The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.
You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
August 16, 2024
AlloyDB for PostgreSQLThe AlloyDB Omni Kubernetes Operator version 1.1.0 lets you configure a load balancer using annotations.
On August 16, 2024, we released an updated version of Apigee (1-13-0-apigee-2).
Bug ID | Description |
---|---|
324418891 | Added improvements to the MessageLogging policy to avoid potential downtime and deployment failures. |
351068926 | Updated the error format and status code returned (from 500 to 400 ) in cases where an invalid authorization code causes an error. |
Documentation has been added to explain how to export job information. Exporting a job's information is useful when you want to retain the information after a job is deleted or analyze the information outside of Batch. For more information, see Export job information.
Error Reporting can now analyze log entries that have been routed to a log bucket in a non-global region, provided the log sink is in the same project as the log bucket.
In GKE version 1.29.7-gke.1238000-1.30, and 1.30.3-gke.1571000 or later, node pools use regional instance templates instead of global instance templates. To learn more, see Regional and global instance templates.
You can now create static overlays and position them on top of a live stream.
New SAP certifications: C4 series of general-purpose machine types
For use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads, SAP has certified the Compute Engine C4 series of general-purpose machine types.
For more information, see the following:
Vertex AI Search: Search tuning (GA)
Search tuning for unstructured data stores is Generally available (GA). You can upload training files to tune the model for your search app.
Search tuning supports Data Residency; you can tune data stores in the US and EU multi-regions as well as global data stores.
For information, see Improve search results with search tuning.
August 15, 2024
Apigee UIOn August 15, 2024, we released an updated version of the Apigee UI.
Bug ID | Description |
---|---|
356453519 | Fixed issue with the display of shared flow detail pages. In some cases, detail pages for shared flows with names containing a space (" ") would not display and resulted in UI errors. |
355674677 | Fixed infinite redirect loop after Subscription org provisioning. Clicking the Continue button in the final step of the Subscription organization provisioning flow resulted in an infinite redirect loop. |
On August 15, 2024 documentation was added describing how to provision Apigee in the Google Cloud console.
See Get started in the Google Cloud console for more information.
Apigee provisioning for Subscription orgs is now performed in the Google Cloud console.
Extended support pricing is now available for Cloud SQL for MySQL. To view pricing details, see Cloud SQL pricing.
For more information about extended support, see Extended support for Cloud SQL.
For more information about extended support timelines, see Database versions and version policies.
Extended support pricing is now available for Cloud SQL for PostgreSQL. To view pricing details, see Cloud SQL pricing.
For more information about extended support, see Extended support for Cloud SQL.
For more information about extended support timelines, see Database versions and version policies.
If your Cloud SQL Enterprise edition instance stores the transaction logs used for point-in-time recovery (PITR) on disk, then when you do an in-place upgrade to Cloud SQL Enterprise Plus edition the storage location for the transaction logs is switched to Cloud Storage. For more information, see Upgrade an instance to Cloud SQL Enterprise Plus edition by using in-place upgrade.
To check where your instance stores the transaction logs used for PITR, see Use point-in-time recovery (PITR).
Dialogflow CX: You can now configure sensitivity levels of safety filters with respect to different Responsible AI (RAI) categories.
Vertex AI Agents: OpenAPI tool authentication now supports custom client certificates for mutual TLS authentication.
Eventarc support for creating triggers for direct events from Apigee API hub is generally available (GA).
Looker (Google Cloud core) customers can now create a Looker (Google Cloud core) instance with Private Service Connect. To create a Private Service Connect instance, ensure that you have received confirmation from your sales representative that your project has been added to the allowlist for Private Service Connect.
New Looker and Looker Studio shared terms and concepts glossary
A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.
Sort list controls by any metric
List controls now support sorting the options on any metric, rather than just the reference metric.
The IAM recommender generates policy insights and role recommendations for the following identities:
- All identities in a workload identity pool
- Single identity in a workload identity pool
- All identities in a workforce identity pool
- Single identity in a workforce identity pool
- All Google Kubernetes Engine Pods that use a specific Kubernetes service account
To learn more, see Availability. This feature is generally available.
Google Cloud's Agent for SAP version 3.5
Version 3.5 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements to support Workload Manager's observability service for SAP, metric enhancements, and some minor fixes.
For more information, see What's new with Google Cloud's Agent for SAP.
The PHONE_NUMBER
infoType functionality that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model includes US_TOLLFREE_PHONE_NUMBER
findings as type PHONE_NUMBER
in the scan results.
To enable the new functionality, leave InfoType.version
unset, or set it to latest
or stable
. To use the old functionality, set InfoType.version
to legacy
. You can continue to use the legacy functionality for 90 days.
August 14, 2024
AlloyDB for PostgreSQLThe AlloyDB Omni Kubernetes Operator version 1.0.0 and later lets you schedule matching new database Pods to nodes to balance node distribution across the AlloyDB Omni cluster and help optimize performance.
You can now get lower latency for small queries with the new short query optimized mode. BigQuery automatically determines which queries may be accelerated while other queries continue to run like before. This feature is now in preview.
Beginning with the release of January 2024 data, Google Cloud Carbon Footprint has adopted a semi-annual methodology improvement schedule, with updates planned for January and July data releases each year.
For the July 2024 data release (in mid-August 2024), we have upgraded the carbon model to version 11 and implemented the following updates:
Updating Scope 1 & 3 emissions from Google's corporate footprint:
Updated Scope 1 & 3 allocation factors using latest Google company-wide data from 2024 Google Environmental Report. See the non-electricity emission sources section of methodology documentation on how we apply these Scope 1 & 3 emissions across Google products and services.
Notably, expanded the Scope 1 & 3 inventory boundary to include the following for a more comprehensive emissions inventory:
- HVAC fugitive emissions
- Additional emissions categories of transmission & distribution (T&D) loss
- Extraction and transportation of fuels used to generate grid electricity
Updating renewable electricity percentage for Scope 2 market-based emissions from Google's corporate footprint:
- Updated annual renewable electricity percentage from Google's clean energy procurement, in accordance with 2024 Google Environmental Report, as an input for Scope 2 market-based emissions. Note that Scope 2 location-based emissions are estimated using hourly greenhouse gas emissions factors. Read more about the difference in methodology between Scope 2 location-based and market-based emissions in the methodology document.
Improving allocation of shared internal AI/ML resources:
- Improved the treatment of central machine learning compute resources and workloads across Google products and services, including corrected central resource impact to the following Google Cloud services:
- Cloud Natural Language
- Translate
- Cloud Vision API
- Cloud Speech API
- Cloud Dialogflow API
- Vertex AI
- Cloud AutoML
- Cloud Machine Learning Engine
- Video Stitcher API
- Cloud Video Intelligence API
- Notebooks
- Cloud Text-to-Speech API
Improving data accuracy:
- Improved data center PUE mapping and energy allocation to internal services.
The notebook scheduler is now generally available. See Schedule a notebook run.
(2024-R30) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1008000
- 1.28.11-gke.1315000
- 1.29.7-gke.1008000
- 1.30.2-gke.1587003
- 1.30.3-gke.1451000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
Regular channel
- Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
Stable channel
- Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
Extended channel
- Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
No channel
- Version 1.29.7-gke.1008000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.5-gke.1091002
- 1.30.1-gke.1329003
- 1.30.3-gke.1451000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
We've identified a potential issue that may cause downtime for traffic coming to your GKE managed Internal passthrough Network Load Balancers, after certain cluster operations like node upgrades. This issue specifically affects clusters with GKE Subsetting and Services with externalTrafficPolicy=Cluster
.
This issue is more likely to occur in clusters with more than 25 nodes. To prevent this issue altogether, we recommend updating your Service configuration to use externalTrafficPolicy=Local
. If you're already experiencing downtime, scale up the number of pods backing your LoadBalancer to provide immediate relief. A fix for this issue will be available in upcoming GKE releases.
(2024-R30) Version updates
- Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.16-gke.1008000
- 1.28.11-gke.1315000
- 1.29.7-gke.1008000
- 1.30.2-gke.1587003
- 1.30.3-gke.1451000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.
(2024-R30) Version updates
- Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
(2024-R30) Version updates
- Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
(2024-R30) Version updates
- Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.15-gke.1252000
- 1.28.11-gke.1260000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
(2024-R30) Version updates
- Version 1.29.7-gke.1008000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.5-gke.1091002
- 1.30.1-gke.1329003
- 1.30.3-gke.1451000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
Looker 24.14 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, August 19, 2024
Expected Looker (original) final deployment and download available: Thursday, August 29, 2024
Expected Looker (Google Cloud core) deployment start: Monday, August 19, 2024
Expected Looker (Google Cloud core) final deployment: Monday, September 2, 2024
The Edit Connection page URL has been changed from admin/next/connections/:id
to admin/next/connections/:id/edit
. The Looker UI will not change, but any scripts or hyperlinks that you have created that reference the old URLs may break.
The presumed_looker_employee
property is now omitted from the user API response model. If you were relying on this functionality, migrate to use the verified_looker_employee
property instead.
The Chart Config Editor now supports a new Sankey chart type.
The Edit button appears only for model sets for which the user has edit access.
The Queries Admin page now contains a SQL Interface tab in the Details pop-up for queries that originate from the Open SQL Interface.
A new option is available for Looker-hosted instances that causes the instance to ignore configuration updates that occur outside the maintenance window. This option is disabled by default. To enable it, contact Looker Support.
The Chart Config Editor now supports a Venn diagram chart type.
The Open SQL Interface is now generally available and the SQL Interface Looker Labs toggle is removed.
The Looker–Tableau BI Connector is now generally available. You can now use Tableau Desktop to connect to your Looker data.
The Looker IDE now supports Vim and Emacs editors in addition to the default Looker IDE editor. You can set your editor preference in the new IDE Settings section of the Project Settings page of the Looker IDE.
The Looker IDE now supports text line wrapping in the IDE editor. Line wrapping is now the default behavior. You can turn off line wrap mode in the new IDE Settings section of the Project Settings page of the Looker IDE.
The Looker IDE now persists a user's IDE status, including the current open LookML file; the expand/collapse status of items in the file browser; the left sidebar item (such as the file browser, Git actions, Object Browser, or Project Settings); and the right sidebar item (such as the Quick Help panel, the Metadata panel, and the Project Health panel). You can remove the persistence by clicking the Reset IDE Layout button in the new IDE Settings section of the Project Settings page of the Looker IDE.
The LookML validator will no longer report inaccessible field errors for fields that are excluded from Explores.
System Activity queries that count Looker employee usage on your instance will no longer count Google employees that don't work on Looker products.
Performance has been improved for model preparation for models that use local import.
An issue has been fixed where some custom fields could not be deleted from the data table in an Explore. This feature now performs as expected.
An issue that caused some schedules to get indefinitely stuck in the scheduler queue has been fixed. This feature now performs as expected.
Previously, Look IDs were not always saved in the query metadata. This issue has been fixed, and this feature now performs as expected.
Previously, an issue caused some table calculations that referenced row totals to not appear in the series editor. This feature now performs as expected.
Previously, an issue could cause one invalid conditional data formatting rule to disable all conditional formatting rules for a series. This feature now performs as expected.
A previous issue with some Liquid variables would unnecessarily pull fields into the SQL query. This feature now performs as expected.
Rather than returning a 500 error as it would have previously, the sync_lookml_dashboard
endpoint will now return a 422 with a more informative error message if there is an issue with the LookML dashboard layout.
The custom field editor now displays an error when users attempt to enter a conditional formatting rule with more than three conditions.
Unqualified field references in Liquid will no longer trigger SQL dependencies if the value does not depend on the result set.
An issue has been fixed where an escaped single quote in a LookML string was being treated as the end of the string. The fix enables color formatting to be applied to the entire string.
An issue has been fixed where dashboard filters were applied to tile queries during tile editing. This feature now performs as expected.
An issue has been fixed where LookML details were exposed to users who did not have the see_lookml
permission.
An issue has been fixed where Looker would draw incorrect markers in the Google map visualization. This feature now performs as expected.
An issue with Exasol pivot queries has been fixed. This feature now performs as expected.
An issue with the User Activity dashboard has been resolved. This feature now performs as expected.
An issue with SSO logins has been fixed. This feature now performs as expected.
An issue has been fixed where the top-level item in an object tree was sometimes not expanded upon first loading. This feature now performs as expected.
An issue that could cause the LookML Validator to time out has been fixed. This feature now performs as expected.
Previously, a Validation or Query operation might fail if a measure did not have a type and used a sql_distinct_key
. This feature now performs as expected.
An issue has been fixed with the Denodo dialect where the TRUNC()
function could erroneously return a NULL value. This feature now performs as expected.
HighCharts error codes are now displayed in the UI rather than a blank visualization being rendered.
An issue has been fixed where unlocalized strings were rendered as "Bad Translation Key" when the project localization level was set to "permissive." This feature now performs as expected.
Looker can now use more efficient queries to determine the names of Redshift external schemas.
An issue has been fixed where, previously, a project could not be deleted because of a timeout on the Delete Confirmation page. This feature now performs as expected.
Previously, updating an OAuth client secret when there were multiple connections sometimes failed. This feature now performs as expected.
Previously, the PDT Admin panel could not be filtered by the status "Failed." This feature now performs as expected.
The editing experience in the Chart Config Editor is now more responsive.
A new progress bar, called the Looker query tracker, appears in the Explore UI when a query is running. You can toggle this off in the Labs features under Explore Query Tracker.
For Google BigQuery connections, Looker (Google Cloud core) can automatically use the OAuth application credentials that your Looker admin used when they created the Looker (Google Cloud core) instance. See the Looker (Google Cloud core) documentation for more information.
August 13, 2024
Apigee Advanced API SecurityOn August 13, 2024 we released an updated version of Advanced API Security.
Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.
Note: This functionality is not available in the me-central2
region at this time. See Available Apigee API Analytics Regions for region information. We will announce with a release note when that region is supported.
Public preview of Risk Assessment v2
This release introduces Risk Assessment v2 in preview. Risk Assessment v2 includes these improvements:
- Improved reliability: Faster score calculations with recent proxy data.
- Simplified score display: The new score is a percentage, where 100% means full alignment with the security profile.
For usage information and a list of all improvements and changes in v2, see Risk Assessment v2.
Cancel jobs is available in Preview.
Batch CentOS (batch-centos
) and Batch HPC CentOS (batch-hpc-centos
) have reached end of development due to the end of support (EOS) of Compute Engine CentOS 7 images on June 30, 2024.
The final image versions of these Batch OSes—batch-centos-7-official-20240628-00-p00
and batch-hpc-centos-7-official-20240628-00-p00
from June 28, 2024—are only supported until August 27, 2024. By then, migrate any job that uses Batch CentOS or Batch HPC CentOS to a different OS.
The documentation has been updated to clarify that a Batch OS stops being supported when its base Compute Engine OS is deprecated. This restriction only applies to Batch OSes that have not already reached the end of development as of the date of this notice.
For more information, see Restrictions for VM OS images.
You can now enable client-side metrics with the Bigtable client library for Go. Used in conjunction with server-side monitoring metrics, client-side metrics can provide a complete, actionable view of Bigtable performance. For more information, see Set up client-side metrics.
The Carbon footprint dashboard in the FinOps hub now includes market-based emissions data (preview)
Scope 2 market-based emissions data (preview) for the Carbon footprint dashboard are now available in the FinOps hub. The market-based emissions metric represents purchased electricity, incorporating Google's annual renewable energy purchases. You can use the data in the Carbon footprint dashboard to optimize your cloud spend and reduce your carbon impact.
To learn more about the methodology and the difference between location-based and market-based emission metrics, see the carbon footprint documentation.
A new Cloud Composer release has started on August 13, 2024. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.4
- composer-3-airflow-2.7.3-build.13
Cloud Composer 2.9.1 images are available:
- composer-2.9.1-airflow-2.9.1 (default)
- composer-2.9.1-airflow-2.7.3
Database Migration Service now supports migrations to MySQL minor version 8.0.37. See Supported source and destination databases in Cloud SQL for MySQL migrations.
Introducing log scopes. Log scopes are persistent, project-level resources that list a set of resources to be searched for log entries. For example, you might configure a log scope to contain multiple projects and several log views. If you select your log scope when using the Logs Explorer, it displays the log entries that originate in the specified projects and those in the specified log views.
You can create, edit, and delete log scopes. You can also set one log scope as the default log scope, which determines the resources that the Logs Explorer searches for log entries.
For more information, see Create and manage log scopes.
Google Distributed Cloud for VMware 1.29.400-gke.81 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.400-gke.81 runs on Kubernetes v1.29.6-gke.1800.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
Existing Seesaw load balancers now require TLS 1.2.
The following vulnerabilities are fixed in 1.29.400-gke.81:
High-severity container vulnerabilities:
- CVE-2024-0567
- CVE-2021-43816
- CVE-2022-23648
- CVE-2021-33194
- CVE-2021-30465
- CVE-2019-16884
- CVE-2022-48622
- CVE-2020-22218
Ubuntu vulnerabilities:
- CVE-2023-52752
- CVE-2024-25742
- CVE-2024-26886
- CVE-2024-26952
- CVE-2024-27017
- CVE-2024-36016
- CVE-2022-38096
- CVE-2023-52488
- CVE-2023-52699
- CVE-2023-52880
- CVE-2024-23307
- CVE-2024-24857
- CVE-2024-24858
- CVE-2024-24859
- CVE-2024-24861
- CVE-2024-25739
- CVE-2024-26629
- CVE-2024-26642
- CVE-2024-26654
- CVE-2024-26687
- CVE-2024-26810
- CVE-2024-26811
- CVE-2024-26812
- CVE-2024-26813
- CVE-2024-26814
- CVE-2024-26817
- CVE-2024-26828
- CVE-2024-26922
- CVE-2024-26923
- CVE-2024-26925
- CVE-2024-26926
- CVE-2024-26929
- CVE-2024-26931
- CVE-2024-26934
- CVE-2024-26935
- CVE-2024-26937
- CVE-2024-26950
- CVE-2024-26951
- CVE-2024-26955
- CVE-2024-26956
- CVE-2024-26957
- CVE-2024-26958
- CVE-2024-26960
- CVE-2024-26961
- CVE-2024-26964
- CVE-2024-26965
- CVE-2024-26966
- CVE-2024-26969
- CVE-2024-26970
- CVE-2024-26973
- CVE-2024-26974
- CVE-2024-26976
- CVE-2024-26977
- CVE-2024-26981
- CVE-2024-26984
- CVE-2024-26988
- CVE-2024-26989
- CVE-2024-26993
- CVE-2024-26994
- CVE-2024-26996
- CVE-2024-26999
- CVE-2024-27000
- CVE-2024-27001
- CVE-2024-27004
- CVE-2024-27008
- CVE-2024-27009
- CVE-2024-27013
- CVE-2024-27015
- CVE-2024-27016
- CVE-2024-27018
- CVE-2024-27019
- CVE-2024-27020
- CVE-2024-27059
- CVE-2024-27393
- CVE-2024-27395
- CVE-2024-27396
- CVE-2024-27437
- CVE-2024-35785
- CVE-2024-35789
- CVE-2024-35791
- CVE-2024-35796
- CVE-2024-35804
- CVE-2024-35805
- CVE-2024-35806
- CVE-2024-35807
- CVE-2024-35809
- CVE-2024-35813
- CVE-2024-35815
- CVE-2024-35817
- CVE-2024-35819
- CVE-2024-35821
- CVE-2024-35822
- CVE-2024-35823
- CVE-2024-35825
- CVE-2024-35847
- CVE-2024-35849
- CVE-2024-35851
- CVE-2024-35852
- CVE-2024-35853
- CVE-2024-35854
- CVE-2024-35855
- CVE-2024-35857
- CVE-2024-35871
- CVE-2024-35872
- CVE-2024-35877
- CVE-2024-35879
- CVE-2024-35884
- CVE-2024-35885
- CVE-2024-35886
- CVE-2024-35888
- CVE-2024-35890
- CVE-2024-35893
- CVE-2024-35895
- CVE-2024-35896
- CVE-2024-35897
- CVE-2024-35898
- CVE-2024-35899
- CVE-2024-35900
- CVE-2024-35902
- CVE-2024-35905
- CVE-2024-35907
- CVE-2024-35910
- CVE-2024-35912
- CVE-2024-35915
- CVE-2024-35918
- CVE-2024-35922
- CVE-2024-35925
- CVE-2024-35930
- CVE-2024-35933
- CVE-2024-35934
- CVE-2024-35935
- CVE-2024-35936
- CVE-2024-35938
- CVE-2024-35940
- CVE-2024-35944
- CVE-2024-35950
- CVE-2024-35955
- CVE-2024-35958
- CVE-2024-35960
- CVE-2024-35969
- CVE-2024-35970
- CVE-2024-35973
- CVE-2024-35976
- CVE-2024-35978
- CVE-2024-35982
- CVE-2024-35984
- CVE-2024-35988
- CVE-2024-35989
- CVE-2024-35990
- CVE-2024-35997
- CVE-2024-36004
- CVE-2024-36005
- CVE-2024-36006
- CVE-2024-36007
- CVE-2024-36008
- CVE-2024-36020
- CVE-2024-36025
- CVE-2024-36029
In GKE version 1.30 and later, there is a workaround in the PDCSI driver for privileged workloads that access container namespaces with hostpath. The workaround delays NodeUnstage until attached filesystems are no longer in use. Under certain conditions, the privileged hostpath workloads may cause a container's mount namespace to be retained longer than the container's lifecycle. The workaround addresses an issue where the driver could proceed with detaching a GCE persistent disk even if the block device filesystem is still in use.
With this fix, the PDCSI driver will validate that an attached block device is no longer in use prior to unmounting it from a GKE node.
Custom compute classes are a new set of capabilities in GKE that provide an API for fine-grained control over fallback compute priorities, autoscaling configuration, obtainability and node consolidation. Custom compute classes offer enhanced flexibility and control over your GKE compute infrastructure so that you can ensure optimal resource allocation for your workloads. You can use custom compute classes in GKE version 1.30.3-gke.1451000 and later. To learn more, see About custom compute classes.
Choosing a hosting option for a Looker (original) instance helps you understand the benefits and limitations of each hosting option — Looker-hosted or customer-hosted — so that you can make the best decision for their organization.
Looker (Google Cloud core) users now have access to the first-ever Learn Assistant panel on Google Cloud console pages. This panel provides tailored documentation and tutorials that are specifically related to the tasks or concepts covered on that console page.
A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.
A new multi-region instance configuration is now available in North America - nam16
(Iowa/Northern Virginia/Columbus).
August 12, 2024
Access ApprovalAccess Approval supports Cloud Armor in the GA stage.
Access Transparency supports Cloud Armor in the GA stage.
Customer Manager Encryption Key support is now available in preview for all Agent Assist features in regionalized environments, including all generative AI features. See the documentation for more details.
On August 12, 2024, we released a new version of Apigee.
We changed the maximum number of Apps per developer from 10 to 100. See the Limits page for more detail.
Note that using more than 10 apps per developer will result in latency when accessing flow variables referencing developer.apps
.
With this release, Apigee expanded its support for data residency to additional regions in Japan:
asia-northeast1
(Tokyo)asia-northeast2
(Osaka)
Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
A weekly digest of client library updates from across the Cloud SDK.
You can now use time series and range functions to support time series analysis. This feature is now generally available (GA).
A weekly digest of client library updates from across the Cloud SDK.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-logging
3.11.1 (2024-08-06)
Bug Fixes
The translation LLM and adaptive translation now support Arabic, Hindi, and Russian. For the full list of supported languages, see Supported languages.
cos-105-17412-448-8
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.163 | v23.0.3 | v1.7.19 | v470.256.02(default),v550.90.07(latest) |
This is an LTS Refresh release.
Updated app-admin/google-guest-configs to 20240607.00.
Updated app-containers/containerd to 1.7.19.
Upgraded app-containers/cni-plugins to v1.4.1.
Upgraded sys-auth/pambase to v20240128.
Upgraded sys-apps/gentoo-functions to v0.19.
Upgraded dev-libs/nss to v3.100.
Upgraded dev-libs/re2 to v0.2022.12.01.
Upgraded app-arch/unzip to v6.0_p27-r1.
Upgraded dev-python/six to v1.16.0-r1.
Upgraded dev-python/netifaces to v0.11.0-r2.
Upgraded dev-lang/python-exec to v2.4.10.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Disable NVIDIA persistence mode with -no-verify flag.
Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.
Fixed CVE-2023-5678 in dev-libs/openssl.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Fixed CVE-2024-6345 in dev-python/setuptools.
Fixed CVE-2024-39894 in openssh.
Fixed CVE-2024-39472 in the Linux kernel.
Fixed CVE-2024-38577 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812698 -> 812708
cos-101-17162-528-12
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.161 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
This is an LTS Refresh release.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Disable NVIDIA persistence mode with -no-verify flag.
Fixed CVE-2024-6602 in dev-libs/nss.
Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Fixed CVE-2024-6345 in dev-python/setuptools.
Updated ncurses to 6.4_p20240414. This resolves CVE-2023-45918.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Fixed CVE-2024-39472 in the Linux kernel.
Fixed CVE-2024-42229 in the Linux kernel.
Fixed CVE-2024-42068 in the Linux kernel.
Fixed CVE-2024-42082 in the Linux kernel.
Fixed CVE-2024-38577 in the Linux kernel.
Fixes CVE-2024-36901 in the Linux kernel.
Fixes CVE-2024-39482 in the Linux kernel.
cos-109-17800-309-13
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Upgraded sys-apps/less to v661.
Downgraded sys-apps/ethtool to v6.3.
Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.
Fixed CVE-2024-39472 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812261 -> 812257
cos-113-18244-151-14
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Downgraded sys-apps/ethtool to v6.7.
Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.
Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.
Fixed CVE-2024-39472 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812030 -> 812026
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.12 (2024-08-08)
Bug Fixes
- dataflow: Update google.golang.org/api to v0.191.0 (5b32644)
Customer-Managed Encryption Keys (CMEK) in Dataform are generally available (GA). For more information, see Use customer-managed encryption keys.
You can now use Cloud External Key Manager (Cloud EKM) keys to protect Dataform data. Cloud EKM keys in Dataform are generally available (GA). For more information, see Using and managing external keys.
Data lineage list view is available in preview. The lineage list view displays full lineage information in a single table. For more information, see Data lineage list view.
New Dataproc Serverless for Spark runtime versions:
- 1.1.75
- 1.2.19
- 2.0.83
- 2.2.19
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-datastore
2.20.0 (2024-08-07)
Features
- Add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionStats (#521) (dfbee2d)
- Add new_transaction support (#499) (43855dd)
- Implement query profiling (#542) (1500f70)
- New PropertyMask field which allows partial commits, lookups, and query results (7fd218b)
Bug Fixes
Java
Changes for google-cloud-datastore
2.21.1 (2024-08-06)
Dependencies
2.21.0 (2024-07-31)
Features
(2024-R29) Version updates
There are no GKE cluster version updates in 2024-R29. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
There are no new releases in the Rapid channel.
Regular channel
There are no new releases in the Regular channel.
Stable channel
There are no new releases in the Stable channel.
Extended channel
There are no new releases in the Extended channel.
No channel
There are no updates for clusters not enrolled in a release channel.
(2024-R29) Version updates
There are no new releases in the Rapid channel.
(2024-R29) Version updates
There are no new releases in the Regular channel.
(2024-R29) Version updates
There are no new releases in the Stable channel.
(2024-R29) Version updates
There are no new releases in the Extended channel.
(2024-R29) Version updates
There are no updates for clusters not enrolled in a release channel.
You can attach tags to Identity and Access Management (IAM) service accounts to conditionally grant or deny access to specific service accounts. This feature is in Preview. For more information, see Creating and managing tags for service accounts.
Cloud Infrastructure Entitlement Management (CIEM) is generally available
CIEM helps you adhere to the principle of least privilege by providing a comprehensive look at the security of your identity and access configuration. It provides insight into details such as what permissions are associated with a given identity, what roles are not optimal (highly permissive), and what steps you can take to remediate potential misconfigurations.
For more information about CIEM, see Overview of Cloud Infrastructure Entitlement Management.
VPC Flow Logs includes the following metadata annotations in General Availability:
src_gateway
anddest_gateway
src_google_service
anddest_google_service
load_balancing
network_service
psc
For more information, see Record Format.
August 11, 2024
Google SecOps SOARRelease 6.3.14 is now in General Availability.
August 10, 2024
Google SecOps SOARRelease 6.3.15 is currently in Preview.
Unable to upload ZIP files to the Case wall. (ID #52659859)
August 09, 2024
Access ApprovalAccess Approval supports Storage Transfer Service in the GA stage.
Private Service Connect and Organization Policy Service
You can create Contact Center AI Platform (CCAIP) instances that are configured for private access, which restricts access to them over the public internet. You can then set up Private Service Connect, which lets your agents, managers, and CCAIP administrators access the private instances. This is done using your own internal IP address, keeping your traffic within Google Cloud. Private Service Connect doesn't prevent end-users from contacting your contact center as they normally would. Private Service Connect is in Preview. For more information, see Set up Private Service Connect.
You can also use Google Cloud Organization Policy to get centralized, programmatic control over your organization's resources. If you want more granular, customizable control over the specific fields that are restricted in your organization policies, you can create custom constraints. For more information, see Manage Contact Center AI Platform resources using custom constraints .
Gemini on Vertex AI supports multiple response candidates. For details, see Generate content with the Gemini API.
VMware Engine ve2-mega-64
node type is generally available in the australia-southeast1
region. For more information on the node type, see Node types. To use the node type in the australia-southeast1
region, contact your Google account team.
Apache Kafka for BigQuery is now called Google Cloud Managed Service for Apache Kafka.
Google Cloud NetApp Volumes offers volume replication between the following region pairs for Flex service level:
europe-west1
(Belgium) andeurope-west8
(Milan)europe-west1
(Belgium) andeurope-west9
(Paris)europe-west8
(Milan) andeurope-west12
(Turin)
To learn more, see About volume replication.
reCAPTCHA Mobile SDK v18.6.0-beta01 is now available for iOS.
This version contains the following changes:
- A new API,
fetchClient
, is available that provides built-in retries for network issues. - Bug fixes and improvements.
August 08, 2024
AlloyDB for PostgreSQLEnhanced Query Insights and active queries are now available in Preview for read pool instances.
On August 8, 2024, we announced an increase in the recommended number of API basepaths per Apigee environment or environment group.
The recommended limit of API proxy basepaths per Apigee environment or environment group increased from 1,000 to 3,000. For more information, see the Environment and organization section of the Limits page.
Bug ID | Description |
---|---|
329304975, 301845257 | Limit on number of basepaths per environment Fixed issue with the number of total basepaths per environment causing potential failures when deploying API proxy revisions. |
The JSON_KEYS
function, which extracts unique JSON keys from a JSON expression, is in Preview.
Some JSON functions that take a JSONPath let you specify a mode that allows flexibility in how the JSONPath matches the JSON data structure. This feature is in Preview.
View granular cost data from Secret Manager secret usage in Cloud Billing exports to BigQuery
You can now view granular Secret Manager secret cost data in the Google Cloud Billing detailed export. Use the resource.name
or resource.global_name
field in the export to view and filter your detailed log bucket usage.
Tags data for Secret Manager secret usage is available in both the Standard usage cost export and the Detailed usage cost export.
To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see about tags and query examples with tags.
The kubelet read-only port in GKE clusters (TCP port 10255) is not used by Cloud Composer. You can define appropriate firewall rules to block external traffic over TCP 10255 in your customer project as described in Modify VPC firewall rules.
Fixed a problem that caused file synchronization between the bucket and Airflow components to be stuck or progress very slowly.
The default version of Airflow is changed to 2.9.1.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.3
- composer-3-airflow-2.7.3-build.12
Cloud Composer 2.9.0 images are available:
- composer-2.9.0-airflow-2.9.1 (default)
- composer-2.9.0-airflow-2.7.3
Cloud Composer version 2.4.0 has reached its end of support period.
You can now select internal proxy Network Load Balancers as a health checked target for DNS routing policies in Preview. For more information, see DNS routing policies and health checks.
Preview: An HTTPS metadata server endpoint is now available that provides added security for transmission of information between the metadata server and the VM. This endpoint is only available for Shielded VMs. For more information, see HTTPS metadata server endpoint.
To get started using this new endpoint, see Query metadata by using the HTTPS metadata server endpoint.
Release 1.29.400-gke.86
Google Distributed Cloud for bare metal 1.29.400-gke.86 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.400-gke.86 runs on Kubernetes 1.29.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
- GA: Added support in version 1.29.400-gke.86 and higher for Red Hat Enterprise Linux (RHEL) version 9.2. For more information, see Select your operating system.
Fixes:
The following container image security vulnerabilities have been fixed in 1.29.400-gke.86:
Fixed the following vulnerabilities:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
New formatting options for the bin calculated field type
New formatting options for the Bin calculated field type let you customize the appearance of ad hoc numeric tiers. These options include:
- Interval "[x,y)" — This format displays the range including x, and up to but not including y.
- Integer "x to y" — This format must be used with discrete integer values (such as age).
- Relational ">= x and < y" — This format is best used with continuous numbers (such as dollars).
M124 release
The M124 release of Vertex AI Workbench managed notebooks includes the following:
- Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.
M124 release
The M124 release of Vertex AI Workbench instances includes the following:
- Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.
August 07, 2024
Apigee XOn August 7, 2024, we published new documentation explaining how to integrate Apigee with a Security Information and Event Management (SIEM) solution. See Integrate Apigee with your SIEM solution for more information.
Management console is now available in the London (europe-west2
), Mumbai (asia-south1
), and Los Angeles (us-west2
) regions.
Backup and DR Service 11.0.12.322 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.
Backup and DR service now supports restoring Oracle database to any target. Learn more.
Backup and DR Service now supports migrating manual protection to dynamic protection using tags through management console. Learn more.
An updated version of JDBC driver for BigQuery is now available.
You can now create a materialized view over Apache Iceberg table that is partition aligned with the base table. The materialized view only supports time-based partition transformation, for example, YEAR
, MONTH
, DAY
, and HOUR
. This feature is in preview.
Configuring Cloud Service Mesh for either proxyless gRPC or Envoy proxy deployments with the Kubernetes Gateway API is now available as a preview feature. For more information see, the Overview page.
Google Distributed Cloud for VMware 1.28.800-gke.109 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.800-gke.109 runs on Kubernetes v1.28.11-gke.2200.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
Existing Seesaw load balancers now require TLS 1.2.
Fixed
The following vulnerabilities are fixed in 1.28.800-gke.109:
High-severity container vulnerabilities:
Ubuntu vulnerabilities:
This is a patch release of Google Distributed Cloud connected (version 1.7.1).
Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected:
- CVE-2024-36971, CVE-2024-36901, CVE-2024-36969, CVE-2024-36902 CVE-2024-36893, CVE-2024-36897, CVE-2024-35984, CVE-2024-35997, CVE-2024-6387 (GCP-2024-040), CVE-2024-38433, CVE-2024-0172
The following Google Distributed Cloud connected components have been updated:
- GKE on Bare Metal has been updated from version 1.28.500 to version 1.28.700. (This component was formerly known as Anthos Clusters on Bare Metal.)
- Kubernetes has been updated from version 1.28.8 to version 1.28.10.
The following issues have been resolved in this release of Google Distributed Cloud connected:
Nodes no longer get stuck in
Ready,SchedulingDisabled
state after applying configuration changes. Applying or deleting theNodeSystemConfigUpdate
orSriovNetworkNodePolicy
resources no longer results in a node that's stuck in theReady,Scheduling Disabled
state after it reboots.Cluster software upgrades are no longer affected by GKE Identity Service (GKE IS) Pods that get stuck in a
Failed
state after a machine reboot.Virtual machine workloads no longer temporarily go down when upgrading Google Distributed Cloud connected software. The virtual machine workloads now remain running while a Google Distributed Cloud software upgrade completes.
Changes to the
VMRuntime
resource are no longer required before upgrading to Google Distributed Cloud connected version 1.7.1 or higher.Excessive CPU load on nodes undergoing live virtual machine migration during software upgrades has been resolved. When completing a live virtual machine migration during a Google Distributed Cloud connected software upgrade, nodes no longer experience CPU spikes that might affect workloads running on them.
Virtual machines no longer lose connectivity to each other during a live migration. When completing a live migration of virtual machines from one node to another, the virtual machines now retain network connectivity to each other across the source and destination nodes.
Virtual machines are now properly scheduled after recovery from a network partition. When a loss of network connectivity across multiple nodes occurs and causes a stall in storage I/O operations, the virtual machine fencing logic now properly marks the affected virtual machines as failed. Such virtual machines are now properly scheduled back onto the affected nodes when network connectivity is restored.
This release of Google Distributed Cloud connected contains the following known issues:
Virtual machine management can fail after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you might not be able to manage the virtual machines scheduled on the corresponding nodes after you power the machines back up, even though those virtual machine workloads continue to run. To remedy this issue, contact Google Support.
The Kubernetes API server might return 404 errors when attempting to access
virt-api
endpoints. To work around this issue, contact Google Support.Storage operations hang when volume replicas are deleted from a cluster without removing the corresponding Symcloud Storage persistent volume intent. If you delete the volume replicas for a Symcloud Storage persistent volume but do not remove the corresponding intent, TCMU devices on the worker node hang, causing storage operations to stall indefinitely. This can affect both your workload data availability as well core system functionality of Google Distributed Cloud connected. To prevent this, you must always remove a Symcloud Storage persistent volume before deleting its associated volume replicas. If you need to resolve this issue on an affected node, contact Google Support.
Cluster deletion can fail due to stale Symcloud Storage data. When attempting to delete a cluster during disaster recovery or cluster reset, the deletion might fail due to the corresponding Symcloud Storage volumes not having been cleaned up. To resolve this issue, contact Google Support.
Cluster upgrades might fail with an "
ABM upgrade timed out
" error. Under certain conditions, if the GKE token expires while a cluster upgrade is in progress, the upgrade fails with an "ABM upgrade timed out
" error and a missinggkehub.memberships.update
permission is recorded in the logs. If you encounter this issue, contact Google Support.Removing the
NodeSelector
node label value in theNodeSystemConfigUpdate
resource after reconciliation does not reset the node status to default. If you remove the node label value in theNodeSelector
field of theNodeSystemConfigUpdate
resource after the resource has been successfully reconciled, the node does not revert to its default configuration.
(2024-R28) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.15-gke.1252000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
Regular channel
- Version 1.29.6-gke.1326000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
Stable channel
- The following versions are now available in the Stable channel:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
Extended channel
- Version 1.29.6-gke.1326000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
No channel
- Version 1.29.6-gke.1326000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
(2024-R28) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.15-gke.1252000
- 1.29.6-gke.1326000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.
(2024-R28) Version updates
- Version 1.29.6-gke.1326000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
(2024-R28) Version updates
- The following versions are now available in the Stable channel:
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
(2024-R28) Version updates
- Version 1.29.6-gke.1326000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1172000
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
(2024-R28) Version updates
- Version 1.29.6-gke.1326000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
August 06, 2024
Cloud WorkstationsIf you specify a source workstation during workstation creation, Cloud Workstations supports cloning of persistent directories. For more information, see REST workstations, RPC google.cloud.workstations.v1beta, or gcloud beta workstations create.
Web SDK 2.22 is released
Web SDK 2.22 includes the following updates:
Resize text. You can change the font size for any text displayed in the agent adapter.
Control link behavior. You can control whether a link opens in the same tab or a new tab.
cos-109-17800-309-7
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
This is an LTS Refresh release.
Upgraded app-admin/google-guest-configs to 20240607.00.
Upgraded app-containers/containerd to 1.7.19.
Upgraded sys-auth/pambase to v20240128.
Upgraded app-containers/docker, app-containers/docker-test, app-containers/docker-cli to v24.0.9.
Upgraded app-containers/docker-credential-gcr to v2.1.22.
Upgraded app-containers/docker-credential-helpers to v0.8.1.
Upgraded app-containers/cni-plugins to v1.4.1.
Upgraded net-misc/rsync to v3.2.7-r5.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.
Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.
Runtime sysctl changes:
- Added: net.core.mem_pcpu_rsv: 256
cos-113-18244-151-9
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.100 | v24.0.9 | v1.7.19 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
This is an LTS Refresh release.
Upgraded app-admin/google-guest-configs to 20240607.00.
Upgraded app-containers/containerd to 1.7.19.
Upgraded net-misc/rsync to v3.2.7-r5.
Upgraded sys-apps/less to v661.
Enabled the feature to utilize the gpu_driver_versions proto
file for controlling the specific GPU driver version to be installed for each GPU type.
Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Removed crash-reporter KVM support.
Removed dev-go/grpc.
Upgraded curl to v8.9.0. This fixes CVE-2024-6197.
Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.
Runtime sysctl changes:
- Changed: fs.file-max: 812026 -> 812030
You can now keep a GKE Standard cluster on a minor version for longer with the Extended release channel. Clusters running 1.27 or later can be enrolled in the Extended channel, and automatically receive security patches during the extended support period after the end of standard support. To learn more, see Get long-term support with the Extended channel.
Vertex AI Search: Layout parser GA
The layout parser for Vertex AI Agent Builder is Generally available. The layout parser transforms documents in various formats into structured representations. It makes content like paragraphs, tables, lists, and structural elements like headings, page headers, and footers easily accessible.
For more information, see Layout parser.
Vertex AI Search: Generative answers performance improvements
Generative answers have been updated with performance improvements.
- Re-ranking for generative answers has been updated to decrease response latency.
- Detection of adversarial queries has been updated for improved accuracy.
August 05, 2024
AlloyDB for PostgreSQLAlloyDB Omni version 15.5.5 is now generally available (GA). This version includes the following features and changes:
The AlloyDB Omni Kubernetes Operator version 1.1.0 is generally available (GA) and it includes the following new features:
- Cross-data center replication to support automated setup of disaster recovery.
- Support for the Red Hat OpenShift container platform version 4.14 and later in Preview.
- Variable number of nodes per read pool instance.
- Customizable count for the number of failed checks before auto-failover kicks in for a High Availability (HA) configuration.
- Version 1.1.0 of the Operator is supported on AlloyDB Omni version 15.5.5 and later.
- A dedicated backup server for streamlined backup operations.
- When you create a database cluster, the admin password secret is no longer deleted after you specify it.
The
postgres_ann
extension is renamed toalloydb_scann
. Before you upgrade AlloyDB Omni, you must drop any indexes created using the olderpostgres_ann
version, then upgrade AlloyDB Omni, and then create the indexes again using thealloydb_scann
extension.Various bug fixes.
On August 5, 2024 we released an updated version of Advanced API Security.
Shadow API Discovery, which is in preview, now supports the use of tags to label and organize observation results.
For usage information, see Use tags.
Regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS).
With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store to validate the client certificate's chain of trust.
For details, see the following:
- Mutual TLS authentication
- Set up mutual TLS with user-provided certificates
- Set up mutual TLS with a private CA
This capability is in General Availability.
Global external Application Load Balancer and global external Application Load Balancer (classic) already support frontend mTLS (General Availability).
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/logging
11.2.0 (2024-07-15)
Features
Java
Changes for google-cloud-logging
3.20.0 (2024-08-02)
Features
Dependencies
Documentation
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-storage
2.41.0 (2024-07-31)
Features
Bug Fixes
- Add UnknownHostException to set of retriable exception (#2651) (18de9fc)
- Update grpc resumable upload error categorization to be more tolerant (#2644) (95697dd)
- Update Storage#readAllBytes to respect shouldReturnRawInputStream option (#2635) (dc883cc)
- Update TransferManager downloads to reduce in memory buffering (#2630) (fc2fd75)
- Use fast calculation for totalRemaining number of bytes from multiple ByteBuffers (#2633) (758b3dd)
Dependencies
- Update dependency com.google.apis:google-api-services-storage to v1-rev20240625-2.0.0 (#2616) (b22babb)
- Update dependency com.google.apis:google-api-services-storage to v1-rev20240706-2.0.0 (#2634) (1ccaa0c)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#2647) (8196259)
- Update dependency net.jqwik:jqwik to v1.9.0 (#2608) (a20eb66)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2604) (8c79f39)
- Update junit-platform.version to v5.10.3 (#2605) (a532ee4)
You can now use parallel downloads with Cloud Storage FUSE to accelerate read performance of large files over 1 GB in size. When enabled, parallel downloads use multiple workers to download a file in parallel, accelerating file reads. For more information, see Improve read performance using parallel downloads.
Fixed an issue in which users weren't able to access the Colab Enterprise UI when Colab Service Status was OFF for everyone in Google Workspace.
AMD has notified Google about 3 new (2 medium risk, 1 high risk) firmware vulnerabilities affecting SEV-SNP in AMD EPYC 3rd generation (Milan) and 4th generation (Genoa) CPUs (CVE-2023-31355, CVE-2024-21978, and CVE-2024-21980).
For more information, see the GCP-2024-046 security bulletin.
Config Connector version 1.121.0 is now available.
The state-into-spec
is default to Absent
in any new ConfigController clusters.
Starting in version 1.122, this will be the default for all the ConfigController clusters
Starting in version 1.123, this will be the default for all ConfigConnector clusters.
DataformRepository
(Alpha) now uses direct reconciliation.
BigtableInstance
- When autoscaling is enabled (
spec.cluster[].autoscalingConfig.
), does not usenumNodes
(spec.cluster[].numNodes=2
) as that applies only to manual scaling.
BigQueryConnection
- Added
status.observedState
field to store the output-only fields which are previously mistakenly defined inspec
.
Version 3.23 is released
All release notes published on this date are part of version 3.23.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Cancel partial responses for virtual agents
You can now configure virtual agents (VAs) to enable cancellation of the playback of partial-responses fulfillment when the final fulfillment is returned. For example, if a webhook is called by the VA and partial responses is enabled, the fulfillment is returned to CCAI Platform and it starts playing the message to the end-user. If the final fulfillment is sent by Dialogflow to CCAI Platform while the partial-responses fulfillment is still being played, it is possible to interrupt this playback and play the final fulfillment.
For more information, see Support for partial response in Dialogflow CX.
New force logout endpoint in the Apps API
You can now do a force logout on agents, using agent ID or IP address, by making a POST call to a new Apps API endpoint: POST /apps/api/v1/agent_statuses/force_logout
. This endpoint lets you immediately log out an agent who is not currently on a call or chat. If the agent is on a call or chat, they are automatically logged out after the call or chat ends.
Updated agent statuses endpoint
The agent statuses endpoint, apps/api/v1/agent_statuses
, now returns an agent's IP address.
Contact lists
Agents can now use contact lists, which improve the organization and accessibility of external contacts. Agents can use a centralized workspace to create a personal contact list or a favorite contact list. Agents can access global and custom lists, depending on how your configure CCAIP. Administrators have the ability to: (1) Manage list visibility at the team or queue level, (2) Bulk upload CSV files containing contact lists, and (3) Add, edit, or delete contacts and destinations, including SIP URI addresses and phone numbers.
Auto answer settings are relocated
The following auto answer settings for calls and chats have been relocated. Functionality remains the same:
Global settings (moved to the Operations Management Routing page):
Old Locations:
Calls: Settings > Call
Chats: Settings > Chat
New Locations:
Calls: Settings > Operation Management > Routing > Call Routing > Deltacast
Chats: Settings > Operation Management > Routing > Chat Routing > Deltacast
Queue-level settings (moved to the Deltacast Settings page):
Old Locations:
Calls: Settings > Queue > [IVR] [Mobile] [Web]
Chats: Settings > Queue > Web
New Locations:
Calls: Settings > Queue > [IVR] [Mobile] [Web] > Routing > Call Routing > Deltacast
Chats: Settings > Queue > Web > Routing > Call Routing > Deltacast
For more information, see Auto answer.
End-of-session transfers for virtual agents
You can now set up a virtual agent (VA) to handle end-of-session interactions. When a live agent ends a session, it's transferred to a VA for wrap-up. You can use end-of-session transfers for interactions such as post-session surveys or feedback. This feature is available for both calls and chats.
Queue-level whisper settings for calls
Whisper settings for calls are now available at the queue level. This feature allows you to turn off whisper messages for specific queues or customize the whisper message. For example, on a billing queue, you could provide agents with instructions such as, "Call coming through the billing queue. Remember to redact if taking any payments." In addition, you can customize the call countdown timer and enable Use countdown at the queue level for calls.
For more information, see Configure whisper announcements at the queue level.
Workforce management
Workforce management (WFM) provides simple, flexible, real-time forecasting, scheduling, and adherence monitoring. Here are some key features:
Dynamic scheduling to optimize staffing. Save time by automating scheduling based on expected staffing needs. Allow agents to pick their schedule based on availability and skillset. WFM is customizable so you can create schedules that account for agent skills, time zones, channel coverage, employee time-off requests, and more.
Intelligent, flexible forecasting. Quickly create accurate omnichannel forecasts that model staffing requirements using both historical and real-time data. Interval, weekly, and monthly patterns and in-forecast updates provide day-to-day flexibility. You can make changes on the fly, or "set it and forget it."
Schedule adherence. WFM helps you avoid costly mistakes by providing agents and managers with real-time access to adherence and performance monitoring. This helps to ensure that agents are in the right place at the right time so there are no gaps in your customer service experience.
For more information, see Workforce management.
Queue-level configuration of the cascade group timer
You can now configure the cascade group timer at the queue level, instead of only at the global level. This would be useful, for example, if you wanted the agents assigned to a VIP queue to have more time to answer before the session is moved to the next cascade group.
For more information, see Configure a cascade group at the queue level.
Queue-level configuration of the percent allocation group timer
You can now configure the percent allocation group timer at the queue level, instead of only at the global level.
For more information, see Percent allocation groups.
Settings version control
Settings version control is a new feature that lets administrators more easily migrate the queue menu structure and settings from one tenant to another. Settings version control consists of two main components: (1) Exporting and importing queue menu structure and settings, and (2) Viewing and managing version history. You can save the current configuration of an existing tenant to a JSON file and then import the file and apply it to a new tenant. You can also create a reusable configuration template, making the creation of new tenants faster and more consistent. The version history feature lets administrators track the change history of a tenant, providing an overview of all previous settings applied. Administrators can revert to previous settings if they are not satisfied with recent changes. Settings version control is in Preview. For more information, see Settings version control.
New quality management (QM) session event field
CCAIP now passes a new field in the session event payload for calls.
The new field is available in the following event payload streams:
QM call events
External call events
The new session event field is the same as the agent_number
field in the CCAIP metadata. This field is passed in the payload for all session events that have an agent participant.
Here is an example of a session event field: "agent_number":"1660"
Fixed an issue where calls would sometimes not ring for an agent while connecting to a caller.
Fixed an issue where agents with chat concurrency set to 1 were incorrectly receiving new chat offers while already handling a chat.
Fixed a co-browse display issue.
Fixed an issue where chats continued to be translated after being transferred to a queue that had live translation turned off.
Fixed an issue where the agent adapter was not triggering events in an iframe when starting or ending a co-browse session.
Fixed an issue where the Telnyx API was throwing an error when verifying a number, preventing BYOC numbers from being added.
Access Approval supports Dataform in the GA stage.
The translation LLM now supports Arabic, Hindi, and Russian. For the full list of supported languages, see the Translate text page.
Disaster recovery scenarios for data: Added guidance about using the following capabilities to back up and recover self-managed databases deployed in Google Cloud:
Disaster recovery scenarios for applications: Added guidance about using the following capabilities to back up and recover applications deployed in Google Cloud:
For the Flex service level, Google Cloud NetApp Volumes offers its services in the following regions:
europe-west8 (Milan)
europe-west9 (Paris)
europe-west12 (Turin)
To learn more, see NetApp Volumes key features.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
Beta release for the pubsub opentelemetry tracing feature
OpenTelemetry tracing standards are in active development, and thus attributes, links, and span names are EXPERIMENTAL and subject to change or removal without notice.
1.41.0 (2024-08-01)
Features
- pubsub/pstest: Add Message.Topic field and populate on publish (#10510) (01bf051)
- pubsub: Add max messages batching for Cloud Storage subscriptions (1bb4c84)
Bug Fixes
- pubsub: Bump google.golang.org/[email protected] (8fa9e39)
- pubsub: Bump google.golang.org/[email protected] (8ecc4e9)
- pubsub: Update dependencies (257c40b)
Java
Changes for google-cloud-pubsub
1.132.0 (2024-08-01)
Features
Dependencies
- Update dependency com.google.cloud:google-cloud-bigquery to v2.41.0 (#2093) (217b8a3)
- Update dependency com.google.cloud:google-cloud-bigquery to v2.42.0 (#2124) (24ebe24)
- Update dependency com.google.cloud:google-cloud-core to v2.41.0 (#2120) (1f6428a)
- Update dependency com.google.cloud:google-cloud-storage to v2.40.1 (#2095) (0d64d6c)
- Update dependency com.google.cloud:google-cloud-storage to v2.41.0 (#2129) (2348d20)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#2121) (7fbea6d)
- Update dependency com.google.protobuf:protobuf-java-util to v4.27.2 (#2091) (9859f11)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2096) (42f12ed)
Documentation
Python
Changes for google-cloud-pubsub
2.23.0 (2024-07-29)
Features
The ORGANIZATION_NAME
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
The STREET_ADDRESS
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
August 03, 2024
Google SecOps SOARRelease 6.3.13 is now in General Availability.
August 02, 2024
Apigee Advanced API SecurityThe preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents is now re-enabled after resolution of the known issue noted on July 19.
For usage instructions, see the Incident details documentation.
Redirecting from Apigee Integration to Application Integration
We are converging Apigee Integration and Application Integration. This change involves the following updates:
- You will now be redirected to Application Integration from the Apigee portal.
- Apigee Integration will not support configuring connector tasks in the Apigee portal. You will have to open Application Integration in the Google cloud console to configure connector tasks in your integration.
For more information, see Use Application Integration.
Vertex AI SDK for Python supports token listing and counting for prompts without the need to make API calls. This feature is available in (Preview). For details, see List and count tokens.
The NVIDIA GPU Operator can now be used as an alternative to fully managed GKE for both Container-Optimized OS and Ubuntu node images. Choose this option to manage your GPU stack if you're looking for a consistent multi-cloud experience, already using the NVIDIA GPU Operator, or have software reliant on it.
Release 6.3.14 is currently in Preview.
Unable to rerun a failed playbook step when the parameter is very large. As part of the fix, large parameter values will show as truncated on the platform but will not change the actual value sent to the playbook. (ID #49774296)
The platform does not show the correct error when trying to save a playbook which is open in another tab. (ID #00269661)
Can't remove the remote agent after host/container has stopped (ID #49024310)
List and multi-select parameters not appearing correctly in the IDE (ID # 51995565)
Playbook simulator sometimes not executing actions in the correct order (ID #48264534)
Missing audit log entries when deleting permission groups (ID #51496411)
The Vertex AI Model Registry now offers Preview support for model copy across different projects. For information about how to copy your model projects and regions, see Copy models in Model Registry.
August 01, 2024
Apigee XOn August 1, 2024, we released an updated version of Apigee (1-13-0-apigee-1).
New flow variables are now available:
request.headers.names.string
request.queryparams.names.string
request.formparams.names.string
message.headers.names.string
message.queryparams.names.string
message.formparams.names.string
response.headers.names.string
These context variables can be used to return header, query parameter, and form parameter names in string
format that can be used in API proxy logic. Each variable returns a comma-separated list of names.
For more information, see the Flow variables reference.
Bug ID | Description |
---|---|
308583363, 332464869 | Security fix for apigee-mart . This addresses the following vulnerabilities: |
332465218 | Security fix for apigee-runtime .This addresses the following vulnerabilities: |
341994213, 333971421 | Security fixes for Cassandra emulator .These address the following vulnerabilities: |
329762216 | Security fix for This addresses the following vulnerability: CVE-2024-24786 |
342630443, 342714341, 343202829 | Security fixes to address the following vulnerabilities: |
Bug ID | Description |
---|---|
293150694 | <HTTPMonitor> now supports the <UseTargetServerSSLInfo> element and can trust TLS certs from non-public CAs. |
329874359 | Decreased the default value of <CacheLookupTimeoutInSeconds> from 30 seconds to 12 seconds. |
334442202 | Added specific and informative error messaging for App query failures resulting from discrepancies between developers and apps. |
333919279 | Improved reliability for Developer, App and API products APIs. |
339169651 | Fixed potential HTTP request smuggling vulnerability when using the OPTIONS method. |
297539870 | <HTTPTargetConnection> property io.timeout.millis is honored when used with WebSockets. |
N/A | Updated infrastructure and libraries. |
Generally available: The Chrome Enterprise Premium file transfer connector. You can use this feature to scan files that are transferred between different file systems on ChromeOS.
Bigtable supports querying in SQL. This feature is available in Preview. For more information, see Introduction to SQL for Bigtable.
The Bigtable Studio query editor is available in Preview. For more information, see Manage your data using Bigtable Studio.
Bigtable aggregates let you build distributed counters and aggregate your Bigtable data at write time using min, max, sum, or HLL. This feature is generally available (GA). For more information, see Aggregate values at write time.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Compute Engine
compute.googleapis.com/InstantSnapshot
In July and August 2024, new Cloud Composer 2 environments keep switching to using GKE 1.29 and PSC as a connectivity channel to the GKE control plane. Creating new Cloud Composer 2 private IP environments will require using PSC SERVICE_PRODUCER
endpoints, which might be blocked by the Disable Private Service Connect for Consumers organization policy constraint. Previously, this org policy limitation could be addressed by using VPC peerings instead of PSC, but starting from GKE 1.29, this workaround is no longer available.
(Cloud Composer 3 only) The July 24th issue with Airflow upgrade operations for Cloud Composer 3 environments is now fixed. Airflow upgrade operations are now being re-enabled, and should reach all Cloud Composer 3 environments within the next couple of days.
The initial synchronization of DAGs and plugins in Airflow workloads is performed in a separate container and utilizes full resources of the Pod.
(Cloud Composer 3) Fixed an error that happened when values in certain formats were used for Airflow configuration options.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.2
- composer-3-airflow-2.7.3-build.11
Cloud Composer 2.8.8 images are available:
- composer-2.8.8-airflow-2.9.1
- composer-2.8.8-airflow-2.7.3 (default)
Airflow 2.6.3 is no longer included in Cloud Composer 2 images.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud SQL for SQL Server now offers two editions of Cloud SQL to support your various business and application needs: Cloud SQL Enterprise Plus edition and Cloud SQL Enterprise edition. Each edition provides different performance and availability characteristics to meet the needs of your applications.
Cloud SQL Enterprise Plus edition has new machines for better performance, higher availability, and advanced disaster recovery. Existing instances become Cloud SQL Enterprise edition for SQL Server instances with no changes to pricing or features. You can upgrade existing instances to the Cloud SQL Enterprise Plus edition in-place using the Google Cloud Console, the gCloud CLI, or the API with minimal downtime.
For more information about Cloud SQL editions, see Introduction to Cloud SQL editions.
Beginning November 1, 2024, BigQuery users will start seeing charges for Cloud Storage usage as per pricing documentation, which was not metered before due to a billing bug.
Retrieval fees for Nearline, Coldline, and Archive storage classes will be charged per existing pricing documentation and retrieval SKUs.
Inter Region Network Data Transfer fees will be charged when a BigQuery job in one location reads data stored in a Cloud Storage bucket in a different location. These charges are covered by GCP Storage Data Transfer SKUs and Network Data Transfer GCP Inter Region SKUs. Network Data Transfer GCP Multi-region SKUs are not applicable to this change.
Refer to the announcement for more information.
Generally available: You can use instant snapshots to take in-place disk backups that can be restored to new disks in under a minute.
Instant snapshots are ideal for rapid data restoration within the same location as the source disk. For more information, see Instant snapshots.
Google Distributed Cloud for VMware 1.16.11-gke.25 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.11-gke.25 runs on Kubernetes v1.27.15-gke.1200.
If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
Existing Seesaw load balancers now require TLS 1.2.
The following vulnerabilities are fixed in 1.16.11-gke.25:
High-severity container vulnerabilities:
Ubuntu vulnerabilities:
Release 1.28.800-gke.111
Google Distributed Cloud for bare metal 1.28.800-gke.111 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.800-gke.111 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Functionality changes:
- Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, including the following:
Cluster
,NodePool
,BareMetalMachine
andBareMetalCluster
.
Fixes:
The following container image security vulnerabilities have been fixed in 1.28.800-gke.111:
Medium-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
You can now enable NCCL Fast Socket on your multi-GPU Autopilot workloads. NCCL Fast Socket is a transport layer plugin designed to improve NVIDIA Collective Communication Library (NCCL) performance on Google Cloud. To enable NCCL Fast Socket on GKE Autopilot, you must use a GKE Autopilot cluster with control plane version 1.30.2-gke.1023000 or later. For more information, see Improve workload efficiency using NCCL Fast Socket.
Autopilot nodes use Google Virtual NIC (gVNIC) for 1.30.2-gke.1023000 and later.
Customers can now configure direct ingestion of Google Cloud data without using a 1-time Google Security Operations access code. This feature will be launched over a period of several weeks. For more information, see Enable direct ingestion from Google Cloud.
Customers can now configure direct ingestion of Google Cloud data without using a 1-time Google Security Operations access code. This feature will be launched over a period of several weeks. For more information, see Enable direct ingestion from Google Cloud.
Audit logging for Gemini in Looker
You can view Gemini in Looker log events in the Admin Console (Security Investigation Tool). Gemini in Looker can be enabled for Looker Studio Pro subscriptions, which are associated with a Google Cloud project. To see which Google Cloud projects have Gemini in Looker enabled, as well as those with Gemini in Looker's Trusted Tester capabilities, filter the log by choosing the Setting name attribute and view the entries in the Project ID column.
Learn more about Looker Studio log events.
Spanner now offers Spanner Graph in Preview, which unites purpose-built graph database capabilities with Spanner. Spanner Graph includes a graph query interface compatible with the ISO GQL (Graph Query Language) standards, and interoperability between relational and graph models. For more information, see the following:
Spanner full-text search (Preview) lets you search a table to find words, phrases, or integers, instead of just searching for exact matches in structured fields. Spanner full-text search capabilities also include making spelling corrections, automating language detection of search input, and ranking search results. To learn more, see the Full-text search overview.
July 31, 2024
AlloyDB for PostgreSQLGemini in Databases assistance in AlloyDB for PostgreSQL is now available in Preview for standard and enhanced query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you monitor and troubleshoot your AlloyDB resources. For more information, see Monitor and troubleshoot with Gemini assistance.
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
hybrid 1.11.2-hotfix.2
On July 31, 2024 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.2.
Note: This release reflects a change to the component images and not the Helm chart templates. If your hybrid installation is currently on Apigee hybrid v1.11.2, Apply this hotfix with the following steps:
In your overrides file, update the
image.url
andimage.tag
properties ofao
andruntime
:ao: image: url: "gcr.io/apigee-release/hybrid/apigee-operators" tag: "1.11.2-hotfix.2" runtime: image: url: "gcr.io/apigee-release/hybrid/apigee-runtime" tag: "1.11.2-hotfix.2"
Install the hotfix release:
For Helm-managed releases, update the
apigee-operator
with thehelm upgrade
command and your current overrides files:helm upgrade operator apigee-operator/ \ --namespace apigee-system \ --atomic \ -f overrides.yaml
For each environment in your Apigee org:
helm upgrade ENV_NAME apigee-env/ \ --namespace apigee \ --atomic \ -f overrides.yaml
For
apigeectl
-managed releases:install the hotfix release with
apigeectl init
using your updated overrides file:${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client
Followed by:
${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE
Apply the hotfix release with
apigeectl apply
:${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs --dry-run=client
Followed by:
${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs
- For information on upgrading, see Upgrading Apigee hybrid to version 1.11.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
351868444 | Tolerations are now working for Redis's Envoy pod. |
297539870 | HTTPTargetConnection property io.timeout.millis is now honored correctly when using websockets. |
Ruby 3.3 is now generally available.
Ruby 3.3 is now generally available.
When you translate SQL queries from your source database, you can use configuration YAML files to optimize and improve the performance of your translated SQL. This feature is in preview.
Workload management now provides the following benefits:
- The autoscaler now scales up immediately.
- The autoscaler now scales more precisely.
- The autoscaler scales to the nearest multiple of 50 slots, instead of 100.
- You can now purchase capacity commitments, set baseline slots, and set autoscale max slots in incremental steps of 50 slots.
- If one minute or more has passed since the most recent increase in capacity, you can now reduce capacity without resetting the one minute minimum. This allows for multiple consecutive decreases without a one minute delay between them.
These features are now generally available (GA).
Health checks for external endpoints in Cloud DNS routing policies are now available in Preview.
Cloud Functions now supports the Ruby 3.3 runtime at the General Availability release level.
Cloud Load Balancing now supports failover for global, classic, and regional external Application Load Balancers. Failover is handled by creating two or more regional external Application Load Balancers in the regions where you want the traffic to failover to. Only regional external Application Load Balancers can be used as failover backup load balancers.
For details, see Failover for external Application Load Balancers.
This feature is available in Preview.
Gemini in Databases assistance in Cloud SQL for MySQL is now available in Preview for query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you observe and troubleshoot your Cloud SQL resources. For more information, see Observe and troubleshoot with Gemini assistance.
Gemini in Databases assistance in Cloud SQL for PostgreSQL is now available in Preview for query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you observe and troubleshoot your Cloud SQL resources. For more information, see Observe and troubleshoot with Gemini assistance.
You can now use list caching with Cloud Storage FUSE, which is a cache for directory and file list, or ls
, responses that improves list operation speeds. To learn more about list caching and how to enable it, see the Cloud Storage FUSE caching overview page.
You can now use the Google Cloud console to set a default soft delete retention duration. For more information, see Use tags to set a default soft delete retention duration for new buckets.
cos-113-18244-85-65
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Runtime sysctl changes:
- Changed: fs.file-max: 812041 -> 812026
The maximum size limit for repositories encrypted with customer-managed encryption keys (CMEK) is 512 MB. For more information about Dataform quotas and limits, see Quotas and limits. For more information about encrypting Dataform repositories with CMEK, see Use customer-managed encryption keys.
New Dataproc Serverless for Spark runtime versions:
- 1.1.74
- 1.2.18
- 2.0.82
- 2.2.18
Dataproc Serverless for Spark: Upgraded Spark BigQuery connector to version 0.36.4 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions.
New Imagen on Vertex AI image generation model and features
The Imagen 3 image generation models (imagen-3.0-generate-001
and the low-latency version imagen-3.0-fast-generate-001
) are now available. These model offers the following additional features:
- Additional aspect ratios (1:1, 3:4, 4:3, 9:16, 16:9)
- Digital watermark (SynthID) enabled by default
- Watermark verification
- User-configurable safety features (safety setting, person/face setting)
For more information, see Model versions and Generate images using text prompts.
Gemma 2 2B is available in Model Garden. For details, see Use Gemma open models.
The following models have been added to Model Garden:
- Gemma 2 2B: A foundation LLM by Google Deepmind.
- Qwen2: An LLM series by Alibaba Cloud.
- Phi-3: An LLM series by Microsoft.
Resource and deployment settings were made to the following models:
- Added GPU inferences for gemma2-27b and gemma2-27b-it with verified performances.
- Added verified deployment settings for Mistral AI models that are deployed from Huggingface, including mistralai/mistral-nemo-instruct-2407, mistralai/mistral-nemo-base-2407, mistralai/mistral-large-instruct-2407, and mistralai/codestral-22b-v0.1.
- Added multiple deployment settings with A100 (40G), A100 (80G) and H100 (80G) for select models, such as llama3.1, llama3, gemma2, gemma, and mistral-7b.
(2024-R27) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
Rapid channel
- Version 1.30.2-gke.1587003 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.14-gke.1059002
- 1.27.15-gke.1125000
- 1.28.11-gke.1260000
- 1.28.11-gke.1289000
- 1.29.6-gke.1038001
- 1.29.6-gke.1137000
- 1.30.1-gke.1329003
- 1.30.2-gke.1394003
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.2-gke.1587003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
Regular channel
- Version 1.29.6-gke.1254000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
Stable channel
- Version 1.29.6-gke.1038001 is now the default version in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.14-gke.1042001
- 1.28.10-gke.1075001
- 1.29.5-gke.1091002
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
Extended channel
- Version 1.29.6-gke.1254000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
No channel
- Version 1.29.6-gke.1254000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.14-gke.1042001
- 1.27.15-gke.1125000
- 1.28.9-gke.1289002
- 1.28.10-gke.1075001
- 1.28.11-gke.1289000
- 1.29.6-gke.1137000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
GKE Autopilot versions 1.28.6-gke.1317000 and later fixes a known issue for ephemeral storage requests. If the combined ephemeral storage requests across all containers in your workload exceed 10 GiB, your workload will be rejected with an error message. This differs from earlier versions, which admitted the workload if it requested more than 10 GiB while only actually provisioning 10 GiB, which would result in workload eviction when the workload used more than 10 GiB.
To ensure uninterrupted operation with GKE Autopilot versions 1.28.6-gke.1317000 and later, do the following:
- Verify that containers injected by webhooks don't cause Pods to exceed the maximum Autopilot resource limits.
- Adjust workload resource requests to account for any containers that may be injected by webhooks.
- If any Pods are rejected after updating, reduce their ephemeral storage requests to meet the limit for your workload configuration.
To learn more, see Automatic resource management in Autopilot.
(2024-R27) Version updates
- Version 1.30.2-gke.1587003 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.14-gke.1059002
- 1.27.15-gke.1125000
- 1.28.11-gke.1260000
- 1.28.11-gke.1289000
- 1.29.6-gke.1038001
- 1.29.6-gke.1137000
- 1.30.1-gke.1329003
- 1.30.2-gke.1394003
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.2-gke.1587003 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
(2024-R27) Version updates
- Version 1.29.6-gke.1254000 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
(2024-R27) Version updates
- Version 1.29.6-gke.1038001 is now the default version in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.14-gke.1042001
- 1.28.10-gke.1075001
- 1.29.5-gke.1091002
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
(2024-R27) Version updates
- Version 1.29.6-gke.1254000 is now the default version in the Extended channel.
- The following versions are now available in the Extended channel:
- The following versions are no longer available in the Extended channel:
- 1.27.14-gke.1059002
- 1.28.11-gke.1019001
- 1.29.6-gke.1038001
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
(2024-R27) Version updates
- Version 1.29.6-gke.1254000 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.14-gke.1042001
- 1.27.15-gke.1125000
- 1.28.9-gke.1289002
- 1.28.10-gke.1075001
- 1.28.11-gke.1289000
- 1.29.6-gke.1137000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.
You can now keep a GKE Standard cluster on a minor version for longer with the Extended release channel. Clusters running 1.27 or later can be enrolled in the Extended channel, and automatically receive security patches during the extended support period after the end of standard support. To learn more, see Get long-term support with the Extended channel.
The DATE_OF_BIRTH
infoType detection model that was previously only accessible by setting InfoType.version
to latest
has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.
To use the new model, leave InfoType.version
unset, or set it to latest
or stable
. To use the old detection model, set InfoType.version
to legacy
. You can continue to use the legacy model for 90 days.
A monthly digest of client library updates from across the Cloud SDK.
Go
Changes for spanner/admin/database/apiv1
1.64.0 (2024-06-29)
Features
- spanner: Add field lock_hint in spanner.proto (3df3c04)
- spanner: Add field order_by in spanner.proto (3df3c04)
- spanner: Add LockHint feature (#10382) (64bdcb1)
- spanner: Add OrderBy feature (#10289) (07b8bd2)
- spanner: Add support of checking row not found errors from ReadRow and ReadRowUsingIndex (#10405) (5cb0c26)
Bug Fixes
Java
Changes for google-cloud-spanner
6.70.0 (2024-06-27)
Features
Bug Fixes
- Do not end transaction span when rolling back to savepoint (#3167) (8ec0cf2)
- Remove unused DmlBatch span (#3147) (f7891c1)
Dependencies
- Update dependencies (#3181) (0c787e6)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#3184) (9c85a6f)
- Update dependency commons-cli:commons-cli to v1.8.0 (#3073) (36b5340)
6.71.0 (2024-07-03)
Features
Node.js
Changes for @google-cloud/spanner
7.9.0 (2024-06-21)
Features
Bug Fixes
- deps: Update dependency google-gax to v4.3.4 (#2051) (80abf06)
- deps: Update dependency google-gax to v4.3.5 (#2055) (702c9b0)
- deps: Update dependency google-gax to v4.3.6 (#2057) (74ebf1e)
- deps: Update dependency google-gax to v4.3.7 (#2068) (28fec6c)
7.9.1 (2024-06-26)
Bug Fixes
7.10.0 (2024-07-19)
Features
- Add field lock_hint in spanner.proto (47520e9)
- Add field order_by in spanner.proto (47520e9)
- Add QueryCancellationAction message in executor protos (47520e9)
- Add support for change streams transaction exclusion option for Batch Write (#2070) (2a9e443)
- Update Nodejs generator to send API versions in headers for GAPICs (47520e9)
Bug Fixes
VPC Service Controls feature: VPC Service Controls supports using identity groups and third-party identities (only single identities) in ingress and egress rules to allow access to resources protected by service perimeters. This feature is available in Preview.
For more information, see Configure identity groups and third-party identities in ingress and egress rules. You can also learn an example of using identity groups and third-party identities in ingress and egress rules.
July 30, 2024
Apigee XOn July 30, 2024, we released an updated version of Apigee.
With this release, Apigee expanded its support for data residency to an additional region in Europe: europe-west6
(Zurich).
Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.
For more information, see Introduction to data residency.
For a list of supported geographic locations, see Apigee locations.
hybrid 1.12.1-hotfix.1
On July 30, 2024 we released an updated version of the Apigee hybrid software, 1.12.1-hotfix.1.
Note: This release reflects a change to the component images and not the Helm chart templates. If your hybrid installation is currently on Apigee hybrid v1.12.1, Apply this hotfix with the following steps:
In your overrides file, update the
ao.image.url
andao.image.tag
properties:ao: image: url: "gcr.io/apigee-release/hybrid/apigee-operators" tag: "1.12.1-hotfix.1"
Install the hotfix release. Update the
apigee-operator
component with thehelm upgrade
command and your current overrides files:helm upgrade operator apigee-operator/ \ --namespace apigee-system \ --atomic \ -f overrides.yaml
- For information on upgrading, see Upgrading Apigee hybrid to version 1.12.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
351868444 | Tolerations are now working for Redis's Envoy pod. |
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.
You can now use the output_dimensionality
argument of the
ML.GENERATE_EMBEDDING
function
when you use the function with a
remote model
based on a
Vertex AI multimodalembedding
model. The output_dimensionality
argument lets you specify the number of dimensions
to use when generating embeddings. This feature is in Preview.
You can now troubleshoot Compute Engine issues involving host events, MIG autoscaling and health-check failures, resource-availability errors, and VM performance by using the new "interactive playbook" dashboards in Cloud Monitoring. You can access the playbook dashboards from the Dashboards page by selecting the GCP category or by filtering for "GCE Interactive Playbook".
You can now use the gcloud CLI or the Cloud SQL Admin API to switch the storage location of transaction logs used for point-in-time recovery (PITR) on your instance from disk to Cloud Storage. For more information, see Use point-in-time recovery and Switch transaction log storage to Cloud Storage.
cos-109-17800-218-88
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Upgraded app-arch/libarchive to version 3.7.4. This fixes CVE-2024-26256.
Fixed CVE-2024-39894.
Fixed CVE-2024-36891 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812285 -> 812261
You can use IAM attributes in custom organization policies to control how your allow policies can be modified. For more information, see Use custom organization policies.
July 29, 2024
Backup for GKEBackup for GKE now offers committed use discounts (CUDs) that provide 20% discount (one year term) and 45% discount (3 year term) on backup management fee in exchange for your commitment. For more information, see Backup for GKE Committed use discounts.
The RANGE
data type is now a supported JSON encoding. This feature is Generally Available (GA).
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for bigquery/storage/apiv1beta1
1.62.0 (2024-07-22)
Features
- bigquery/analyticshub: Support Direct Table Access Toggle (Egress GA) (b660d68)
- bigquery/analyticshub: Support public directory self service for Listings/Exchanges (#10485) (b660d68)
- bigquery: Add rounding mode to FieldSchema (#10328) (1a9e204)
- bigquery: Json support on managedwriter/adapt pkg (#10542) (978d4a1)
- bigquery: Support column name character map in load jobs (#10425) (b829327)
Bug Fixes
- bigquery/storage/managedwriter: Faster context failure on send (#10169) (1fb0e64)
- bigquery: Bump google.golang.org/[email protected] (8fa9e39)
- bigquery: Bump google.golang.org/[email protected] (8ecc4e9)
- bigquery: Empty slice instead of nil slice for primitive repeated fields (#7315) (b371210)
- bigquery: Reduce default backoffs (#10558) (037e9ef)
Documentation
- bigquery/analyticshub: A comment for message
DataExchange
is changed (b660d68) - bigquery/analyticshub: A comment for message
Listing
is changed (b660d68) - bigquery/datatransfer: Update OAuth links in
CreateTransferConfigRequest
andUpdateTransferConfigRequest
(3df3c04) - bigquery: Improve Inserter and StructSaver godoc (#10170) (c1cffb6)
- bigquery: Update description of query preview feature (#10554) (25c5cbe)
Java
Changes for google-cloud-bigquery
2.42.0 (2024-07-28)
Features
- Add ability to specify RetryOptions and BigQueryRetryConfig when create job and waitFor (#3398) (1f91ae7)
- Add additional parameters to CsvOptions and ParquetOptions (#3370) (34f16fb)
- Add remaining Statement Types (#3381) (5f39b19)
Bug Fixes
Dependencies
- Update actions/upload-artifact action to v4.3.4 (#3382) (efa1aef)
- Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.48.0 (#3374) (45b7f20)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240616-2.0.0 (#3368) (ceb270c)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240623-2.0.0 (#3384) (e1de34f)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240629-2.0.0 (#3392) (352562d)
- Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.52.0 (#3375) (2115c04)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#3405) (a4a9999)
- Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#3371) (2e804c5)
- Update github/codeql-action action to v2.25.11 (#3376) (f1e0014)
- Update github/codeql-action action to v2.25.12 (#3387) (af60b30)
- Update github/codeql-action action to v2.25.13 (#3395) (95c8d6f)
- Update github/codeql-action action to v2.25.15 (#3402) (a61ce7d)
- Update ossf/scorecard-action action to v2.4.0 (#3408) (66777a2)
Documentation
You can now use the administrative jobs explorer to help you quickly monitor jobs activity across your organization. This feature is generally available (GA).
Vector indexes support the TreeAH index type, which uses Google's ScaNN algorithm. The TreeAH index is optimized for batch queries that process hundreds or more query vectors. This feature is in Preview.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigtable
5.1.2 (2024-07-22)
Bug Fixes
Java
Changes for google-cloud-bigtable
2.41.0 (2024-07-24)
Features
- Add MergeToCell to Mutation APIs (#2279) (0ce8a2a)
- Add support for MergeToCell API (#2258) (191d15c)
- Add support for new functions (#2287) (dd6583a)
- Create new environment variable to toggle directpath scoped to cloud bigtable. (#2261) (9062944)
- Implement ExecuteQuery API for SQL support (#2280) (25218e8)
Dependencies
Python
Changes for google-cloud-bigtable
2.25.0 (2024-07-18)
Features
Bug Fixes
- Allow protobuf 5.x (7ac8e14)
Preview: Capacity planner supports the following for data aggregated by folder ID:
View and export the actual and forecasted usage data of the VMs, Persistent Disk volumes, and GPUs in your folder.
Generate gcloud CLI commands to create future reservation requests based on the actual or forecasted usage data of your VMs or GPUs by folder.
For more information, see the following pages:
Database Migration Service support for homogeneous MySQL to Cloud SQL for MySQL migrations with physical backup files created by using the Percona XtraBackup utility is now Generally Available (GA).
For more information, see Migrate your databases by using a Percona XtraBackup physical file.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for logging/apiv2
1.11.0 (2024-07-24)
Features
Bug Fixes
- logging: Bump google.golang.org/[email protected] (8fa9e39)
- logging: Bump google.golang.org/[email protected] (8ecc4e9)
- logging: Skip automatic resource detection if a CommonResource (#10441) (fc4c910)
- logging: Update dependencies (257c40b)
Documentation
Python
Changes for google-cloud-logging
3.11.0 (2024-07-15)
Features
Bug Fixes
- Added environment specific labels to client library when running in Cloud Run Jobs (#877) (9c5e8f0)
- Added missing import into logger.py (#896) (9ca242d)
- Added type hints to CloudLoggingHandler constructor (#903) (6959345)
Documentation
Migrating your external MySQL 5.7 and 8.0 databases into Cloud SQL for MySQL by using Percona XtraBackup physical files is now generally available (GA).
For more information, see Migrate to Cloud SQL from an XtraBackup physical file.
Updated August 8, 2024
Cloud Service Mesh with a Traffic Director control plane implementation is incompatible with Envoy version v1.31.0.
If you manually control your Envoy version, do not upgrade to this version as there is an existing issue with connecting to Traffic Director. If you run into issues with v1.31.0, set GRPC_DNS_RESOLVER=native
.
If you do not manually control your Envoy version, you don't have to do anything. Google's data plane management will not select this version for you.
A weekly digest of client library updates from across the Cloud SDK.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.11 (2024-07-24)
Bug Fixes
- dataflow: Update dependencies (257c40b)
Metadata import for Dataplex Catalog entries and their aspects is available in preview. For more information, see Import metadata.
You can now apply range and inequality filters to multiple fields in a query. This feature is generally available (GA).
For more information, see Query with range and inequality filters on multiple fields overview.
You can now apply range and inequality filters to multiple fields in a query. This feature is generally available (GA).
For more information, see Query with range and inequality filters on multiple fields overview.
Google Private Marketplace and Product Requests are now Generally Available.
- Google Private Marketplace lets organizations govern their software usage and control costs by ensuring that their users can only procure Google Cloud Marketplace solutions that have been approved by administrators, FinOps, or procurement team members.
- Product Requests lets your users file requests to use or procure specific products.
You can now purchase Fully licensed commitments, Fully licensed convertible commitments, and Portable License commitments. For more information, see Purchasing VMware Engine commitments.
Curated Detections has been enhanced with new detection content for Cloud Threats to include rule packs covering Microsoft Entra ID, Entra ID Audit and Azure Compute and are in public preview for customers with a Google Security Operations or Enterprise Plus license.
Release 6.3.12 is now in General Availability.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.13.5 (2024-07-24)
Bug Fixes
- secretmanager: Update dependencies (257c40b)
Detector for Container Threat Detection released to General Availability
Container Threat Detection, a built-in service available in Security Command Center Premium and Enterprise, has launched a new detector, Unexpected Child Shell, in General Availability.
The detector monitors all process executions and generates a finding if a process that does not normally invoke shells spawns a shell process.
For more information, see Container Threat Detection detectors.
Assign high-value resources based on Sensitive Data Protection insights for Cloud Storage
The attack path simulations feature can now automatically set the resource value of a Cloud Storage resource based on the sensitivity of the data that the bucket contains.
For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.
For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.
Preview of curated detections for Microsoft Azure data
New curated detections in the Cloud Threats category that identify suspicious patterns in Microsoft Azure data are currently available in Preview.
For more information, see curated detections for Microsoft Azure data in the Security Command Center documentation.
July 28, 2024
Google SecOpsCreating a new playbook using prompts is now supported by Gemini. This feature is in public preview. For more information, refer to Create playbooks with Gemini.
July 27, 2024
Google SecOps SOARRelease 6.3.13 is currently in Preview.
Create a Playbook with Gemini
You can now use Gemini to create Playbooks. Gemini can create a functional playbook based on your prompts. This feature is in public preview. For more information, refer to Create playbooks with Gemini.
Scheduled reports failing due to Microsoft email server authentication token request throttling (ID #00277914)
July 26, 2024
Apigee Advanced API SecurityOn July 26, 2024, we released an updated version of Advanced API Security.
Advanced API Security now supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Advanced API Security data is stored. For more information, see Introduction to data residency.
On July 26, 2024, we released an updated version of Apigee Monetization.
Monetization functionality, including rate plan creation and managing rate plans for API Products, is now available in the Apigee UI in Cloud Console.
For information, see Manage Rate Plans and Create API Products.
Monetization now supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Monetization data is stored. For more information, see Introduction to data residency.
IAM group authentication is now generally available (GA) for Cloud SQL for MySQL. You can add IAM groups to Cloud SQL instances and manage database access at the group level. To use IAM group authentication, you must have [MySQL version].R20230909.02_00
or later installed on your instance.
IAM group authentication is now generally available (GA) for Cloud SQL for PostgreSQL. You can add IAM groups to Cloud SQL instances and manage database access at the group level. To use IAM group authentication, you must have [PostgreSQL version].R20240514.00_04
or later installed on your instance.
Migrate to AlloyDB insight recommendations are available in Preview.
Persistent Disk Asynchronous Replication can now replicate up to 12.5 GB per minute per disk of compressed changed blocks, which is an increase from the previous maximum of 2 GB per minute. This increase helps to support scaled production databases and other demanding workloads. You can read more about PD Async Replication performance in the documentation. There is no action required to use the increased performance - new and existing PD Async Replication disks automatically have more headroom to replicate.
New Dataproc Serverless for Spark runtime versions:
- 1.1.73
- 1.2.17
- 2.0.81
- 2.2.17
Dialogflow CX: You can now enable consent-based end-user content redaction. If this setting is enabled, it lets you use a special session parameter to control whether end-user input and parameters are redacted from conversation history and Cloud logging. See the agent settings documentation for details.
Dialogflow CX: Dialogflow now uses corresponding Cloud Text-to-Speech regions for Neural2 voices.
The status of the Dialogflow Speech-to-Text model migrations has changed:
The Dialogflow speech model migration initially announced in December 2023 and later postponed to the new dates has been placed on hold until further notice (no ETA). For more information, see the migration documentation for Dialogflow CX and Dialogflow ES.
The Dialogflow
phone_call
speech model migration announced in March 2024 has been partially completed. The remaining migration parts have been placed on hold until further notice (no ETA). For more information, see the migration documentation for Dialogflow CX and Dialogflow ES.
Google Distributed Cloud for VMware 1.29.300-gke.184 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.300-gke.184 runs on Kubernetes v1.29.6-gke.600.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
The following vulnerabilities are fixed In 1.29.300-gke.184:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
With GKE patch version 1.30.1-gke.115600 and later, if you don't specify the gpu-driver-version
flag when creating new GPU node pools, then GKE automatically installs the default
GPU driver version that corresponds to the GKE version. If you prefer to manually install the GPU driver, set gpu-driver-version=disabled
. To learn more, see Create a GPU node pool.
After July 2025, the Enterprise Insights page and the CBN alerts will no longer be available. Use the Alerts and IOCs page to view the alerts. We recommend that you migrate the existing CBN alerts to the YARA-L detection engine.
reCAPTCHA Mobile SDK v18.6.0-beta02 is now available for Android.
This version contains Java support for the fetchClient
API.
Docker container for password leak detection is now available in Preview.
You can now use Docker container client to detect password leaks and breached credentials to prevent account takeovers (ATOs) and credential stuffing attacks. For more information, see check for breached and leaked credentials using Docker container.
July 25, 2024
Anthos Config ManagementImproved error handling in the oci-sync
container by adding exponential backoff.
Upgraded bundled Kustomize version from v5.3.0 to v5.4.2 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.
Fixed a regression introduced in 1.17.0 that caused Config Sync to crash when connecting to certain Kubernetes clusters. GKE clusters were not affected by this issue. For more details, please refer to Fixed: Config Sync reconciler is crashlooping.
Fixed a regression in 1.17.3 causing SSH authentication failures with GitHub. This was resolved by upgrading the git-sync
dependency from v4.2.1 to v4.2.3. For more details, please refer to Fixed: Git SSH Authentication Failure with GitHub.
On July 25, 2024, we released an updated version of Apigee.
This release includes an update to Advanced API Operations Anomaly Detection functionality: the Anomaly Detection functionality is now available in the Apigee UI in Cloud Console and is renamed to "Operations Anomalies."
For information, see the Operations Anomalies overview for information on the functionality in Apigee UI in Cloud Console.
Operations Anomalies supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Operations Anomalies data is stored. For more information, see Introduction to data residency.
You can now use table explorer to examine table data and create data exploration queries. This feature is in preview.
IAM deny policies now support additional permissions, including bigquery.tables.getData
which can deny permission to read tables. Consider special cases when you create deny policies for bigquery.tables.getData
and other BigQuery permissions. This feature is in preview.
The Preview of automated backup has been expanded to let you enable and disable automated backup in the Google Cloud console. For more information, see the automated backup documentation.
Cloud Composer now verifies that the environment's service account is enabled before starting an environment creation operation. As a result, this type of error is reported sooner and the operation does not start.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.1
- composer-3-airflow-2.7.3-build.10
Cloud Composer 2.8.7 images are available:
- composer-2.8.7-airflow-2.9.1
- composer-2.8.7-airflow-2.7.3 (default)
- composer-2.8.7-airflow-2.6.3
Cloud Composer version 2.3.5 has reached its end of support period.
Gemini conversion assistant for conversion workspaces is now available in Preview. For more information, see:
You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability. The previous limitation on upgrading the network architecture of these instances is removed. To check whether your Cloud SQL instance has high availability enabled, see Verify an instance's high availability configuration.
For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.
You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability. The previous limitation on upgrading the network architecture of these instances is removed. To check whether your Cloud SQL instance has high availability enabled, see Verify an instance's high availability configuration.
For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.
You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability. The previous limitation on upgrading the network architecture of these instances is removed. To check whether your Cloud SQL instance has high availability enabled, see Verify an instance's high availability configuration.
For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.
1.22.3-asm.1 is now available for in-cluster Cloud Service Mesh.
You can now download 1.22.3-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.3 subject to the list of supported features.
- Path templating in Authorization Policy is not supported.
- Istio's Ambient mode is not supported.
- Kubernetes Gateway API for mesh is not supported. Gateway API for ingress continues to be supported in public preview. For more information, see Kubernetes Gateway API (preview) supported features.
Cloud Service Mesh 1.22.3-asm.1 uses Envoy v1.30.3.
1.22 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout.
The translation LLM has been enhanced with the following changes:
- In addition to plain text, you can send HTML as input for text translations.
- When you use the translation LLM for text translations, you can use a glossary with your translation requests.
Adaptive translations with reference sentence pairs support a larger context window, on par with zero-shot translations. For example, when sending a paragraph for translation, Cloud Translation translates the whole paragraph at once instead of translating each sentence one at a time.
New Dataproc on Compute Engine subminor image versions:
- 2.0.113-debian10, 2.0.113-rocky8, 2.0.113-ubuntu18
- 2.1.61-debian11, 2.1.61-rocky8, 2.1.61-ubuntu20, 2.1.61-ubuntu20-arm
- 2.2.27-debian12, 2.2.27-rocky9, 2.2.27-ubuntu22
Enabled user sync by default for clusters using Ranger.
Replaced Spark external packages with connector folder on Dataproc 2.2 clusters.
Fixed a bug that caused intermittent delays and failures in clusters with 3 HDFS.
VMware Engine ve2
nodes are available in the following additional zones:
- Sydney, Australia, APAC (
australia-southeast1-b
) - Ashburn, Virginia, North America (
us-east4-b
)
Release 1.29.300-gke.185
Google Distributed Cloud for bare metal 1.29.300-gke.185 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.300-gke.185 runs on Kubernetes 1.29.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Functionality changes:
Updated registry mirror support to allow you to specify a port for host addresses.
Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, such as
Cluster
,NodePool
,BareMetalMachine
, andBareMetalCluster
.
Fixes:
The following container image security vulnerabilities have been fixed in 1.29.300-gke.185:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Release 1.16.11
Google Distributed Cloud for bare metal 1.16.11 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.11 runs on Kubernetes 1.27.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Fixes:
The following container image security vulnerabilities have been fixed in 1.16.11:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
In GKE version 1.30.2-gke.1100 and later, the _CMDLINE
field is removed from kubelet log entries to reduce spamming logs.
If you need to access _CMDLINE
information, you have two options:
SSH into the node:
- SSH into the relevant node.
- Run the following command:
ps aux | grep kubelet
.
Search cloud logging:
- Use the Cloud Logging interface or API.
Apply the following filter to search kubelet startup logs:
resource.type="k8s_node" log_name="projects/{PROJECT_ID}/logs/kubelet" resource.labels.cluster_name="{CLUSTER_NAME}" SEARCH("`FLAG:`")
Remember to replace
{PROJECT_ID}
and{CLUSTER_NAME}
with the appropriate values for your environment.
(2024-R26) Version updates
- The following versions are now available in the Extended channel:
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.
The following supported default parsers have changed. Each parser is listed by product name and log_type
value, if applicable.
- Airlock Digital Application Allowlisting (
AIRLOCK_DIGITAL
) - Akamai SIEM Connector (
AKAMAI_SIEM_CONNECTOR
) - Apache (
APACHE
) - Arcsight CEF (
ARCSIGHT_CEF
) - Arista Switch (
ARISTA_SWITCH
) - Aruba (
ARUBA_WIRELESS
) - Aruba EdgeConnect SD-WAN (
ARUBA_EDGECONNECT_SDWAN
) - Atlassian Confluence (
ATLASSIAN_CONFLUENCE
) - Auth0 (
AUTH_ZERO
) - AWS CloudTrail (
AWS_CLOUDTRAIL
) - AWS Config (
AWS_CONFIG
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure App Service (
AZURE_APP_SERVICE
) - Azure WAF (
AZURE_WAF
) - BeyondTrust Endpoint Privilege Management (
BEYONDTRUST_ENDPOINT
) - BIND (
BIND_DNS
) - BloxOne Threat Defense (
BLOXONE
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Broadcom SSL Visibility Appliance (
BROADCOM_SSL_VA
) - Cequence Bot Defense (
CEQUENCE_BOT_DEFENSE
) - Check Point (
CHECKPOINT_FIREWALL
) - Checkpoint Audit (
CHECKPOINT_AUDIT
) - Checkpoint SmartDefense (
CHECKPOINT_SMARTDEFENSE
) - Cimcor | File Integrity Monitoring (
CIMCOR
) - CipherTrust Manager (
CIPHERTRUST_MANAGER
) - Cisco ASA (
CISCO_ASA_FIREWALL
) - Cisco EStreamer (
CISCO_ESTREAMER
) - Cisco Firepower NGFW (
CISCO_FIREPOWER_FIREWALL
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco Internetwork Operating System (
CISCO_IOS
) - Cisco IronPort (
CISCO_IRONPORT
) - Cisco Meraki (
CISCO_MERAKI
) - Cisco Router (
CISCO_ROUTER
) - Cisco Stealthwatch (
CISCO_STEALTHWATCH
) - Cisco VPN (
CISCO_VPN
) - Citrix Analytics (
CITRIX_ANALYTICS
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Cloud Audit Logs (
N/A
) - Cloud Data Loss Prevention (
N/A
) - Cloud Identity Devices (
GCP_CLOUDIDENTITY_DEVICES
) - Cloud Load Balancing (
GCP_LOADBALANCING
) - Cloud SQL (
GCP_CLOUDSQL
) - Cofense (
COFENSE_TRIAGE
) - Comforte SecurDPS (
COMFORTE_SECURDPS
) - Compute Engine (
GCP_COMPUTE
) - Corelight (
CORELIGHT
) - Cribl Stream (
CRIBL_STREAM
) - CrowdStrike Falcon (
CS_EDR
) - CyberArk (
CYBERARK
) - DigitalArts i-Filter (
DIGITALARTS_IFILTER
) - Duo Auth (
DUO_AUTH
) - Duo User Context (
DUO_USER_CONTEXT
) - EfficientIP DDI (
EFFICIENTIP_DDI
) - Elastic Audit Beats (
ELASTIC_AUDITBEAT
) - Elastic Windows Event Log Beats (
ELASTIC_WINLOGBEAT
) - Ergon Informatik Airlock IAM (
ERGON_INFORMATIK_AIRLOCK_IAM
) - ESET AV (
ESET_AV
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - F5 Shape (
F5_SHAPE
) - F5 Silverline (
F5_SILVERLINE
) - Fidelis Network (
FIDELIS_NETWORK
) - FileZilla (
FILEZILLA_FTP
) - Forcepoint Email Security (
FORCEPOINT_EMAILSECURITY
) - Forcepoint Proxy (
FORCEPOINT_WEBPROXY
) - Forgerock OpenIdM (
FORGEROCK_OPENIDM
) - Fortinet FortiAuthenticator (
FORTINET_FORTIAUTHENTICATOR
) - Google App Engine (
GCP_APP_ENGINE
) - GitHub (
GITHUB
) - IBM DataPower Gateway (
IBM_DATAPOWER
) - IBM DB2 (
DB2_DB
) - IBM Guardium (
GUARDIUM
) - IBM Security QRadar SIEM (
IBM_QRADAR
) - Imperva Audit Trail (
IMPERVA_AUDIT_TRAIL
) - Ingrian Networks DataSecure Appliance (
INGRIAN_NETWORKS_DATASECURE_APPLIANCE
) - ION Spectrum (
ION_SPECTRUM
) - JAMF Pro (
JAMF_PRO
) - Jenkins (
JENKINS
) - Juniper Junos (
JUNIPER_JUNOS
) - Juniper Mist (
JUNIPER_MIST
) - Juniper MX Router (
JUNIPER_MX
) - Keeper Enterprise Security (
KEEPER
) - Linux Auditing System (AuditD) (
AUDITD
) - Linux Sysmon (
LINUX_SYSMON
) - Lucid (
LUCID
) - Maria Database (
MARIA_DB
) - Microsoft AD (
WINDOWS_AD
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft CyberX (
CYBERX
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Defender for Identity (
MICROSOFT_DEFENDER_IDENTITY
) - Microsoft Exchange (
EXCHANGE_MAIL
) - Microsoft Graph Activity Logs (
MICROSOFT_GRAPH_ACTIVITY_LOGS
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Microsoft IIS (
IIS
) - Microsoft SQL Server (
MICROSOFT_SQL
) - Mimecast URL Logs (
MIMECAST_URL_LOGS
) - Netapp Storagegrid (
NETAPP_STORAGEGRID
) - Netskope (
NETSKOPE_ALERT
) - Netskope Web Proxy (
NETSKOPE_WEBPROXY
) - Network Policy Server (
MICROSOFT_NPS
) - Noname API Security (
NONAME_API_SECURITY
) - Office 365 (
OFFICE_365
) - Office 365 Message Trace (
OFFICE_365_MESSAGETRACE
) - Okta (
OKTA
) - Okta User Context (
OKTA_USER_CONTEXT
) - Open LDAP (
OPENLDAP
) - Oracle (
ORACLE_DB
) - Oracle Cloud Infrastructure Audit Logs (
OCI_AUDIT
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Panorama (
PAN_PANORAMA
) - Palo Alto Prisma Cloud Alert payload (
PAN_PRISMA_CA
) - Passwordstate (
PASSWORDSTATE
) - Ping Identity (
PING
) - Portnix CEF (
PORTNOX_CEF
) - PostFix Mail (
POSTFIX_MAIL
) - Proofpoint Email Filter (
PROOFPOINT_MAIL_FILTER
) - Proofpoint Sendmail Sentrion (
PROOFPOINT_SENDMAIL_SENTRION
) - Proofpoint Threat Response (
PROOFPOINT_TRAP
) - Quest Change Auditor for EMC (
QUEST_CHANGE_AUDITOR_EMC
) - Radware Alteon (
RADWARE_ALTEON
) - Radware Web Application Firewall (
RADWARE_FIREWALL
) - Red Hat Directory Server LDAP (
REDHAT_DIRECTORY_SERVER
) - Riverbed Steelhead (
STEELHEAD
) - RSA SecurID Access Identity Router (
RSA_SECURID
) - Ruckus Networks (
RUCKUS_WIRELESS
) - Salesforce (
SALESFORCE
) - SentinelOne EDR (
SENTINEL_EDR
) - SentinelOne Singularity Cloud Funnel (
SENTINELONE_CF
) - SEPPmail Secure Email (
SEPPMAIL
) - ServiceNow CMDB (
SERVICENOW_CMDB
) - SiteMinder Web Access Management (
CA_SSO_WEB
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - Solarwinds Kiwi Syslog Server (
SOLARWINDS_KSS
) - SonicWall (
SONIC_FIREWALL
) - Sonrai Enterprise Cloud Security Solution (
SONRAI
) - Symantec DLP (
SYMANTEC_DLP
) - Symantec Endpoint Protection (
SEP
) - Symantec VIP Authentication Hub (
SYMANTEC_VIP_AUTHHUB
) - Symantec Web Security Service (
SYMANTEC_WSS
) - Sysdig (
SYSDIG
) - Tableau (
TABLEAU
) - Terraform Enterprise Audit (
TERRAFORM_ENTERPRISE
) - Thinkst Canary (
THINKST_CANARY
) - Thycotic (
THYCOTIC
) - Trend Micro (
TIPPING_POINT
) - Ubika WAAP (
UBIKA_WAAP
) - Ubika Waf (
UBIKA_WAF
) - UPX AntiDDoS (
UPX_ANTIDDOS
) - Vectra Stream (
VECTRA_STREAM
) - Velo Firewall (
VELO_FIREWALL
) - VeridiumID by Veridium (
VERIDIUM_ID
) - Versa Firewall (
VERSA_FIREWALL
) - Virtru Email Encryption (
VIRTRU_EMAIL_ENCRYPTION
) - VMware ESXi (
VMWARE_ESX
) - VMware NSX (
VMWARE_NSX
) - VMware vCenter (
VMWARE_VCENTER
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Local Administrator Password Solution (
MICROSOFT_LAPS
) - Workday (
WORKDAY
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - Zscaler (
ZSCALER_WEBPROXY
) - Zscaler CASB (
ZSCALER_CASB
) - Zscaler Internet Access Audit Logs (
ZSCALER_INTERNET_ACCESS
) - Zscaler Private Access (
ZSCALER_ZPA
) - Zscaler Secure Private Access Audit Logs (
ZSCALER_ZPA_AUDIT
)
The following log types were added without a default parser. Each parser is listed by product name and log_type
value, if applicable.
- Backstage (
BACKSTAGE
) - Bitwarden Password Manager User Context (
BITWARDEN_USER_CONTEXT
) - Boomi App (
BOOMI_APP
) - ChatGPT Audit Logs (
CHATGPT_AUDIT_LOGS
) - Cloudflare Warp (
CLOUDFLARE_WARP
) - Coda Io (
CODA_IO
) - Fortinet Fortimanager (
FORTINET_FORTIMANAGER
) - Fusion Auth (
FUSION_AUTH
) - Google Cloud Abuse Events (
GCP_ABUSE_EVENTS
) - Google Cloud Monitoring Alerts (
GCP_MONITORING_ALERTS
) - Gong (
GONG
) - Grafana (
GRAFANA
) - IBM Cloud Activity Tracker (
IBM_CLOUD_ACTIVITY_TRACKER
) - IBM Cloud System (
IBM_CLOUD_SYSTEM
) - Incident Io (
INCIDENT_IO
) - Kentik DDoS Detection (
KENTIK_ALERTS
) - Lockself Lockpass (
LOCKSELF_LOCKPASS
) - Magic Collaboration Studio (
MAGIC_CS
) - Metaswitch Perimeta (
METASWITCH_PERIMETA
) - Microsoft Defender Endpoint for iOS Logs (
MICROSOFT_DEFENDER_ENDPOINT_IOS
) - 9NowAudit (
NINENOW_AUDIT
) - Oracle Cloud Guard (
OCI_CLOUDGUARD
) - Oort Security Tool (
OORT
) - OpsRamp (
OPSRAMP
) - Ops Genie (
OPS_GENIE
) - People Strong (
PEOPLE_STRONG
) - Pingdom (
PINGDOM
) - Proofpoint Tap Campaign (
PROOFPOINT_TAP_CAMPAIGN
) - Proofpoint Tap Forensics (
PROOFPOINT_TAP_FORENSICS
) - Proofpoint Tap People (
PROOFPOINT_TAP_PEOPLE
) - Proofpoint Tap Threats (
PROOFPOINT_TAP_THREATS
) - Proofpoint Tis IOC (
PROOFPOINT_TIS_IOC
) - Push Security (
PUSH_SECURITY
) - Recordedfuture Alerts (
RECORDEDFUTURE_ALERTS
) - Rippling Activity Logs (
RIPPLING_ACTIVITYLOGS
) - Sentry (
SENTRY
) - Servertech PDUs (
SERVERTECH_PDUS
) - Sprinkledata(DWH) (
SPRINKLEDATA_DWH
) - Tenable Audit (
TENABLE_AUDIT
) - TINTRI (
TINTRI
) - WPass (
WPASS
) - WPEngine (
WPENGINE
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
The Google Security Operations alert metadata fields for UDM idm.is_significant
and idm.is_alert
have been deprecated. Use YARA-L detection rule alerts for alert metadata.
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.
The following supported default parsers have changed. Each parser is listed by product name and log_type
value, if applicable.
- Airlock Digital Application Allowlisting (
AIRLOCK_DIGITAL
) - Akamai SIEM Connector (
AKAMAI_SIEM_CONNECTOR
) - Apache (
APACHE
) - Arcsight CEF (
ARCSIGHT_CEF
) - Arista Switch (
ARISTA_SWITCH
) - Aruba (
ARUBA_WIRELESS
) - Aruba EdgeConnect SD-WAN (
ARUBA_EDGECONNECT_SDWAN
) - Atlassian Confluence (
ATLASSIAN_CONFLUENCE
) - Auth0 (
AUTH_ZERO
) - AWS CloudTrail (
AWS_CLOUDTRAIL
) - AWS Config (
AWS_CONFIG
) - Azure AD (
AZURE_AD
) - Azure AD Directory Audit (
AZURE_AD_AUDIT
) - Azure App Service (
AZURE_APP_SERVICE
) - Azure WAF (
AZURE_WAF
) - BeyondTrust Endpoint Privilege Management (
BEYONDTRUST_ENDPOINT
) - BIND (
BIND_DNS
) - BloxOne Threat Defense (
BLOXONE
) - Blue Coat Proxy (
BLUECOAT_WEBPROXY
) - Broadcom SSL Visibility Appliance (
BROADCOM_SSL_VA
) - Cequence Bot Defense (
CEQUENCE_BOT_DEFENSE
) - Check Point (
CHECKPOINT_FIREWALL
) - Checkpoint Audit (
CHECKPOINT_AUDIT
) - Checkpoint SmartDefense (
CHECKPOINT_SMARTDEFENSE
) - Cimcor | File Integrity Monitoring (
CIMCOR
) - CipherTrust Manager (
CIPHERTRUST_MANAGER
) - Cisco ASA (
CISCO_ASA_FIREWALL
) - Cisco EStreamer (
CISCO_ESTREAMER
) - Cisco Firepower NGFW (
CISCO_FIREPOWER_FIREWALL
) - Cisco FireSIGHT Management Center (
CISCO_FIRESIGHT
) - Cisco Internetwork Operating System (
CISCO_IOS
) - Cisco IronPort (
CISCO_IRONPORT
) - Cisco Meraki (
CISCO_MERAKI
) - Cisco Router (
CISCO_ROUTER
) - Cisco Stealthwatch (
CISCO_STEALTHWATCH
) - Cisco VPN (
CISCO_VPN
) - Citrix Analytics (
CITRIX_ANALYTICS
) - Citrix Netscaler (
CITRIX_NETSCALER
) - Cloud Audit Logs (
N/A
) - Cloud Data Loss Prevention (
N/A
) - Cloud Identity Devices (
GCP_CLOUDIDENTITY_DEVICES
) - Cloud Load Balancing (
GCP_LOADBALANCING
) - Cloud SQL (
GCP_CLOUDSQL
) - Cofense (
COFENSE_TRIAGE
) - Comforte SecurDPS (
COMFORTE_SECURDPS
) - Compute Engine (
GCP_COMPUTE
) - Corelight (
CORELIGHT
) - Cribl Stream (
CRIBL_STREAM
) - CrowdStrike Falcon (
CS_EDR
) - CyberArk (
CYBERARK
) - DigitalArts i-Filter (
DIGITALARTS_IFILTER
) - Duo Auth (
DUO_AUTH
) - Duo User Context (
DUO_USER_CONTEXT
) - EfficientIP DDI (
EFFICIENTIP_DDI
) - Elastic Audit Beats (
ELASTIC_AUDITBEAT
) - Elastic Windows Event Log Beats (
ELASTIC_WINLOGBEAT
) - Ergon Informatik Airlock IAM (
ERGON_INFORMATIK_AIRLOCK_IAM
) - ESET AV (
ESET_AV
) - F5 ASM (
F5_ASM
) - F5 BIGIP LTM (
F5_BIGIP_LTM
) - F5 Shape (
F5_SHAPE
) - F5 Silverline (
F5_SILVERLINE
) - Fidelis Network (
FIDELIS_NETWORK
) - FileZilla (
FILEZILLA_FTP
) - Forcepoint Email Security (
FORCEPOINT_EMAILSECURITY
) - Forcepoint Proxy (
FORCEPOINT_WEBPROXY
) - Forgerock OpenIdM (
FORGEROCK_OPENIDM
) - Fortinet FortiAuthenticator (
FORTINET_FORTIAUTHENTICATOR
) - Google App Engine (
GCP_APP_ENGINE
) - GitHub (
GITHUB
) - IBM DataPower Gateway (
IBM_DATAPOWER
) - IBM DB2 (
DB2_DB
) - IBM Guardium (
GUARDIUM
) - IBM Security QRadar SIEM (
IBM_QRADAR
) - Imperva Audit Trail (
IMPERVA_AUDIT_TRAIL
) - Ingrian Networks DataSecure Appliance (
INGRIAN_NETWORKS_DATASECURE_APPLIANCE
) - ION Spectrum (
ION_SPECTRUM
) - JAMF Pro (
JAMF_PRO
) - Jenkins (
JENKINS
) - Juniper Junos (
JUNIPER_JUNOS
) - Juniper Mist (
JUNIPER_MIST
) - Juniper MX Router (
JUNIPER_MX
) - Keeper Enterprise Security (
KEEPER
) - Linux Auditing System (AuditD) (
AUDITD
) - Linux Sysmon (
LINUX_SYSMON
) - Lucid (
LUCID
) - Maria Database (
MARIA_DB
) - Microsoft AD (
WINDOWS_AD
) - Microsoft Azure Activity (
AZURE_ACTIVITY
) - Microsoft CyberX (
CYBERX
) - Microsoft Defender for Endpoint (
MICROSOFT_DEFENDER_ENDPOINT
) - Microsoft Defender for Identity (
MICROSOFT_DEFENDER_IDENTITY
) - Microsoft Exchange (
EXCHANGE_MAIL
) - Microsoft Graph Activity Logs (
MICROSOFT_GRAPH_ACTIVITY_LOGS
) - Microsoft Graph API Alerts (
MICROSOFT_GRAPH_ALERT
) - Microsoft IIS (
IIS
) - Microsoft SQL Server (
MICROSOFT_SQL
) - Mimecast URL Logs (
MIMECAST_URL_LOGS
) - Netapp Storagegrid (
NETAPP_STORAGEGRID
) - Netskope (
NETSKOPE_ALERT
) - Netskope Web Proxy (
NETSKOPE_WEBPROXY
) - Network Policy Server (
MICROSOFT_NPS
) - Noname API Security (
NONAME_API_SECURITY
) - Office 365 (
OFFICE_365
) - Office 365 Message Trace (
OFFICE_365_MESSAGETRACE
) - Okta (
OKTA
) - Okta User Context (
OKTA_USER_CONTEXT
) - Open LDAP (
OPENLDAP
) - Oracle (
ORACLE_DB
) - Oracle Cloud Infrastructure Audit Logs (
OCI_AUDIT
) - Palo Alto Cortex XDR Alerts (
CORTEX_XDR
) - Palo Alto Networks Firewall (
PAN_FIREWALL
) - Palo Alto Panorama (
PAN_PANORAMA
) - Palo Alto Prisma Cloud Alert payload (
PAN_PRISMA_CA
) - Passwordstate (
PASSWORDSTATE
) - Ping Identity (
PING
) - Portnix CEF (
PORTNOX_CEF
) - PostFix Mail (
POSTFIX_MAIL
) - Proofpoint Email Filter (
PROOFPOINT_MAIL_FILTER
) - Proofpoint Sendmail Sentrion (
PROOFPOINT_SENDMAIL_SENTRION
) - Proofpoint Threat Response (
PROOFPOINT_TRAP
) - Quest Change Auditor for EMC (
QUEST_CHANGE_AUDITOR_EMC
) - Radware Alteon (
RADWARE_ALTEON
) - Radware Web Application Firewall (
RADWARE_FIREWALL
) - Red Hat Directory Server LDAP (
REDHAT_DIRECTORY_SERVER
) - Riverbed Steelhead (
STEELHEAD
) - RSA SecurID Access Identity Router (
RSA_SECURID
) - Ruckus Networks (
RUCKUS_WIRELESS
) - Salesforce (
SALESFORCE
) - SentinelOne EDR (
SENTINEL_EDR
) - SentinelOne Singularity Cloud Funnel (
SENTINELONE_CF
) - SEPPmail Secure Email (
SEPPMAIL
) - ServiceNow CMDB (
SERVICENOW_CMDB
) - SiteMinder Web Access Management (
CA_SSO_WEB
) - Snare System Diagnostic Logs (
SNARE_SOLUTIONS
) - Solarwinds Kiwi Syslog Server (
SOLARWINDS_KSS
) - SonicWall (
SONIC_FIREWALL
) - Sonrai Enterprise Cloud Security Solution (
SONRAI
) - Symantec DLP (
SYMANTEC_DLP
) - Symantec Endpoint Protection (
SEP
) - Symantec VIP Authentication Hub (
SYMANTEC_VIP_AUTHHUB
) - Symantec Web Security Service (
SYMANTEC_WSS
) - Sysdig (
SYSDIG
) - Tableau (
TABLEAU
) - Terraform Enterprise Audit (
TERRAFORM_ENTERPRISE
) - Thinkst Canary (
THINKST_CANARY
) - Thycotic (
THYCOTIC
) - Trend Micro (
TIPPING_POINT
) - Ubika WAAP (
UBIKA_WAAP
) - Ubika Waf (
UBIKA_WAF
) - UPX AntiDDoS (
UPX_ANTIDDOS
) - Vectra Stream (
VECTRA_STREAM
) - Velo Firewall (
VELO_FIREWALL
) - VeridiumID by Veridium (
VERIDIUM_ID
) - Versa Firewall (
VERSA_FIREWALL
) - Virtru Email Encryption (
VIRTRU_EMAIL_ENCRYPTION
) - VMware ESXi (
VMWARE_ESX
) - VMware NSX (
VMWARE_NSX
) - VMware vCenter (
VMWARE_VCENTER
) - Windows DNS (
WINDOWS_DNS
) - Windows Event (
WINEVTLOG
) - Windows Event (XML) (
WINEVTLOG_XML
) - Windows Local Administrator Password Solution (
MICROSOFT_LAPS
) - Workday (
WORKDAY
) - Workspace Activities (
WORKSPACE_ACTIVITY
) - Zscaler (
ZSCALER_WEBPROXY
) - Zscaler CASB (
ZSCALER_CASB
) - Zscaler Internet Access Audit Logs (
ZSCALER_INTERNET_ACCESS
) - Zscaler Private Access (
ZSCALER_ZPA
) - Zscaler Secure Private Access Audit Logs (
ZSCALER_ZPA_AUDIT
)
The following log types were added without a default parser. Each parser is listed by product name and log_type
value, if applicable.
- Backstage (
BACKSTAGE
) - Bitwarden Password Manager User Context (
BITWARDEN_USER_CONTEXT
) - Boomi App (
BOOMI_APP
) - ChatGPT Audit Logs (
CHATGPT_AUDIT_LOGS
) - Cloudflare Warp (
CLOUDFLARE_WARP
) - Coda Io (
CODA_IO
) - Fortinet Fortimanager (
FORTINET_FORTIMANAGER
) - Fusion Auth (
FUSION_AUTH
) - Google Cloud Abuse Events (
GCP_ABUSE_EVENTS
) - Google Cloud Monitoring Alerts (
GCP_MONITORING_ALERTS
) - Gong (
GONG
) - Grafana (
GRAFANA
) - IBM Cloud Activity Tracker (
IBM_CLOUD_ACTIVITY_TRACKER
) - IBM Cloud System (
IBM_CLOUD_SYSTEM
) - Incident Io (
INCIDENT_IO
) - Kentik DDoS Detection (
KENTIK_ALERTS
) - Lockself Lockpass (
LOCKSELF_LOCKPASS
) - Magic Collaboration Studio (
MAGIC_CS
) - Metaswitch Perimeta (
METASWITCH_PERIMETA
) - Microsoft Defender Endpoint for iOS Logs (
MICROSOFT_DEFENDER_ENDPOINT_IOS
) - 9NowAudit (
NINENOW_AUDIT
) - Oracle Cloud Guard (
OCI_CLOUDGUARD
) - Oort Security Tool (
OORT
) - OpsRamp (
OPSRAMP
) - Ops Genie (
OPS_GENIE
) - People Strong (
PEOPLE_STRONG
) - Pingdom (
PINGDOM
) - Proofpoint Tap Campaign (
PROOFPOINT_TAP_CAMPAIGN
) - Proofpoint Tap Forensics (
PROOFPOINT_TAP_FORENSICS
) - Proofpoint Tap People (
PROOFPOINT_TAP_PEOPLE
) - Proofpoint Tap Threats (
PROOFPOINT_TAP_THREATS
) - Proofpoint Tis IOC (
PROOFPOINT_TIS_IOC
) - Push Security (
PUSH_SECURITY
) - Recordedfuture Alerts (
RECORDEDFUTURE_ALERTS
) - Rippling Activity Logs (
RIPPLING_ACTIVITYLOGS
) - Sentry (
SENTRY
) - Servertech PDUs (
SERVERTECH_PDUS
) - Sprinkledata(DWH) (
SPRINKLEDATA_DWH
) - Tenable Audit (
TENABLE_AUDIT
) - TINTRI (
TINTRI
) - WPass (
WPASS
) - WPEngine (
WPENGINE
)
For a list of supported log types and details about default parser changes, see Supported log types and default parsers.
The Google Security Operations alert metadata fields for UDM idm.is_significant
and idm.is_alert
have been deprecated. Use YARA-L detection rule alerts for alert metadata.
Sensitive Data Protection can now apply tags to your profiled resources based on their calculated data sensitivity. Using these tags, you can configure IAM conditions that automatically grant or deny IAM access to resources based on the sensitivity of the data in those resources.
For more information, see Control IAM access to resources based on data sensitivity.
Vertex AI Search: Domain verification (GA)
Domain verification for advanced website indexing using domain association is Generally available (GA). You can use domain association to associate your Vertex AI Search data store to the specified domain. This is useful when you're not the owner of the specified domain or when you don't have access to the Google Search console needed to verify the domain.
For more information, see Verify website domains.
July 24, 2024
Cloud Composer2024-08-01 Update: This issue has been resolved. For more information, see the release note from August 1st 2024.
(Cloud Composer 3 only) We are currently experiencing an issue with the Airflow upgrade operations for Cloud Composer 3 environments. Upgrading Airflow builds for Cloud Composer 3 is temporarily disabled as we continue our work to restore Airflow upgrade functionalities.
Column-level data lineage for BigQuery is available in Preview for allowlisted users. The existing data lineage feature tracks how BigQuery data moves through your systems at the table level. Column-level lineage extends this feature to let you track BigQuery data movement at the column level.
To sign up for access, fill out the Column-level lineage sign-up form.
Column-level data lineage for BigQuery is available in Preview for allowlisted users. The existing data lineage feature tracks how BigQuery data moves through your systems at the table level. Column-level lineage extends this feature to let you track BigQuery data movement at the column level.
To sign up for access, fill out the Column-level lineage sign-up form.
Mistral AI
Managed models from Mistral AI are available on Vertex AI. To use a Mistral AI model on Vertex AI, send a request directly to the Vertex AI API endpoint. For more information, see Mistral AI models.
File storage on Compute Engine: Added guidance about Filestore Regional.
(New guide) Architect your workloads: Design resilient, single-region environments on Google Cloud.
New VMware Engine ve2
node types are available in the australia-southeast1
, us-central1
, and us-east4
regions:
HCI node types
ve2-standard-96
ve2-mega-96
ve2-mega-128
Storage only node types
ve2-standard-so
ve2-mega-so
See VMware Engine node types for more information on node types.
In GKE versions starting from 1.29.4-gke.1542000 and earlier than 1.29.7-gke.1008000, while Anthos Service Mesh is enabled, Pods that utilize Google Cloud Storage FUSE CSI driver volumes might encounter scheduling issues, with this error message:
Pod "your-pod-name" is invalid: [spec.volumes[x].name: Duplicate value: "gke-gcsfuse-tmp", spec.initContainers[x].name: Duplicate value: "gke-gcsfuse-sidecar"]
This issue has been resolved in GKE version 1.29.7-gke.1008000.
The Incident Manager in Google Security Operations will be fully decommissioned on July 22, 2025. Google Cloud will provide full support and maintenance until July 22, 2025 but no new features will be released.
The Incident Manager in Google Security Operations will be fully decommissioned on July 22, 2025. Google Cloud will provide full support and maintenance until July 22, 2025 but no new features will be released.
Client library samples for Python are now added to all relevant pages. For more information, see Apache Kafka for BigQuery client libraries.
Generally available: Migrate to Virtual Machines lets you import a machine image from a virtual appliance. You can use machine images to store the configuration, metadata, permissions, and data from one or more disks for a virtual machine (VM) instance running on Compute Engine.
M123 release
The M123 release of Vertex AI Workbench managed notebooks includes the following:
- Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.
- Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.
The following producer load balancers now support all Private Service Connect monitoring metrics:
- Regional internal Application Load Balancer
- Regional internal proxy Network Load Balancer
Predefined dashboards for monitoring Private Service Connect connections have been enhanced:
- The dashboard for monitoring published services now includes more metrics.
- A new dashboard is available for monitoring endpoints that connect to published services.
July 23, 2024
BigQueryStarting September 17, 2024, the bigquery.datasets.update
permission check when creating or updating authorized datasets will be removed. For more information, see Required permissions and roles for authorized datasets.
You can now configure SAP Datasphere connections with network attachments to help secure connections. SAP Datasphere connections are in preview.
Manifest files are now supported for Amazon S3 and Azure Blob Storage. This feature is generally available (GA).
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Cloud Monitoring
monitoring.googleapis.com/UptimeCheckConfig
Starting October 22, 2024, Monitoring Query Language (MQL) will no longer be a recommended query language for Cloud Monitoring, and we will begin to turn off certain usability features. For more information, see the deprecation note for MQL.
You can now use tags to set a default soft delete retention duration on newly created buckets in your organization. To learn how to customize a default soft delete retention duration, see Set a default soft delete retention duration.
Datastream support for SQL Server as a source is now generally available (GA). For more information, see the documentation.
Llama 3.1
The Llama 3.1 405B model is available in Preview on Vertex AI. Llama 3.1 405B provides capabilities from synthetic data generation to model distillation, steerability, math, tool use, multilingual translation, and more. For more information, see Llama models.
(2024-R26) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following versions are now available:
- The following node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.10-gke.1075001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
Stable channel
- The following versions are now available in the Stable channel:
Regular channel
- The following versions are now available in the Regular channel:
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.11-gke.1172000
- 1.30.2-gke.1394000
- 1.30.2-gke.1587000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
Extended channel
- The following versions are now available in the Extended channel:
(2024-R26) Version updates
- The following versions are now available:
- The following node versions are now available:
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.10-gke.1075001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
(2024-R26) Version updates
- The following versions are now available in the Stable channel:
(2024-R26) Version updates
- The following versions are now available in the Regular channel:
(2024-R26) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.28.11-gke.1172000
- 1.30.2-gke.1394000
- 1.30.2-gke.1587000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
Release 6.3.11 is now in General Availability.
Release 6.3.12 is currently in Preview.
Logs of newly created jobs are not accessible (ID #51865082)
Trying to export case reports results in an error (ID #52316269)
Saved filters in Cases screen disappear (ID #50834432)
Integration update might fail in an environment with an extremely high number of playbooks (ID #51785856)
We've released a lighter weight (~50% reduction in image size) and more secure version of the transfer agent container image. If you're running agents that were installed on or before June 17th, 2024, we highly recommend that you delete those agents and install new agents into your agent pool. Any existing transfers using that pool will resume once the new agents are installed.
Vertex AI Search: Widget uses new method for generative answers
The search widget now uses the search and answer methods together, instead of the older search with summaries for Search with an answer and the converse method for Search with follow-ups.
The answer method is expected to improve the quality of the results.
For general information about the answer method, see Get answers and follow-ups.
July 22, 2024
AlloyDB for PostgreSQLSupport for public IP addresses with AlloyDB instances and creating organization policies with custom constraints is now generally available (GA).
The Solace trigger is now available in preview.
The CHANGES
change history function is now in preview. This table-valued function provides a history of table changes over a window of time and captures the following operations:
CREATE TABLE
DDL statementINSERT
DML statement- Data appended or changed as part of a
MERGE
DML statement UPDATE
DML statementDELETE
DML statement- Loading data into BigQuery
- Streaming ingestion
TRUNCATE TABLE
DML statement- Jobs configured with a
writeDisposition
ofWRITE_TRUNCATE
- Individual table partition deletions
You can use data manipulation language (DML) to modify rows that have been recently written to a BigQuery table by the Storage Write API. This is now generally available (GA).
The BigQuery continuous queries feature is now in preview.
Continuous queries let you build long-lived, continuously processing SQL statements that can analyze, process, and perform machine learning (ML) inference on incoming data in BigQuery in real time. You can configure continuous queries to replicate query results to a Pub/Sub topic, Bigtable instance, or another BigQuery table, a process also known as Reverse ETL.
You can use continuous queries to perform the following tasks, using the accessible language of SQL:
- Transform incoming data and act immediately on insights.
- Use Vertex AI to apply real time ML insights.
- Build automated event-driven data pipelines.
- Replicate real-time events to downstream operational systems like Bigtable.
To try BigQuery continuous queries, see Create continuous queries.
You can now use BigQuery Omni Virtual Private Cloud (VPC) allowlists to restrict access to AWS S3 buckets and Azure Blob Storage from specific BigQuery Omni VPCs. This feature is in preview.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Secure Source Manager
securesourcemanager.googleapis.com/Instance
Track credits for your spend-based milestone credit programs (contract pricing)
If you have a custom pricing contract, you might be enrolled in spend-based milestone credit programs, where you earn promotional credits for spending specific amounts on Google Cloud.
In the Google Cloud console, you can now track the promotional credits for your spend-based milestone programs. The promotional credits that you receive act as a payment method, and are automatically applied to your costs.
Hybrid NAT supports Cloud Interconnect in Preview.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/storage
7.12.0 (2024-07-15)
Features
cos-113-18244-85-64
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Disable NVIDIA persistence mode with -no-verify flag
Fixed CVE-2024-39894 in net-misc/openssh.
Fixed CVE-2024-36891 in the Linux kernel
Fixed CVE-2024-38662 in the Linux kernel
Fixed CVE-2024-39482 in the Linux kernel
Fixed CVE-2024-39474 in the Linux kernel
Fixed CVE-2024-39476 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 812036 -> 812041
cos-109-17800-218-83
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Disable NVIDIA persistence mode with -no-verify flag
Fixed CVE-2024-38662 in the Linux kernel
Fixed CVE-2024-39482 in the Linux kernel
Fixed CVE-2024-39474 in the Linux kernel
Fixed CVE-2024-39476 in the Linux kernel
cos-dev-117-18567-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.40 | v24.0.9 | v2.0.0rc2 | See List |
Updated the Linux kernel to v6.6.40.
Disable NVIDIA persistence mode with -no-verify flag
Fixed CVE-2024-39894 in net-misc/openssh.
cos-105-17412-370-78
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.256.02(default),v550.90.07(latest) |
Fixed CVE-2024-39482 in the Linux kernel
Fixed CVE-2024-39476 in the Linux kernel
Runtime sysctl changes:
- Changed: fs.file-max: 812694 -> 812698
cos-101-17162-463-62
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
Added the package revision number to the SSH banner in net-misc/openssh.
Fixed CVE-2024-24790 and CVE-2024-24789 in dev-lang/go.
Dataplex Explore is deprecated. Please follow the instructions for how to migrate Dataplex Explore to BigQuery Studio.
Hyperdisks for Dataproc clusters are now created with default throughput and IOPS. When this behavior becomes configurable, it will be announced in a future release note.
Added support for N4 and C4 machine types for Dataproc image versions 2.1 and above. The following default configurations are now applied to clusters created with N4 or C4 machine types:
bootdisktype = "hyperdisk-balanced"
nictype = "gvnic"
When a Cluster, Job, AutoscalingPolicy, or WorkflowTemplate API resource does not exist and the requestor does not have access to the project, a 403 error code is now issued instead of a 404 error code.
Flex service level now supports CMEK (in Preview). For more information, see About CMEK.
If you retain unacknowledged messages in a subscription for more than 24 hours, you incur additional charges. For more information, see Storage costs.
In the Google Cloud Console, the Effective routes tab on the Routes page shows only routes that are effective. You can optionally show suppressed routes by using the Show suppressed routes toggle. You can also view the reason why a given route is suppressed. For more information, see List routes for a VPC network.
July 19, 2024
Apigee Advanced API SecurityThe preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents has been temporarily disabled due to a known issue. We will announce in a release note when the functionality is re-enabled.
Regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, cross-region internal proxy Network Load Balancers, and regional external proxy Network Load Balancers support IPv4 and IPv6 (dual-stack) backends.
Ingress IPv4 traffic can now be proxied over an IPv4 or IPv6 connection to the IPv4 and IPv6 (dual-stack) backends.
The following backends support dual stack:
- VM instance group
- Zonal NEGs (GCE_VM_IP_PORT)
You can now convert the load balancers from IPv4 based deployments to dual stack (IPv4 and IPv6) deployments.
For details, see:
This feature is available in Preview.
The permissions required to use saved and recent queries have changed. You can also define a location in your default resource settings where saved and recent queries are saved. This location must align with your organization policy.
You can now use Extended Events (XEvents) on your Cloud SQL for SQL Server instance to monitor, identify, and troubleshoot the performance of the databases on your instance.
New Dataproc Serverless for Spark runtime versions:
- 1.1.72
- 1.2.16
- 2.0.80
- 2.2.16
Note: Dataproc Serverless for Spark runtime versions 1.1.71, 1.2.15, 2.0.79, and 2.2.15 were not released.
VMware Engine ve2-standard-128
node type is generally available in us-central1
region. For more information on the node type, see Node types. To use the node type in us-central1
region, contact your Google account team.
Vertex AI Search: Multi-step retrieval for answer (GA)
For the answer
method, multi-step retrieval using multi-step (ReAct) reasoning is Generally available (GA).
For information about this feature, see Query rephrasing and Search and answer (specify maximum steps).
July 18, 2024
Anthos clusters on AWSThe following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26921
For more details, see the GCP-2024-043 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26921
For more details, see the GCP-2024-043 security bulletin.
Generally Available: Rule-based custom messages for Chrome Enterprise Premium
You can now specify a custom warning message when creating Chrome DLP rules. These messages are shown to end users when their actions are blocked as a result of a rule triggering in Chrome. To learn more, see Use Chrome Enterprise Premium to integrate DLP with Chrome.
Generally Available: Chrome OCR for Chrome Enterprise Premium
You can now scan text in image (BMP, GIF, JPEG, PNG, and TIFF) files and images in PDFs for sensitive content with optical character recognition (OCR). To learn more, see Use Chrome Enterprise Premium to integrate DLP with Chrome.
Generally Available: Generative AI URL Category for Chrome Enterprise Premium
You can now use the Generative AI URL category when creating Chrome DLP rules. This category is assigned to websites that use AI to create new content, like text, images, music, audio, and videos.
The following BigQuery migration assessment features are now generally available (GA):
- When you run a migration assessment, the migration assessment now automatically creates a BigQuery dataset to store the assessment results. You can also choose to store assessment results in an existing empty dataset or manually create a dataset with a custom name.
- While a migration assessment is running, you can view the assessment report with partial data. You can also view its progress and estimated completion time in the status icon tooltip.
- You can view more information and errors about a migration assessment in the assessment details page.
Information about excluded Cloud Storage objects in the environment's bucket is no longer logged. This change reduces the usage of the Storage API during the synchronization of DAG files, which improves the performance of Airflow components and results in fewer Airflow component restarts. The change will gradually become available in all Cloud Composer environments.
Cloud Data Fusion versions 6.9 and later store pipeline run records for 30 days by default. For more information, see View run records.
You can now disable the default run.app
URL for your Cloud Run services (Preview).
You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.
You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.
You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.
As of Dataform Core 3.0.0.
,
Dataform doesn't distribute a Docker image. You can build your own
Docker image of Dataform, which you can use to run the equivalent of Dataform CLI commands. To build your own Docker image, see Containerize an application
in the Docker documentation.
New Dataproc on Compute Engine subminor image versions:
- 2.0.112-debian10, 2.0.112-rocky8, 2.0.112-ubuntu18
- 2.1.60-debian11, 2.1.60-rocky8, 2.1.60-ubuntu20, 2.1.60-ubuntu20-arm
- 2.2.26-debian12, 2.2.26-rocky9, 2.2.26-ubuntu22
For custom extractor with generative AI, model pretrained-foundation-model-v1.1-2024-03-12
provides fine-tuning for US/EU in Public preview. For more information about custom extractor models, see Custom extractor model versions.
When you migrate an existing Google SecOps instance so that it is bound to a Google Cloud project, you can also use auto-generated commands to migrate your existing feature RBAC configuration to IAM permissions and roles. For more information, see Migrate existing permissions to IAM.
When you migrate an existing Google SecOps instance so that it is bound to a Google Cloud project, you can also use auto-generated commands to migrate your existing feature RBAC configuration to IAM permissions and roles. For more information, see Migrate existing permissions to IAM.
Ads Location Extension Fields
The following asset location fields are available in the Google Ads and New Search Ads 360 connectors:
- Asset location address line 1
- Asset location address line 2
- Asset location business name
- Asset location city
- Asset location country code
- Asset location phone number
- Asset location postal code
- Asset location province
Partner Connector launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- Facebook Ads By "DAXRM"
- Pitchbox Daily Outreach Activity By Pitchbox
- Wrike By Windsor.ai
- Cart.com By Windsor.ai
- Metabase By Windsor.ai
- SurveyMonkey By Windsor.ai
- Okta By Windsor.ai
- Chargebee By Windsor.ai
- Mailerlite By Windsor.ai
- Clickup By Windsor.ai
- Courier By Windsor.ai
- Play console connector By Multivariate Tech
- Dynamics 365 By Windsor.ai
- AdRoll By Catchr
New SAP certifications: C3 bare metal machine types
SAP has certified the following Compute Engine bare metal machine types:
c3-highmem-192-metal
for use with SAP HANA OLAP and OLTP workloads.c3-standard-192-metal
andc3-highmem-192-metal
for use with SAP NetWeaver workloads.
For more information, see the following:
Spanner now includes the JSON_ARRAY()
and JSON_OBJECT()
functions for building JSON types in GoogleSQL. For more information, see JSON functions in GoogleSQL.
July 17, 2024
Anthos clusters on AWSThe following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26925
For more details, see the GCP-2024-045 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26925
For more details, see the GCP-2024-045 security bulletin.
The shutdown date for AutoML Tables has changed from Mar 31, 2024 to July 24, 2024.
You can now configure the default storage billing model for new datasets. This feature is generally available (GA).
Airflow 2.9.1 is available in Cloud Composer images and builds. We recommend checking the list of changes in Apache Airflow release notes before upgrading to this version.
(Airflow 2.9.1) Task context logging is disabled, and it is not possible to enable it.
(Airflow 2.9.1) Raw HTML code in DAG docs and DAG parameter descriptions is disabled by default.
(Airflow 2.9.1) Audit log permissions are revoked from all roles except Admin
.
The apache-airflow-providers-google
package was upgraded to version 10.21.0 in Cloud Composer 2 images with Airflow 2.7.3 and 2.9.1, and in all latest Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.18.0 to version 10.21.0.
When installing PyPI packages, if you want your builds to run with a custom service account, you can override the
COMPOSER_AGENT_BUILD_SERVICE_ACCOUNT
environment variable with the chosen service account. For more information, see Install Python dependencies.
New Airflow builds are available in Cloud Composer 3:
- composer-3-airflow-2.9.1-build.0
- composer-3-airflow-2.7.3-build.9
Cloud Composer 2.8.6 images are available:
- composer-2.8.6-airflow-2.9.1
- composer-2.8.6-airflow-2.7.3 (default)
- composer-2.8.6-airflow-2.6.3
Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.7.3 are supported until July 17, 2025.
Cloud Composer version 2.3.4 has reached its end of support period.
You can now use the following optional flags when you export and import files into Cloud SQL instances:
--clean
: if you export files, then this flag enables you to include theDROP <object>
SQL statement that's required to drop (clean) database objects before you import them. If you import files, then this flag enables you to clean database objects before you recreate them.--if-exists
: this flag enables you to include theIF EXISTS
SQL statement with eachDROP
statement that's produced by theclean
flag.
If you import files, then these flags apply only if you use the --parallel
flag. If you export files, then use these flags only if you're not exporting files in parallel.
Version 3.20 is released
All release notes published on this date are part of version 3.20.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
Agent chat adapter redesign
We have redesigned the agent chat adapter to streamline workflows, boost productivity, and improve the agent experience. Here are the highlights:
A new chat details screen where agents can reference information about the end-user and the chat while the chat is active.
An improved chat transfer experience, including:
Separate tabs for agents and queues.
The ability to search by queue.
An expandable chat overview screen where agents can see additional information for each active chat. From this screen, agents can transfer chats, add users to chats, access chat options, and more.
An new action bar that puts an agent's most important actions within easy reach.
New Dataproc Serverless for Spark runtime versions:
- 1.1.70
- 1.2.14
- 2.0.78
- 2.2.14
Granular models for Cloud Armor Adaptive Protection are now Generally Available. For more information, see the Adaptive Protection overview.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26925
For more details, see the GCP-2024-045 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26925
For more details, see the GCP-2024-045 security bulletin.
(2024-R25) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.29.6-gke.1038001 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.13-gke.1070002
- 1.27.13-gke.1201002
- 1.27.14-gke.1059001
- 1.27.15-gke.1154000
- 1.28.10-gke.1058001
- 1.28.11-gke.1170000
- 1.29.4-gke.1043004
- 1.29.5-gke.1091001
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
Stable channel
- Version 1.29.5-gke.1091002 is now the default version in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.13-gke.1201002
- 1.28.9-gke.1289002
- 1.28.10-gke.1058001
- 1.29.4-gke.1043004
- 1.29.5-gke.1091001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
Regular channel
- Version 1.29.6-gke.1038001 is now the default version in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.27.14-gke.1042001
- 1.27.14-gke.1059001
- 1.28.10-gke.1075001
- 1.29.5-gke.1091002
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1019001
- 1.28.11-gke.1170000
- 1.29.6-gke.1254000
- 1.30.2-gke.1447000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
GKE Autopilot now supports opportunistic bursting and lower Pod minimums upon cluster creation or upgrade to 1.30.2-gke.1394000 or later, resolving a previous issue with containerd.
(2024-R25) Version updates
- Version 1.29.6-gke.1038001 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.27.13-gke.1070002
- 1.27.13-gke.1201002
- 1.27.14-gke.1059001
- 1.27.15-gke.1154000
- 1.28.10-gke.1058001
- 1.28.11-gke.1170000
- 1.29.4-gke.1043004
- 1.29.5-gke.1091001
- 1.29.6-gke.1254000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
(2024-R25) Version updates
- Version 1.29.5-gke.1091002 is now the default version in the Stable channel.
- The following versions are no longer available in the Stable channel:
- 1.27.13-gke.1201002
- 1.28.9-gke.1289002
- 1.28.10-gke.1058001
- 1.29.4-gke.1043004
- 1.29.5-gke.1091001
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
(2024-R25) Version updates
- Version 1.29.6-gke.1038001 is now the default version in the Regular channel.
- The following versions are no longer available in the Regular channel:
- 1.27.14-gke.1042001
- 1.27.14-gke.1059001
- 1.28.10-gke.1075001
- 1.29.5-gke.1091002
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
(2024-R25) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.27.15-gke.1154000
- 1.28.11-gke.1019001
- 1.28.11-gke.1170000
- 1.29.6-gke.1254000
- 1.30.2-gke.1447000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
On December 31, 2024, the managed BigQuery data lake for export will not be accessible to Google SecOps customers except for customers in the Enterprise Plus Tier. Enterprise Plus Tier customers will retain access until a replacement is available. Other customers can use their own BigQuery instance to export telemetry data, a feature currently in preview. For more information, see Configure a data export to BigQuery in a self-managed Google Cloud project.
On December 31, 2024, the managed BigQuery data lake for export will not be accessible to Google SecOps customers except for customers in the Enterprise Plus Tier. Enterprise Plus Tier customers will retain access until a replacement is available. Other customers can use their own BigQuery instance to export telemetry data, a feature currently in preview. For more information, see Configure a data export to BigQuery in a self-managed Google Cloud project.
The ARMENIA_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
Preview stage support for the following integration:
Vertex AI Search: Evaluate search quality (Public preview)
Evaluate the search quality of your generic search applications using sample query sets. This lets you assess your search engine's performance, understand potential biases or shortcomings in ranking algorithms, and compare historical evaluation results to understand the impact of changes in your search configuration.
For more information, see Evaluate search quality. This feature is in Public preview.
Private Service Connect backends can be used to reach regional endpoints for supported Google APIs. Regional endpoints replace locational endpoints for Private Service Connect backends.
The list of supported regional endpoints that can be accessed by Private Service Connect endpoints and backends is updated to include additional supported Google APIs and regions.
July 16, 2024
AlloyDB for PostgreSQLCross-region backup location is now generally available (GA).
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26809
For more information, see the GCP-2024-042 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-36972
For more details, see the GCP-2024-044 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26809
For more information, see the GCP-2024-042 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-36972
For more details, see the GCP-2024-044 security bulletin.
On July 16, 2024 we released a new version of the Apigee integrated portal.
This release includes general improvements to performance and availability.
You can now configure an HTTP connector to improve CPU and memory utilization for your App Engine apps. To configure an HTTP connector, include the appengine.use.httpconnector
system property in your appengine-web.xml file. For more information, see Google App Engine Java new performant HTTP connector GitHub page.
When you run a migration assessment for Amazon Redshift, Teradata, or Snowflake, the service also creates a dataset containing only highly aggregated assessment results. This aggregated dataset doesn't contain any query logs; therefore, no personally identifiable information (PII) or business-sensitive information is visible. You can share this dataset with users that are not in your project. This feature is in preview.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.
You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.
Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.
You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.
Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.
You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.
All Colab Enterprise runtimes are automatically configured with a 100 GiB boot disk in addition to the disk specified in the runtime template. Starting July 16, 2024, the boot disk of a newly created Colab Enterprise runtime automatically defaults to an SSD Persistent Disk. Previously, the boot disk default was a Standard Persistent Disk.
Because of this change, default boot disks of Colab Enterprise runtimes are billed as SSD Persistent Disks instead of Standard Persistent Disks. For more information, see Colab Enterprise pricing.
Generally available: C3 bare metal machine types are available in the C3 machine series. Bare metal instances let you create an instance with direct access to the machine's CPU and memory, without a virtualization layer in the middle. With bare metal instances, you can access all the raw compute resources of the server. For more information, see the C3 machine series.
M123 release
- Hugging Face Text Generation Inference 2.1 GPU container images are now available.
M123 release
- TensorFlow 2.16 images are now available.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26921
- CVE-2024-36972
For more details, see the GCP-2024-043 and GCP-2024-044 security bulletins.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26921
For more details, see the GCP-2024-043 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-36972
For more details, see the GCP-2024-044 security bulletin.
Compute flexible committed use discounts (CUDs), previously known as Compute Engine Flexible CUDs, have been expanded to include several GKE Autopilot and Cloud Run SKUs (see the GKE CUD documentation for details). The legacy GKE Autopilot CUD will be removed from sale on October 15, 2024. GKE Autopilot CUDs purchased before this date will continue to apply through their term.
New SAP certification for operating systems
For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system Red Hat Enterprise Linux (RHEL) for SAP 9.4.
For more information about SAP-certified operating systems, see:
Spanner now supports the following PostgreSQL JSONB functions:
jsonb_array_elements()
spanner.bool_array()
spanner.float32_array()
spanner.float64_array()
spanner.int64_array()
spanner.string_array()
For more information, see JSONB functions and Spanner specific JSONB functions.
Spanner now supports the following GoogleSQL JSON functions:
BOOL_ARRAY
: Converts a JSON array of booleans to a SQLARRAY<BOOL>
value.FLOAT32
: Converts a JSON number to a SQLFLOAT32
value.FLOAT32_ARRAY
: Converts a JSON array of numbers to a SQLARRAY<FLOAT32>
value.FLOAT64_ARRAY
: Converts a JSON array of numbers to a SQLARRAY<FLOAT64>
value.INT64_ARRAY
: Converts a JSON array of numbers to a SQLINT64_ARRAY
value.STRING_ARRAY
: Converts a JSON array of strings to a SQLARRAY<STRING>
value.
Spanner now supports the GoogleSQL PDML_MAX_PARALLELISM
statement-level hint. For more information, see Statement hints.
The following are now supported for the INSERT
statement:
INSERT OR UPDATE
andINSERT OR IGNORE
DML statement now supports theTHEN RETURN
clause in GoogleSQL.INSERT…ON CONFLICT
DML statement now supports theRETURNING
clause in PostgreSQL.THEN RETURN
now supports theWITH ACTION
clause in GoogleSQL.
Spanner now supports geo-partitioning (in Preview). You can use geo-partitioning to segment and store rows in your database table across different configurations. For more information, see the Geo-partitioning overview.
M123 release
The M123 release of Vertex AI Workbench user-managed notebooks includes the following:
- Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.
- Fixed a bug for custom container instances using a disabled root.
M123 release
The M123 release of Vertex AI Workbench instances includes the following:
- Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.
July 15, 2024
Application IntegrationYou can now share custom connectors between different Google Cloud projects by exporting and importing the connector specification. This feature is in preview.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigtable
5.1.1 (2024-07-11)
Bug Fixes
Java
Changes for google-cloud-bigtable
2.40.0 (2024-06-28)
Features
Bug Fixes
- Add getServiceName() to EnhancedBigTableStubSettings (#2256) (da703db)
- Remove grpclb (#2033) (7355375)
Dependencies
It is no longer possible to create Cloud Composer 1 environments in Google Cloud console. It's still possible to create Cloud Composer 1 environments through Google Cloud SDK, Terraform, and API in projects that support creating new Cloud Composer 1 environments.
The Cloud Storage Copy/Move plugin version 0.23.2, which is bundled with Google Cloud Platform plugin, is available in Cloud Data Fusion versions 6.10.0 and later. The release lets you use a wildcard character (*
) in the source path to copy and move multiple files. For example, the source path gs://demo0/prod/reports/*.csv
copies and moves all CSV files in the reports
directory (PLUGIN-698).
Compute flexible committed use discounts are now available for Cloud Run services with CPU always allocated, and Cloud Run jobs. A single flexible commitment covers eligible spend across Compute Engine, GKE, and Cloud Run. For more information, see Committed use discounts.
A weekly digest of client library updates from across the Cloud SDK.
Compute flexible committed use discounts (CUDs)—previously known as Compute Engine flexible CUDs—have been expanded to also cover your Cloud Billing account's spend across Google Kubernetes Engine (GKE) and Cloud Run. A single flexible commitment covers your eligible spend across all three services. For more information, see Compute flexible CUDs.
To learn about how flexible CUDs apply to the other services, see the following:
Generally available: You can limit the run time of VMs, which automatically stops or deletes a VM after a specific time or duration. Limiting your VMs' run times can help you optimize temporary workloads by minimizing costs and releasing quota. For more information, see Limit the run time of a VM and Limit the runtime of VMs in a MIG.
Config Controller now uses the following versions of its included products:
- Config Connector v1.120.1, release notes
- Config Sync v1.18.2, release notes
Mobile SDK 2.8 is released
Mobile SDK 2.8 includes the following update: added support for landscape mode.
For more information, see the following:
cos-dev-117-18555-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.37 | v24.0.9 | v2.0.0rc2 | See List |
Upgrade fluent-bit to v3.0.6.
Upgraded app-admin/node-problem-detector to v0.8.19.
Upgraded app-containers/cni-plugins to v1.5.1.
Upgraded app-admin/google-guest-configs to v20240607.00.
Added support for TPU v6 devices.
Upgraded chromeos-base/session_manager-client to v0.0.1-r2792.
Upgraded chromeos-base/update_engine-client to v0.0.1-r2437.
Upgraded sys-apps/dbus to v1.14.10-r192.
Upgraded chromeos-base/shill-client to v0.0.1-r4577.
Upgraded chromeos-base/debugd-client to v0.0.1-r2703.
Upgraded chromeos-base/power_manager-client to v0.0.1-r2937.
Upgraded chromeos-base/minijail to v18-r142.
Upgraded chromeos-base/chromeos-common-script to v0.0.1-r633.
Upgraded dev-embedded/libftdi to v1.5-r7.
Upgraded sys-apps/pv to v1.8.10.
Upgraded net-dns/c-ares to v1.31.0.
Upgraded app-admin/logrotate to v3.22.0.
Upgraded dev-python/pygobject to v3.46.0-r1.
Upgraded dev-db/sqlite to v3.46.0.
Upgraded dev-libs/nss to v3.101.
Upgraded sys-apps/hwdata to v0.383.
Upgraded net-misc/rsync to v3.3.0.
Upgraded sys-apps/findutils to v4.10.0.
Upgraded sys-libs/libseccomp to v2.5.5-r1.
Upgraded net-misc/curl to v8.8.0-r1.
Upgraded sys-apps/ethtool to v6.9.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.
Updated cos-gpu-installer to v2.3.5.
Added the package revision number to the SSH banner in net-misc/openssh.
Fixed glibc-2.36 build errors in sys-boot/syslinux.
Upgraded dev-lang/go to v1.22.4. This fixes CVE-2024-24790 and CVE-2024-24789.
Fixed CVE-2024-35195 in dev-python/requests.
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
- Changed: fs.file-max: 811785 -> 811776
cos-109-17800-218-76
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Upgraded app-editors/vim to v9.1.0470, Upgraded app-editors/vim-core to v9.1.0470.
Upgraded sys-apps/grep to v3.11-r1.
Upgraded sys-apps/dmidecode to v3.6.
Upgraded net-misc/rsync to v3.2.7-r4.
Upgraded sys-apps/ethtool to v6.9.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded sys-apps/sed to v4.9-r1.
Upgraded app-admin/logrotate to v3.22.0.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.
Upgraded sys-process/lsof to v4.99.3.
Upgraded sys-apps/file to v5.45-r4.
Upgraded dev-libs/libusb to v1.0.27-r1.
Upgraded net-misc/curl to v8.8.0-r1.
Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.
Added the package revision number to the SSH banner in net-misc/openssh.
Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.
Fixed CVE-2024-36978 in the Linux kernel.
cos-105-17412-370-75
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.256.02(default),v550.90.07(latest) |
Upgraded app-admin/logrotate to v3.22.0.
Upgraded dev-libs/libusb to v1.0.27-r1.
Upgraded sys-apps/dmidecode to v3.6.
Upgraded sys-apps/grep to v3.11-r1.
Upgraded app-shells/dash to v0.5.12.
Upgraded sys-apps/attr to v2.5.2-r1.
Upgraded sys-apps/diffutils to v3.10.
Upgraded net-dns/libidn2 to v2.3.7.
Upgraded net-misc/wget to v1.21.4.
Upgraded app-misc/mime-types to v2.1.54.
Upgraded net-analyzer/netcat to v110.20180111-r2.
Updated cos-gpu-installer to v2.3.5.
Added the package revision number to the SSH banner in net-misc/openssh.
Fixed CVE-2024-24790 and CVE-2024-24789 in dev-lang/go.
Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.
Fixed CVE-2024-36978 in the Linux kernel.
cos-113-18244-85-54
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Updated cos-gpu-installer to v2.3.5.
Added the package revision number to the SSH banner in net-misc/openssh.
Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.
Fixed CVE-2024-36978 in the Linux kernel.
cos-101-17162-463-58
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
Updated cos-gpu-installer to v2.3.5.
Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.
Fixed CVE-2024-36978 in the Linux kernel.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.10 (2024-07-10)
Bug Fixes
- dataflow: Bump google.golang.org/[email protected] (8ecc4e9)
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
For more details, see the GCP-2024-042 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26809
For more details, see the GCP-2024-042 security bulletin.
The third-party API feed Symantec Event Export
has been discontinued due to the deprecation of Symantec Event Export API. To ingest data, use a Cloud Storage bucket. For more information, see Add a feed.
The third-party API feed Symantec Event Export
has been discontinued due to the deprecation of Symantec Event Export API. To ingest data, use a Cloud Storage bucket. For more information, see Add a feed.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.13.4 (2024-07-10)
Bug Fixes
- secretmanager: Bump google.golang.org/[email protected] (8ecc4e9)
Vertex AI Search: Rotation of CMEK keys, which protect data stores (Private preview)
Customer-managed encryption keys (CMEK) for data stores associated with search apps can be rotated.
Don't rotate keys for data stores associated with recommendations apps. Also, if you rely on analytics, don't rotate keys.
Key rotation is available in Private preview. For information about rotating CMEK keys to protect Vertex AI Agent data stores, see Customer-managed encryption keys.
July 14, 2024
Vertex AI VisionModel output visualization tool in vaictl
You can now visualize model output using the vaictl
command line tool available through the Vertex AI Vision SDK. This visualization combines real-time video streams with annotations and statistics generated by Vertex AI Vision models. This feature lets you better understand model output by visualizing output information over your video stream.
Features:
- Visualize command added to
vaictl
command-line tool. - Support added to visualize Occupancy Analytics model annotations.
For more information, see Visualize model output.
Motion filtering - motion detection zone
You can now specify zones for motion detection, or areas to omit from motion detection. For more information, see the motion filtering guide.
July 13, 2024
Google SecOpsPython 2.7 is being deprecated and will be fully removed on October 13, 2024.
For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.
Support for Python 3.11: Google SecOps now supports Python 3.11 in all the certified integrations. This feature is in General Availability.
IDE Staging mode: A staging mode has been added to the IDE where you can test certified and custom integrations as well as custom items. The staging mode acts as a sandbox where you can test the new Python 3.11 code or any upgraded integration before pushing to production. For more information, refer to Test integrations in staging mode. This feature is in General Availability.
Python 2.7 is being deprecated and will be fully removed on October 13, 2024.
For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.
Support for Python 3.11: Google SecOps now supports Python 3.11 in all the certified integrations. This feature is in General Availability.
IDE Staging mode: A staging mode has been added to the IDE where you can test certified and custom integrations as well as custom items. The staging mode acts as a sandbox where you can test the new Python 3.11 code or any upgraded integration before pushing to production. For more information, refer to Test integrations in staging mode. This feature is in General Availability.
July 12, 2024
Access ApprovalAccess Approval supports Dataform in the GA stage.
Deployments for new projects might be impacted from the following changes to org policies:
- Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy
prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default. - Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change, you can do the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Grant the Editor role to the App Engine default service account.
Deployments for new projects might be impacted from the following changes to org policies:
- Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy
prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default. - Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change, you can do the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Grant the Editor role to the App Engine default service account.
Deployments for new projects might be impacted from the following changes to org policies:
- Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy
prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default. - Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change, you can do the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Grant the Editor role to the App Engine default service account.
Deployments for new projects might be impacted from the following changes to org policies:
- Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy
prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default. - Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change, you can do the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Grant the Editor role to the App Engine default service account.
Deployments for new projects might be impacted from the following changes to org policies:
- Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy
prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default. - Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change, you can do the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Grant the Editor role to the App Engine default service account.
Deployments for new projects might be impacted from the following changes to org policies:
- Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy
prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default. - Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change, you can do the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Grant the Editor role to the App Engine default service account.
Deployments for new projects might be impacted from the following changes to org policies:
- Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy
prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default. - Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change, you can do the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Grant the Editor role to the App Engine default service account.
Deployments for new projects might be impacted from the following changes to org policies:
- Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy
prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default. - Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change, you can do the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Grant the Editor role to the App Engine default service account.
Deployments for new projects might be impacted from the following changes to org policies:
Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default.Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change you can do one of the following:
Grant the Editor role to the App Engine default service account.
Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
Deployments for new projects might be impacted from the following changes to org policies:
Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default.Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change you can do one of the following:
Grant the Editor role to the App Engine default service account.
Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
Deployments for new projects might be impacted from the following changes to org policies:
Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default.Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change you can do one of the following:
Grant the Editor role to the App Engine default service account.
Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
Deployments for new projects might be impacted from the following changes to org policies:
Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default.Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change you can do one of the following:
Grant the Editor role to the App Engine default service account.
Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
Deployments for new projects might be impacted from the following changes to org policies:
Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default.Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change you can do one of the following:
Grant the Editor role to the App Engine default service account.
Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
Deployments for new projects might be impacted from the following changes to org policies:
Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the
Editor
role to the App Engine default services accounts by default.Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.
If you are impacted by this change you can do one of the following:
Grant the Editor role to the App Engine default service account.
Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
Preview: Hyperdisk Balanced High Availability provides cross-zonal, synchronous replication for your disk data, offering the best set of options for RPO, RTO, and performance.
New Dataproc on Compute Engine subminor image versions:
- 2.0.111-debian10, 2.0.112-rocky8, 2.0.112-ubuntu18
- 2.1.59-debian11, 2.1.60-rocky8, 2.1.60-ubuntu20, 2.1.60-ubuntu20-arm
- 2.2.25-debian12, 2.2.26-rocky9, 2.2.26-ubuntu22
Release 6.3.10 is now in General Availability.
Single-zone instances are now Generally Available on Memorystore for Redis Cluster.
Spanner now supports dual-region instance configurations in Australia, Germany, India, and Japan. Dual-region configurations let you replicate data in multiple zones across two regions in a single country. This helps you meet your data residency requirements, while taking advantage of 99.999% availability. For more information, see Dual-region configurations.
Spanner now supports the approximate nearest neighbor (ANN) distance functions (APPROX_COSINE_DISTANCE()
, APPROX_EUCLIDEAN_DISTANCE()
, and APPROX_DOT_PRODUCT()
) in the GoogleSQL dialect (in Preview). If you have tables with a large amount of unstructured data that can be represented as vector data, you can create a vector index using DDL statements and accelerate similarity searches and nearest neighbor queries using standard SQL using these functions without having to copy the data into a separate system. For more information, see Find approximate nearest neighbors to index and query vector embeddings in Spanner.
July 11, 2024
Anti Money Laundering AIA new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:
- Additional data validation errors with more granular checks and corresponding actionable error messages
- Improved accuracy and better descriptions for existing data validation checks
- A fix for processing of alert events in the Risk Case Event table
- Improved reliability of training, prediction, and backtesting operations for very large datasets (greater than 20 million parties)
- Reduction in the time taken for tuning when creating an engine config
On July 11, 2024, we released an updated version of Apigee (1-12-0-apigee-8).
This release addresses the security concerns in GCP-2024-032 from Google Anthos Service Mesh.
Bug ID | Description |
---|---|
330175485 | Security fix for apigee-ingress. This addresses the following vulnerabilities: |
Bug ID | Description |
---|---|
N/A | Updated libraries and infrastructure. |
The following Connector Event triggers are generally available:
Generally available: Chrome Enterprise Premium watermarking
You can now display a custom watermark on web pages that match the data protection rules that you set. For more information, see Display watermark on certain webpages.
You can now use EXPORT DATA statements to reverse ETL BigQuery data to Spanner. This feature is in preview.
Starting in July 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying functions for the first time may be using a default Cloud Build service account with insufficient permissions for building a function. If you are impacted by this change you can do one of the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Add the Cloud Build Service Account role (
roles/cloudbuild.builds.builder
) to the default Compute Service Account. - Create a custom build service account for function deployments.
Starting July 2024, Cloud Build changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change documentation. As a result of this change, new projects deploying to Cloud Run from source code for the first time may be using a default Cloud Build service account with insufficient permissions for deploying from source.
If you are impacted by this change, you can do one of the following:
- Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
- Grant the Cloud Build Service Account (
roles/cloudbuild.builds.builder
) role to the Compute Engine default service account.
You can now specify Frankfurt (europe-west3) and Zürich (europe-west6) as a predefined dual-region pairing. For more information, see Predefined dual-regions.
You can only create on-demand reservations of A3 VMs if you create specifically targeted reservations. This restriction doesn't affect reservations that were created before July 11, 2024, which you can continue to consume based on their consumption type.
For more information, see the following pages:
You can now use the Dataflow job builder UI to create and run Dataflow pipelines in the Google Cloud console, without writing any code. This feature is generally available (GA).
New Dataproc Serverless for Spark runtime versions:
- 1.1.69
- 1.2.13
- 2.0.77
- 2.2.13
Vertex AI Agents: Agent apps now provide generative settings for input token limit, output token limit, and temperature.
Added missing release notes for ve2-standard-128
availability in australia-southeast1
region
Pro feature: Gemini in Looker public preview features
The following Gemini in Looker features are now available in Public Preview:
- Create calculated fields: Create custom fields and calculations in Looker Studio without prerequisite knowledge or experience with Looker Studio formula language.
- Add Looker Studio content to Google Slides: Import components from your Looker Studio reports into a Google Slides presentation.
Learn more about Gemini in Looker and how to enable it in Looker Studio.
Partner Connector launch update
The following partner connectors have been added to the Looker Studio Connector Gallery:
- Typeform By Windsor.ai
- Google Search Console By Catchr
- Clockify By Windsor.ai
- GitLab By Windsor.ai
- AppFollow By Windsor.ai
- Monday By Windsor.ai
- Agorapulse Social Analytics By Agorapulse
- Oktopost By Oktopost
- LinkedIn Business Manager By Power My Analytics
- Facebook Insights By Doodlytics
- Instagram Insights By Doodlytics
- Facebook Ads Insights By Doodlytics
- Pardot By Catchr
- ConvertKit By Windsor.ai
- Delighted By Windsor.ai
- Everhour By Windsor.ai
- Linnworks By Windsor.ai
- s.i.m.b.a Google Ads By s.i.m.b.a
- s.i.m.b.a Google Analytics By s.i.m.b.a
- s.i.m.b.a LinkedIn Page By Simba
- s.i.m.b.a LinkedIn Ads By s.i.m.b.a
- MINT ARM By MINT
- WooCommerce By Windsor.ai
- Bing Webmaster Tool By Catchr
Search Ads 360 connector deprecation complete
The Search Ads 360 connector deprecation that was announced on April 2, 2024 is complete. Please use the New Search Ads 360 connector.
You can now use EXPORT DATA
statements to reverse ETL BigQuery data to Spanner. This feature is in Preview.
reCAPTCHA for WAF integration with Akamai is now available in Preview. For more information, see Integrate reCAPTCHA for WAF with Akamai .
July 10, 2024
AlloyDB for PostgreSQLSupport for querying exported Cloud Billing data using resource-level tags and resource names is now generally available (GA).
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
.NET version 3 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of .NET.
Go version 1.19 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Go.
Node.js version 16 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Node.js.
PHP version 7.4 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of PHP.
Python version 3.7 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Python.
Ruby version 3.1 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Ruby.
You can now view granular AlloyDB for PostgreSQL usage in the Cloud Billing Detailed export to BigQuery
You can now view granular AlloyDB for PostgreSQL cluster, instance, and backup data in the Google Cloud Billing detailed export. Use the resource.global_name
and resource.name
fields in the export to view and filter your detailed AlloyDB cluster, instance, and backup usage.
Tags data for AlloyDB for PostgreSQL cluster, instance, and backup usage is available in both the Standard usage cost export and the Detailed usage cost export.
To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see about tags and query examples with tags.
Datastream is now available in the us-east5
(Columbus) region. For the list of all available regions, see IP allowlists and regions.
We've made the following changes to Cloud Marketplace partner reports:
- We've added a new field,
extraordinary_payment_note
, to the detailed disbursement report. - If an extraordinary payment is issued, the disbursements report includes a new row that contains information about it, including metadata to track the payment.
- The customer insights report includes two new fields,
marketplace_fee_amount
and marketplace_fee_percent`.
(2024-R24) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.29.5-gke.1091002 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.15-gke.1090000
- 1.26.15-gke.1090004
- 1.26.15-gke.1191000
- 1.26.15-gke.1191001
- 1.26.15-gke.1300000
- 1.26.15-gke.1300001
- 1.26.15-gke.1320000
- 1.26.15-gke.1320002
- 1.26.15-gke.1381000
- 1.26.15-gke.1381001
- 1.26.15-gke.1390000
- 1.26.15-gke.1390001
- 1.26.15-gke.1404000
- 1.26.15-gke.1404002
- 1.26.15-gke.1469000
- 1.26.15-gke.1469001
- 1.27.11-gke.1062004
- 1.27.13-gke.1070000
- 1.27.13-gke.1166000
- 1.27.13-gke.1166001
- 1.27.13-gke.1201000
- 1.27.14-gke.1022000
- 1.27.14-gke.1022001
- 1.27.14-gke.1042000
- 1.27.14-gke.1059000
- 1.27.14-gke.1100000
- 1.27.14-gke.1100002
- 1.27.15-gke.1012000
- 1.27.15-gke.1012003
- 1.28.9-gke.1000000
- 1.28.9-gke.1069000
- 1.28.9-gke.1069002
- 1.28.9-gke.1209000
- 1.28.9-gke.1209001
- 1.28.9-gke.1289000
- 1.28.10-gke.1058000
- 1.28.10-gke.1075000
- 1.28.10-gke.1089000
- 1.28.10-gke.1089002
- 1.28.10-gke.1148000
- 1.28.10-gke.1148001
- 1.28.11-gke.1019000
- 1.29.4-gke.1043002
- 1.29.5-gke.1060000
- 1.29.5-gke.1060001
- 1.29.5-gke.1091000
- 1.29.6-gke.1038000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
Stable channel
- Version 1.28.9-gke.1289002 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.15-gke.1090000
- 1.26.15-gke.1090004
- 1.26.15-gke.1191000
- 1.26.15-gke.1191001
- 1.26.15-gke.1300000
- 1.26.15-gke.1300001
- 1.27.13-gke.1070000
- 1.27.13-gke.1070002
- 1.27.13-gke.1166000
- 1.27.13-gke.1166001
- 1.27.13-gke.1201000
- 1.28.9-gke.1069000
- 1.28.9-gke.1069002
- 1.28.9-gke.1209000
- 1.28.9-gke.1209001
- 1.28.9-gke.1289000
- 1.29.4-gke.1043002
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
Regular channel
- Version 1.29.5-gke.1091002 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.15-gke.1320000
- 1.26.15-gke.1320002
- 1.26.15-gke.1381000
- 1.26.15-gke.1381001
- 1.26.15-gke.1390000
- 1.26.15-gke.1390001
- 1.27.13-gke.1201000
- 1.27.13-gke.1201002
- 1.27.14-gke.1022000
- 1.27.14-gke.1022001
- 1.27.14-gke.1042000
- 1.28.9-gke.1289000
- 1.28.9-gke.1289002
- 1.28.10-gke.1058000
- 1.28.10-gke.1058001
- 1.28.10-gke.1075000
- 1.29.4-gke.1043002
- 1.29.4-gke.1043004
- 1.29.5-gke.1060000
- 1.29.5-gke.1060001
- 1.29.5-gke.1091000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
Rapid channel
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1404000
- 1.26.15-gke.1404002
- 1.26.15-gke.1469000
- 1.26.15-gke.1469001
- 1.27.14-gke.1059000
- 1.27.14-gke.1100000
- 1.27.14-gke.1100002
- 1.27.15-gke.1012000
- 1.27.15-gke.1012003
- 1.28.10-gke.1089000
- 1.28.10-gke.1089002
- 1.28.10-gke.1148000
- 1.28.10-gke.1148001
- 1.28.11-gke.1019000
- 1.29.5-gke.1091000
- 1.29.5-gke.1091002
- 1.29.6-gke.1038000
- 1.30.1-gke.1329000
- 1.30.2-gke.1023000
- 1.30.2-gke.1023004
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
(2024-R24) Version updates
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1404000
- 1.26.15-gke.1404002
- 1.26.15-gke.1469000
- 1.26.15-gke.1469001
- 1.27.14-gke.1059000
- 1.27.14-gke.1100000
- 1.27.14-gke.1100002
- 1.27.15-gke.1012000
- 1.27.15-gke.1012003
- 1.28.10-gke.1089000
- 1.28.10-gke.1089002
- 1.28.10-gke.1148000
- 1.28.10-gke.1148001
- 1.28.11-gke.1019000
- 1.29.5-gke.1091000
- 1.29.5-gke.1091002
- 1.29.6-gke.1038000
- 1.30.1-gke.1329000
- 1.30.2-gke.1023000
- 1.30.2-gke.1023004
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.
(2024-R24) Version updates
- Version 1.28.9-gke.1289002 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.26.15-gke.1090000
- 1.26.15-gke.1090004
- 1.26.15-gke.1191000
- 1.26.15-gke.1191001
- 1.26.15-gke.1300000
- 1.26.15-gke.1300001
- 1.27.13-gke.1070000
- 1.27.13-gke.1070002
- 1.27.13-gke.1166000
- 1.27.13-gke.1166001
- 1.27.13-gke.1201000
- 1.28.9-gke.1069000
- 1.28.9-gke.1069002
- 1.28.9-gke.1209000
- 1.28.9-gke.1209001
- 1.28.9-gke.1289000
- 1.29.4-gke.1043002
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
(2024-R24) Version updates
- Version 1.29.5-gke.1091002 is now the default version.
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.15-gke.1090000
- 1.26.15-gke.1090004
- 1.26.15-gke.1191000
- 1.26.15-gke.1191001
- 1.26.15-gke.1300000
- 1.26.15-gke.1300001
- 1.26.15-gke.1320000
- 1.26.15-gke.1320002
- 1.26.15-gke.1381000
- 1.26.15-gke.1381001
- 1.26.15-gke.1390000
- 1.26.15-gke.1390001
- 1.26.15-gke.1404000
- 1.26.15-gke.1404002
- 1.26.15-gke.1469000
- 1.26.15-gke.1469001
- 1.27.11-gke.1062004
- 1.27.13-gke.1070000
- 1.27.13-gke.1166000
- 1.27.13-gke.1166001
- 1.27.13-gke.1201000
- 1.27.14-gke.1022000
- 1.27.14-gke.1022001
- 1.27.14-gke.1042000
- 1.27.14-gke.1059000
- 1.27.14-gke.1100000
- 1.27.14-gke.1100002
- 1.27.15-gke.1012000
- 1.27.15-gke.1012003
- 1.28.9-gke.1000000
- 1.28.9-gke.1069000
- 1.28.9-gke.1069002
- 1.28.9-gke.1209000
- 1.28.9-gke.1209001
- 1.28.9-gke.1289000
- 1.28.10-gke.1058000
- 1.28.10-gke.1075000
- 1.28.10-gke.1089000
- 1.28.10-gke.1089002
- 1.28.10-gke.1148000
- 1.28.10-gke.1148001
- 1.28.11-gke.1019000
- 1.29.4-gke.1043002
- 1.29.5-gke.1060000
- 1.29.5-gke.1060001
- 1.29.5-gke.1091000
- 1.29.6-gke.1038000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
(2024-R24) Version updates
- Version 1.29.5-gke.1091002 is now the default version in the Regular channel.
- The following versions are now available in the Regular channel:
- The following versions are no longer available in the Regular channel:
- 1.26.15-gke.1320000
- 1.26.15-gke.1320002
- 1.26.15-gke.1381000
- 1.26.15-gke.1381001
- 1.26.15-gke.1390000
- 1.26.15-gke.1390001
- 1.27.13-gke.1201000
- 1.27.13-gke.1201002
- 1.27.14-gke.1022000
- 1.27.14-gke.1022001
- 1.27.14-gke.1042000
- 1.28.9-gke.1289000
- 1.28.9-gke.1289002
- 1.28.10-gke.1058000
- 1.28.10-gke.1058001
- 1.28.10-gke.1075000
- 1.29.4-gke.1043002
- 1.29.4-gke.1043004
- 1.29.5-gke.1060000
- 1.29.5-gke.1060001
- 1.29.5-gke.1091000
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
Release 6.3.11 is currently in Preview.
Case tag filter pagination is not working in cases page (ID #339581969)
Issues when testing SOAR Webhooks for ingestion. (ID #51862016)
Looker 24.12 includes the following changes, features, and fixes:
Expected Looker (original) deployment start: Monday, July 15, 2024
Expected Looker (original) final deployment and download available: Thursday, July 25, 2024
Expected Looker (Google Cloud core) deployment start: Monday, July 15, 2024
Expected Looker (Google Cloud core) final deployment: Monday, July 29, 2024
A LookML validator error, which catches illegal sql_trigger
values in models with parameterized connections, has been added.
The Chart Config Editor now supports the following pie chart legend properties: align
, verticalAlign
, and layout
.
Admins can now edit groups and roles for users who only have API keys.
When a file or folder is created, updated, or accessed in the Looker IDE, Looker now displays a loading indicator.
A new Explore from Here icon now appears on dashboard tiles and lets dashboard viewers explore a tile's data in one click. Note: This feature will be released in late July. Update: Because of a code freeze during the Olympics, this feature will be released in mid-August.
Looker now supports Databricks Unity Catalog. When you create a Databricks connection in Looker, you can define the Databricks catalog in which Looker will run queries.
For LookML projects that are configured with the Use Legacy Runtime feature, the LookML Validator may return an information-level alert that the legacy runtime is being deprecated. We recommend that you migrate LookML projects to the new LookML runtime.
A new Create button in the main navigation panel lets users create dashboards, boards, LookML models, and database connections. To view the button, users must have the permissions to create dashboards, models, or connections. Note: This feature will be released in late July. Update: Because of a code freeze during the Olympics, this feature will be released in mid-August.
An issue has been fixed where filter values with a special character and a trailing space would filter out valid results. This feature now performs as expected.
An issue has been fixed where Aurora MySQL connections that do not provide the lookerFailover
parameter in the Additional JDBC parameters setting would fail to connect. This feature now performs as expected.
The LookML validator will now return an error if a sql_distinct_key
is used in a field type that does not support it.
An issue where PDT overrides could not be toggled off in some situations has been fixed. This feature now performs as expected.
An issue was causing tooltips on timeline visualizations to not respect timezone conversion settings. This feature now performs as expected.
Rendering for dashboards that include special characters in their titles has been fixed. This feature now performs as expected.
Query results that contained characters that aren't in the UTF-8 character set could cause queries to fail. This feature now performs as expected.
Previously, extra filter suggestions queries would run when a filter was removed in an Explore. This feature now performs as expected.
An issue was causing the LookML validator to return an incorrect error for an improperly formed value format string. This feature now performs as expected.
An issue was causing visualization formats to round incorrectly. This feature now performs as expected.
Previously, some Looks had a null Look ID in System Activity Explores. This feature now performs as expected.
An issue was causing Looker to sometimes incorrectly generate date literals for Postgres queries. This feature now performs as expected.
Previously, queries could not be sorted on date fields in specific situations. This feature now performs as expected.
Previously, user attribute values that contained certain special characters could not be saved. This feature now performs as expected.
An issue was causing Looker to generate incorrect join SQL for circular join references. This feature now performs as expected.
Previously, drill-downs didn't work properly in some map visualizations. This feature now performs as expected.
An issue with the Closed System option allowed the name of the user who created or updated a dashboard last to be viewed by users who weren't in the same group. This feature now performs as expected.
OpenJDK 8 is no longer supported. Self-hosted customers must upgrade to OpenJDK 11.
A new Labs feature, Delegate Schedule Management, introduces the manage_schedules
permission. This permission lets users reassign and delete schedules on the Schedules page for the models that they can access.
If a Looker instance does not yet have any Looks or dashboards, the Looker homepage now shows sample dashboards. Note: This feature will be released in late July. Update: Because of a code freeze during the Olympics, this feature will be released in mid-August.
Looker (Google Cloud core) now supports connections to Teradata databases.
Terraform samples are now available for creating clusters and topics. For more information, see Provision Apache Kafka for BigQuery resources with Terraform.
The Migrate Connector, the virtual appliance used to connect VMware sources to Migrate to Virtual Machines, is exposed to a security vulnerability on SSHD (CVE-2024-6387). Migrate Connector version 2.6.2497 has been released to mitigate this issue and is being gradually rolled out. For information, see the GCP-2024-040 security bulletin.
Vertex AI Search: Edit the schema for structured data on import (Public preview)
When you create a data store by importing structured data from BigQuery or Cloud Storage, you can review and edit the schema before you import the data. This saves time over the alternative method of importing the data first and subsequently editing the schema.
This feature is available in Public preview and applies to generic and media data stores. To try this feature for healthcare data stores, contact your Google account team and ask for access to the Private preview.
Vertex AI Search: Bring your own schema for media data stores (Public preview)
Previously, all media data stores had to follow a JSON schema for media predefined by Google. However, now you can use your own JSON schema for media data, provided that you map fields in your schema to the key properties: category
, media_available_time
, media_duration
, title
, and uri
.
This feature is in Public preview.
Vertex AI Search: Media app creation (Public preview)
Media data stores can be created directly from the Data Stores page.
This is an alternative to the method where you create a media data store as part of the app creation workflow.
This feature is available in Public preview.
July 09, 2024
AlloyDB for PostgreSQLThe extension pgvector
is updated to version 0.7.0.
Performing a switchover with zero data loss in cross-region replication setups, to test disaster recovery (DR) or to perform workload migration, is now generally available (GA).
Updated: Limit on number of basepaths per environment
Apigee is raising the temporary limit of 1000 basepaths per environment to avoid potential failures when deploying API proxy revisions.
While this limit is in place, you can deploy up to 1000 API proxy revisions (each containing a single basepath) per environment. If your API proxies or revisions contain more than one basepath, the total number of basepaths per environment must not exceed 1000.
To track the status of this issue, see Apigee Known Issues.
The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.
- Google Kubernetes Engine
admissionregistration.k8s.io/MutatingWebhookConfiguration
apps.k8s.io/DaemonSet
apps.k8s.io/StatefulSet
batch.k8s.io/CronJob
extensions.k8s.io/DaemonSet
k8s.io/PersistentVolume
k8s.io/PersistentVolumeClaim
k8s.io/PodTemplate
k8s.io/ReplicationController
k8s.io/ResourceQuota
policy.k8s.io/PodDisruptionBudget
storage.k8s.io/StorageClass
gateway.networking.k8s.io/Gateway
gateway.networking.k8s.io/GatewayClass
gateway.networking.k8s.io/HTTPRoute
Cloud Build users can connect to Bitbucket Cloud and Bitbucket Data Center hosts and add repositories with the Terraform provider for Google Cloud.
To learn more, see Connect to a Bitbucket Cloud host and Connect to a Bitbucket Data Center host.
A new Airflow build is available in Cloud Composer 3:
- composer-3-airflow-2.7.3-build.8
Cloud Composer 2.8.5 images are available:
- composer-2.8.5-airflow-2.7.3 (default)
- composer-2.8.5-airflow-2.6.3
Using customer-managed encryption keys (CMEK) to encrypt Cloud Healthcare API datasets is generally available (GA) and available in Preview. For more information, see Enable customer-managed encryption keys (CMEK) for Cloud Healthcare API datasets.
Starting no sooner than January 7, 2025, Cloud Monitoring will begin charging for alerting. For information about the pricing model and examples of pricing scenarios, see Pricing for alerting.
Generally available: You can create GPU VMs in a managed instance group (MIG) by using resize requests. Resize requests help you create VMs all at once and give you higher chances to obtain highly demanded resources such as GPUs.
For more information, see About resize requests in a MIG.
Generally available: Hyperdisk ML, block storage designed specifically for high-performance AI workloads. Each Hyperdisk ML volume can achieve up to 1,200,000 MBps of throughput. For large-scale training and inference workloads, you can attach a single Hyperdisk ML volume to up to 2,500 VM instances. For more information, see About Hyperdisk.
Config Connector version 1.120.1 is now available.
IAM configuration can now be applied to PrivateCACAPool
.
You can configure the ConfigConnector operator to roll back to install the v1.119.0 CRDs by specifying spec.version: 1.119.0
in the ConfigConnectorContext
CR (namespaced mode).
CloudBuildWorkerPool
is promoted from alpha to beta.
CloudIDSEndpoint
is promoted from alpha to beta.
ComputeMangedSSLCertificate
is promoted from alpha to beta.
AlloyDBInstance
- Added
networkConfig
field to support Public-IP feature.
MonitoringAlertPolicy
- Added
spec.severity
field.
MonitoringDashboard
- Added
dashboardFilters
support. - Added
alertChart
widgets. - Added
collapsibleGroup
widgets. - Added
pieChart
widgets. - Added
sectionHeader
widgets. - Added
singleViewGroup
widgets. Added
timeSeriesTable
widgets.Added
blankView
toscorecard
widgets.Added
dataSets.targetAxis
andy2Axis
fields toxyChart
widgets.Added
id
field to all widgets.Added
prometheusQuery
andoutputFullDuration
to timeSeriesQuery.Added
style
fields to text widgets.Added
targetAxis
field to thresholds.
StorageBucket
- Added
spec.softDeletePolicy
field. - Added
status.observedState.softDeletePolicy
field.
Version 3.18 is released
All release notes published on this date are part of version 3.18.
The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.
New custom data types for events
The following custom data types for events are now available using the Web SDK:
custom_data_secured
custom_data_not_secured
For more information, see Data for events.
New session events for quality management
The following session events are now available for quality management (QM) integration:
- Hold
- Mute
- Redaction
- Recording indication
- Queue information
Fixed an issue where agents were not receiving audio notifications for breakthrough calls.
Fixed an issue where saving queue-level wrap-up settings to the global defaults was not behaving as expected.
Fixed an issue where viewing agent assignments was not possible for agents with a custom role.
Architecting disaster recovery for cloud infrastructure outages: Updated the DR guidance for Google Security Operations SIEM.
Google Distributed Cloud for VMware 1.29.200-gke.245 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.200-gke.245 runs on Kubernetes v1.29.5-gke.800.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
The following vulnerabilities are fixed In 1.29.200-gke.245:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
Google Distributed Cloud for VMware 1.28.700-gke.151 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.700-gke.151 runs on Kubernetes v1.28.10-gke.2100.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
The following issues are fixed in 1.28.700-gke.151:
Fixed the known issue where the Binary Authorization webhook blocked the CNI plugin, which caused user cluster creation to stall.
Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes.
The following vulnerabilities are fixed In 1.28.700-gke.151:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Ubuntu vulnerabilities:
Google Distributed Cloud for VMware 1.16.10-gke.36 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.10-gke.36 runs on Kubernetes v1.27.14-gke.1600.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
The following vulnerabilities are fixed In 1.16.10-gke.36:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
Release 1.28.700-gke.150
Google Distributed Cloud for bare metal 1.28.700-gke.150 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.700-gke.150 runs on Kubernetes 1.28.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Fixes:
- Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.
The following container image security vulnerabilities have been fixed in 1.28.700-gke.150:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-52654
- CVE-2023-52656
For more information, see the GCP-2024-041 security bulletin.
Release 6.3.9 is now in General Availability.
July 08, 2024
Agent AssistAgent Assist now offers a new version of summarization with custom sections in preview. Summarization with custom sections V3.0 reduces latency from V2.1.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-52654
- CVE-2023-52656
For more information, see the GCP-2024-041 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-52654
- CVE-2023-52656
For more information, see the GCP-2024-041 security bulletin.
You can configure maintenance windows for Cloud Data Fusion instances, in versions 6.8 and later, in Preview.
Database Migration Service for heterogeneous Oracle migrations can now migrate tables without primary or unique constraints that have more than 500 million rows. The previous maximum row limitation for such tables is no longer in place. For more information on known limitations, see:
Log buckets in all regions supported by Cloud Logging can now be upgraded to use Log Analytics. For more information, see Supported regions.
Your dashboards will now recommend event types for display. For more information, see Show events on a dashboard.
1.21.4-asm.5 is now available for in-cluster Cloud Service Mesh.
This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.4-asm.5 uses Envoy v1.29.7.
1.20.8-asm.1 is now available for in-cluster Cloud Service Mesh.
This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.20.8-asm.1 uses Envoy v1.28.5.
1.19.10-asm.9 is now available for in-cluster Cloud Service Mesh.
This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.19.10-asm.9 uses Envoy v1.27.7.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for storage/internal/apiv2
1.43.0 (2024-07-03)
Features
- storage/transfermanager: Add DownloadDirectory (#10430) (0d0e5dd)
- storage/transfermanager: Automatically shard downloads (#10379) (05816f9)
Bug Fixes
- storage/transfermanager: WaitAndClose waits for Callbacks to finish (#10504) (0e81002), refs #10502
- storage: Allow empty soft delete on Create (#10394) (d8bd2c1), refs #10380
- storage: Bump google.golang.org/[email protected] (8fa9e39)
- storage: Retry broken pipe error (#10374) (2f4daa1), refs #9178
Documentation
- storage/control: Remove allowlist note from Folders RPCs (d6c543c)
You can now specify London (europe-west2
) and Frankfurt (europe-west3
) as a predefined dual-region pairing. For more information, see Predefined dual-regions.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.9 (2024-07-01)
Bug Fixes
- dataflow: Bump google.golang.org/[email protected] (8fa9e39)
Dataplex Catalog is generally available (GA). Dataplex Catalog provides a platform for storing, managing, and accessing your metadata.
For more information, see Dataplex Catalog overview, Search for data assets, Manage aspects and enrich metadata, and Manage entries and ingest custom sources.
New Dataproc on Compute Engine subminor image versions:
- 2.0.110-debian10, 2.0.110-rocky8, 2.0.110-ubuntu18
- 2.1.58-debian11, 2.1.58-rocky8, 2.1.58-ubuntu20, 2.1.58-ubuntu20-arm
- 2.2.24-debian12, 2.2.24-rocky9, 2.2.24-ubuntu22
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
For more information, see the GCP-2024-041 security bulletin.
This is a minor release of Google Distributed Cloud connected (version 1.7.0).
The following new functionality has been introduced in this release of Google Distributed Cloud connected:
Customer-sourced hardware. You now have the option to purchase the Google Distributed Cloud connected hardware from a Google-partnered System Integrator (SI) and retain full ownership instead of leasing it from Google. For more information, contact Google Support.
Refreshed machine hardware. The server machines comprising Google Distributed Cloud connected racks have been updated to a more powerful hardware configuration. For more information, contact Google Support.
Flexible rack configuration. You can now order a Google Distributed Cloud connected rack with 3, 6, 9, or 12 server machines. For more information, contact Google Support.
IPv4/IPv6 dual-stack networking. Google Distributed Cloud connected now supports IPv6 networking in addition to IPv4 networking. For more information, see IPv4/IPv6 dual-stack networking.
Pod image caching. Google Distributed Cloud connected now supports local caching of Pod images. For more information, see Configure a Pod for image caching.
Kafka support. Google Distributed Cloud now supports collecting workload metrics with Apache Kafka. For more information, see Logs and metrics.
Cluster connection state indication. You can now check whether a cluster is connected, disconnected, or reconnected and synchronizing with Google Cloud Platform. For more information, see Survivability mode.
Cluster maintenance exclusion windows. You can now specify one or more maintenance exclusion windows for a cluster. This prevents Google from performing maintenance or software upgrades on the cluster during the specified times. For more information, see Understand software updates and maintenance windows.
GDC Hardware Management API. You can now place orders for Google Distributed Cloud connected hardware programmatically using the GDC Hardware Management API. For more information, see Google Distributed Cloud connected CLI and API reference. This is a Preview-level feature.
The following changes to existing functionality have been introduced in this release of Google Distributed Cloud connected:
Bastion host GA. The bastion host feature of Google Distributed Cloud connected is now generally available. For more information, see Configure a bastion host.
Worker node software upgrades are now staggered. Google Distributed Cloud connected now upgrades worker node software in stages instead of all at once. This allows your workloads to continue running on some nodes, while others are upgrading. You have the option to specify the number of worker nodes that can go down for a software upgrade simultaneously. For more information, see Software update staggering.
GPU support is now automatically enabled. You no longer have to modify the
VMRuntime
resource to enable GPU support on Google Distributed Cloud connected. GPU support is now automatically enabled if a GPU is detected on a Google Distributed Cloud connected machine.Google Distributed Cloud connected component updates:
- GKE on Bare Metal. This component has been updated from version 1.1.6.1 to version 1.28.500.
- Kubernetes control plane. This component has been updated from version 1.27.9 to version 1.28.8.
- Symcloud Storage. This component has been updated from version 5.4.6 to version 5.4.8.
Anthos branding has been replaced with Google Kubernetes Service branding. Anthos features and services that Google Distributed Cloud connected relies on, such as Anthos Identity Service, have been rebranded to Google Kubernetes Service. You might still see references to the legacy branding in Google Distributed Cloud connected command output and error messages.
The following functionality has been deprecated in this release of Google Distributed Cloud connected:
Cloud control plane cluster support. As of this release, Google Distributed Cloud connected no longer supports Cloud control plane clusters. Local control plane clusters are now the only supported cluster type.
Raw block storage for virtual machine workloads. As of this release, you can no longer provision virtual machine workloads with raw block storage. Symcloud Storage is now the only supported storage type for virtual machine workloads.
The following issues have been resolved in this release of Google Distributed Cloud connected:
Symcloud Storage volume clean-up now functions correctly. Single node failures, such as power loss or network disconnection, no longer cause rescheduling failures for virtual machines that use Symcloud Storage volumes. When a node fails, virtual machines are automatically rescheduled onto another node and then scheduled back onto the original node once that node returns to operation.
Virtual machines no longer enter a stuck state when node network connections are intermittent. Virtual machines no longer get stuck in container creation state when their network connections repeatedly disconnect and reconnect. When all three nodes in a Google Distributed Cloud connected server group regain network connectivity, the affected virtual machines are automatically rescheduled back onto their original nodes.
Virtual machine restore operations now complete successfully. Problems related to taking subsequent snapshots of virtual machines after the initial ones have been resolved. These problems caused virtual machine restore operations to fail.
Virtual machine heartbeat has been tuned to increase failover resilience. Occasionally, when a node failed, virtual machines on other nodes in the cluster would fail multiple successive heartbeats to the Kubernetes control plane that ran on the failed node. The heartbeat configuration has been tuned to mitigate this and increase failover resilience.
Intermittent SR-IOV device availability on large deployments has been resolved. SR-IOV devices are no longer intermittently unavailable on large, long-uptime deployments of Google Distributed Cloud connected after creating SR-IOV network node policies.
Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected:
- CVE-2024-26934, CVE-2024-27013, CVE-2024-26884, CVE-2024-26902, CVE-2022-48659, CVE-2024-26901, CVE-2024-26910, CVE-2024-26883, CVE-2024-26898, CVE-2024-26882, CVE-2024-26908, CVE-2024-26585, CVE-2021-46904, CVE-2021-46905, CVE-2020-36775, CVE-2021-46909, CVE-2021-46906, CVE-2019-25162, CVE-2024-26606, CVE-2024-26602, CVE-2024-26600, CVE-2023-52469, CVE-2023-52470, CVE-2022-48626, CVE-2024-26597, CVE-2023-52464, CVE-2024-26598, CVE-2024-0340, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2023-52439, CVE-2023-52435, CVE-2023-52443, CVE-2023-46343, CVE-2024-0607, CVE-2024-22705, CVE-2023-46838, CVE-2023-51782, CVE-2023-51781, CVE-2023-51780, CVE-2024-1086, CVE-2024-0584, CVE-2024-0562, CVE-2023-6915, CVE-2024-0646, CVE-2023-6040, CVE-2023-46862, CVE-2023-46813, CVE-2023-6932, CVE-2023-6931, CVE-2023-5178, CVE-2023-5717
This release of Google Distributed Cloud connected contains the following known issues:
Refreshed Google Distributed Cloud connected hardware requires Google Distributed Cloud connected software version 1.7.0 or later. The refreshed Google Distributed Cloud connected hardware does not support versions of Google Distributed Cloud connected prior to release 1.7.0.
Virtual machine workloads might temporarily go down when upgrading Google Distributed Cloud connected software to release 1.7.0. The virtual machine workloads will go back up and be healthy once the Google Distributed Cloud software upgrade completes.
**Cluster upgrades to software release 1.7.0 might fail with an
ABM upgrade timed out
error. Under certain conditions, if the GKE token expires while a cluster upgrade is in progress, the upgrade fails with anABM upgrade timed out
error and a missinggkehub.memberships.update
permission is recorded in the logs. If you encounter this issue, contact Google Support.Storage operations hang when volume replicas are deleted from a cluster without removing the corresponding Symcloud Storage persistent volume intent. If you delete the volume replicas for a Symcloud Storage persistent volume but do not remove the corresponding intent, TCMU devices on the worker node hang, causing storage operations to stall indefinitely. This can affect both your workload data availability as well core system functionality of Google Distributed Cloud connected. To prevent this, you must always remove a Symcloud Storage persistent volume before deleting its associated volume replicas.
Virtual machines might not get scheduled onto nodes after their network has been partitioned. When you partition a network, some virtual machines using that network might not get scheduled back onto their node after the node reconnects to the network. To work around this issue, restart the affected virtual machines or contact Google Support.
Cluster deletion can fail due to stale Symcloud Storage data. When attempting to delete a cluster during disaster recovery or cluster reset, the deletion might fail due to the corresponding Symcloud Storage volumes not having been cleaned up. To resolve this issue, contact Google Support.
Virtual machine management can fail after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you might not be able to manage the virtual machines scheduled on the corresponding nodes after you power the machines back up, even though those virtual machine workloads continue to run. To resolve this issue, contact Google Support.
Nodes can get stuck in
Ready,SchedulingDisabled
state after applying configuration changes. Applying or deleting theNodeSystemConfigUpdate
orSriovNetworkNodePolicy
resources can result in a node that's stuck in theReady, Scheduling Disabled
state after it reboots. To resolve this issue, see Troubleshoot Google Distributed Cloud connected.The Kubernetes API server might return 404 errors when attempting to access
virt-api
endpoints. To work around this issue, contact Google Support.Changes required to
VMRuntime
resource before upgrading to Google Distributed Cloud connected version 1.7.0. To ensure your existing virtual machine workloads successfully upgrade to Google Distributed Cloud connected version 1.7.0, you must modify theVMRuntime
resource before upgrading the cluster as described in Upgrade existing virtual machines to Google Distributed Cloud connected version 1.7.0.The
containerd
daemon state might not be reset after deleting a cluster. In very rare situations, cluster deletion does not reset the state of thecontainerd
daemon. To resolve this issue, contact Google Support.GKE Identity Service (GKE IS) Pods stuck in
Failed
state after machine reboot. Rebooting a machine might spawn one or more GKE IS (formerly branded as Anthos IS) Pods stuck in aFailed
state, even though the GKE IS deployment is healthy and running. This does not impact the cluster nor the GKE IS functionality. Since GKE IS Pods are deployed into a protected namespace, contact Google Support to resolve this issue.Cluster software upgrades might fail. If there are GKE IS pods stuck in a
Failed
state after a machine reboot, you might experience the following behavior on the affected cluster:- Automatic software upgrades never start.
- Manually initiated software upgrades stall and enter a
Paused
state.
Workloads on the cluster continue to run and the cluster remains healthy. To resolve this issue, contact Google Support.
Ray Operator on GKE is now generally available in the Rapid channel. Ray Operator is a GKE add-on that allows you to manage and scale Ray applications. To learn more, see the Ray Operator documentation.
(2024-R23) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- Version 1.29.4-gke.1043004 is now the default version.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.
Stable channel
- Version 1.27.13-gke.1070002 is now the default version in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090004 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090004 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.
Regular channel
- Version 1.29.4-gke.1043004 is now the default version in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.
Rapid channel
- Version 1.30.1-gke.1329003 is now the default version in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329003 with this release.
(2024-R23) Version updates
- Version 1.29.4-gke.1043004 is now the default version.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.
(2024-R23) Version updates
- Version 1.27.13-gke.1070002 is now the default version in the Stable channel.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090004 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090004 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.
(2024-R23) Version updates
- Version 1.29.4-gke.1043004 is now the default version in the Regular channel.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.
(2024-R23) Version updates
- Version 1.30.1-gke.1329003 is now the default version in the Rapid channel.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329003 with this release.
The GKE Enterprise view of Network Topology is generally available. Network Topology now shows the infrastructure of your GKE deployments - clusters, namespaces, workloads, and pods, and their associated metrics.
A weekly digest of client library updates from across the Cloud SDK.
Python
Changes for google-cloud-pubsub
2.22.0 (2024-07-06)
Features
New SAP HANA certification: 16 TB X4 bare metal machine type for OLAP workloads
SAP has certified the Compute Engine 16 TB x4-megamem-960-metal
machine type for use with SAP HANA OLAP workloads in scale-out configurations with up to 4 nodes.
For more information, see X4 memory-optimized bare metal machine types.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.13.3 (2024-07-01)
Bug Fixes
- secretmanager: Bump google.golang.org/[email protected] (8fa9e39)
July 05, 2024
Access ApprovalAccess Approval supports Cloud Armor in the Preview stage.
Access Approval supports Cloud DNS in the GA stage.
Access Transparency supports Cloud Armor in the Preview stage.
Access Transparency supports Cloud DNS in the GA stage.
Access Transparency supports Cloud Router in the GA stage.
Access Transparency supports Google Security Operations SOAR in the GA stage.
The remote code execution vulnerability, CVE-2024-6387, in OpenSSH has been mitigated. A patched Dataflow VM image that includes an updated OpenSSH is available. For more information about how to apply mitigations, see the GCP-2024-040 security bulletin.
New Dataproc Serverless for Spark runtime versions:
- 1.1.68
- 1.2.12
- 2.0.76
- 2.2.12
Remote Agents Release 2.0.2 is currently in Preview. Note the version number has been changed from 2.0.0 to 2.0.2.
July 04, 2024
Google SecOps SOARRelease 6.3.10 is now in Preview.
The limit for action result attachments has now been raised to 50 MB. (ID #00294694)
Playbook is stuck in the queue. (ID #51894700)
Issues when importing a custom list which contains duplicated records.
July 03, 2024
Anthos clusters on AWSA remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.
For mitigation steps and more details, see the GCP-2024-040 security bulletin.
A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.
For mitigation steps and more details, see the GCP-2024-040 security bulletin.
New Cloud Composer 2 environments are gradually switched to using GKE 1.29 and PSC as a connectivity channel to the GKE control plane. The IP address for the PSC endpoint will be taken from the nodes IP range. This change might require using a larger IP range for the nodes when you create an environment.
Database Migration Service for heterogeneous Oracle migrations to AlloyDB for PostgreSQL now supports network connectivity with Private Service Connect for AlloyDB clusters with Private Service Connect enabled. For more information, see Configure Private Service Connect.
Agent-installation policies for the Ops Agent are now GA. For more information, see Overview of agent policies for the Ops Agent.
You can now view the estimated number of byte processed along with the validation status of your SQL query when running queries in Log Analytics. You can use this information to understand the relative volume of data that your SQL query will scan.
Agent-installation policies for the Ops Agent are now GA. For more information, see Overview of agent policies for the Ops Agent.
A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. Dataflow jobs might create VMs that use an OS image with versions of OpenSSH that are vulnerable to CVE-2024-6387. For more information, see the GCP-2024-040 security bulletin.
Data Lineage now supports location organization policy. For more information, see Resource locations supported services.
Added Cloud Profiler support in Dataproc Serverless for Spark. Enable profiling via the dataproc.profiling.enabled=true
property and configure it via dataproc.profiling.name=<PROFILE_NAME>
New Dataproc on Compute Engine subminor image versions:
- 2.0.109-debian10, 2.0.109-rocky8, 2.0.109-ubuntu18
- 2.1.57-debian11, 2.1.57-rocky8, 2.1.57-ubuntu20, 2.1.57-ubuntu20-arm
- 2.2.23-debian12, 2.2.23-rocky9, 2.2.23-ubuntu22
A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.
For mitigation steps and more details, see the GCP-2024-040 security bulletin.
Security bulletin (all minor versions)
A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.
For mitigation steps and more details, see the GCP-2024-040 security bulletin.
A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. This vulnerability has a Critical severity for GKE. An expedited rollout is in progress to make patch versions available.
For patch versions and mitigation steps, see the GCP-2024-040 security bulletin.
(2024-R22) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following versions are now available:
- 1.26.15-gke.1090004
- 1.26.15-gke.1191001
- 1.26.15-gke.1300001
- 1.26.15-gke.1320002
- 1.26.15-gke.1381001
- 1.26.15-gke.1390001
- 1.26.15-gke.1404002
- 1.26.15-gke.1469001
- 1.27.13-gke.1070002
- 1.27.13-gke.1166001
- 1.27.13-gke.1201002
- 1.27.14-gke.1022001
- 1.27.14-gke.1042001
- 1.27.14-gke.1059002
- 1.27.14-gke.1100002
- 1.27.15-gke.1012003
- 1.28.9-gke.1069002
- 1.28.9-gke.1209001
- 1.28.9-gke.1289002
- 1.28.10-gke.1058001
- 1.28.10-gke.1075001
- 1.28.10-gke.1089002
- 1.28.10-gke.1148001
- 1.28.11-gke.1019001
- 1.29.4-gke.1043004
- 1.29.5-gke.1060001
- 1.29.5-gke.1091002
- 1.29.6-gke.1038001
- The following node versions are now available:
- 1.26.15-gke.1090004
- 1.26.15-gke.1191001
- 1.26.15-gke.1300001
- 1.26.15-gke.1320002
- 1.26.15-gke.1381001
- 1.26.15-gke.1390001
- 1.26.15-gke.1404002
- 1.26.15-gke.1469001
- 1.27.13-gke.1070002
- 1.27.13-gke.1166001
- 1.27.13-gke.1201002
- 1.27.14-gke.1022001
- 1.27.14-gke.1042001
- 1.27.14-gke.1059002
- 1.27.14-gke.1100002
- 1.27.15-gke.1012003
- 1.28.9-gke.1069002
- 1.28.9-gke.1209001
- 1.28.9-gke.1289002
- 1.28.10-gke.1058001
- 1.28.10-gke.1075001
- 1.28.10-gke.1089002
- 1.28.10-gke.1148001
- 1.28.11-gke.1019001
- 1.29.4-gke.1043004
- 1.29.5-gke.1060001
- 1.29.5-gke.1091002
- 1.29.6-gke.1038001
Stable channel
- The following versions are now available in the Stable channel:
Regular channel
- The following versions are now available in the Regular channel:
Rapid channel
- The following versions are now available in the Rapid channel:
You can now preload data or container images in new nodes on GKE, enabling faster workload deployment and autoscaling. This feature is Generally Available and production-ready, with support for Autopilot and Terraform. To learn more, see Use secondary boot disks to preload data or container images.
GKE Managed DCGM Metrics Package is now available in Preview for both GKE Standard and Autopilot clusters running version 1.30.1-gke.1204000 and later.
You can now configure Autopilot and Standard clusters to export a predefined list of DCGM metrics emitted by GKE Managed DCGM exporter including metrics for GPU performance, utilization, and I/Os in the GPU node pools with GKE-managed NVIDIA drivers. These metrics are collected by Google Cloud Managed Service for Prometheus. You can view the curated DCGM metrics in the Observability Tab on the Kubernetes Clusters page or in Cloud Monitoring.
For more information, see Collect and view DCGM metrics.
(2024-R22) Version updates
- The following versions are now available in the Rapid channel:
(2024-R22) Version updates
- The following versions are now available in the Stable channel:
(2024-R22) Version updates
- The following cluster and node versions are now available:
- 1.26.15-gke.1090004
- 1.26.15-gke.1191001
- 1.26.15-gke.1300001
- 1.26.15-gke.1320002
- 1.26.15-gke.1381001
- 1.26.15-gke.1390001
- 1.26.15-gke.1404002
- 1.26.15-gke.1469001
- 1.27.13-gke.1070002
- 1.27.13-gke.1166001
- 1.27.13-gke.1201002
- 1.27.14-gke.1022001
- 1.27.14-gke.1042001
- 1.27.14-gke.1059002
- 1.27.14-gke.1100002
- 1.27.15-gke.1012003
- 1.28.9-gke.1069002
- 1.28.9-gke.1209001
- 1.28.9-gke.1289002
- 1.28.10-gke.1058001
- 1.28.10-gke.1075001
- 1.28.10-gke.1089002
- 1.28.10-gke.1148001
- 1.28.11-gke.1019001
- 1.29.4-gke.1043004
- 1.29.5-gke.1060001
- 1.29.5-gke.1091002
- 1.29.6-gke.1038001
(2024-R22) Version updates
- The following versions are now available in the Regular channel:
You can use Policy Troubleshooter to troubleshoot principal access boundary policies. This feature is available in Preview.
Spanner now allows privileged users to cancel long-running queries. For more information, see GoogleSQL Query cancellation or PostgreSQL Query cancellation.
Multiplexed sessions are now generally available. Multiplexed session is a new session management model which simplifies the pool management in clients. For more information, see Multiplexed sessions.
Vertex AI Search: On July 6, text-bison@001/answer_gen/v1 is discontinued
As of July 6, 2024, model version text-bison@001/answer_gen/v1
is discontinued.
If you specify text-bison@001/answer_gen/v1
by name in your search requests, replace text-bison@001/answer_gen/v1
with a newer model or with stable
.
For more information, see Answer generation model versions and lifecycle.
Vertex AI Search: gemini-1.5-flash-001/answer_gen/v1 for answer generation
Model version gemini-1.5-flash-001/answer_gen/v1
is the stable model for generating answers in Vertex AI Search.
For more information, see Answer generation model versions and lifecycle.
Vertex AI Search: You can't use the Folder option to upload structured data from Cloud Storage
When creating a data store for structured or media data, you must use the File option when importing from a Cloud Storage bucket. Choosing the Folder option results in an error, "Schema preview failed. Requested entity was not found."
To work around this issue, use the File option and upload one file from the folder. After you've created the data store, import the folder contents from the Documents tab of the data store.
July 02, 2024
Apigee XOn July 2, 2024, we published a security bulletin for Apigee.
A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that could be used to obtain access to a remote shell, enabling attackers to gain root access to GKE or VM nodes.
Security bulletin published: GCP-2024-040
Simulate scenarios in FinOps hub to maximize your savings from spend-based CUDs
In the FinOps hub, you can now use a spend-based CUD recommendation as a starting point to simulate various usage scenarios, and customize the recommendation to purchase a CUD that maximizes your savings.
Cloud Build is introducing new organization policy constraints.
The default behavior for how Cloud Build uses service accounts in new projects was changed to improve the security posture of our customers going forward. Organizations can opt out of these changes using new organization policy boolean constraints.
To learn more about these changes, see Cloud Build Service Account Change.
2024-07-03 Update: Resolution status updated.
The CVE-2024-6387 vulnerability in the OpenSSH package issue was discovered recently. GKE clusters used by Cloud Composer environments are impacted by this vulnerability, and Cloud Composer 1 and 2 environments that use Public IP networking are especially vulnerable to the described issue. For more information about CVE-2024-6387, see Google GKE Security bulletins.
Newly created Composer environments should not be impacted by this issue any more
Composer-owned GKE clusters will be auto-upgraded to newer GKE versions including the fix for CVE-2024-6387. Other components of Composer environments using older versions of COS images will also be upgraded. These operations will be done in an expedited manner so some of the update operations might be done outside environment's regular maintenance windows.
While Google works on resolving this issue so Composer environments are immune to CVE-2024-6387, you can disallow SSH to the Cloud Composer's cluster nodes through establishing proper firewall rules on the environment's cluster as described in the Google GKE Security bulletins. Follow the steps outlined for GKE.
A new Airflow build is available in Cloud Composer 3:
- composer-3-airflow-2.7.3-build.7
Cloud Composer 2.8.4 images are available:
- composer-2.8.4-airflow-2.7.3 (default)
- composer-2.8.4-airflow-2.6.3
Cloud Composer version 2.3.3 has reached its end of support period.
A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud SQL Enterprise Plus edition now supports the southamerica-west1 (Santiago) region.
Cloud SQL Enterprise Plus edition now supports the southamerica-west1 (Santiago) region.
You can now disable soft delete for multiple buckets at a time or for all buckets in a project. To learn more, see Bulk disable soft delete.
Google's open weight Gemma 2 model is available in Model Garden. For details, see Use Gemma open models.
MaMMUT is now available in Model Garden. MaMMUT is a vision-encoder and text-decoder model for multimodal tasks such as visual question answering, image-text retrieval, text-image retrieval, and generation of multimodal embeddings.
A faulty component in the Persistent Disk CSI (PDCSI) driver may cause mount failures for NVMe block devices on specific GKE clusters. This issue affects machine types that exclusively use the NVMe interface for attached Persistent Disks, such as third-generation machine types, T2A instances, and Confidential VMs. For more details, see About persistent disks.
Impacted GKE versions include:
- 1.30.2-gke.1023000
- 1.27.15-gke.1012000
- 1.27.14-gke.1100000
Mount failures will log errors indicating difficulties verifying and re-linking the GCE Persistent Disk. You will see log errors like this:
"Error when getting device path: rpc error: code = Internal desc = error verifying GCE PD ("$PVC") is attached: failed to find and re-link disk $PVC with udevadm after retrying for 3s: couldn't get serial number for disk $PVC at device path /dev/$NVME_PATH: google_nvme_id failed for device "/dev/$NVME_PATH" with output [**numbers**]: exit status 1"
This issue will be resolved in the next GKE releases. In the meantime, if you are experiencing mount failures, upgrade your cluster to the default version 1.30.1-gke.1329000 for the 1.30 release channel or 1.27.14-gke.1059000 for the 1.27 release channel.
Remote Agents Release 2.0.1 is currently in Preview. Note that the version number has changed from 2.0.0 to 2.0.1.
VPC Service Controls feature: Support to programmatically retrieve the list of services that are supported by VPC Service Controls is generally available. Using this feature, you also can retrieve the list of methods and permissions supported by VPC Service Controls for a service.
- The following changes are made in the output of the
gcloud access-context-manager supported-services list
command:- The field name
SUPPORT_STAGE
is changed intoSERVICE_SUPPORT_STAGE
. - The status
BETA
is changed intoPREVIEW
in theSERVICE_SUPPORT_STAGE
field. - A new status
DEPRECATED
is added in theSERVICE_SUPPORT_STAGE
field.
- The field name
- The field name
supportStage
is changed intoserviceSupportStage
in the output of thegcloud access-context-manager supported-services describe
command.
July 01, 2024
API GatewayAs of July 1, 2024, API gateways located in asia-east1
are decommissioned and will no longer serve traffic.
Between October 2021 and October 2022, customers with gateways located in asia-east1
were notified of the planned decommissioning and advised to delete or relocate any gateways in this region. A final reminder was sent in May, 2024.
As of July 1, 2024, any remaining gateways located in asia-east1
are fully decommissioned.
Access Approval supports Storage Transfer Service in the Preview stage.
Access Transparency supports Storage Transfer Service in the Preview stage.
The AlloyDB free trial clusters are now generally available (GA). These clusters let you test the majority of AlloyDB features for up to 30 days through a 8 vCPU basic primary instance along with an optional 8 vCPU read pool instance, and automatically scale storage up to 1TB.
Performance SSD storage is now available in all Bare Metal Solution regions.
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/bigquery
7.8.0 (2024-06-19)
Features
Java
Changes for google-cloud-bigquery
2.41.0 (2024-06-25)
Features
- Add columnNameCharacterMap to LoadJobConfiguration (#3356) (2f3cbe3)
- Add MetadataCacheMode to ExternalTableDefinition (#3351) (2814dc4)
Bug Fixes
Dependencies
- Update actions/checkout action to v4.1.7 (#3349) (0857234)
- Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240602-2.0.0 (#3273) (7b7e52b)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#3360) (4420996)
- Update github/codeql-action action to v2.25.10 (#3348) (8b6feff)
Cloud console updates: You can now drag a tab in the details pane to open a new column and compare tabs. You can also drag the tab to a new position in the current or an adjacent column. This feature is in preview.
The following Analytics Hub features are now generally available:
- Making exchanges and listings publicly discoverable.
- Highlighting listings in the Featured section of the Analytics Hub catalog.
- Generating unauthenticated URLs for public listings.
Data publishers can now share Pub/Sub topics and manage subscriptions in Analytics Hub. This feature is in preview.
Preview: Capacity Planner displays GPU usage and forecasts of the GPUs in your Google Cloud project or organization. This is useful to plan and optimize your GPU consumption.
For more information, see the following pages:
View your Carbon Footprint in the FinOps hub
In the FinOps hub, you can now view the estimated greenhouse gas emissions for your Google Cloud usage by visiting the Carbon Footprint dashboard.
Partner Cross-Cloud Interconnect for Oracle Cloud Infrastructure is now generally available. It lets you connect any Google Cloud and OCI resources privately with no data transfer charges.
A weekly digest of client library updates from across the Cloud SDK.
You can now create private uptime checks that issue TCP requests. For more information, see Create private uptime checks.
New fleets that provision managed Cloud Service Mesh in organizations that have existing fleets with the managed istiod
control plane implementation will receive the Traffic Director control plane implementation by default.
If you received a Service Announcement, or requested an exception from your account team, then your organization's default control plane implementation for new fleets continues to be istiod
.
A weekly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-storage
2.40.1 (2024-06-26)
Bug Fixes
- Add a workaround to make sure grpc clients' hosts always match their universe domain (#2588) (87bf737)
- Include x-goog-user-project on resumable upload puts for grpc transport (#2586) (6f2f504)
- Update grpc bidi resumable uploads to validate ack'd object size (#2570) (5c9cecf)
- Update grpc finalize on close resumable uploads to validate ack'd object size (#2572) (55a6d15)
- Update grpc single-shot uploads to validate ack'd object size (#2567) (65c8808)
Dependencies
- Update dependency com.google.apis:google-api-services-storage to v1-rev20240524-2.0.0 (#2565) (d193243)
- Update dependency com.google.apis:google-api-services-storage to v1-rev20240621-2.0.0 (#2596) (73b8753)
- Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#2597) (25940a4)
Documentation
The issue related to creating larger (>90 vCPUs) C3D standard-lssd
or highmem-lssd
VM instances.
cos-113-18244-85-49
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Upgraded sys-apps/dmidecode to v3.6.
Upgraded dev-embedded/libftdi to v1.5-r7.
Upgraded app-admin/logrotate to v3.22.0.
Upgraded sys-apps/hwdata to v0.383.
Upgraded net-misc/curl to v8.8.0-r1.
Upgraded sys-apps/sed to v4.9-r1.
Upgraded dev-libs/libusb to v1.0.27-r1.
Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.
Upgraded sys-apps/ethtool to v6.9.
Upgraded sys-apps/grep to v3.11-r1.
Upgraded sys-apps/pv to v1.8.10.
Added tcp_rto_min_us sysctl.
Upgraded dev-lang/go to v1.21.11. This fixes CVE-2024-24790 and CVE-2024-24789.
Fixed CVE-2024-35195 in dev-python/requests.
Fixed CVE-2024-36901 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
- Changed: fs.file-max: 812039 -> 812035
Fixed CVE-2024-6387 in net-misc/openssh.
cos-109-17800-218-69
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Fixed CVE-2024-35195 in dev-python/requests.
Fixed CVE-2024-36901 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
- Changed: fs.file-max: 812261 -> 812270
Fixed CVE-2024-6387 in net-misc/openssh.
cos-105-17412-370-67
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.256.02(default),v550.90.07(latest) |
Fixed CVE-2024-35195 in dev-python/requests.
Fixed CVE-2024-38662 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
- Changed: fs.file-max: 812707 -> 812700
Fixed CVE-2024-6387 in net-misc/openssh.
cos-101-17162-463-55
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
Fixed CVE-2024-38662 in the Linux kernel.
Runtime sysctl changes:
- Added: net.ipv4.tcp_rto_min_us: 200000
Fixed CVE-2024-6387 in net-misc/openssh.
Dataflow batch jobs are now cancelled after ten days. Previously, they were cancelled after 30 days. See Quotas and limits.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for dataflow/apiv1beta3
0.9.8 (2024-06-26)
Bug Fixes
- dataflow: Enable new auth lib (b95805f)
A weekly digest of client library updates from across the Cloud SDK.
Node.js
Changes for @google-cloud/datastore
9.1.0 (2024-06-24)
Features
Bug Fixes
Java
Changes for google-cloud-datastore
2.20.2 (2024-06-28)
Dependencies
A vulnerability (CVE-2024-26923) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-039 security bulletin.
Release 1.16.10
Google Distributed Cloud for bare metal 1.16.10 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.10 runs on Kubernetes 1.27.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Fixes:
- Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.
The following container image security vulnerabilities have been fixed in 1.16.10:
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
Generally available: Migrate to Virtual Machines lets you import a virtual disk image to a Compute Engine image. If you have virtual disk images with software and configurations that you need, you can save time by importing these virtual disk images to Compute Engine images, and use this image to create virtual machine instances or persistent disks.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
1.40.0 (2024-06-26)
Features
Java
Changes for google-cloud-pubsub
1.131.0 (2024-06-25)
Features
Dependencies
Public preview: Data publishers can now share Pub/Sub topics and manage subscriptions in Analytics Hub.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for secretmanager/apiv1
1.13.2 (2024-06-26)
Bug Fixes
- secretmanager: Enable new auth lib (b95805f)
Working with findings and resources in the Security Operations console
Security Command Center Enterprise customers can now work with findings and affected resources using the Security Operations console. For example, you can do the following in the Security Operations console:
- Filter for findings and resources based on different attributes.
- Fine-tune your queries.
- View the details of specific findings and resources.
- View high-value resources and their attack exposure scores.
- View the changes to a resource.
This feature is available in Preview.
For more information, see the following:
The BELARUS_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
Vertex AI Search: Filter search results by relevance (Public preview)
Each document returned by a search query is given an estimated level of relevance to the query. When you make a query through an API call, you can set a relevance threshold.
Setting a high relevance threshold can greatly reduce the number of documents returned by a query. You can experiment with low, medium, and high thresholds to find the right level for your users.
Filter by relevance is available in Public preview.
For more information, see Filter searches by document-level relevance.
Vertex AI Search: Healthcare search using natural language query with generative AI answers (GA with allowlist)
Healthcare data search using natural language query with generative AI answer is Generally available to select Google customers (GA with allowlist).
For more information, see Search using natural language query with generative AI answer.
June 30, 2024
Dataproc MetastoreDataproc Metastore managed migrations is generally available (GA)
Dataproc Metastore autoscaling is generally available (GA)
(New guide) From edge to multi-cluster mesh: Globally distributed applications exposed through GKE Gateway and Cloud Service Mesh: Describes exposing applications externally through Google Kubernetes Engine (GKE) Gateways running on multiple GKE clusters within a service mesh.
(New guide) From edge to multi-cluster mesh: Deploy globally distributed applications through GKE Gateway and Cloud Service Mesh: Provides the steps needed to deploy applications externally through Google Kubernetes Engine (GKE) Gateways running on multiple GKE clusters within a service mesh.
June 28, 2024
Access Context ManagerGenerally available: You can now use an internal IP address when specifying an IP address range in basic access levels.
For more information, see Creating a basic access level.
Access Transparency supports Pub/Sub in the GA stage.
Access Transparency supports Dataform in the GA stage.
Access Transparency supports Cloud Build in the GA stage.
This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26923
For more information, see the GCP-2024-039 security bulletin.
You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26923
For more information, see the GCP-2024-039 security bulletin.
hybrid v1.12.1
On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.12.1.
- For information on upgrading, see Upgrading Apigee hybrid to version 1.12.1.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
347798999 | Fixed an issue preventing configuration of forward proxies for OpenTelemetry collector pods. |
345501069 | Fixed issue with Hybrid Guardrails resource configuration preventing the Guardails pod from starting. |
341797795 | Autofill the Hybrid Guardrails checkpoint value if a checkpoint is not provided. |
340248314 | Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways . The default value is 75. |
324779388 | Improved error handling for backup and restore. |
311489774 | Removed inclusion of Java in Cassandra client image.. |
310338146 | Fixed invalid download directory output from the create-service-account tool. |
300135626 | Removed inclusion of Java in Cassandra Backup Utility image. |
239523766 | Remove "Unable to evaluate jsonVariable, returning null" logging string from ExtractVariables Policy |
Bug ID | Description |
---|---|
345791712 | Security fix for fluent-bit . This addresses the following vulnerability: |
335910066 | Security fixes for apigee-kube-rbac-proxy . This addresses the following vulnerability: |
335909737 | Security fixes for apigee-asm-ingress . This addresses the following vulnerabilities: |
335909397 | Security fixes for apigee-open-telemetry-collector . This addresses the following vulnerability: |
335908990 | Security fixes for apigee-asm-istiod . This addresses the following vulnerabilities: |
335908985 | Security fix for apigee-prometheus-adapter . This addresses the following vulnerabilities: . |
335908657 | Security fixes for apigee-prom-prometheus . This addresses the following vulnerabilities: |
335908139 | Security fix for fluent-bit . This addresses the following vulnerability: |
332821083 | Security fix for apigee-operators . This addresses the following vulnerability: |
317528509 | Security fixes for apigee-synchronizer . This addresses the following vulnerabilities: |
308835165 | Security fix for apigee-synchronizer . This addresses the following vulnerability: |
N/A | Security fixes for apigee-asm-ingress . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-asm-istiod . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-cassandra-backup-utility . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-fluent-bit . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-hybrid-cassandra . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-kube-rbac-proxy . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-prometheus-adapter . This addresses the following vulnerabilities: |
N/A | Security fixes for apigee-stackdriver-prometheus-sidecar . This addresses the following vulnerabilities:
|
hybrid 1.11.2-hotfix.1
On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.1.
Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.11.2, Apply this hotfix with the following steps:
In your overrides file, update the
ao.image
url
andtag
:ao: image: url: "gcr.io/apigee-release/hybrid/apigee-operators" tag: "1.11.2-hotfix.1"
Install the hotfix release:
For Helm-managed releases, update the
apigee-operator
with thehelm upgrade
command and your current overrides files:helm upgrade operator apigee-operator/ \ --namespace apigee-system \ --atomic \ -f overrides.yaml
For
apigeectl
-managed releases, install the hotfix release withapigeectl init
using your updated overrides files:${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client
Followed by:
${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE
- For information on upgrading, see Upgrading Apigee hybrid to version 1.11.2-hotfix.1.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
347997965 | Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics. |
hybrid 1.10.5-hotfix.1
On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.10.5-hotfix.1.
Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.10.5, Apply this hotfix with the following steps:
In your overrides file, update the
ao.image
url
andtag
:ao: image: url: "gcr.io/apigee-release/hybrid/apigee-operators" tag: "1.10.5-hotfix.1"
Install the hotfix release with
apigeectl init
using your updated overrides files:${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client
Followed by:
${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE
- For information on upgrading, see Upgrading Apigee hybrid to version 1.10.5-hotfix.1.
- For information on new installations, see The big picture.
Bug ID | Description |
---|---|
347997965 | Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics. |
The Cloud Storage Multi File sink plugin version 0.23.2 is available in Cloud Data Fusion version 6.10.1 and later. The release fixes an issue in the Cloud Storage Multi File sink causing pipelines to fail when the Flexible schema property was set to true
(PLUGIN-1780).
Cloud Functions 1st gen and 2nd gen now support custom service accounts for Cloud Build at the General Availability release level.
You can now specify the Frankfurt, Germany (europe-west3
) and Paris, France (europe-west9
) regions when using regional endpoints.
New Dataproc on Compute Engine subminor image versions:
- 2.0.108-debian10, 2.0.108-rocky8, 2.0.108-ubuntu18
- 2.1.56-debian11, 2.1.56-rocky8, 2.1.56-ubuntu20, 2.1.56-ubuntu20-arm
- 2.2.22-debian12, 2.2.22-rocky9, 2.2.22-ubuntu22
Backported fixes for HIVE-25958 and HIVE-20220 (new configuration hive.groupby.enable.deterministic.distribution=false/true
).
Scheduled backups are now available in GA.
Scheduled backups are now available in GA.
The following models have been added to Model Garden:
- 36 Hugging Face embedding models with verified deployment settings such as BAAI/bge-m3 and intfloat/multilingual-e5-large-instruct.
- 35 Hugging Face PyTorch models with verified deployment settings such as stabilityai/stable-diffusion-2-1 and HuggingFaceFW/fineweb-edu-classifier.
For more information, see the Hugging Face model deployment in the console.
Launched Hex-LLM for high-efficiency large language model serving. This performant TPU serving solution is based on XLA and optimized kernels to achieve high throughput and low latency.
Hex-LLM uses several parallelism strategies for multiple TPU chips, quantizations, dynamic LoRA, and more. Hex-LLM supports the following dense and sparse LLMs:
- Gemma 2B and 7B
- Gemma 2 9B and 27B
- Llama 2 7B, 13B and 70B
- Llama 3 8B and 70B
- Mistral 7B and Mixtral 8x7B
- Updated Docker images in Llama 3 notebooks that are more efficient at tuning.
- A notebook-based interactive workshop UI was added in Model Garden for image generative models such as stable-diffusion-xl-base, image inpainting, controlnet. You can find these models from the Open Notebook list.
- Colab Notebooks for frequently used models in Model Garden have been revised with no-code or low-code implementations to improve accessibility and user experience.
(New guide) Migrate from AWS to Google Cloud: Migrate from Amazon RDS for SQL Server to Cloud SQL for SQL Server: Describes how to design, implement, and validate a plan to migrate from Amazon Relational Database Service (RDS) to Cloud SQL for SQL Server.
You can now set the logging level to debug
, or the equivalent, for Skaffold, gcloud, and kubectl, using the verbose
flag in each target's execution environment.
Resource requests for anetd
Pods have been increased from 200mil CPU and 110m memory to 205mil CPU and 230m memory. In some cases, if the CPU and memory budgets on the nodes are limited, GKE might evict workloads to facilitate anetd
during control plane upgrades. This can occur if your clusters are being upgraded from earlier versions to one of the following versions:
- 1.28.5-gke.1217000 and later
- 1.29 and later
- 1.30 and later
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26923
For more information, see the GCP-2024-039 security bulletin.
Release 6.3.8 is now in General Availability.
Remote Agents Release 2.0.1 is now in General Availability. Note that the version number has changed from 2.0.0 to 2.0.1.
This Release Note is incorrect; see entry for
July 2, 2024.
On February 14, 2024, the Cloud Audit Logging (CAL) type was inadvertently
changed from DATA_ACCESS
to ADMIN_ACTIVITY
. This change causes a change in the log name and log bucket location for the UpdateIapSettings
and ValidateIapAttributeExpression
methods.
The CAL type has been changed back to DATA_ACCESS
.
Terraform support
You can now use Terraform to create and manage scan configurations. Terraform management of discovery scan configurations is supported for BigQuery data, Cloud SQL data, and secrets in Cloud Functions environment variables. For a detailed reference document about Terraform resources, see data_loss_prevention_discovery_config in the Terraform documentation.
A monthly digest of client library updates from across the Cloud SDK.
Java
Changes for google-cloud-spanner
6.68.0 (2024-05-27)
Features
- Allow passing libraries_bom_version from env (#1967) (#3112) (7d5a52c)
- Allow DML batches in transactions to execute analyzeUpdate (#3114) (dee7cda)
- spanner: Add support for Proto Columns in Connection API (#3123) (7e7c814)
Bug Fixes
Dependencies
6.69.0 (2024-06-12)
Features
Dependencies
Python
Changes for google-cloud-spanner
3.47.0 (2024-05-22)
Features
Vertex AI custom training on TPU VMs support customer managed encryption keys (CMEK).
Bring your own IP does not support creating BYOIP addresses in Shared VPC service projects. This limitation is documented, but was previously not enforced. Enforcement has been added to prevent the creation of BYOIP addresses in service projects. If you're using bring your own IP with Shared VPC, use the project architecture described in BYOIP addresses administration with Shared VPC.
June 27, 2024
Anthos Config ManagementReverted an undocumented change to a metric name. The Cloud Monitoring metric current_declared_resources
(introduced in version 1.16.1) has been renamed to its original name, declared_resources
. For reference see Monitor Config Sync with Cloud Monitoring.
Upgraded the Open Telemetry image from v0.99.0 to v0.102.0 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.
Resolved an issue that prevented the declared_resources
metric from decrementing when an object became unmanaged by Config Sync.
On June 27, 2024 we released a new version of Advanced API Security
Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You might not be able to use the functionality until the rollout is complete.
Preview release of generative AI incident report summaries
This release introduces the preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents. The new generative AI features are available for all Advanced API Security-enabled projects and do not require the Gemini Code Assist add-on.
For usage information, see the Abuse Detection customer documentation.
On June 27, 2024, we released an updated version of Apigee.
Apigee is now available in new regions:
- Europe - Berlin (
europe-west10
) - Africa - Johannesburg (
africa-south1
)
See Apigee locations for more information about available regions.
Backup for GKE now supports creating a backup plan when creating a cluster.
You can now use tags on BigQuery tables to conditionally grant or deny access with Identity and Access Management (IAM) policies. This feature is generally available (GA). You can also attach tags to BigQuery datasets during dataset creation to conditionally grant or deny access with IAM policies.
To simplify searches and improve your documentation experience, we have split the 1st generation and 2nd generation documentation into separate documentation sets.
The following IAM roles are now available in preview:
- Cloud Run Source Developer (
roles/run.sourceDeveloper
) for deploying a Cloud Run service or job from source. - Cloud Run Source Viewer (
roles/run.sourceViewer
) viewing a Cloud Run service or job that is deployed from source.
1.21.4-asm.0 is now available for in-cluster Cloud Service Mesh.
This patch release contains the fix for a security vulnerability where the Datadog tracer does not handle trace headers with unicode characters. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.4-asm.0 uses Envoy v1.29.6.
Dialogflow ES: As of May 27 2024, Twilio no longer supports integrations with Dialogflow ES. For more details and information about migrating to Dialogflow CX, see the Twilio documentation.
Dialogflow CX: The gemini-1.5-flash generative model is now available for the generators feature.
Context caching is available for Gemini 1.5 Pro. Use context caching to reduce the cost of requests that contain repeat content with high input token counts. For more information, see Context caching overview.
Cloud Armor supports IP address groups in Preview.
Cloud Deploy now supports deploying using a proxy for Google Kubernetes Engine targets. Learn more.
Google Distributed Cloud for VMware 1.29.200-gke.242 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.200-gke.242 runs on Kubernetes v1.29.5-gke.800.
If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.
The following issues are fixed in 1.29.200-gke.242:
- Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes.
- Fixed the known issue where the Binary Authorization webook blocked the CNI plugin, which caused user cluster creation to stall.
- Fixed the known issue that caused the Connect Agent to lose connection to Google Cloud after a non-HA to HA admin cluster migration.
- Fixed the known issue that caused an admin cluster upgrade to fail for clusters created on versions 1.10 or earlier.
- Added back the CNI binaries to the OS image so that multiple network interfaces with standard CNI will work (see this known issue).
The following vulnerabilities are fixed in 1.29.200-gke.242:
High-severity container vulnerabilities:
Container-optimized OS vulnerabilities:
- CVE-2024-32465
- CVE-2024-24557
- CVE-2022-24765
- CVE-2022-43995
- CVE-2024-26907
- CVE-2024-26882
- CVE-2024-26885
- CVE-2023-25652
- CVE-2022-4904
Ubuntu vulnerabilities:
- CVE-2023-52434
- CVE-2023-52435
- CVE-2023-52447
- CVE-2023-52486
- CVE-2023-52489
- CVE-2023-52491
- CVE-2023-52492
- CVE-2023-52493
- CVE-2023-52494
- CVE-2023-52497
- CVE-2023-52498
- CVE-2023-52583
- CVE-2023-52587
- CVE-2023-52588
- CVE-2023-52594
- CVE-2023-52595
- CVE-2023-52597
- CVE-2023-52598
- CVE-2023-52599
- CVE-2023-52601
- CVE-2023-52602
- CVE-2023-52604
- CVE-2023-52606
- CVE-2023-52607
- CVE-2023-52608
- CVE-2023-52614
- CVE-2023-52615
- CVE-2023-52616
- CVE-2023-52617
- CVE-2023-52618
- CVE-2023-52619
- CVE-2023-52620
- CVE-2023-52622
- CVE-2023-52623
- CVE-2023-52627
- CVE-2023-52631
- CVE-2023-52633
- CVE-2023-52635
- CVE-2023-52637
- CVE-2023-52638
- CVE-2023-52640
- CVE-2023-52641
- CVE-2023-52642
- CVE-2023-52643
- CVE-2023-52644
- CVE-2023-52645
- CVE-2023-52650
- CVE-2023-52652
- CVE-2023-52656
- CVE-2023-52662
- CVE-2023-6270
- CVE-2023-7042
- CVE-2024-0841
- CVE-2024-1151
- CVE-2024-2201
- CVE-2024-22099
- CVE-2024-23849
- CVE-2024-26583
- CVE-2024-26584
- CVE-2024-26585
- CVE-2024-26592
- CVE-2024-26593
- CVE-2024-26594
- CVE-2024-26600
- CVE-2024-26601
- CVE-2024-26602
- CVE-2024-26603
- CVE-2024-26606
- CVE-2024-26608
- CVE-2024-26610
- CVE-2024-26614
- CVE-2024-26615
- CVE-2024-26625
- CVE-2024-26627
- CVE-2024-26635
- CVE-2024-26636
- CVE-2024-26640
- CVE-2024-26641
- CVE-2024-26644
- CVE-2024-26645
- CVE-2024-26651
- CVE-2024-26659
- CVE-2024-26660
- CVE-2024-26663
- CVE-2024-26664
- CVE-2024-26665
- CVE-2024-26668
- CVE-2024-26671
- CVE-2024-26673
- CVE-2024-26675
- CVE-2024-26676
- CVE-2024-26679
- CVE-2024-26684
- CVE-2024-26685
- CVE-2024-26688
- CVE-2024-26689
- CVE-2024-26695
- CVE-2024-26696
- CVE-2024-26697
- CVE-2024-26698
- CVE-2024-26702
- CVE-2024-26704
- CVE-2024-26707
- CVE-2024-26712
- CVE-2024-26715
- CVE-2024-26717
- CVE-2024-26720
- CVE-2024-26722
- CVE-2024-26733
- CVE-2024-26735
- CVE-2024-26736
- CVE-2024-26737
- CVE-2024-26743
- CVE-2024-26744
- CVE-2024-26747
- CVE-2024-26748
- CVE-2024-26749
- CVE-2024-26750
- CVE-2024-26751
- CVE-2024-26752
- CVE-2024-26754
- CVE-2024-26763
- CVE-2024-26764
- CVE-2024-26766
- CVE-2024-26769
- CVE-2024-26771
- CVE-2024-26772
- CVE-2024-26773
- CVE-2024-26774
- CVE-2024-26776
- CVE-2024-26777
- CVE-2024-26778
- CVE-2024-26779
- CVE-2024-26782
- CVE-2024-26787
- CVE-2024-26788
- CVE-2024-26790
- CVE-2024-26791
- CVE-2024-26792
- CVE-2024-26793
- CVE-2024-26795
- CVE-2024-26798
- CVE-2024-26801
- CVE-2024-26802
- CVE-2024-26803
- CVE-2024-26804
- CVE-2024-26805
- CVE-2024-26808
- CVE-2024-26809
- CVE-2024-26816
- CVE-2024-26820
- CVE-2024-26825
- CVE-2024-26826
- CVE-2024-26829
- CVE-2024-26833
- CVE-2024-26835
- CVE-2024-26838
- CVE-2024-26839
- CVE-2024-26840
- CVE-2024-26843
- CVE-2024-26845
- CVE-2024-26846
- CVE-2024-26851
- CVE-2024-26852
- CVE-2024-26855
- CVE-2024-26856
- CVE-2024-26857
- CVE-2024-26859
- CVE-2024-26861
- CVE-2024-26862
- CVE-2024-26863
- CVE-2024-26870
- CVE-2024-26872
- CVE-2024-26874
- CVE-2024-26875
- CVE-2024-26877
- CVE-2024-26878
- CVE-2024-26879
- CVE-2024-26880
- CVE-2024-26881
- CVE-2024-26882
- CVE-2024-26883
- CVE-2024-26884
- CVE-2024-26885
- CVE-2024-26889
- CVE-2024-26891
- CVE-2024-26894
- CVE-2024-26895
- CVE-2024-26897
- CVE-2024-26898
- CVE-2024-26901
- CVE-2024-26903
- CVE-2024-26906
- CVE-2024-26907
- CVE-2024-26910
- CVE-2024-26915
- CVE-2024-26916
- CVE-2024-26920
- CVE-2024-27024
- CVE-2024-27028
- CVE-2024-27030
- CVE-2024-27034
- CVE-2024-27037
- CVE-2024-27038
- CVE-2024-27039
- CVE-2024-27043
- CVE-2024-27044
- CVE-2024-27045
- CVE-2024-27046
- CVE-2024-27047
- CVE-2024-27051
- CVE-2024-27052
- CVE-2024-27053
- CVE-2024-27054
- CVE-2024-27065
- CVE-2024-27073
- CVE-2024-27074
- CVE-2024-27075
- CVE-2024-27076
- CVE-2024-27077
- CVE-2024-27078
- CVE-2024-27388
- CVE-2024-27390
- CVE-2024-27403
- CVE-2024-27405
- CVE-2024-27410
- CVE-2024-27412
- CVE-2024-27413
- CVE-2024-27414
- CVE-2024-27415
- CVE-2024-27416
- CVE-2024-27417
- CVE-2024-27419
- CVE-2024-27431
- CVE-2024-27432
- CVE-2024-27436
- CVE-2024-35811
- CVE-2024-35828
- CVE-2024-35829
- CVE-2024-35830
- CVE-2024-35844
- CVE-2024-35845
Release 1.29.200-gke.243
Google Distributed Cloud for bare metal 1.29.200-gke.243 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.200-gke.243 runs on Kubernetes 1.29.
If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.
Functionality changes:
Updated registry mirror support to allow you to specify a port for host addresses.
Updated the networking preflight check to verify that either the
ip_tables
or thenf_tables
kernel module is available for loading, instead of being explicitly loaded.Added support for Red Hat Enterprise Linux 8.10 for Google Distributed Cloud software version 1.29.200-gke.243 and higher.
Fixes:
Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.
Fixed an issue where service accounts created by using the
--create-service-accounts
flag with thebmctl create config
command don't have enough permissions.
The following container image security vulnerabilities have been fixed in 1.29.200-gke.243
High-severity container vulnerabilities:
Medium-severity container vulnerabilities:
Low-severity container vulnerabilities:
Known issues:
For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26924
For more information, see the GCP-2024-038 security bulletin.
Release 6.3.9 is currently in Preview.
Case List preferences are now saved permanently per user. This includes column selection, order of columns, and sorting within columns.
Environment table column width display issue when using dynamic parameters with many characters (ID #51611835)
Editing or saving any step in the playbook resets the view to zoom out (ID #00162859, #48257046)
Client library samples for Java and Go are now added to all relevant pages. For more information, see Apache Kafka for BigQuery client libraries.
Route exchange with VPC spokes is now available in public preview.
This feature lets you lets you connect VPC spokes and hybrid spokes, such as Cloud Interconnect VLAN attachments, HA VPN tunnels, and Router appliance VMs on the same hub.
New SAP certification: 16 TB X4 bare metal machine type
The Compute Engine memory-optimized bare metal machine type x4-megamem-960-metal
is generally available (GA) and certified by SAP for use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads.
For more information, see:
Google Cloud's Agent for SAP version 3.4
Version 3.4 of Google Cloud's Agent for SAP is generally available (GA). This version introduces a workload performance diagnostic tool, and enhancements to the Backint and disk snapshot features.
For more information, see What's new with Google Cloud's Agent for SAP.
The INDIA_PASSPORT
infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
If you set InfoType.version
to latest
when including the PHONE_NUMBER
infoType in your InspectConfig
, Sensitive Data Protection will now include US_TOLLFREE_PHONE_NUMBER
findings as type PHONE_NUMBER
in the scan results.
You can still use the old functionality by setting InfoType.version
to stable
or leaving it unset when using the PHONE_NUMBER
infoType. In 30 days, the new functionality will be promoted to stable
.
VPC Service Controls feature: Support for using an internal IP address to allow access to protected resources is generally available.
For more information, see Allow access to protected resources from an internal IP address. Make sure that you read the updated Limitations section before using this feature.
Vertex AI Search: Connect BigQuery datasets to Vertex AI Search (Public preview)
You can create Vertex AI Search data stores that periodically sync with data in BigQuery datasets. You can choose how often you want to update your data stores: every day, every 3 days, or every 5 days.
Synchronizing BigQuery data to Vertex AI Search is available in Public preview.
For more information, see Import from BigQuery.
June 26, 2024
Anthos clusters on AWSThe following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2023-52654
- CVE-2023-52656
For more information, see the GCP-2024-041 security bulletin.
The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:
- CVE-2024-26924
For more information, see the GCP-2024-038 security bulletin.
On June 26, 2024, we released an updated version of Apigee (1-12-0-apigee-7).
Bug ID | Description |
---|---|
N/A | Upgraded infrastructure and libraries. |
These issues were fixed in 1-12-0-apigee-4-hotfix and are included in this release:
Bug ID | Description |
---|---|
337876238, 330314128, 333762214 | Resolved issues resulting in an increase in 404/503 responses.Upgraded storage for the Apigee router to the latest version to resolve Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any |
335832119 | Fixed 404 errors caused during Apigee instance update/rollback. |
255772956 | Turned off asynchronous services callout when the <Response> element is not present due to inconsistent scaling of runtime pods. |
338717278 | Reverted problematic commit to address thread pool exhaustion. |
App Hub support is available in the asia-east2
(Hong Kong) and europe-west3
(Frankfurt, Germany)
regions.
You can now analyze your billable log volume when using Log Analytics. This feature is in Public Preview. For more information, see Analyze log volume with Log Analytics.
You can now configure your dashboards to show disruptions in Google Cloud Services. This feature is GA. For more information, see the following pages:
- For event information, see Personalized Service Health events.
- For information about enabling events, see Show events on a dashboard.
New Dataproc Serverless for Spark runtime versions:
- 1.1.67
- 1.2.11
- 2.0.75
- 2.2.11
Dataproc Serverless for Spark: To fix compatibility with open table formats (Apache Iceberg, Apache Hudi and Delta Lake), the ANTLR version downgraded from 4.13.1 to 4.9.3 in Dataproc Serverless for Spark runtime versions 1.2 and 2.2.
A vulnerability (CVE-2024-26924) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.
For more information, see the GCP-2024-038 security bulletin.
(2024-R21) Version updates
GKE cluster versions have been updated.
New versions available for upgrades and new clusters.
The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.
No channel
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.15-gke.1436000
- 1.27.11-gke.1062003
- 1.27.14-gke.1093000
- 1.28.10-gke.1141000
- 1.29.5-gke.1121000
- 1.29.5-gke.1192000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
Stable channel
- Version 1.27.13-gke.1070000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.27.11-gke.1062004
- 1.28.9-gke.1000000
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069000 with this release.
Regular channel
- The following versions are now available in the Regular channel:
Rapid channel
- Version 1.30.1-gke.1329000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1390000
- 1.26.15-gke.1436000
- 1.27.14-gke.1042000
- 1.27.14-gke.1093000
- 1.28.10-gke.1075000
- 1.28.10-gke.1141000
- 1.29.5-gke.1121000
- 1.29.5-gke.1192000
- 1.30.1-gke.1156000
- 1.30.1-gke.1500000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329000 with this release.
(2024-R21) Version updates
- Version 1.30.1-gke.1329000 is now the default version in the Rapid channel.
- The following versions are now available in the Rapid channel:
- The following versions are no longer available in the Rapid channel:
- 1.26.15-gke.1390000
- 1.26.15-gke.1436000
- 1.27.14-gke.1042000
- 1.27.14-gke.1093000
- 1.28.10-gke.1075000
- 1.28.10-gke.1141000
- 1.29.5-gke.1121000
- 1.29.5-gke.1192000
- 1.30.1-gke.1156000
- 1.30.1-gke.1500000
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329000 with this release.
(2024-R21) Version updates
- The following versions are now available in the Regular channel:
(2024-R21) Version updates
- Version 1.27.13-gke.1070000 is now the default version in the Stable channel.
- The following versions are now available in the Stable channel:
- The following versions are no longer available in the Stable channel:
- 1.27.11-gke.1062004
- 1.28.9-gke.1000000
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069000 with this release.
(2024-R21) Version updates
- The following versions are now available:
- The following node versions are now available:
- The following versions are no longer available:
- 1.26.15-gke.1436000
- 1.27.11-gke.1062003
- 1.27.14-gke.1093000
- 1.28.10-gke.1141000
- 1.29.5-gke.1121000
- 1.29.5-gke.1192000
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
- Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
You can use the BindPlane agent to collect Windows event logs, query SQL databases, read logs from files, and receive logs using syslog. The agent sends data directly to the Google Security Operations ingestion API or to a Google SecOps forwarder. For more information, see Use the BindPlane agent.
You can use the BindPlane agent to collect Windows event logs, query SQL databases, read logs from files, and receive logs using syslog. The agent sends data directly to the Google Security Operations ingestion API or to a Google SecOps forwarder. For more information, see Use the BindPlane agent.
June 25, 2024
AlloyDB for PostgreSQLAlloyDB Omni version 15.5.4 is generally available (GA). This version includes the following features and changes:
- The simplified installation method for AlloyDB Omni is now generally available (GA). You can install and manage your AlloyDB Omni installation using common container-management tools such as Docker. For information on upgrading an existing AlloyDB Omni installation, see Migrate from an earlier version of AlloyDB Omni to the latest version.
- AlloyDB Omni supports the Podman container tool on Red Hat Enterprise Linux (RHEL).
- Support for Arm-based architectures is now available in Preview.
- Various bug fixes and performance improvements.
You can now use the BigQuery JupyterLab plugin to explore your data, use BigQuery DataFrames in a Jupyter notebook, and deploy a BigQuery DataFrames notebook to Cloud Composer. This feature is in preview.
Cloud Build support for Supply-chain Levels for Software Artifacts (SLSA) version 1.0 compliant provenance is now generally available to help you safeguard your automated build pipelines.
Build provenance is verifiable metadata that you can use to audit builds. Cloud Build can generate provenance aligned with the SLSA v1.0 spec when you use the option requestedVerifyOption
with triggered builds.
Learn how to use build provenance in Cloud Build.
Cloud Composer is now available in Johannesburg (africa-south1).
Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). For more information, see Operating systems.
Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). For more information, see Operating systems.
Config Controller is now supported in regions europe-west8
, us-central2
and us-east7
.
Config Controller now uses the following versions of its included products:
- Config Connector v1.119.0, release notes
The Dataproc Component Gateway is now activated by default when you create a Dataproc on Compute Engine cluster using the Google Cloud console.
Controlled generation is available on Gemini 1.5 Pro and supports the JSON schema. For more information, see Control generated output.
Cloud Armor support for Layer 7 filtering in globally scoped edge security policies for Media CDN is now Generally Available.
Globally scoped Cloud Armor edge security policies for Layer 7 filtering are now Generally Available. For an example, see Example: Deny requests for cached content with specific headers.
NetApp Volumes now supports committed use discounts (CUDs). For more information, see NetApp Volumes committed use discounts.
Introducing the Security Command Center Risk Engine
Security Command Center introduces Risk Engine as the name of the functionality that provides attack path simulations, attack exposure scores, attack path visualizations, and toxic combination findings.
For more information, see Assess risk with Risk Engine.
Toxic combination findings release to Preview
In the Enterprise tier of Security Command Center, the Risk Engine generates a finding when it detects a toxic combination during attack path simulations. A toxic combination is a group of security issues that, when they occur together in a particular pattern, create a path to one or more of your high-value resources.
The toxic combinations features introduces a new finding class, Toxic combination
, and adds new fields in the Finding
object to hold information about toxic combinations.
For more information, see Overview of toxic combinations.
UPDATE: The Preview release of the toxic combination feature is being rolled out to customers in stages. You might not receive toxic combination findings or see the new features in the Security Operations console for up to two weeks.
The release note for the toxic combination feature published on June 25, 2024 was updated to explain the staged release of the feature.
Install new version of the Security Command Center Enterprise use case
The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation
use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date, June 25, 2024, introduces new widgets, new playbooks, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.
For installation instructions, see Update Enterprise use case, June 2024.
June 24, 2024
Access ApprovalAccess Approval supports Apigee in the GA stage.
Access Transparency supports Apigee in the GA stage.
A weekly digest of client library updates from across the Cloud SDK.
Certificate Authority Service is now available in the following region:
- africa-south1
For more information, see Certificate Authority Service locations.
Avoid getting charged for idle Compute Engine reservations in the FinOps hub
You can now get recommendations to modify or delete your idle, on-demand reservations for Compute Engine resources when you haven't consumed any resources for at least 7 days.
Cloud Functions (2nd gen) now supports fully automatic security updates. For details, see the document Execution environment security.
Gauges and scorecards are now available to visualize the results of your SQL queries. For more information, see Chart query results with Log Analytics.
You can now configure your dashboards to show when incidents were opened. For more information, see Alert events.
You can now upgrade the network architecture of Cloud SQL for MySQL instances that store transaction logs used for point-in-time recovery (PITR) in Cloud Storage. The previous limitation on upgrade of such instances is removed. To check where your MySQL instance stores its PITR logs, see Check the storage location of transaction logs used for PITR.
For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.
cos-dev-117-18514-0-0
Kernel | Docker | Containerd | GPU Drivers |
COS-6.6.34 | v24.0.9 | v2.0.0rc2 | v535.183.01(default),v550.90.07(latest) |
Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".
Updated R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.
Updated R535, default driver to v535.183.01.This fixes CVE‑2024‑0090 and CVE‑2024‑0092.
Runtime sysctl changes:
- Added: net.ipv4.tcp_backlog_ack_defer: 1
- Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
- Changed: fs.fanotify.max_user_marks: 67560 -> 67544
- Changed: fs.file-max: 811880 -> 811785
- Changed: fs.inotify.max_user_watches: 63441 -> 63425
- Changed: kernel.threads-max: 63503 -> 63487
- Changed: net.core.optmem_max: 20480 -> 131072
- Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
- Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
- Changed: user.max_cgroup_namespaces: 31751 -> 31743
- Changed: user.max_fanotify_marks: 67560 -> 67544
- Changed: user.max_inotify_watches: 63441 -> 63425
- Changed: user.max_ipc_namespaces: 31751 -> 31743
- Changed: user.max_mnt_namespaces: 31751 -> 31743
- Changed: user.max_net_namespaces: 31751 -> 31743
- Changed: user.max_pid_namespaces: 31751 -> 31743
- Changed: user.max_time_namespaces: 31751 -> 31743
- Changed: user.max_user_namespaces: 31751 -> 31743
- Changed: user.max_uts_namespaces: 31751 -> 31743
- Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0
cos-105-17412-370-61
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.154 | v23.0.3 | v1.7.15 | v470.256.02(default),v550.90.07(latest) |
Fixed CVE-2024-26584 in the Linux kernel.
Fixed CVE-2024-26583 in the Linux kernel.
Runtime sysctl changes:
- Changed: fs.file-max: 812704 -> 812707
Fixed a crash in the Linux kernel.
cos-113-18244-85-39
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.90 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Added support for TPU v6 devices.
Runtime sysctl changes:
- Changed: fs.file-max: 812036 -> 812039
Fixed a crash in the Linux kernel.
cos-109-17800-218-62
Kernel | Docker | Containerd | GPU Drivers |
COS-6.1.85 | v24.0.9 | v1.7.15 | v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs) |
Runtime sysctl changes:
- Changed: fs.file-max: 812259 -> 812261
Fixed a crash in the Linux kernel.
cos-101-17162-463-51
Kernel | Docker | Containerd | GPU Drivers |
COS-5.15.155 | v20.10.27 | v1.6.28 | v470.256.02(default),v550.90.07(latest) |
Fixed upload throughput in gVisor container in gVNIC.
Fixed a crash in the Linux kernel.
New Dataproc on Compute Engine subminor image versions:
- 2.0.107-debian10, 2.0.107-rocky8, 2.0.107-ubuntu18
- 2.1.55-debian11, 2.1.55-rocky8, 2.1.55-ubuntu20, 2.1.55-ubuntu20-arm
- 2.2.21-debian12, 2.2.21-rocky9, 2.2.21-ubuntu22
You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. For more information about onboarding, see Onboarding or migrating a Google Security Operations instance.
During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features. For more information, see Link Google SecOps to Google Cloud services.
You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. For more information about onboarding, see Onboarding or migrating a Google Security Operations instance.
During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features. For more information, see Link Google SecOps to Google Cloud services.
A weekly digest of client library updates from across the Cloud SDK.
Go
Changes for pubsub/apiv1
1.39.0 (2024-06-18)
Features
- pubsub/pstest: Add support to register other servers into grpc.Server (#9722) (db8216e)
- pubsub: Add service_account_email for export subscriptions (92dc381)
- pubsub: Batch receipt modacks (#10234) (4c2cd10)
- pubsub: Make lease management RPCs concurrent (#10238) (426a8c2)
Bug Fixes
Python
Changes for google-cloud-pubsub
2.21.5 (2024-06-20)
Bug Fixes
- Allow Protobuf 5.x (a369f04)
2.21.4 (2024-06-18)
Documentation
The RELIGIOUS_TERM
infoType detector is available in Preview in all regions. For more information about all built-in infoTypes, see InfoType detector reference.
A new detection model is available for the ORGANIZATION_NAME
infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version
to latest
when including the ORGANIZATION_NAME
infoType in your InspectConfig
.
You can still use the old model by setting InfoType.version
to stable
or leaving it unset when using the ORGANIZATION_NAME
infoType. In 30 days, the new model will be promoted to stable
.
Vertex AI Search: Check ingested data quality for media recommendations (Public preview)
You can check the quality of your ingested data for media recommendations.
By running the Public preview requirements:checkRequirement
method, you find out if your data store meets the minimum quality requirements for your recommendations app. If your data doesn't meet the minimum threshold for the key metrics for your model and objective, you receive a warning about the issues. Address the issues and rerun the check.
For more information, see Check data quality for media recommendations.
June 21, 2024
BigQueryThe BigQuery migration assessment for Amazon Redshift is now generally available (GA). You can use this feature to assess the complexity of migrating from your Amazon Redshift data warehouse to BigQuery.
You can now use the in-place major version upgrade feature to upgrade your Cloud SQL for PostgreSQL instance to PostgreSQL 16.
Dataflow SQL is deprecated. As of July 31, 2024, you can't access Dataflow SQL in the Google Cloud console. As of January 31, 2025, you can't use Dataflow SQL in the Google Cloud CLI. As a replacement, use Beam SQL.
The 3.0.0 version of the open-source Dataform framework is available.
The workflow_settings.yaml
file, which was introduced in Dataform Core 3.0.0-beta.0, replaces dataform.json
.
You can specify the Dataform Core version directly in the workflow_settings.yaml
file, which removes the need for package.json
for most repositories. To have package dependencies other than @dataform/core
, the package.json
file is still required.
No immediate action to convert existing Dataform code is required. You can continue to use dataform.json
and package.json
in existing repositories.
You can convert your dataform.json
file into workflow_settings.yaml
by following the instructions in the 3.0.0 GitHub release.
New repositories use workflow_settings.yaml
by default. You can replace the workflow_settings.yaml
file with dataform.json
to continue using the JSON format. If you remove workflow_settings.yaml
, you need to add a package.json
file to your repository to install @dataform/core
.
For more information, see the 3.0.0 release on GitHub.
Dataproc Serverless for Spark: To fix compatibility with open table formats (Apache Iceberg, Apache Hudi and Delta Lake), the ANTLR version will be downgraded from 4.13.1 to 4.9.3 in Dataproc Serverless for Spark runtime versions 1.2 and 2.2 on June 26, 2024.
Datastream now supports the change tables CDC method for SQL Server sources. For more information, see the Source SQL Server database page.
M122 release
- TensorFlow 2.16 container images are now available.
- PyTorch Inference 2.2 GPU container images are now available.
- PyTorch Inference 2.2 CPU container images are now available.
M122 release
- Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.
Release 6.3.7 is now in General Availability.
The discovery service of Sensitive Data Protection now supports Cloud Storage. You can run discovery at the organization, folder, or project level to generate data profiles of your Cloud Storage buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.
To get started on profiling Cloud Storage data, see the following:
- Profile Cloud Storage data in a single project
- Profile Cloud Storage data in an organization or folder
For more information about sensitive data discovery, see Data profiles.
Vertex AI Search: Answers with summaries and follow-ups (GA)
The answer API improves on the search with summary and search with follow-ups features. For example, it better handles complex queries and provides customization of answer styles.
The answer API is Generally available (GA). However, the multi-step retrieval functionality remains in Public preview.
For more information, see Get answers and follow-ups.
Vertex AI Search: The answer method can skip irrelevant answers
The answer method can be set to generate an answer only if at least one of the results is deemed relevant.
If you choose to ignore low relevant content and if all the results are deemed irrelevant or almost irrelevant, then the answer method doesn't generate an answer. Instead, a fallback message replaces the answer.
For more information, see Show only relevant answers.
Vertex AI Search: Add structured data for advanced website indexing (Public preview)
If advanced website indexing is enabled in your data store, you can use structured data, such as schema.org data, to enrich your indexing.
For more information, see Use structured data for advanced site indexing.
Vertex AI Search: Generate grounded answers (GA with allowlist)
You can add system instructions as preambles to your prompts. System instructions govern the behavior of the model and modify the output accordingly. For example, you can add a persona to the generated answer or instruct the model to format the output text a certain way.
For more information, see Generate grounded answers.
Vertex AI Search: The generated answer message doesn't contain the name field for synchronous and sessionless queries
The name field is only included in the answer response for session queries and for asynchronous queries. These are stateful and context-aware queries.
If a query is a synchronous and stateless query, the name
field is no longer included in the generated answer
message.
For more information about the answer method, see Get answers and follow-ups.
Vertex AI Search: Choose when to enable autocomplete
You can choose to enable autocomplete as soon as possible instead of waiting a couple of days for sufficiently good autocomplete data. If you choose to make autocomplete available sooner, at first, you won't get suggestions for all queries and some suggestions might be of poor quality.
For more information, see Enable autocomplete in Update autocomplete settings.
M122 release
The M122 release of Vertex AI Workbench user-managed notebooks includes the following:
- Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.
M122 release
The M122 release of Vertex AI Workbench instances includes the following:
- Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.
June 20, 2024
Apigee XOn June 20, 2024, we released an updated version of Apigee.
This release includes a change in the user experience of selecting a physical location for control plane hosting when provisioning a Subscription or Pay-as-you-go Apigee organization with data regionalization enabled.
The new provisioning experience provides the opportunity to select a control plane hosting jurisdiction that refers to a location within a geopolitical boundary that may span more than one region. For more information, see Select an Apigee API control plane hosting jurisdiction.
During the Regional Controls Public Preview, the ComplianceRegime
enum value has changed from FREE_REGIONS
to REGIONAL_CONTROLS
. When using the REST API, Terraform, or gcloud
, ensure that you use the new REGIONAL_CONTROLS
value. This change does not impact existing Assured Workloads folders that were created using the old value. However, areas with potential impact include the following:
- Using the REST API and
gcloud
:- Use
REGIONAL_CONTROLS
instead ofFREE_REGIONS
when callingorganizations.locations.workloads.create
to create a new Assured Workloads folder/workload - Expect
REGIONAL_CONTROLS
as the return value forComplianceRegime
from calls toorganizations.locations.workloads.get
andorganizations.locations.workloads.list
- Use
- Using Terraform:
- Use
REGIONAL_CONTROLS
instead ofFREE_REGIONS
- Use
We are thrilled to announce the Public Preview launch of the new generation of Cloud Composer, Cloud Composer 3. The new version is now publicly available in all regions supported by Cloud Composer. It comes with a number of new features and characteristics:
- All infrastructure hidden in a tenant project
- Evergreen versioning
- Simplified networking configuration
- Improved performance
- More reliable DAG parsing and scheduling as DAG Processor and Schedulers are now separate components
- 10 times bigger storage for Airflow workers
As well as most functionalities already known from the previous Composer versions. To see the list of features already supported by Composer 3, see Comparison of Cloud Composer versions.
(Airflow 2.7.3) New operators for executing jobs in Google Kubernetes Engine and Kubernetes are available. For example, you can use these operators with Kueue.
Operators for Google Kubernetes Engine:
- GKEStartJobOperator
- GKEStartKueueInsideClusterOperator
- GKEDescribeJobOperator
- GKEListJobsOperator
- GKECreateCustomResourceOperator
- GKEDeleteCustomResourceOperator
- GKEStartKueueJobOperator
- GKEDeleteJobOperator
- GKESuspendJobOperator
- GKEResumeJobOperator
Operators for Kubernetes:
- KubernetesJobOperator
- KubernetesPatchJobOperator
- KubernetesDeleteJobOperator
(Airflow 2.7.3) The apache-airflow-providers-google
package was upgraded to version 10.18.0. For more information about changes, see the apache-airflow-providers-google changelog from version 10.17.0 to version 10.18.0.
(Airflow 2.7.3) The apache-airflow-providers-cncf-kubernetes
package was upgraded to version 8.3.1.
(Airflow 2.7.3) The apache-beam
package was upgraded to version 2.56.0.
A new Airflow build is available in Cloud Composer 3:
- composer-3-airflow-2.7.3-build.6
Cloud Composer 2.8.3 images are available:
- composer-2.8.3-airflow-2.7.3 (default)
- composer-2.8.3-airflow-2.6.3
Cloud Composer versions 2.3.2, 2.3.1, and 2.3.0 have reached their end of full support period.
Cloud Composer 2.8.3 is a version with an extended upgrade timeline.
The Oracle sink plugin version 1.10.7 is available in Cloud Data Fusion version 6.9. The release fixes an issue in the Oracle sink causing null values to be assigned to fields in the input schema that have lowercase letters in the field name (PLUGIN-1793).
You can migrate your Google Domains DNS settings and export your domain and email forwarding configurations if you use Google Domains as your DNS provider. For more information, see Migrate Google Domains DNS settings.
You can now use the gcloud sql instances describe
command or the SQL Admin API to retrieve a list of database versions that are available to your MySQL instance for upgrade. For more information, see Plan a major version upgrade and Upgrade the database minor version.
You can now use the gcloud sql instances describe
command or the SQL Admin API to retrieve a list of database versions that are available to your PostgreSQL instance for upgrade. For more information, see Plan a major version upgrade.
You can now use the gcloud sql instances describe
command or the SQL Admin API to retrieve a list of database versions that are available to your SQL Server instance for upgrade. For more information, see Plan a major version upgrade.
Dataproc Serverless for Spark: Spark runtime version 2.2 will become the default Dataproc Serverless for Spark runtime version on August 1, 2024.
New Dataproc Serverless for Spark runtime versions:
- 1.1.66
- 1.2.10
- 2.0.74
- 2.2.10
The Anthropic Claude Sonnet 3.5 is Generally Available. To learn more, view the Claude Sonnet 3.5 model card in Model Garden.
Release 6.3.8 is currently in Preview.
When running an imported playbook with an assigned user that doesn't exist, the playbook stops working when it gets to manual actions. (ID #00290960)
Entity properties not showing in the platform if the key name contains the time string (ID #51599403)
Include export filters is now available in public preview.
This feature lets you limit connectivity by specifying a list of permitted CIDR ranges, thereby blocking all but the permitted IP address ranges.
Named schemas is now generally available. With named schemas, you can group database objects in a namespace to avoid naming conflicts and collectively manage their FGAC permissions, see Named schemas.
Vertex AI custom training supports TPU v5e in us-central1
. For details, see Vertex AI locations.
June 19, 2024
Cloud Healthcare APIA new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.
Cloud VPN lets you connect two VPC networks in different regions by using HA VPN gateways.
For more information, see HA VPN topologies.
Datastream now supports the append-only write mode when ingesting data to BigQuery. For more information, see Configure write mode.
reCAPTCHA Enterprise Mobile SDK v18.6.0-beta01 is now available for Android.
This version contains the following changes:
- A new API,
fetchClient
, is available that provides built-in retries for network issues. - Bug fixes and improvements.