreSQL

Support for public IP addresses with AlloyDB instances and creating organization policies with custom constraints is now generally available (GA).

Application Integration

The Solace trigger is now available in preview.

BigQuery

The CHANGES change history function is now in preview. This table-valued function provides a history of table changes over a window of time and captures the following operations:

You can use data manipulation language (DML) to modify rows that have been recently written to a BigQuery table by the Storage Write API. This is now generally available (GA).

The BigQuery continuous queries feature is now in preview.

Continuous queries let you build long-lived, continuously processing SQL statements that can analyze, process, and perform machine learning (ML) inference on incoming data in BigQuery in real time. You can configure continuous queries to replicate query results to a Pub/Sub topic, Bigtable instance, or another BigQuery table, a process also known as Reverse ETL.

You can use continuous queries to perform the following tasks, using the accessible language of SQL:

  • Transform incoming data and act immediately on insights.
  • Use Vertex AI to apply real time ML insights.
  • Build automated event-driven data pipelines.
  • Replicate real-time events to downstream operational systems like Bigtable.

To try BigQuery continuous queries, see Create continuous queries.

You can now use BigQuery Omni Virtual Private Cloud (VPC) allowlists to restrict access to AWS S3 buckets and Azure Blob Storage from specific BigQuery Omni VPCs. This feature is in preview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Secure Source Manager
    • securesourcemanager.googleapis.com/Instance
Cloud Billing

Track credits for your spend-based milestone credit programs (contract pricing)

If you have a custom pricing contract, you might be enrolled in spend-based milestone credit programs, where you earn promotional credits for spending specific amounts on Google Cloud.

In the Google Cloud console, you can now track the promotional credits for your spend-based milestone programs. The promotional credits that you receive act as a payment method, and are automatically applied to your costs.

Learn about tracking spend-based milestone credits.

Cloud NAT

Hybrid NAT supports Cloud Interconnect in Preview.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.12.0 (2024-07-15)

Features
  • Add function to allow user to set destination in transfer manager (#2497) (dc1e488)
Container Optimized OS

cos-113-18244-85-64

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Disable NVIDIA persistence mode with -no-verify flag

Fixed CVE-2024-39894 in net-misc/openssh.

Fixed CVE-2024-36891 in the Linux kernel

Fixed CVE-2024-38662 in the Linux kernel

Fixed CVE-2024-39482 in the Linux kernel

Fixed CVE-2024-39474 in the Linux kernel

Fixed CVE-2024-39476 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812036 -> 812041

cos-109-17800-218-83

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Disable NVIDIA persistence mode with -no-verify flag

Fixed CVE-2024-38662 in the Linux kernel

Fixed CVE-2024-39482 in the Linux kernel

Fixed CVE-2024-39474 in the Linux kernel

Fixed CVE-2024-39476 in the Linux kernel

cos-dev-117-18567-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.40 v24.0.9 v2.0.0rc2 See List

Updated the Linux kernel to v6.6.40.

Disable NVIDIA persistence mode with -no-verify flag

Fixed CVE-2024-39894 in net-misc/openssh.

cos-105-17412-370-78

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-39482 in the Linux kernel

Fixed CVE-2024-39476 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812694 -> 812698

cos-101-17162-463-62

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Added the package revision number to the SSH banner in net-misc/openssh.

Fixed CVE-2024-24790 and CVE-2024-24789 in dev-lang/go.

Dataplex

Dataplex Explore is deprecated. Please follow the instructions for how to migrate Dataplex Explore to BigQuery Studio.

Dataproc

Hyperdisks for Dataproc clusters are now created with default throughput and IOPS. When this behavior becomes configurable, it will be announced in a future release note.

Added support for N4 and C4 machine types for Dataproc image versions 2.1 and above. The following default configurations are now applied to clusters created with N4 or C4 machine types:

  • bootdisktype = "hyperdisk-balanced"
  • nictype = "gvnic"

When a Cluster, Job, AutoscalingPolicy, or WorkflowTemplate API resource does not exist and the requestor does not have access to the project, a 403 error code is now issued instead of a 404 error code.

NetApp Volumes

Flex service level now supports CMEK (in Preview). For more information, see About CMEK.

Pub/Sub

If you retain unacknowledged messages in a subscription for more than 24 hours, you incur additional charges. For more information, see Storage costs.

Virtual Private Cloud

In the Google Cloud Console, the Effective routes tab on the Routes page shows only routes that are effective. You can optionally show suppressed routes by using the Show suppressed routes toggle. You can also view the reason why a given route is suppressed. For more information, see List routes for a VPC network.

July 19, 2024

Apigee Advanced API Security

The preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents has been temporarily disabled due to a known issue. We will announce in a release note when the functionality is re-enabled.

Cloud Load Balancing

Regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, cross-region internal proxy Network Load Balancers, and regional external proxy Network Load Balancers support IPv4 and IPv6 (dual-stack) backends.

Ingress IPv4 traffic can now be proxied over an IPv4 or IPv6 connection to the IPv4 and IPv6 (dual-stack) backends.

The following backends support dual stack:

  • VM instance group
  • Zonal NEGs (GCE_VM_IP_PORT)

You can now convert the load balancers from IPv4 based deployments to dual stack (IPv4 and IPv6) deployments.

For details, see:

This feature is available in Preview.

Cloud Logging

The permissions required to use saved and recent queries have changed. You can also define a location in your default resource settings where saved and recent queries are saved. This location must align with your organization policy.

Cloud SQL for SQL Server

You can now use Extended Events (XEvents) on your Cloud SQL for SQL Server instance to monitor, identify, and troubleshoot the performance of the databases on your instance.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.72
  • 1.2.16
  • 2.0.80
  • 2.2.16

Note: Dataproc Serverless for Spark runtime versions 1.1.71, 1.2.15, 2.0.79, and 2.2.15 were not released.

Google Cloud VMware Engine

VMware Engine ve2-standard-128 node type is generally available in us-central1 region. For more information on the node type, see Node types. To use the node type in us-central1 region, contact your Google account team.

Vertex AI Agent Builder

Vertex AI Search: Multi-step retrieval for answer (GA)

For the answer method, multi-step retrieval using multi-step (ReAct) reasoning is Generally available (GA).

For information about this feature, see Query rephrasing and Search and answer (specify maximum steps).

July 18, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921

For more details, see the GCP-2024-043 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921

For more details, see the GCP-2024-043 security bulletin.

BeyondCorp Enterprise

Generally Available: Rule-based custom messages for Chrome Enterprise Premium

You can now specify a custom warning message when creating Chrome DLP rules. These messages are shown to end users when their actions are blocked as a result of a rule triggering in Chrome. To learn more, see Use Chrome Enterprise Premium to integrate DLP with Chrome.

Generally Available: Chrome OCR for Chrome Enterprise Premium

You can now scan text in image (BMP, GIF, JPEG, PNG, and TIFF) files and images in PDFs for sensitive content with optical character recognition (OCR). To learn more, see Use Chrome Enterprise Premium to integrate DLP with Chrome.

Generally Available: Generative AI URL Category for Chrome Enterprise Premium

You can now use the Generative AI URL category when creating Chrome DLP rules. This category is assigned to websites that use AI to create new content, like text, images, music, audio, and videos.

BigQuery

The following BigQuery migration assessment features are now generally available (GA):

  • When you run a migration assessment, the migration assessment now automatically creates a BigQuery dataset to store the assessment results. You can also choose to store assessment results in an existing empty dataset or manually create a dataset with a custom name.
  • While a migration assessment is running, you can view the assessment report with partial data. You can also view its progress and estimated completion time in the status icon tooltip.
  • You can view more information and errors about a migration assessment in the assessment details page.
Cloud Composer

Information about excluded Cloud Storage objects in the environment's bucket is no longer logged. This change reduces the usage of the Storage API during the synchronization of DAG files, which improves the performance of Airflow components and results in fewer Airflow component restarts. The change will gradually become available in all Cloud Composer environments.

Cloud Data Fusion

Cloud Data Fusion versions 6.9 and later store pipeline run records for 30 days by default. For more information, see View run records.

Cloud Run

You can now disable the default run.app URL for your Cloud Run services (Preview).

Cloud SQL for MySQL

You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.

Cloud SQL for PostgreSQL

You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.

Cloud SQL for SQL Server

You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.

Dataform

As of Dataform Core 3.0.0., Dataform doesn't distribute a Docker image. You can build your own Docker image of Dataform, which you can use to run the equivalent of Dataform CLI commands. To build your own Docker image, see Containerize an application in the Docker documentation.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.112-debian10, 2.0.112-rocky8, 2.0.112-ubuntu18
  • 2.1.60-debian11, 2.1.60-rocky8, 2.1.60-ubuntu20, 2.1.60-ubuntu20-arm
  • 2.2.26-debian12, 2.2.26-rocky9, 2.2.26-ubuntu22
Document AI

For custom extractor with generative AI, model pretrained-foundation-model-v1.1-2024-03-12 provides fine-tuning for US/EU in Public preview. For more information about custom extractor models, see Custom extractor model versions.

Google SecOps

When you migrate an existing Google SecOps instance so that it is bound to a Google Cloud project, you can also use auto-generated commands to migrate your existing feature RBAC configuration to IAM permissions and roles. For more information, see Migrate existing permissions to IAM.

Google SecOps SIEM

When you migrate an existing Google SecOps instance so that it is bound to a Google Cloud project, you can also use auto-generated commands to migrate your existing feature RBAC configuration to IAM permissions and roles. For more information, see Migrate existing permissions to IAM.

Looker Studio

Ads Location Extension Fields

The following asset location fields are available in the Google Ads and New Search Ads 360 connectors:

  • Asset location address line 1
  • Asset location address line 2
  • Asset location business name
  • Asset location city
  • Asset location country code
  • Asset location phone number
  • Asset location postal code
  • Asset location province

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

SAP on Google Cloud

New SAP certifications: C3 bare metal machine types

SAP has certified the following Compute Engine bare metal machine types:

  • c3-highmem-192-metal for use with SAP HANA OLAP and OLTP workloads.
  • c3-standard-192-metal and c3-highmem-192-metal for use with SAP NetWeaver workloads.

For more information, see the following:

Spanner

Spanner now includes the JSON_ARRAY() and JSON_OBJECT() functions for building JSON types in GoogleSQL. For more information, see JSON functions in GoogleSQL.

July 17, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

AutoML Tables

The shutdown date for AutoML Tables has changed from Mar 31, 2024 to July 24, 2024.

BigQuery

You can now configure the default storage billing model for new datasets. This feature is generally available (GA).

Cloud Composer

Airflow 2.9.1 is available in Cloud Composer images and builds. We recommend checking the list of changes in Apache Airflow release notes before upgrading to this version.

(Airflow 2.9.1) Task context logging is disabled, and it is not possible to enable it.

(Airflow 2.9.1) Raw HTML code in DAG docs and DAG parameter descriptions is disabled by default.

(Airflow 2.9.1) Audit log permissions are revoked from all roles except Admin.

The apache-airflow-providers-google package was upgraded to version 10.21.0 in Cloud Composer 2 images with Airflow 2.7.3 and 2.9.1, and in all latest Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.18.0 to version 10.21.0.

The upgraded apache-airflow-providers-google package provides new operators and sensors for triggering DAGs across Cloud Composer environments:

  • CloudComposerRunAirflowCLICommandOperator makes a call to the Airflow REST API of a Cloud Composer environment.
  • CloudComposerDAGRunSensor checks if a DAG Run is completed.

When installing PyPI packages, if you want your builds to run with a custom service account, you can override the COMPOSER_AGENT_BUILD_SERVICE_ACCOUNT environment variable with the chosen service account. For more information, see Install Python dependencies.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.0
  • composer-3-airflow-2.7.3-build.9

Cloud Composer 2.8.6 images are available:

  • composer-2.8.6-airflow-2.9.1
  • composer-2.8.6-airflow-2.7.3 (default)
  • composer-2.8.6-airflow-2.6.3

Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.7.3 are supported until July 17, 2025.

Cloud Composer version 2.3.4 has reached its end of support period.

Cloud SQL for PostgreSQL

You can now use the following optional flags when you export and import files into Cloud SQL instances:

  • --clean: if you export files, then this flag enables you to include the DROP <object> SQL statement that's required to drop (clean) database objects before you import them. If you import files, then this flag enables you to clean database objects before you recreate them.
  • --if-exists: this flag enables you to include the IF EXISTS SQL statement with each DROP statement that's produced by the clean flag.

If you import files, then these flags apply only if you use the --parallel flag. If you export files, then use these flags only if you're not exporting files in parallel.

Contact Center AI Platform

Version 3.20 is released

All release notes published on this date are part of version 3.20.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Agent chat adapter redesign

We have redesigned the agent chat adapter to streamline workflows, boost productivity, and improve the agent experience. Here are the highlights:

  • A new chat details screen where agents can reference information about the end-user and the chat while the chat is active.

  • An improved chat transfer experience, including:

    • Separate tabs for agents and queues.

    • The ability to search by queue.

  • An expandable chat overview screen where agents can see additional information for each active chat. From this screen, agents can transfer chats, add users to chats, access chat options, and more.

  • An new action bar that puts an agent's most important actions within easy reach.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.70
  • 1.2.14
  • 2.0.78
  • 2.2.14
Google Cloud Armor

Granular models for Cloud Armor Adaptive Protection are now Generally Available. For more information, see the Adaptive Protection overview.

Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

(2024-R25) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.29.6-gke.1038001 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1059001
    • 1.27.15-gke.1154000
    • 1.28.10-gke.1058001
    • 1.28.11-gke.1170000
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

Stable channel

  • Version 1.29.5-gke.1091002 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.13-gke.1201002
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058001
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

Regular channel

  • Version 1.29.6-gke.1038001 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1042001
    • 1.27.14-gke.1059001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1019001
    • 1.28.11-gke.1170000
    • 1.29.6-gke.1254000
    • 1.30.2-gke.1447000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.

GKE Autopilot now supports opportunistic bursting and lower Pod minimums upon cluster creation or upgrade to 1.30.2-gke.1394000 or later, resolving a previous issue with containerd.

(2024-R25) Version updates

  • Version 1.29.6-gke.1038001 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1059001
    • 1.27.15-gke.1154000
    • 1.28.10-gke.1058001
    • 1.28.11-gke.1170000
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R25) Version updates

  • Version 1.29.5-gke.1091002 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.13-gke.1201002
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058001
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

(2024-R25) Version updates

  • Version 1.29.6-gke.1038001 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1042001
    • 1.27.14-gke.1059001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R25) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1019001
    • 1.28.11-gke.1170000
    • 1.29.6-gke.1254000
    • 1.30.2-gke.1447000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
Google SecOps

On December 31, 2024, the managed BigQuery data lake for export will not be accessible to Google SecOps customers except for customers in the Enterprise Plus Tier. Enterprise Plus Tier customers will retain access until a replacement is available. Other customers can use their own BigQuery instance to export telemetry data, a feature currently in preview. For more information, see Configure a data export to BigQuery in a self-managed Google Cloud project.

Google SecOps SIEM

On December 31, 2024, the managed BigQuery data lake for export will not be accessible to Google SecOps customers except for customers in the Enterprise Plus Tier. Enterprise Plus Tier customers will retain access until a replacement is available. Other customers can use their own BigQuery instance to export telemetry data, a feature currently in preview. For more information, see Configure a data export to BigQuery in a self-managed Google Cloud project.

Sensitive Data Protection

The ARMENIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

VPC Service Controls

Preview stage support for the following integration:

Vertex AI Agent Builder

Vertex AI Search: Evaluate search quality (Public preview)

Evaluate the search quality of your generic search applications using sample query sets. This lets you assess your search engine's performance, understand potential biases or shortcomings in ranking algorithms, and compare historical evaluation results to understand the impact of changes in your search configuration.

For more information, see Evaluate search quality. This feature is in Public preview.

Virtual Private Cloud

Private Service Connect backends can be used to reach regional endpoints for supported Google APIs. Regional endpoints replace locational endpoints for Private Service Connect backends.

The list of supported regional endpoints that can be accessed by Private Service Connect endpoints and backends is updated to include additional supported Google APIs and regions.

July 16, 2024

AlloyDB for PostgreSQL

Cross-region backup location is now generally available (GA).

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26809

For more information, see the GCP-2024-042 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36972

For more details, see the GCP-2024-044 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26809

For more information, see the GCP-2024-042 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36972

For more details, see the GCP-2024-044 security bulletin.

Apigee Integrated Portal

On July 16, 2024 we released a new version of the Apigee integrated portal.

This release includes general improvements to performance and availability.

App Engine standard environment Java

You can now configure an HTTP connector to improve CPU and memory utilization for your App Engine apps. To configure an HTTP connector, include the appengine.use.httpconnector system property in your appengine-web.xml file. For more information, see Google App Engine Java new performant HTTP connector GitHub page.

BigQuery

When you run a migration assessment for Amazon Redshift, Teradata, or Snowflake, the service also creates a dataset containing only highly aggregated assessment results. This aggregated dataset doesn't contain any query logs; therefore, no personally identifiable information (PII) or business-sensitive information is visible. You can share this dataset with users that are not in your project. This feature is in preview.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for MySQL

Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.

You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.

Cloud SQL for PostgreSQL

Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.

You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.

Cloud SQL for SQL Server

Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.

You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.

Colab Enterprise

All Colab Enterprise runtimes are automatically configured with a 100 GiB boot disk in addition to the disk specified in the runtime template. Starting July 16, 2024, the boot disk of a newly created Colab Enterprise runtime automatically defaults to an SSD Persistent Disk. Previously, the boot disk default was a Standard Persistent Disk.

Because of this change, default boot disks of Colab Enterprise runtimes are billed as SSD Persistent Disks instead of Standard Persistent Disks. For more information, see Colab Enterprise pricing.

Compute Engine

Generally available: C3 bare metal machine types are available in the C3 machine series. Bare metal instances let you create an instance with direct access to the machine's CPU and memory, without a virtualization layer in the middle. With bare metal instances, you can access all the raw compute resources of the server. For more information, see the C3 machine series.

Deep Learning Containers

M123 release

  • Hugging Face Text Generation Inference 2.1 GPU container images are now available.
Deep Learning VM Images

M123 release

  • TensorFlow 2.16 images are now available.
Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921
  • CVE-2024-36972

For more details, see the GCP-2024-043 and GCP-2024-044 security bulletins.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921

For more details, see the GCP-2024-043 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36972

For more details, see the GCP-2024-044 security bulletin.

Compute flexible committed use discounts (CUDs), previously known as Compute Engine Flexible CUDs, have been expanded to include several GKE Autopilot and Cloud Run SKUs (see the GKE CUD documentation for details). The legacy GKE Autopilot CUD will be removed from sale on October 15, 2024. GKE Autopilot CUDs purchased before this date will continue to apply through their term.

SAP on Google Cloud

New SAP certification for operating systems

For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system Red Hat Enterprise Linux (RHEL) for SAP 9.4.

For more information about SAP-certified operating systems, see:

Spanner

Spanner now supports the following PostgreSQL JSONB functions:

  • jsonb_array_elements()
  • spanner.bool_array()
  • spanner.float32_array()
  • spanner.float64_array()
  • spanner.int64_array()
  • spanner.string_array()

For more information, see JSONB functions and Spanner specific JSONB functions.

Spanner now supports the following GoogleSQL JSON functions:

  • BOOL_ARRAY: Converts a JSON array of booleans to a SQL ARRAY<BOOL> value.
  • FLOAT32: Converts a JSON number to a SQL FLOAT32 value.
  • FLOAT32_ARRAY: Converts a JSON array of numbers to a SQL ARRAY<FLOAT32> value.
  • FLOAT64_ARRAY: Converts a JSON array of numbers to a SQL ARRAY<FLOAT64> value.
  • INT64_ARRAY: Converts a JSON array of numbers to a SQL INT64_ARRAY value.
  • STRING_ARRAY: Converts a JSON array of strings to a SQL ARRAY<STRING> value.

Spanner now supports the GoogleSQL PDML_MAX_PARALLELISM statement-level hint. For more information, see Statement hints.

The following are now supported for the INSERT statement:

Spanner now supports geo-partitioning (in Preview). You can use geo-partitioning to segment and store rows in your database table across different configurations. For more information, see the Geo-partitioning overview.

Vertex AI Workbench

M123 release

The M123 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.
  • Fixed a bug for custom container instances using a disabled root.

M123 release

The M123 release of Vertex AI Workbench instances includes the following:

  • Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.

July 15, 2024

Application Integration

You can now share custom connectors between different Google Cloud projects by exporting and importing the connector specification. This feature is in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

5.1.1 (2024-07-11)

Bug Fixes
  • Ensure that during resumption of a scan, rows that have not been observed by the caller are re-requested (#1444) (2d8de32)
  • Remove custom readrows retry logic and rely on gax for retries (#1422) (3e0a46e)

Java

Changes for google-cloud-bigtable

2.40.0 (2024-06-28)

Features
  • Add String type with Utf8Raw encoding to Bigtable API (#2191) (e7f03fc)
Bug Fixes
Dependencies
  • Update dependency com.google.truth.extensions:truth-proto-extension to v1.4.3 (#2268) (4573220)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2269) (69fef96)
  • Update shared dependencies (#2265) (61014ca)
Cloud Composer

It is no longer possible to create Cloud Composer 1 environments in Google Cloud console. It's still possible to create Cloud Composer 1 environments through Google Cloud SDK, Terraform, and API in projects that support creating new Cloud Composer 1 environments.

Cloud Data Fusion

The Cloud Storage Copy/Move plugin version 0.23.2, which is bundled with Google Cloud Platform plugin, is available in Cloud Data Fusion versions 6.10.0 and later. The release lets you use a wildcard character (*) in the source path to copy and move multiple files. For example, the source path gs://demo0/prod/reports/*.csv copies and moves all CSV files in the reports directory (PLUGIN-698).

Cloud Run

Compute flexible committed use discounts are now available for Cloud Run services with CPU always allocated, and Cloud Run jobs. A single flexible commitment covers eligible spend across Compute Engine, GKE, and Cloud Run. For more information, see Committed use discounts.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.11.3 (2024-07-09)

Bug Fixes
  • Error serialization in resumable-upload.ts (#2493) (c2e555c)
  • Handle unhandled error in startResumableUpload_ (#2495) (d5257ba)
  • Make CreateBucketRequest extend from BucketMetadata to allow all… (#2489) (013a5a4)
Compute Engine

Compute flexible committed use discounts (CUDs)—previously known as Compute Engine flexible CUDs—have been expanded to also cover your Cloud Billing account's spend across Google Kubernetes Engine (GKE) and Cloud Run. A single flexible commitment covers your eligible spend across all three services. For more information, see Compute flexible CUDs.

To learn about how flexible CUDs apply to the other services, see the following:

Generally available: You can limit the run time of VMs, which automatically stops or deletes a VM after a specific time or duration. Limiting your VMs' run times can help you optimize temporary workloads by minimizing costs and releasing quota. For more information, see Limit the run time of a VM and Limit the runtime of VMs in a MIG.

Config Controller

Config Controller now uses the following versions of its included products:

Contact Center AI Platform

Mobile SDK 2.8 is released

Mobile SDK 2.8 includes the following update: added support for landscape mode.

For more information, see the following:

Container Optimized OS

cos-dev-117-18555-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.37 v24.0.9 v2.0.0rc2 See List

Upgrade fluent-bit to v3.0.6.

Upgraded app-admin/node-problem-detector to v0.8.19.

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded app-admin/google-guest-configs to v20240607.00.

Added support for TPU v6 devices.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2792.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2437.

Upgraded sys-apps/dbus to v1.14.10-r192.

Upgraded chromeos-base/shill-client to v0.0.1-r4577.

Upgraded chromeos-base/debugd-client to v0.0.1-r2703.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2937.

Upgraded chromeos-base/minijail to v18-r142.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r633.

Upgraded dev-embedded/libftdi to v1.5-r7.

Upgraded sys-apps/pv to v1.8.10.

Upgraded net-dns/c-ares to v1.31.0.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded dev-python/pygobject to v3.46.0-r1.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded dev-libs/nss to v3.101.

Upgraded sys-apps/hwdata to v0.383.

Upgraded net-misc/rsync to v3.3.0.

Upgraded sys-apps/findutils to v4.10.0.

Upgraded sys-libs/libseccomp to v2.5.5-r1.

Upgraded net-misc/curl to v8.8.0-r1.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Fixed glibc-2.36 build errors in sys-boot/syslinux.

Upgraded dev-lang/go to v1.22.4. This fixes CVE-2024-24790 and CVE-2024-24789.

Fixed CVE-2024-35195 in dev-python/requests.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 811785 -> 811776

cos-109-17800-218-76

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-editors/vim to v9.1.0470, Upgraded app-editors/vim-core to v9.1.0470.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded net-misc/rsync to v3.2.7-r4.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Upgraded sys-process/lsof to v4.99.3.

Upgraded sys-apps/file to v5.45-r4.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded net-misc/curl to v8.8.0-r1.

Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Added the package revision number to the SSH banner in net-misc/openssh.

Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

cos-105-17412-370-75

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Upgraded app-admin/logrotate to v3.22.0.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded app-shells/dash to v0.5.12.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded sys-apps/diffutils to v3.10.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded net-misc/wget to v1.21.4.

Upgraded app-misc/mime-types to v2.1.54.

Upgraded net-analyzer/netcat to v110.20180111-r2.

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Fixed CVE-2024-24790 and CVE-2024-24789 in dev-lang/go.

Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

cos-113-18244-85-54

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

cos-101-17162-463-58

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Updated cos-gpu-installer to v2.3.5.

Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.10 (2024-07-10)

Bug Fixes
  • dataflow: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

For more details, see the GCP-2024-042 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26809

For more details, see the GCP-2024-042 security bulletin.

Google SecOps

The third-party API feed Symantec Event Export has been discontinued due to the deprecation of Symantec Event Export API. To ingest data, use a Cloud Storage bucket. For more information, see Add a feed.

Google SecOps SIEM

The third-party API feed Symantec Event Export has been discontinued due to the deprecation of Symantec Event Export API. To ingest data, use a Cloud Storage bucket. For more information, see Add a feed.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.4 (2024-07-10)

Bug Fixes
  • secretmanager: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
Vertex AI Agent Builder

Vertex AI Search: Rotation of CMEK keys, which protect data stores (Private preview)

Customer-managed encryption keys (CMEK) for data stores associated with search apps can be rotated.

Don't rotate keys for data stores associated with recommendations apps. Also, if you rely on analytics, don't rotate keys.

Key rotation is available in Private preview. For information about rotating CMEK keys to protect Vertex AI Agent data stores, see Customer-managed encryption keys.

July 14, 2024

Google SecOps SOAR

Remote Agents Release 2.0.2 is now in General Availability.

Vertex AI Vision

Model output visualization tool in vaictl

You can now visualize model output using the vaictl command line tool available through the Vertex AI Vision SDK. This visualization combines real-time video streams with annotations and statistics generated by Vertex AI Vision models. This feature lets you better understand model output by visualizing output information over your video stream.

Features:

  • Visualize command added to vaictl command-line tool.
  • Support added to visualize Occupancy Analytics model annotations.

For more information, see Visualize model output.

Motion filtering - motion detection zone

You can now specify zones for motion detection, or areas to omit from motion detection. For more information, see the motion filtering guide.

July 13, 2024

Google SecOps

Python 2.7 is being deprecated and will be fully removed on October 13, 2024.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

Support for Python 3.11: Google SecOps now supports Python 3.11 in all the certified integrations. This feature is in General Availability.

IDE Staging mode: A staging mode has been added to the IDE where you can test certified and custom integrations as well as custom items. The staging mode acts as a sandbox where you can test the new Python 3.11 code or any upgraded integration before pushing to production. For more information, refer to Test integrations in staging mode. This feature is in General Availability.

Google SecOps SOAR

Python 2.7 is being deprecated and will be fully removed on October 13, 2024.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

Support for Python 3.11: Google SecOps now supports Python 3.11 in all the certified integrations. This feature is in General Availability.

IDE Staging mode: A staging mode has been added to the IDE where you can test certified and custom integrations as well as custom items. The staging mode acts as a sandbox where you can test the new Python 3.11 code or any upgraded integration before pushing to production. For more information, refer to Test integrations in staging mode. This feature is in General Availability.

July 12, 2024

Access Approval

Access Approval supports Dataform in the GA stage.

App Engine flexible environment .NET

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Go

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Java

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Node.js

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment PHP

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Python

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Ruby

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment custom runtimes

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine standard environment Go

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Java

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Node.js

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment PHP

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Python

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Ruby

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

Compute Engine

Preview: Hyperdisk Balanced High Availability provides cross-zonal, synchronous replication for your disk data, offering the best set of options for RPO, RTO, and performance.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.111-debian10, 2.0.112-rocky8, 2.0.112-ubuntu18
  • 2.1.59-debian11, 2.1.60-rocky8, 2.1.60-ubuntu20, 2.1.60-ubuntu20-arm
  • 2.2.25-debian12, 2.2.26-rocky9, 2.2.26-ubuntu22
Google SecOps SOAR

Release 6.3.10 is now in General Availability.

Memorystore for Redis Cluster

Single-zone instances are now Generally Available on Memorystore for Redis Cluster.

Spanner

Spanner now supports dual-region instance configurations in Australia, Germany, India, and Japan. Dual-region configurations let you replicate data in multiple zones across two regions in a single country. This helps you meet your data residency requirements, while taking advantage of 99.999% availability. For more information, see Dual-region configurations.

Spanner now supports the approximate nearest neighbor (ANN) distance functions (APPROX_COSINE_DISTANCE(), APPROX_EUCLIDEAN_DISTANCE(), and APPROX_DOT_PRODUCT()) in the GoogleSQL dialect (in Preview). If you have tables with a large amount of unstructured data that can be represented as vector data, you can create a vector index using DDL statements and accelerate similarity searches and nearest neighbor queries using standard SQL using these functions without having to copy the data into a separate system. For more information, see Find approximate nearest neighbors to index and query vector embeddings in Spanner.

July 11, 2024

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • Additional data validation errors with more granular checks and corresponding actionable error messages
  • Improved accuracy and better descriptions for existing data validation checks
  • A fix for processing of alert events in the Risk Case Event table
  • Improved reliability of training, prediction, and backtesting operations for very large datasets (greater than 20 million parties)
  • Reduction in the time taken for tuning when creating an engine config
Apigee X

On July 11, 2024, we released an updated version of Apigee (1-12-0-apigee-8).

This release addresses the security concerns in GCP-2024-032 from Google Anthos Service Mesh.

Bug ID Description
330175485 Security fix for apigee-ingress.
This addresses the following vulnerabilities:
Bug ID Description
N/A Updated libraries and infrastructure.
Application Integration BeyondCorp Enterprise

Generally available: Chrome Enterprise Premium watermarking

You can now display a custom watermark on web pages that match the data protection rules that you set. For more information, see Display watermark on certain webpages.

BigQuery

You can now use EXPORT DATA statements to reverse ETL BigQuery data to Spanner. This feature is in preview.

Cloud Functions

Starting in July 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying functions for the first time may be using a default Cloud Build service account with insufficient permissions for building a function. If you are impacted by this change you can do one of the following:

Cloud Run

Starting July 2024, Cloud Build changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change documentation. As a result of this change, new projects deploying to Cloud Run from source code for the first time may be using a default Cloud Build service account with insufficient permissions for deploying from source.

If you are impacted by this change, you can do one of the following:

Cloud Storage

You can now specify Frankfurt (europe-west3) and Zürich (europe-west6) as a predefined dual-region pairing. For more information, see Predefined dual-regions.

Compute Engine

You can only create on-demand reservations of A3 VMs if you create specifically targeted reservations. This restriction doesn't affect reservations that were created before July 11, 2024, which you can continue to consume based on their consumption type.

For more information, see the following pages:

Dataflow

You can now use the Dataflow job builder UI to create and run Dataflow pipelines in the Google Cloud console, without writing any code. This feature is generally available (GA).

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.69
  • 1.2.13
  • 2.0.77
  • 2.2.13
Dialogflow

Vertex AI Agents: Agent apps now provide generative settings for input token limit, output token limit, and temperature.

Google Cloud VMware Engine

Added missing release notes for ve2-standard-128 availability in australia-southeast1 region

Looker Studio

Pro feature: Gemini in Looker public preview features

The following Gemini in Looker features are now available in Public Preview:

Learn more about Gemini in Looker and how to enable it in Looker Studio.

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Search Ads 360 connector deprecation complete

The Search Ads 360 connector deprecation that was announced on April 2, 2024 is complete. Please use the New Search Ads 360 connector.

Spanner

You can now use EXPORT DATA statements to reverse ETL BigQuery data to Spanner. This feature is in Preview.

reCAPTCHA

reCAPTCHA for WAF integration with Akamai is now available in Preview. For more information, see Integrate reCAPTCHA for WAF with Akamai .

July 10, 2024

AlloyDB for PostgreSQL Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

App Engine flexible environment .NET

.NET version 3 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of .NET.

App Engine flexible environment Go

Go version 1.19 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Go.

App Engine flexible environment Node.js

Node.js version 16 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Node.js.

App Engine flexible environment PHP

PHP version 7.4 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of PHP.

App Engine flexible environment Python

Python version 3.7 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Python.

App Engine flexible environment Ruby

Ruby version 3.1 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Ruby.

Cloud Billing

You can now view granular AlloyDB for PostgreSQL usage in the Cloud Billing Detailed export to BigQuery

You can now view granular AlloyDB for PostgreSQL cluster, instance, and backup data in the Google Cloud Billing detailed export. Use the resource.global_name and resource.name fields in the export to view and filter your detailed AlloyDB cluster, instance, and backup usage.

Review the schema of the Detailed cost data export.

Tags data for AlloyDB for PostgreSQL cluster, instance, and backup usage is available in both the Standard usage cost export and the Detailed usage cost export.

To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see about tags and query examples with tags.

Datastream

Datastream is now available in the us-east5 (Columbus) region. For the list of all available regions, see IP allowlists and regions.

Google Cloud Marketplace Partners

We've made the following changes to Cloud Marketplace partner reports:

Google Kubernetes Engine

(2024-R24) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.29.5-gke.1091002 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.11-gke.1062004
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.9-gke.1000000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.4-gke.1043002
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
    • 1.29.6-gke.1038000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

Stable channel

  • Version 1.28.9-gke.1289002 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1043002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.

Regular channel

  • Version 1.29.5-gke.1091002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.27.13-gke.1201000
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.28.9-gke.1289000
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1058001
    • 1.28.10-gke.1075000
    • 1.29.4-gke.1043002
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.5-gke.1091000
    • 1.29.5-gke.1091002
    • 1.29.6-gke.1038000
    • 1.30.1-gke.1329000
    • 1.30.2-gke.1023000
    • 1.30.2-gke.1023004
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R24) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.5-gke.1091000
    • 1.29.5-gke.1091002
    • 1.29.6-gke.1038000
    • 1.30.1-gke.1329000
    • 1.30.2-gke.1023000
    • 1.30.2-gke.1023004
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R24) Version updates

  • Version 1.28.9-gke.1289002 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1043002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.

(2024-R24) Version updates

  • Version 1.29.5-gke.1091002 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.11-gke.1062004
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.9-gke.1000000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.4-gke.1043002
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
    • 1.29.6-gke.1038000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

(2024-R24) Version updates

  • Version 1.29.5-gke.1091002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.27.13-gke.1201000
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.28.9-gke.1289000
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1058001
    • 1.28.10-gke.1075000
    • 1.29.4-gke.1043002
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
Google SecOps SOAR

Release 6.3.11 is currently in Preview.

Case tag filter pagination is not working in cases page (ID #339581969)

Issues when testing SOAR Webhooks for ingestion. (ID #51862016)

Looker

Looker 24.12 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, July 15, 2024

  • Expected Looker (original) final deployment and download available: Thursday, July 25, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, July 15, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, July 29, 2024

A LookML validator error, which catches illegal sql_trigger values in models with parameterized connections, has been added.

The Chart Config Editor now supports the following pie chart legend properties: align, verticalAlign, and layout.

Admins can now edit groups and roles for users who only have API keys.

When a file or folder is created, updated, or accessed in the Looker IDE, Looker now displays a loading indicator.

A new Explore from Here icon now appears on dashboard tiles and lets dashboard viewers explore a tile's data in one click. Note: This feature will be released in late July. Update: Because of a code freeze during the Olympics, this feature will be released in mid-August.

Looker now supports Databricks Unity Catalog. When you create a Databricks connection in Looker, you can define the Databricks catalog in which Looker will run queries.

For LookML projects that are configured with the Use Legacy Runtime feature, the LookML Validator may return an information-level alert that the legacy runtime is being deprecated. We recommend that you migrate LookML projects to the new LookML runtime.

A new Create button in the main navigation panel lets users create dashboards, boards, LookML models, and database connections. To view the button, users must have the permissions to create dashboards, models, or connections. Note: This feature will be released in late July. Update: Because of a code freeze during the Olympics, this feature will be released in mid-August.

An issue has been fixed where filter values with a special character and a trailing space would filter out valid results. This feature now performs as expected.

An issue has been fixed where Aurora MySQL connections that do not provide the lookerFailover parameter in the Additional JDBC parameters setting would fail to connect. This feature now performs as expected.

The LookML validator will now return an error if a sql_distinct_key is used in a field type that does not support it.

An issue where PDT overrides could not be toggled off in some situations has been fixed. This feature now performs as expected.

An issue was causing tooltips on timeline visualizations to not respect timezone conversion settings. This feature now performs as expected.

Rendering for dashboards that include special characters in their titles has been fixed. This feature now performs as expected.

Query results that contained characters that aren't in the UTF-8 character set could cause queries to fail. This feature now performs as expected.

Previously, extra filter suggestions queries would run when a filter was removed in an Explore. This feature now performs as expected.

An issue was causing the LookML validator to return an incorrect error for an improperly formed value format string. This feature now performs as expected.

An issue was causing visualization formats to round incorrectly. This feature now performs as expected.

Previously, some Looks had a null Look ID in System Activity Explores. This feature now performs as expected.

An issue was causing Looker to sometimes incorrectly generate date literals for Postgres queries. This feature now performs as expected.

Previously, queries could not be sorted on date fields in specific situations. This feature now performs as expected.

Previously, user attribute values that contained certain special characters could not be saved. This feature now performs as expected.

An issue was causing Looker to generate incorrect join SQL for circular join references. This feature now performs as expected.

Previously, drill-downs didn't work properly in some map visualizations. This feature now performs as expected.

An issue with the Closed System option allowed the name of the user who created or updated a dashboard last to be viewed by users who weren't in the same group. This feature now performs as expected.

OpenJDK 8 is no longer supported. Self-hosted customers must upgrade to OpenJDK 11.

A new Labs feature, Delegate Schedule Management, introduces the manage_schedules permission. This permission lets users reassign and delete schedules on the Schedules page for the models that they can access.

If a Looker instance does not yet have any Looks or dashboards, the Looker homepage now shows sample dashboards. Note: This feature will be released in late July. Update: Because of a code freeze during the Olympics, this feature will be released in mid-August.

Looker (Google Cloud core) now supports connections to Teradata databases.

Managed Kafka

Terraform samples are now available for creating clusters and topics. For more information, see Provision Apache Kafka for BigQuery resources with Terraform.

Migrate to Virtual Machines

The Migrate Connector, the virtual appliance used to connect VMware sources to Migrate to Virtual Machines, is exposed to a security vulnerability on SSHD (CVE-2024-6387). Migrate Connector version 2.6.2497 has been released to mitigate this issue and is being gradually rolled out. For information, see the GCP-2024-040 security bulletin.

Vertex AI Agent Builder

Vertex AI Search: Edit the schema for structured data on import (Public preview)

When you create a data store by importing structured data from BigQuery or Cloud Storage, you can review and edit the schema before you import the data. This saves time over the alternative method of importing the data first and subsequently editing the schema.

This feature is available in Public preview and applies to generic and media data stores. To try this feature for healthcare data stores, contact your Google account team and ask for access to the Private preview.

Vertex AI Search: Bring your own schema for media data stores (Public preview)

Previously, all media data stores had to follow a JSON schema for media predefined by Google. However, now you can use your own JSON schema for media data, provided that you map fields in your schema to the key properties: category, media_available_time, media_duration, title, and uri.

This feature is in Public preview.

Vertex AI Search: Media app creation (Public preview)

Media data stores can be created directly from the Data Stores page.

This is an alternative to the method where you create a media data store as part of the app creation workflow.

This feature is available in Public preview.

July 09, 2024

AlloyDB for PostgreSQL

The extension pgvector is updated to version 0.7.0.

Performing a switchover with zero data loss in cross-region replication setups, to test disaster recovery (DR) or to perform workload migration, is now generally available (GA).

Apigee X

Updated: Limit on number of basepaths per environment

Apigee is raising the temporary limit of 1000 basepaths per environment to avoid potential failures when deploying API proxy revisions.

While this limit is in place, you can deploy up to 1000 API proxy revisions (each containing a single basepath) per environment. If your API proxies or revisions contain more than one basepath, the total number of basepaths per environment must not exceed 1000.

To track the status of this issue, see Apigee Known Issues.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Google Kubernetes Engine
    • admissionregistration.k8s.io/MutatingWebhookConfiguration
    • apps.k8s.io/DaemonSet
    • apps.k8s.io/StatefulSet
    • batch.k8s.io/CronJob
    • extensions.k8s.io/DaemonSet
    • k8s.io/PersistentVolume
    • k8s.io/PersistentVolumeClaim
    • k8s.io/PodTemplate
    • k8s.io/ReplicationController
    • k8s.io/ResourceQuota
    • policy.k8s.io/PodDisruptionBudget
    • storage.k8s.io/StorageClass
    • gateway.networking.k8s.io/Gateway
    • gateway.networking.k8s.io/GatewayClass
    • gateway.networking.k8s.io/HTTPRoute
Cloud Build

Cloud Build users can connect to Bitbucket Cloud and Bitbucket Data Center hosts and add repositories with the Terraform provider for Google Cloud.

To learn more, see Connect to a Bitbucket Cloud host and Connect to a Bitbucket Data Center host.

Cloud Composer

A new Airflow build is available in Cloud Composer 3:

  • composer-3-airflow-2.7.3-build.8

Cloud Composer 2.8.5 images are available:

  • composer-2.8.5-airflow-2.7.3 (default)
  • composer-2.8.5-airflow-2.6.3
Cloud Healthcare API

Using customer-managed encryption keys (CMEK) to encrypt Cloud Healthcare API datasets is generally available (GA) and available in Preview. For more information, see Enable customer-managed encryption keys (CMEK) for Cloud Healthcare API datasets.

Cloud Monitoring

Starting no sooner than January 7, 2025, Cloud Monitoring will begin charging for alerting. For information about the pricing model and examples of pricing scenarios, see Pricing for alerting.

Compute Engine

Generally available: You can create GPU VMs in a managed instance group (MIG) by using resize requests. Resize requests help you create VMs all at once and give you higher chances to obtain highly demanded resources such as GPUs.

For more information, see About resize requests in a MIG.

Generally available: Hyperdisk ML, block storage designed specifically for high-performance AI workloads. Each Hyperdisk ML volume can achieve up to 1,200,000 MBps of throughput. For large-scale training and inference workloads, you can attach a single Hyperdisk ML volume to up to 2,500 VM instances. For more information, see About Hyperdisk.

Config Connector

Config Connector version 1.120.1 is now available.

IAM configuration can now be applied to PrivateCACAPool.

You can configure the ConfigConnector operator to roll back to install the v1.119.0 controllers by specifying spec.version: 1.119.0 in the ConfigConnectorContext CR (namespaced mode).

CloudBuildWorkerPool is promoted from alpha to beta.

CloudIDSEndpoint is promoted from alpha to beta.

ComputeMangedSSLCertificate is promoted from alpha to beta.

AlloyDBInstance

  • Added networkConfig field to support Public-IP feature.

MonitoringAlertPolicy

  • Added spec.severity field.

MonitoringDashboard

  • Added dashboardFilters support.
  • Added alertChart widgets.
  • Added collapsibleGroup widgets.
  • Added pieChart widgets.
  • Added sectionHeader widgets.
  • Added singleViewGroup widgets.

  • Added timeSeriesTable widgets.

  • Added blankView to scorecard widgets.

  • Added dataSets.targetAxis and y2Axis fields to xyChart widgets.

  • Added id field to all widgets.

  • Added prometheusQuery and outputFullDuration to timeSeriesQuery.

  • Added style fields to text widgets.

  • Added targetAxis field to thresholds.

StorageBucket

  • Added spec.softDeletePolicy field.
  • Added status.observedState.softDeletePolicy field.
Contact Center AI Platform

Version 3.18 is released

All release notes published on this date are part of version 3.18.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

New custom data types for events

The following custom data types for events are now available using the Web SDK:

  • custom_data_secured
  • custom_data_not_secured

For more information, see Data for events.

New session events for quality management

The following session events are now available for quality management (QM) integration:

  • Hold
  • Mute
  • Redaction
  • Recording indication
  • Queue information

Fixed an issue where agents were not receiving audio notifications for breakthrough calls.

Fixed an issue where saving queue-level wrap-up settings to the global defaults was not behaving as expected.

Fixed an issue where viewing agent assignments was not possible for agents with a custom role.

Google Cloud Architecture Center Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.200-gke.245 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.200-gke.245 runs on Kubernetes v1.29.5-gke.800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed In 1.29.200-gke.245:

Google Distributed Cloud for VMware 1.28.700-gke.151 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.700-gke.151 runs on Kubernetes v1.28.10-gke.2100.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following issues are fixed in 1.28.700-gke.151:

  • Fixed the known issue where the Binary Authorization webhook blocked the CNI plugin, which caused user cluster creation to stall.

  • Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes.

The following vulnerabilities are fixed In 1.28.700-gke.151:

Google Distributed Cloud for VMware 1.16.10-gke.36 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.10-gke.36 runs on Kubernetes v1.27.14-gke.1600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed In 1.16.10-gke.36:

Google Distributed Cloud (software only) for bare metal

Release 1.28.700-gke.150

Google Distributed Cloud for bare metal 1.28.700-gke.150 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.700-gke.150 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

The following container image security vulnerabilities have been fixed in 1.28.700-gke.150:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Google SecOps SOAR

Release 6.3.9 is now in General Availability.

July 08, 2024

Agent Assist

Agent Assist now offers a new version of summarization with custom sections in preview. Summarization with custom sections V3.0 reduces latency from V2.1.

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Cloud Data Fusion

You can configure maintenance windows for Cloud Data Fusion instances, in versions 6.8 and later, in Preview.

Cloud Database Migration Service

Database Migration Service for heterogeneous Oracle migrations can now migrate tables without primary or unique constraints that have more than 500 million rows. The previous maximum row limitation for such tables is no longer in place. For more information on known limitations, see:

Cloud Logging

Log buckets in all regions supported by Cloud Logging can now be upgraded to use Log Analytics. For more information, see Supported regions.

Cloud Monitoring

Your dashboards will now recommend event types for display. For more information, see Show events on a dashboard.

Cloud Service Mesh

1.21.4-asm.5 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.4-asm.5 uses Envoy v1.29.7.

1.20.8-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.20.8-asm.1 uses Envoy v1.28.5.

1.19.10-asm.9 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.19.10-asm.9 uses Envoy v1.27.7.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.43.0 (2024-07-03)

Features
  • storage/transfermanager: Add DownloadDirectory (#10430) (0d0e5dd)
  • storage/transfermanager: Automatically shard downloads (#10379) (05816f9)
Bug Fixes
Documentation
  • storage/control: Remove allowlist note from Folders RPCs (d6c543c)

You can now specify London (europe-west2) and Frankfurt (europe-west3) as a predefined dual-region pairing. For more information, see Predefined dual-regions.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.9 (2024-07-01)

Bug Fixes
  • dataflow: Bump google.golang.org/api@v0.187.0 (8fa9e39)
Dataplex

Dataplex Catalog is generally available (GA). Dataplex Catalog provides a platform for storing, managing, and accessing your metadata.

For more information, see Dataplex Catalog overview, Search for data assets, Manage aspects and enrich metadata, and Manage entries and ingest custom sources.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.110-debian10, 2.0.110-rocky8, 2.0.110-ubuntu18
  • 2.1.58-debian11, 2.1.58-rocky8, 2.1.58-ubuntu20, 2.1.58-ubuntu20-arm
  • 2.2.24-debian12, 2.2.24-rocky9, 2.2.24-ubuntu22
Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

For more information, see the GCP-2024-041 security bulletin.

Google Distributed Cloud connected

This is a minor release of Google Distributed Cloud connected (version 1.7.0).

The following new functionality has been introduced in this release of Google Distributed Cloud connected:

  • Customer-sourced hardware. You now have the option to purchase the Google Distributed Cloud connected hardware from a Google-partnered System Integrator (SI) and retain full ownership instead of leasing it from Google. For more information, contact your Google field sales representative.

  • Refreshed machine hardware. The server machines comprising Google Distributed Cloud connected racks have been updated to a more powerful hardware configuration. For more information, see Plan the hardware configuration.

  • Flexible rack configuration. You can now order a Google Distributed Cloud connected rack with 3, 6, 9, or 12 server machines. For more information, contact Google Support.

  • IPv4/IPv6 dual-stack networking. Google Distributed Cloud connected now supports IPv6 networking in addition to IPv4 networking. For more information, see IPv4/IPv6 dual-stack networking.

  • VM support on GDC connected servers. Google Distributed Cloud connected servers now support running virtual machine workloads. For more information, see Manage virtual machines on Distributed Cloud connected servers.

  • Pod image caching. Google Distributed Cloud connected now supports local caching of Pod images. For more information, see Configure a Pod for image caching.

  • Kafka support. Google Distributed Cloud now supports collecting workload metrics with Apache Kafka. For more information, see Logs and metrics.

  • Cluster connection state indication. You can now check whether a cluster is connected, disconnected, or reconnected and synchronizing with Google Cloud Platform. For more information, see Survivability mode.

  • Cluster maintenance exclusion windows. You can now specify one or more maintenance exclusion windows for a cluster. This prevents Google from performing maintenance or software upgrades on the cluster during the specified times. For more information, see Understand software updates and maintenance windows.

  • GDC Hardware Management API. You can now place orders for Google Distributed Cloud connected hardware programmatically using the GDC Hardware Management API. For more information, see Google Distributed Cloud connected CLI and API reference. This is a Preview-level feature.

The following changes to existing functionality have been introduced in this release of Google Distributed Cloud connected:

  • Bastion host GA. The bastion host feature of Google Distributed Cloud connected is now generally available. For more information, see Configure a bastion host.

  • Worker node software upgrades are now staggered. Google Distributed Cloud connected now upgrades worker node software in stages instead of all at once. This allows your workloads to continue running on some nodes, while others are upgrading. You have the option to specify the number of worker nodes that can go down for a software upgrade simultaneously. For more information, see Software update staggering.

  • GPU support is now automatically enabled. You no longer have to modify the VMRuntime resource to enable GPU support on Google Distributed Cloud connected. GPU support is now automatically enabled if a GPU is detected on a Google Distributed Cloud connected machine.

  • Google Distributed Cloud connected component updates:

    • GKE on Bare Metal. This component has been updated from version 1.1.6.1 to version 1.28.500.
    • Kubernetes control plane. This component has been updated from version 1.27.9 to version 1.28.8.
    • Symcloud Storage. This component has been updated from version 5.4.6 to version 5.4.8.

  • Anthos branding has been replaced with Google Kubernetes Service branding. Anthos features and services that Google Distributed Cloud connected relies on, such as Anthos Identity Service, have been rebranded to Google Kubernetes Service. You might still see references to the legacy branding in Google Distributed Cloud connected command output and error messages.

The following functionality has been deprecated in this release of Google Distributed Cloud connected:

  • Cloud control plane cluster support. As of this release, Google Distributed Cloud connected no longer supports Cloud control plane clusters. Local control plane clusters are now the only supported cluster type.

  • Raw block storage for virtual machine workloads. As of this release, you can no longer provision virtual machine workloads with raw block storage. Symcloud Storage is now the only supported storage type for virtual machine workloads.

The following issues have been resolved in this release of Google Distributed Cloud connected:

  • Symcloud Storage volume clean-up now functions correctly. Single node failures, such as power loss or network disconnection, no longer cause rescheduling failures for virtual machines that use Symcloud Storage volumes. When a node fails, virtual machines are automatically rescheduled onto another node and then scheduled back onto the original node once that node returns to operation.

  • Virtual machines no longer enter a stuck state when node network connections are intermittent. Virtual machines no longer get stuck in container creation state when their network connections repeatedly disconnect and reconnect. When all three nodes in a Google Distributed Cloud connected server group regain network connectivity, the affected virtual machines are automatically rescheduled back onto their original nodes.

  • Virtual machine restore operations now complete successfully. Problems related to taking subsequent snapshots of virtual machines after the initial ones have been resolved. These problems caused virtual machine restore operations to fail.

  • Virtual machine heartbeat has been tuned to increase failover resilience. Occasionally, when a node failed, virtual machines on other nodes in the cluster would fail multiple successive heartbeats to the Kubernetes control plane that ran on the failed node. The heartbeat configuration has been tuned to mitigate this and increase failover resilience.

  • Intermittent SR-IOV device availability on large deployments has been resolved. SR-IOV devices are no longer intermittently unavailable on large, long-uptime deployments of Google Distributed Cloud connected after creating SR-IOV network node policies.

Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected:

  • CVE-2024-26934, CVE-2024-27013, CVE-2024-26884, CVE-2024-26902, CVE-2022-48659, CVE-2024-26901, CVE-2024-26910, CVE-2024-26883, CVE-2024-26898, CVE-2024-26882, CVE-2024-26908, CVE-2024-26585, CVE-2021-46904, CVE-2021-46905, CVE-2020-36775, CVE-2021-46909, CVE-2021-46906, CVE-2019-25162, CVE-2024-26606, CVE-2024-26602, CVE-2024-26600, CVE-2023-52469, CVE-2023-52470, CVE-2022-48626, CVE-2024-26597, CVE-2023-52464, CVE-2024-26598, CVE-2024-0340, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2023-52439, CVE-2023-52435, CVE-2023-52443, CVE-2023-46343, CVE-2024-0607, CVE-2024-22705, CVE-2023-46838, CVE-2023-51782, CVE-2023-51781, CVE-2023-51780, CVE-2024-1086, CVE-2024-0584, CVE-2024-0562, CVE-2023-6915, CVE-2024-0646, CVE-2023-6040, CVE-2023-46862, CVE-2023-46813, CVE-2023-6932, CVE-2023-6931, CVE-2023-5178, CVE-2023-5717

This release of Google Distributed Cloud connected contains the following known issues:

  • Refreshed Google Distributed Cloud connected hardware requires Google Distributed Cloud connected software version 1.7.0 or later. The refreshed Google Distributed Cloud connected hardware does not support versions of Google Distributed Cloud connected prior to release 1.7.0.

  • Virtual machine workloads might temporarily go down when upgrading Google Distributed Cloud connected software to release 1.7.0. The virtual machine workloads will go back up and be healthy once the Google Distributed Cloud software upgrade completes.

  • **Cluster upgrades to software release 1.7.0 might fail with an ABM upgrade timed out error. Under certain conditions, if the GKE token expires while a cluster upgrade is in progress, the upgrade fails with an ABM upgrade timed out error and a missing gkehub.memberships.update permission is recorded in the logs. If you encounter this issue, contact Google Support.

  • Storage operations hang when volume replicas are deleted from a cluster without removing the corresponding Symcloud Storage persistent volume intent. If you delete the volume replicas for a Symcloud Storage persistent volume but do not remove the corresponding intent, TCMU devices on the worker node hang, causing storage operations to stall indefinitely. This can affect both your workload data availability as well core system functionality of Google Distributed Cloud connected. To prevent this, you must always remove a Symcloud Storage persistent volume before deleting its associated volume replicas.

  • Virtual machines might not get scheduled onto nodes after their network has been partitioned. When you partition a network, some virtual machines using that network might not get scheduled back onto their node after the node reconnects to the network. To work around this issue, restart the affected virtual machines or contact Google Support.

  • Cluster deletion can fail due to stale Symcloud Storage data. When attempting to delete a cluster during disaster recovery or cluster reset, the deletion might fail due to the corresponding Symcloud Storage volumes not having been cleaned up. To resolve this issue, contact Google Support.

  • Virtual machine management can fail after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you might not be able to manage the virtual machines scheduled on the corresponding nodes after you power the machines back up, even though those virtual machine workloads continue to run. To resolve this issue, contact Google Support.

  • Nodes can get stuck in Ready,SchedulingDisabled state after applying configuration changes. Applying or deleting the NodeSystemConfigUpdate or SriovNetworkNodePolicy resources can result in a node that's stuck in the Ready, Scheduling Disabled state after it reboots. To resolve this issue, see Troubleshoot Google Distributed Cloud connected.

  • The Kubernetes API server might return 404 errors when attempting to access virt-api endpoints. To work around this issue, contact Google Support.

  • Changes required to VMRuntime resource before upgrading to Google Distributed Cloud connected version 1.7.0. To ensure your existing virtual machine workloads successfully upgrade to Google Distributed Cloud connected version 1.7.0, you must modify the VMRuntime resource before upgrading the cluster as described in Upgrade existing virtual machines to Google Distributed Cloud connected version 1.7.0.

  • The containerd daemon state might not be reset after deleting a cluster. In very rare situations, cluster deletion does not reset the state of the containerd daemon. To resolve this issue, contact Google Support.

  • GKE Identity Service (GKE IS) Pods stuck in Failed state after machine reboot. Rebooting a machine might spawn one or more GKE IS (formerly branded as Anthos IS) Pods stuck in a Failed state, even though the GKE IS deployment is healthy and running. This does not impact the cluster nor the GKE IS functionality. Since GKE IS Pods are deployed into a protected namespace, contact Google Support to resolve this issue.

  • Cluster software upgrades might fail. If there are GKE IS pods stuck in a Failed state after a machine reboot, you might experience the following behavior on the affected cluster:

    • Automatic software upgrades never start.
    • Manually initiated software upgrades stall and enter a Paused state.

    Workloads on the cluster continue to run and the cluster remains healthy. To resolve this issue, contact Google Support.

Google Kubernetes Engine

Ray Operator on GKE is now generally available in the Rapid channel. Ray Operator is a GKE add-on that allows you to manage and scale Ray applications. To learn more, see the Ray Operator documentation.

(2024-R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.29.4-gke.1043004 is now the default version.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

Stable channel

  • Version 1.27.13-gke.1070002 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

Regular channel

  • Version 1.29.4-gke.1043004 is now the default version in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

Rapid channel

  • Version 1.30.1-gke.1329003 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329003 with this release.

(2024-R23) Version updates

  • Version 1.29.4-gke.1043004 is now the default version.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

(2024-R23) Version updates

  • Version 1.27.13-gke.1070002 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

(2024-R23) Version updates

  • Version 1.29.4-gke.1043004 is now the default version in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

(2024-R23) Version updates

  • Version 1.30.1-gke.1329003 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329003 with this release.
Network Intelligence Center

The GKE Enterprise view of Network Topology is generally available. Network Topology now shows the infrastructure of your GKE deployments - clusters, namespaces, workloads, and pods, and their associated metrics.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.22.0 (2024-07-06)

Features
  • Add service_account_email for export subscriptions (ec0cc34)
  • Add use_topic_schema for Cloud Storage Subscriptions (ec0cc34)
SAP on Google Cloud

New SAP HANA certification: 16 TB X4 bare metal machine type for OLAP workloads

SAP has certified the Compute Engine 16 TB x4-megamem-960-metal machine type for use with SAP HANA OLAP workloads in scale-out configurations with up to 4 nodes.

For more information, see X4 memory-optimized bare metal machine types.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.3 (2024-07-01)

Bug Fixes
  • secretmanager: Bump google.golang.org/api@v0.187.0 (8fa9e39)

July 05, 2024

Access Approval

Access Approval supports Cloud Armor in the Preview stage.

Access Approval supports Cloud DNS in the GA stage.

Access Transparency

Access Transparency supports Cloud Armor in the Preview stage.

Access Transparency supports Cloud DNS in the GA stage.

Access Transparency supports Cloud Router in the GA stage.

Access Transparency supports Google Security Operations SOAR in the GA stage.

Dataflow

The remote code execution vulnerability, CVE-2024-6387, in OpenSSH has been mitigated. A patched Dataflow VM image that includes an updated OpenSSH is available. For more information about how to apply mitigations, see the GCP-2024-040 security bulletin.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.68
  • 1.2.12
  • 2.0.76
  • 2.2.12
Google SecOps SOAR

Remote Agents Release 2.0.2 is currently in Preview. Note the version number has been changed from 2.0.0 to 2.0.2.

July 04, 2024

Google SecOps SOAR

Release 6.3.10 is now in Preview.

The limit for action result attachments has now been raised to 50 MB. (ID #00294694)

Playbook is stuck in the queue. (ID #51894700)

Issues when importing a custom list which contains duplicated records.

July 03, 2024

Anthos clusters on AWS

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Anthos clusters on Azure

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Cloud Composer

New Cloud Composer 2 environments are gradually switched to using GKE 1.29 and PSC as a connectivity channel to the GKE control plane. The IP address for the PSC endpoint will be taken from the nodes IP range. This change might require using a larger IP range for the nodes when you create an environment.

Cloud Database Migration Service

Database Migration Service for heterogeneous Oracle migrations to AlloyDB for PostgreSQL now supports network connectivity with Private Service Connect for AlloyDB clusters with Private Service Connect enabled. For more information, see Configure Private Service Connect.

Cloud Logging

Agent-installation policies for the Ops Agent are now GA. For more information, see Overview of agent policies for the Ops Agent.

You can now view the estimated number of byte processed along with the validation status of your SQL query when running queries in Log Analytics. You can use this information to understand the relative volume of data that your SQL query will scan.

Cloud Monitoring

Agent-installation policies for the Ops Agent are now GA. For more information, see Overview of agent policies for the Ops Agent.

Dataflow

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. Dataflow jobs might create VMs that use an OS image with versions of OpenSSH that are vulnerable to CVE-2024-6387. For more information, see the GCP-2024-040 security bulletin.

Dataplex

Data Lineage now supports location organization policy. For more information, see Resource locations supported services.

Dataproc

Added Cloud Profiler support in Dataproc Serverless for Spark. Enable profiling via the dataproc.profiling.enabled=true property and configure it via dataproc.profiling.name=<PROFILE_NAME>

New Dataproc on Compute Engine subminor image versions:

  • 2.0.109-debian10, 2.0.109-rocky8, 2.0.109-ubuntu18
  • 2.1.57-debian11, 2.1.57-rocky8, 2.1.57-ubuntu20, 2.1.57-ubuntu20-arm
  • 2.2.23-debian12, 2.2.23-rocky9, 2.2.23-ubuntu22
Google Distributed Cloud (software only) for VMware

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Google Distributed Cloud (software only) for bare metal

Security bulletin (all minor versions)

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Google Kubernetes Engine

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. This vulnerability has a Critical severity for GKE. An expedited rollout is in progress to make patch versions available.

For patch versions and mitigation steps, see the GCP-2024-040 security bulletin.

(2024-R22) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

Rapid channel

You can now preload data or container images in new nodes on GKE, enabling faster workload deployment and autoscaling. This feature is Generally Available and production-ready, with support for Autopilot and Terraform. To learn more, see Use secondary boot disks to preload data or container images.

GKE Managed DCGM Metrics Package is now available in Preview for both GKE Standard and Autopilot clusters running version 1.30.1-gke.1204000 and later.

You can now configure Autopilot and Standard clusters to export a predefined list of DCGM metrics emitted by GKE Managed DCGM exporter including metrics for GPU performance, utilization, and I/Os in the GPU node pools with GKE-managed NVIDIA drivers. These metrics are collected by Google Cloud Managed Service for Prometheus. You can view the curated DCGM metrics in the Observability Tab on the Kubernetes Clusters page or in Cloud Monitoring.

For more information, see Collect and view DCGM metrics.

Policy Intelligence

You can use Policy Troubleshooter to troubleshoot principal access boundary policies. This feature is available in Preview.

Spanner

Spanner now allows privileged users to cancel long-running queries. For more information, see GoogleSQL Query cancellation or PostgreSQL Query cancellation.

Multiplexed sessions are now generally available. Multiplexed session is a new session management model which simplifies the pool management in clients. For more information, see Multiplexed sessions.

Vertex AI Agent Builder

Vertex AI Search: On July 6, text-bison@001/answer_gen/v1 is discontinued

As of July 6, 2024, model version text-bison@001/answer_gen/v1 is discontinued.

If you specify text-bison@001/answer_gen/v1 by name in your search requests, replace text-bison@001/answer_gen/v1 with a newer model or with stable.

For more information, see Answer generation model versions and lifecycle.

Vertex AI Search: gemini-1.5-flash-001/answer_gen/v1 for answer generation

Model version gemini-1.5-flash-001/answer_gen/v1 is the stable model for generating answers in Vertex AI Search.

For more information, see Answer generation model versions and lifecycle.

Vertex AI Search: You can't use the Folder option to upload structured data from Cloud Storage

When creating a data store for structured or media data, you must use the File option when importing from a Cloud Storage bucket. Choosing the Folder option results in an error, "Schema preview failed. Requested entity was not found."

To work around this issue, use the File option and upload one file from the folder. After you've created the data store, import the folder contents from the Documents tab of the data store.