Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

August 16, 2024

AlloyDB for PostgreSQL Apigee X

On August 16, 2024, we released an updated version of Apigee (1-13-0-apigee-2).

Bug ID Description
324418891 Added improvements to the MessageLogging policy to avoid potential downtime and deployment failures.
351068926 Updated the error format and status code returned (from 500 to 400) in cases where an invalid authorization code causes an error.
Batch

Documentation has been added to explain how to export job information. Exporting a job's information is useful when you want to retain the information after a job is deleted or analyze the information outside of Batch. For more information, see Export job information.

Error Reporting

Error Reporting can now analyze log entries that have been routed to a log bucket in a non-global region, provided the log sink is in the same project as the log bucket.

Google Kubernetes Engine

In GKE version 1.29.7-gke.1238000-1.30, and 1.30.3-gke.1571000 or later, node pools use regional instance templates instead of global instance templates. To learn more, see Regional and global instance templates.

Live Stream API

You can now create static overlays and position them on top of a live stream.

SAP on Google Cloud

New SAP certifications: C4 series of general-purpose machine types

For use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads, SAP has certified the Compute Engine C4 series of general-purpose machine types.

For more information, see the following:

Vertex AI Agent Builder

Vertex AI Search: Search tuning (GA)

Search tuning for unstructured data stores is Generally available (GA). You can upload training files to tune the model for your search app.

Search tuning supports Data Residency; you can tune data stores in the US and EU multi-regions as well as global data stores.

For information, see Improve search results with search tuning.

August 15, 2024

Apigee UI

On August 15, 2024, we released an updated version of the Apigee UI.

Bug ID Description
356453519 Fixed issue with the display of shared flow detail pages.

In some cases, detail pages for shared flows with names containing a space (" ") would not display and resulted in UI errors.
355674677 Fixed infinite redirect loop after Subscription org provisioning.

Clicking the Continue button in the final step of the Subscription organization provisioning flow resulted in an infinite redirect loop.
Apigee X

On August 15, 2024 documentation was added describing how to provision Apigee in the Google Cloud console.

See Get started in the Google Cloud console for more information.

Apigee provisioning for Subscription orgs is now performed in the Google Cloud console.

Cloud SQL for MySQL

Extended support pricing is now available for Cloud SQL for MySQL. To view pricing details, see Cloud SQL pricing.

For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

Cloud SQL for PostgreSQL

Extended support pricing is now available for Cloud SQL for PostgreSQL. To view pricing details, see Cloud SQL pricing.

For more information about extended support, see Extended support for Cloud SQL.

For more information about extended support timelines, see Database versions and version policies.

If your Cloud SQL Enterprise edition instance stores the transaction logs used for point-in-time recovery (PITR) on disk, then when you do an in-place upgrade to Cloud SQL Enterprise Plus edition the storage location for the transaction logs is switched to Cloud Storage. For more information, see Upgrade an instance to Cloud SQL Enterprise Plus edition by using in-place upgrade.

To check where your instance stores the transaction logs used for PITR, see Use point-in-time recovery (PITR).

Dialogflow

Dialogflow CX: You can now configure sensitivity levels of safety filters with respect to different Responsible AI (RAI) categories.

Vertex AI Agents: OpenAPI tool authentication now supports custom client certificates for mutual TLS authentication.

Eventarc

Eventarc support for creating triggers for direct events from Apigee API hub is generally available (GA).

Looker

Looker (Google Cloud core) customers can now create a Looker (Google Cloud core) instance with Private Service Connect. To create a Private Service Connect instance, ensure that you have received confirmation from your sales representative that your project has been added to the allowlist for Private Service Connect.

Looker Studio

New Looker and Looker Studio shared terms and concepts glossary

A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.

Sort list controls by any metric

List controls now support sorting the options on any metric, rather than just the reference metric.

Policy Intelligence

The IAM recommender generates policy insights and role recommendations for the following identities:

  • All identities in a workload identity pool
  • Single identity in a workload identity pool
  • All identities in a workforce identity pool
  • Single identity in a workforce identity pool
  • All Google Kubernetes Engine Pods that use a specific Kubernetes service account

To learn more, see Availability. This feature is generally available.

SAP on Google Cloud

Google Cloud's Agent for SAP version 3.5

Version 3.5 of Google Cloud's Agent for SAP is generally available (GA). This version introduces enhancements to support Workload Manager's observability service for SAP, metric enhancements, and some minor fixes.

For more information, see What's new with Google Cloud's Agent for SAP.

Sensitive Data Protection

The PHONE_NUMBER infoType functionality that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model includes US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results.

To enable the new functionality, leave InfoType.version unset, or set it to latest or stable. To use the old functionality, set InfoType.version to legacy. You can continue to use the legacy functionality for 90 days.

August 14, 2024

AlloyDB for PostgreSQL

The AlloyDB Omni Kubernetes Operator version 1.0.0 and later lets you schedule matching new database Pods to nodes to balance node distribution across the AlloyDB Omni cluster and help optimize performance.

BigQuery

You can now get lower latency for small queries with the new short query optimized mode. BigQuery automatically determines which queries may be accelerated while other queries continue to run like before. This feature is now in preview.

Carbon Footprint

Beginning with the release of January 2024 data, Google Cloud Carbon Footprint has adopted a semi-annual methodology improvement schedule, with updates planned for January and July data releases each year.

For the July 2024 data release (in mid-August 2024), we have upgraded the carbon model to version 11 and implemented the following updates:

Updating Scope 1 & 3 emissions from Google's corporate footprint:

  • Updated Scope 1 & 3 allocation factors using latest Google company-wide data from 2024 Google Environmental Report. See the non-electricity emission sources section of methodology documentation on how we apply these Scope 1 & 3 emissions across Google products and services.

  • Notably, expanded the Scope 1 & 3 inventory boundary to include the following for a more comprehensive emissions inventory:

    • HVAC fugitive emissions
    • Additional emissions categories of transmission & distribution (T&D) loss
    • Extraction and transportation of fuels used to generate grid electricity

Updating renewable electricity percentage for Scope 2 market-based emissions from Google's corporate footprint:

  • Updated annual renewable electricity percentage from Google's clean energy procurement, in accordance with 2024 Google Environmental Report, as an input for Scope 2 market-based emissions. Note that Scope 2 location-based emissions are estimated using hourly greenhouse gas emissions factors. Read more about the difference in methodology between Scope 2 location-based and market-based emissions in the methodology document.

Improving allocation of shared internal AI/ML resources:

  • Improved the treatment of central machine learning compute resources and workloads across Google products and services, including corrected central resource impact to the following Google Cloud services:
    • Cloud Natural Language
    • Translate
    • Cloud Vision API
    • Cloud Speech API
    • Cloud Dialogflow API
    • Vertex AI
    • Cloud AutoML
    • Cloud Machine Learning Engine
    • Video Stitcher API
    • Cloud Video Intelligence API
    • Notebooks
    • Cloud Text-to-Speech API

Improving data accuracy:

  • Improved data center PUE mapping and energy allocation to internal services.
Colab Enterprise

The notebook scheduler is now generally available. See Schedule a notebook run.

Google Kubernetes Engine

(2024-R30) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1451000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

Regular channel

  • Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

Stable channel

  • Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

Extended channel

  • Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

No channel

We've identified a potential issue that may cause downtime for traffic coming to your GKE managed Internal passthrough Network Load Balancers, after certain cluster operations like node upgrades. This issue specifically affects clusters with GKE Subsetting and Services with externalTrafficPolicy=Cluster.

This issue is more likely to occur in clusters with more than 25 nodes. To prevent this issue altogether, we recommend updating your Service configuration to use externalTrafficPolicy=Local. If you're already experiencing downtime, scale up the number of pods backing your LoadBalancer to provide immediate relief. A fix for this issue will be available in upcoming GKE releases.

(2024-R30) Version updates

  • Version 1.30.3-gke.1225000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.16-gke.1008000
    • 1.28.11-gke.1315000
    • 1.29.7-gke.1008000
    • 1.30.2-gke.1587003
    • 1.30.3-gke.1451000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1051000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.12-gke.1052000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1104000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.3-gke.1225000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.3-gke.1225000 with this release.

(2024-R30) Version updates

  • Version 1.29.7-gke.1008000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.7-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

(2024-R30) Version updates

  • Version 1.29.6-gke.1254000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

(2024-R30) Version updates

  • Version 1.29.7-gke.1008000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1252000
    • 1.28.11-gke.1260000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

(2024-R30) Version updates

Looker

Looker 24.14 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, August 19, 2024

  • Expected Looker (original) final deployment and download available: Thursday, August 29, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, August 19, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, September 2, 2024

The Edit Connection page URL has been changed from admin/next/connections/:id to admin/next/connections/:id/edit. The Looker UI will not change, but any scripts or hyperlinks that you have created that reference the old URLs may break.

The presumed_looker_employee property is now omitted from the user API response model. If you were relying on this functionality, migrate to use the verified_looker_employee property instead.

The Chart Config Editor now supports a new Sankey chart type.

The Edit button appears only for model sets for which the user has edit access.

The Queries Admin page now contains a SQL Interface tab in the Details pop-up for queries that originate from the Open SQL Interface.

A new option is available for Looker-hosted instances that causes the instance to ignore configuration updates that occur outside the maintenance window. This option is disabled by default. To enable it, contact Looker Support.

The Chart Config Editor now supports a Venn diagram chart type.

The Open SQL Interface is now generally available and the SQL Interface Looker Labs toggle is removed.

The Looker–Tableau BI Connector is now generally available. You can now use Tableau Desktop to connect to your Looker data.

The Looker IDE now supports Vim and Emacs editors in addition to the default Looker IDE editor. You can set your editor preference in the new IDE Settings section of the Project Settings page of the Looker IDE.

The Looker IDE now supports text line wrapping in the IDE editor. Line wrapping is now the default behavior. You can turn off line wrap mode in the new IDE Settings section of the Project Settings page of the Looker IDE.

The Looker IDE now persists a user's IDE status, including the current open LookML file; the expand/collapse status of items in the file browser; the left sidebar item (such as the file browser, Git actions, Object Browser, or Project Settings); and the right sidebar item (such as the Quick Help panel, the Metadata panel, and the Project Health panel). You can remove the persistence by clicking the Reset IDE Layout button in the new IDE Settings section of the Project Settings page of the Looker IDE.

The LookML validator will no longer report inaccessible field errors for fields that are excluded from Explores.

System Activity queries that count Looker employee usage on your instance will no longer count Google employees that don't work on Looker products.

Performance has been improved for model preparation for models that use local import.

An issue has been fixed where some custom fields could not be deleted from the data table in an Explore. This feature now performs as expected.

An issue that caused some schedules to get indefinitely stuck in the scheduler queue has been fixed. This feature now performs as expected.

Previously, Look IDs were not always saved in the query metadata. This issue has been fixed, and this feature now performs as expected.

Previously, an issue caused some table calculations that referenced row totals to not appear in the series editor. This feature now performs as expected.

Previously, an issue could cause one invalid conditional data formatting rule to disable all conditional formatting rules for a series. This feature now performs as expected.

A previous issue with some Liquid variables would unnecessarily pull fields into the SQL query. This feature now performs as expected.

Rather than returning a 500 error as it would have previously, the sync_lookml_dashboard endpoint will now return a 422 with a more informative error message if there is an issue with the LookML dashboard layout.

The custom field editor now displays an error when users attempt to enter a conditional formatting rule with more than three conditions.

Unqualified field references in Liquid will no longer trigger SQL dependencies if the value does not depend on the result set.

An issue has been fixed where an escaped single quote in a LookML string was being treated as the end of the string. The fix enables color formatting to be applied to the entire string.

An issue has been fixed where dashboard filters were applied to tile queries during tile editing. This feature now performs as expected.

An issue has been fixed where LookML details were exposed to users who did not have the see_lookml permission.

An issue has been fixed where Looker would draw incorrect markers in the Google map visualization. This feature now performs as expected.

An issue with Exasol pivot queries has been fixed. This feature now performs as expected.

An issue with the User Activity dashboard has been resolved. This feature now performs as expected.

An issue with SSO logins has been fixed. This feature now performs as expected.

An issue has been fixed where the top-level item in an object tree was sometimes not expanded upon first loading. This feature now performs as expected.

An issue that could cause the LookML Validator to time out has been fixed. This feature now performs as expected.

Previously, a Validation or Query operation might fail if a measure did not have a type and used a sql_distinct_key. This feature now performs as expected.

An issue has been fixed with the Denodo dialect where the TRUNC() function could erroneously return a NULL value. This feature now performs as expected.

HighCharts error codes are now displayed in the UI rather than a blank visualization being rendered.

An issue has been fixed where unlocalized strings were rendered as "Bad Translation Key" when the project localization level was set to "permissive." This feature now performs as expected.

Looker can now use more efficient queries to determine the names of Redshift external schemas.

An issue has been fixed where, previously, a project could not be deleted because of a timeout on the Delete Confirmation page. This feature now performs as expected.

Previously, updating an OAuth client secret when there were multiple connections sometimes failed. This feature now performs as expected.

Previously, the PDT Admin panel could not be filtered by the status "Failed." This feature now performs as expected.

The editing experience in the Chart Config Editor is now more responsive.

A new progress bar, called the Looker query tracker, appears in the Explore UI when a query is running. You can toggle this off in the Labs features under Explore Query Tracker.

For Google BigQuery connections, Looker (Google Cloud core) can automatically use the OAuth application credentials that your Looker admin used when they created the Looker (Google Cloud core) instance. See the Looker (Google Cloud core) documentation for more information.

August 13, 2024

Apigee Advanced API Security

On August 13, 2024 we released an updated version of Advanced API Security.

Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Your instances may not have the feature available until the rollout is complete.

Note: This functionality is not available in the me-central2 region at this time. See Available Apigee API Analytics Regions for region information. We will announce with a release note when that region is supported.

Public preview of Risk Assessment v2

This release introduces Risk Assessment v2 in preview. Risk Assessment v2 includes these improvements:

  • Improved reliability: Faster score calculations with recent proxy data.
  • Simplified score display: The new score is a percentage, where 100% means full alignment with the security profile.

For usage information and a list of all improvements and changes in v2, see Risk Assessment v2.

Batch

Cancel jobs is available in Preview.

Batch CentOS (batch-centos) and Batch HPC CentOS (batch-hpc-centos) have reached end of development due to the end of support (EOS) of Compute Engine CentOS 7 images on June 30, 2024.

The final image versions of these Batch OSes—batch-centos-7-official-20240628-00-p00 and batch-hpc-centos-7-official-20240628-00-p00 from June 28, 2024—are only supported until August 27, 2024. By then, migrate any job that uses Batch CentOS or Batch HPC CentOS to a different OS.

The documentation has been updated to clarify that a Batch OS stops being supported when its base Compute Engine OS is deprecated. This restriction only applies to Batch OSes that have not already reached the end of development as of the date of this notice.

For more information, see Restrictions for VM OS images.

Bigtable

You can now enable client-side metrics with the Bigtable client library for Go. Used in conjunction with server-side monitoring metrics, client-side metrics can provide a complete, actionable view of Bigtable performance. For more information, see Set up client-side metrics.

Cloud Billing

The Carbon footprint dashboard in the FinOps hub now includes market-based emissions data (preview)

Scope 2 market-based emissions data (preview) for the Carbon footprint dashboard are now available in the FinOps hub. The market-based emissions metric represents purchased electricity, incorporating Google's annual renewable energy purchases. You can use the data in the Carbon footprint dashboard to optimize your cloud spend and reduce your carbon impact.

Cloud Composer

A new Cloud Composer release has started on August 13, 2024. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.4
  • composer-3-airflow-2.7.3-build.13

Cloud Composer 2.9.1 images are available:

  • composer-2.9.1-airflow-2.9.1 (default)
  • composer-2.9.1-airflow-2.7.3
Cloud Database Migration Service

Database Migration Service now supports migrations to MySQL minor version 8.0.37. See Supported source and destination databases in Cloud SQL for MySQL migrations.

Cloud Logging

Introducing log scopes. Log scopes are persistent, project-level resources that list a set of resources to be searched for log entries. For example, you might configure a log scope to contain multiple projects and several log views. If you select your log scope when using the Logs Explorer, it displays the log entries that originate in the specified projects and those in the specified log views.

You can create, edit, and delete log scopes. You can also set one log scope as the default log scope, which determines the resources that the Logs Explorer searches for log entries.

For more information, see Create and manage log scopes.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.400-gke.81 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.400-gke.81 runs on Kubernetes v1.29.6-gke.1800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Existing Seesaw load balancers now require TLS 1.2.

The following vulnerabilities are fixed in 1.29.400-gke.81:

High-severity container vulnerabilities:

Ubuntu vulnerabilities:

Google Kubernetes Engine

In GKE version 1.30 and later, there is a workaround in the PDCSI driver for privileged workloads that access container namespaces with hostpath. The workaround delays NodeUnstage until attached filesystems are no longer in use. Under certain conditions, the privileged hostpath workloads may cause a container's mount namespace to be retained longer than the container's lifecycle. The workaround addresses an issue where the driver could proceed with detaching a GCE persistent disk even if the block device filesystem is still in use.

With this fix, the PDCSI driver will validate that an attached block device is no longer in use prior to unmounting it from a GKE node.

Custom compute classes are a new set of capabilities in GKE that provide an API for fine-grained control over fallback compute priorities, autoscaling configuration, obtainability and node consolidation. Custom compute classes offer enhanced flexibility and control over your GKE compute infrastructure so that you can ensure optimal resource allocation for your workloads. You can use custom compute classes in GKE version 1.30.3-gke.1451000 and later. To learn more, see About custom compute classes.

Looker

Choosing a hosting option for a Looker (original) instance helps you understand the benefits and limitations of each hosting option — Looker-hosted or customer-hosted — so that you can make the best decision for their organization.

Looker (Google Cloud core) users now have access to the first-ever Learn Assistant panel on Google Cloud console pages. This panel provides tailored documentation and tutorials that are specifically related to the tasks or concepts covered on that console page.

A new Looker and Looker Studio shared terms and concepts glossary is available. This resource compares and contrasts terms and concepts that are used in common between Looker and Looker Studio, including some that have similar-seeming naming conventions but different functionality.

Spanner

A new multi-region instance configuration is now available in North America - nam16 (Iowa/Northern Virginia/Columbus).

August 12, 2024

Access Approval

Access Approval supports Cloud Armor in the GA stage.

Access Transparency

Access Transparency supports Cloud Armor in the GA stage.

Agent Assist

Customer Manager Encryption Key support is now available in preview for all Agent Assist features in regionalized environments, including all generative AI features. See the documentation for more details.

Apigee X

On August 12, 2024, we released a new version of Apigee.

We changed the maximum number of Apps per developer from 10 to 100. See the Limits page for more detail.

Note that using more than 10 apps per developer will result in latency when accessing flow variables referencing developer.apps.

With this release, Apigee expanded its support for data residency to additional regions in Japan:

  • asia-northeast1 (Tokyo)
  • asia-northeast2 (Osaka)

Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.9.0 (2024-08-01)

Features
  • Add retryOptions passing to underlying Service class (#1390) (a7cd3af)
  • Clean cached rows and responses after conversion (#1393) (3fd28b8)
Bug Fixes

You can now use time series and range functions to support time series analysis. This feature is now generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.42.0 (2024-08-06)

Features
  • Support float32, float64, and array type query params (#2297) (a65640e)
Bug Fixes
  • Adapt toString tests to introduction of java.time in gax (93f66a7)
Dependencies
  • Update shared dependencies (93f66a7)
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-logging

3.11.1 (2024-08-06)

Bug Fixes
Cloud Translation

The translation LLM and adaptive translation now support Arabic, Hindi, and Russian. For the full list of supported languages, see Supported languages.

Container Optimized OS

cos-105-17412-448-8

Kernel Docker Containerd GPU Drivers
COS-5.15.163 v23.0.3 v1.7.19 v470.256.02(default),v550.90.07(latest)

Updated app-admin/google-guest-configs to 20240607.00.

Updated app-containers/containerd to 1.7.19.

Upgraded app-containers/cni-plugins to v1.4.1.

Upgraded sys-auth/pambase to v20240128.

Upgraded sys-apps/gentoo-functions to v0.19.

Upgraded dev-libs/nss to v3.100.

Upgraded dev-libs/re2 to v0.2022.12.01.

Upgraded app-arch/unzip to v6.0_p27-r1.

Upgraded dev-python/six to v1.16.0-r1.

Upgraded dev-python/netifaces to v0.11.0-r2.

Upgraded dev-lang/python-exec to v2.4.10.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Disable NVIDIA persistence mode with -no-verify flag.

Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.

Fixed CVE-2023-5678 in dev-libs/openssl.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Fixed CVE-2024-6345 in dev-python/setuptools.

Fixed CVE-2024-39894 in openssh.

Fixed CVE-2024-39472 in the Linux kernel.

Fixed CVE-2024-38577 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812698 -> 812708

cos-101-17162-528-12

Kernel Docker Containerd GPU Drivers
COS-5.15.161 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

This is an LTS Refresh release.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Disable NVIDIA persistence mode with -no-verify flag.

Fixed CVE-2024-6602 in dev-libs/nss.

Fixed CVE-2024-2511, CVE-2024-4741, CVE-2024-5535 in dev-libs/openssl.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Fixed CVE-2024-6345 in dev-python/setuptools.

Updated ncurses to 6.4_p20240414. This resolves CVE-2023-45918.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Fixed CVE-2024-39472 in the Linux kernel.

Fixed CVE-2024-42229 in the Linux kernel.

Fixed CVE-2024-42068 in the Linux kernel.

Fixed CVE-2024-42082 in the Linux kernel.

Fixed CVE-2024-38577 in the Linux kernel.

Fixes CVE-2024-36901 in the Linux kernel.

Fixes CVE-2024-39482 in the Linux kernel.

cos-109-17800-309-13

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/less to v661.

Downgraded sys-apps/ethtool to v6.3.

Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.

Fixed CVE-2024-39472 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812261 -> 812257

cos-113-18244-151-14

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Downgraded sys-apps/ethtool to v6.7.

Updated dev-libs/openssl to version 3.0.14 and added patch for CVE-2024-5535. This fixed CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535.

Updated net-misc/curl to version 8.9.1. This fixed CVE-2024-7264.

Fixed CVE-2024-39472 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812030 -> 812026

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.12 (2024-08-08)

Bug Fixes
  • dataflow: Update google.golang.org/api to v0.191.0 (5b32644)
Dataform

Customer-Managed Encryption Keys (CMEK) in Dataform are generally available (GA). For more information, see Use customer-managed encryption keys.

You can now use Cloud External Key Manager (Cloud EKM) keys to protect Dataform data. Cloud EKM keys in Dataform are generally available (GA). For more information, see Using and managing external keys.

Dataplex

Data lineage list view is available in preview. The lineage list view displays full lineage information in a single table. For more information, see Data lineage list view.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.75
  • 1.2.19
  • 2.0.83
  • 2.2.19
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-datastore

2.20.0 (2024-08-07)

Features
  • Add new types ExplainOptions, ExplainMetrics, PlanSummary, ExecutionStats (#521) (dfbee2d)
  • Add new_transaction support (#499) (43855dd)
  • Implement query profiling (#542) (1500f70)
  • New PropertyMask field which allows partial commits, lookups, and query results (7fd218b)
Bug Fixes
  • Retry and timeout values do not propagate in requests during pagination (#555) (5e773cb)
  • Using end_cursor instead of skipped_cursor in Iterator to fix rare bug. (#552) (4982f9a)

Java

Changes for google-cloud-datastore

2.21.1 (2024-08-06)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#1531) (9e52395)

2.21.0 (2024-07-31)

Features
Google Kubernetes Engine

(2024-R29) Version updates

There are no GKE cluster version updates in 2024-R29. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

There are no new releases in the Rapid channel.

Regular channel

There are no new releases in the Regular channel.

Stable channel

There are no new releases in the Stable channel.

Extended channel

There are no new releases in the Extended channel.

No channel

There are no updates for clusters not enrolled in a release channel.

(2024-R29) Version updates

There are no new releases in the Rapid channel.

(2024-R29) Version updates

There are no new releases in the Regular channel.

(2024-R29) Version updates

There are no new releases in the Stable channel.

(2024-R29) Version updates

There are no new releases in the Extended channel.

(2024-R29) Version updates

There are no updates for clusters not enrolled in a release channel.

Identity and Access Management

You can attach tags to Identity and Access Management (IAM) service accounts to conditionally grant or deny access to specific service accounts. This feature is in Preview. For more information, see Creating and managing tags for service accounts.

Security Command Center

Cloud Infrastructure Entitlement Management (CIEM) is generally available

CIEM helps you adhere to the principle of least privilege by providing a comprehensive look at the security of your identity and access configuration. It provides insight into details such as what permissions are associated with a given identity, what roles are not optimal (highly permissive), and what steps you can take to remediate potential misconfigurations.

For more information about CIEM, see Overview of Cloud Infrastructure Entitlement Management.

Virtual Private Cloud

VPC Flow Logs includes the following metadata annotations in General Availability:

  • src_gateway and dest_gateway
  • src_google_service and dest_google_service
  • load_balancing
  • network_service
  • psc

For more information, see Record Format.

August 11, 2024

Google SecOps SOAR

Release 6.3.14 is now in General Availability.

August 10, 2024

Google SecOps SOAR

Release 6.3.15 is currently in Preview.

Unable to upload ZIP files to the Case wall. (ID #52659859)

August 09, 2024

Access Approval

Access Approval supports Storage Transfer Service in the GA stage.

Contact Center AI Platform

Private Service Connect and Organization Policy Service

You can create Contact Center AI Platform (CCAIP) instances that are configured for private access, which restricts access to them over the public internet. You can then set up Private Service Connect, which lets your agents, managers, and CCAIP administrators access the private instances. This is done using your own internal IP address, keeping your traffic within Google Cloud. Private Service Connect doesn't prevent end-users from contacting your contact center as they normally would. Private Service Connect is in Preview. For more information, see Set up Private Service Connect.

You can also use Google Cloud Organization Policy to get centralized, programmatic control over your organization's resources. If you want more granular, customizable control over the specific fields that are restricted in your organization policies, you can create custom constraints. For more information, see Manage Contact Center AI Platform resources using custom constraints .

Generative AI on Vertex AI

Gemini on Vertex AI supports multiple response candidates. For details, see Generate content with the Gemini API.

Google Cloud VMware Engine

VMware Engine ve2-mega-64 node type is generally available in the australia-southeast1 region. For more information on the node type, see Node types. To use the node type in the australia-southeast1 region, contact your Google account team.

Managed Kafka

Apache Kafka for BigQuery is now called Google Cloud Managed Service for Apache Kafka.

NetApp Volumes

Google Cloud NetApp Volumes offers volume replication between the following region pairs for Flex service level:

  • europe-west1 (Belgium) and europe-west8 (Milan)

  • europe-west1 (Belgium) and europe-west9 (Paris)

  • europe-west8 (Milan) and europe-west12 (Turin)

To learn more, see About volume replication.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0-beta01 is now available for iOS.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.

August 08, 2024

AlloyDB for PostgreSQL

Enhanced Query Insights and active queries are now available in Preview for read pool instances.

Apigee X

On August 8, 2024, we announced an increase in the recommended number of API basepaths per Apigee environment or environment group.

The recommended limit of API proxy basepaths per Apigee environment or environment group increased from 1,000 to 3,000. For more information, see the Environment and organization section of the Limits page.

Bug ID Description
329304975, 301845257 Limit on number of basepaths per environment

Fixed issue with the number of total basepaths per environment causing potential failures when deploying API proxy revisions.
BigQuery

The JSON_KEYS function, which extracts unique JSON keys from a JSON expression, is in Preview.

Some JSON functions that take a JSONPath let you specify a mode that allows flexibility in how the JSONPath matches the JSON data structure. This feature is in Preview.

Cloud Billing

View granular cost data from Secret Manager secret usage in Cloud Billing exports to BigQuery

You can now view granular Secret Manager secret cost data in the Google Cloud Billing detailed export. Use the resource.name or resource.global_name field in the export to view and filter your detailed log bucket usage.

Review the schema of the Detailed cost data export.

Tags data for Secret Manager secret usage is available in both the Standard usage cost export and the Detailed usage cost export.

To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see about tags and query examples with tags.

Cloud Composer

The kubelet read-only port in GKE clusters (TCP port 10255) is not used by Cloud Composer. You can define appropriate firewall rules to block external traffic over TCP 10255 in your customer project as described in Modify VPC firewall rules.

Fixed a problem that caused file synchronization between the bucket and Airflow components to be stuck or progress very slowly.

The default version of Airflow is changed to 2.9.1.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.3
  • composer-3-airflow-2.7.3-build.12

Cloud Composer 2.9.0 images are available:

  • composer-2.9.0-airflow-2.9.1 (default)
  • composer-2.9.0-airflow-2.7.3

Cloud Composer version 2.4.0 has reached its end of support period.

Cloud DNS

You can now select internal proxy Network Load Balancers as a health checked target for DNS routing policies in Preview. For more information, see DNS routing policies and health checks.

Compute Engine

Preview: An HTTPS metadata server endpoint is now available that provides added security for transmission of information between the metadata server and the VM. This endpoint is only available for Shielded VMs. For more information, see HTTPS metadata server endpoint.

To get started using this new endpoint, see Query metadata by using the HTTPS metadata server endpoint.

Google Distributed Cloud (software only) for bare metal

Release 1.29.400-gke.86

Google Distributed Cloud for bare metal 1.29.400-gke.86 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.400-gke.86 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

  • GA: Added support in version 1.29.400-gke.86 and higher for Red Hat Enterprise Linux (RHEL) version 9.2. For more information, see Select your operating system.

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Looker Studio

New formatting options for the bin calculated field type

New formatting options for the Bin calculated field type let you customize the appearance of ad hoc numeric tiers. These options include:

  • Interval "[x,y)" — This format displays the range including x, and up to but not including y.
  • Integer "x to y" — This format must be used with discrete integer values (such as age).
  • Relational ">= x and < y" — This format is best used with continuous numbers (such as dollars).
Vertex AI Workbench

M124 release

The M124 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.

M124 release

The M124 release of Vertex AI Workbench instances includes the following:

  • Fixed a bug that prevented kernels from appearing when the Cloud Resource Manager API is turned off and Dataproc is enabled.

August 07, 2024

Apigee X

On August 7, 2024, we published new documentation explaining how to integrate Apigee with a Security Information and Event Management (SIEM) solution. See Integrate Apigee with your SIEM solution for more information.

Backup and DR

Management console is now available in the London (europe-west2), Mumbai (asia-south1), and Los Angeles (us-west2) regions.

Backup and DR Service 11.0.12.322 is now available to update your backup/recovery appliance. Refer to these instructions to update your appliance.

Backup and DR service now supports restoring Oracle database to any target. Learn more.

Backup and DR Service now supports migrating manual protection to dynamic protection using tags through management console. Learn more.

BigQuery

An updated version of JDBC driver for BigQuery is now available.

You can now create a materialized view over Apache Iceberg table that is partition aligned with the base table. The materialized view only supports time-based partition transformation, for example, YEAR, MONTH, DAY, and HOUR. This feature is in preview.

Cloud Service Mesh

Configuring Cloud Service Mesh for either proxyless gRPC or Envoy proxy deployments with the Kubernetes Gateway API is now available as a preview feature. For more information see, the Overview page.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.28.800-gke.109 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.800-gke.109 runs on Kubernetes v1.28.11-gke.2200.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Existing Seesaw load balancers now require TLS 1.2.

Fixed
The following vulnerabilities are fixed in 1.28.800-gke.109:

High-severity container vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud connected

This is a patch release of Google Distributed Cloud connected (version 1.7.1).

Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected:

  • CVE-2024-36971, CVE-2024-36901, CVE-2024-36969, CVE-2024-36902 CVE-2024-36893, CVE-2024-36897, CVE-2024-35984, CVE-2024-35997, CVE-2024-6387 (GCP-2024-040), CVE-2024-38433, CVE-2024-0172

The following Google Distributed Cloud connected components have been updated:

  • GKE on Bare Metal has been updated from version 1.28.500 to version 1.28.700. (This component was formerly known as Anthos Clusters on Bare Metal.)
  • Kubernetes has been updated from version 1.28.8 to version 1.28.10.

The following issues have been resolved in this release of Google Distributed Cloud connected:

  • Nodes no longer get stuck in Ready,SchedulingDisabled state after applying configuration changes. Applying or deleting the NodeSystemConfigUpdate or SriovNetworkNodePolicy resources no longer results in a node that's stuck in the Ready,Scheduling Disabled state after it reboots.

  • Cluster software upgrades are no longer affected by GKE Identity Service (GKE IS) Pods that get stuck in a Failed state after a machine reboot.

  • Virtual machine workloads no longer temporarily go down when upgrading Google Distributed Cloud connected software. The virtual machine workloads now remain running while a Google Distributed Cloud software upgrade completes.

  • Changes to the VMRuntime resource are no longer required before upgrading to Google Distributed Cloud connected version 1.7.1 or higher.

  • Excessive CPU load on nodes undergoing live virtual machine migration during software upgrades has been resolved. When completing a live virtual machine migration during a Google Distributed Cloud connected software upgrade, nodes no longer experience CPU spikes that might affect workloads running on them.

  • Virtual machines no longer lose connectivity to each other during a live migration. When completing a live migration of virtual machines from one node to another, the virtual machines now retain network connectivity to each other across the source and destination nodes.

  • Virtual machines are now properly scheduled after recovery from a network partition. When a loss of network connectivity across multiple nodes occurs and causes a stall in storage I/O operations, the virtual machine fencing logic now properly marks the affected virtual machines as failed. Such virtual machines are now properly scheduled back onto the affected nodes when network connectivity is restored.

This release of Google Distributed Cloud connected contains the following known issues:

  • Virtual machine management can fail after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you might not be able to manage the virtual machines scheduled on the corresponding nodes after you power the machines back up, even though those virtual machine workloads continue to run. To remedy this issue, contact Google Support.

  • The Kubernetes API server might return 404 errors when attempting to access virt-api endpoints. To work around this issue, contact Google Support.

  • Storage operations hang when volume replicas are deleted from a cluster without removing the corresponding Symcloud Storage persistent volume intent. If you delete the volume replicas for a Symcloud Storage persistent volume but do not remove the corresponding intent, TCMU devices on the worker node hang, causing storage operations to stall indefinitely. This can affect both your workload data availability as well core system functionality of Google Distributed Cloud connected. To prevent this, you must always remove a Symcloud Storage persistent volume before deleting its associated volume replicas. If you need to resolve this issue on an affected node, contact Google Support.

  • Cluster deletion can fail due to stale Symcloud Storage data. When attempting to delete a cluster during disaster recovery or cluster reset, the deletion might fail due to the corresponding Symcloud Storage volumes not having been cleaned up. To resolve this issue, contact Google Support.

  • Cluster upgrades might fail with an "ABM upgrade timed out" error. Under certain conditions, if the GKE token expires while a cluster upgrade is in progress, the upgrade fails with an "ABM upgrade timed out" error and a missing gkehub.memberships.update permission is recorded in the logs. If you encounter this issue, contact Google Support.

  • Removing the NodeSelector node label value in the NodeSystemConfigUpdate resource after reconciliation does not reset the node status to default. If you remove the node label value in the NodeSelector field of the NodeSystemConfigUpdate resource after the resource has been successfully reconciled, the node does not revert to its default configuration.

Google Kubernetes Engine

(2024-R28) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1252000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

Regular channel

  • Version 1.29.6-gke.1326000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

Stable channel

Extended channel

  • Version 1.29.6-gke.1326000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

No channel

(2024-R28) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1252000
    • 1.29.6-gke.1326000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.16-gke.1008000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.7-gke.1008000 with this release.

(2024-R28) Version updates

  • Version 1.29.6-gke.1326000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

(2024-R28) Version updates

(2024-R28) Version updates

  • Version 1.29.6-gke.1326000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1172000
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1260000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.

(2024-R28) Version updates

August 06, 2024

Cloud Workstations

If you specify a source workstation during workstation creation, Cloud Workstations supports cloning of persistent directories. For more information, see REST workstations, RPC google.cloud.workstations.v1beta, or gcloud beta workstations create.

Contact Center AI Platform

Web SDK 2.22 is released

Web SDK 2.22 includes the following updates:

  • Resize text. You can change the font size for any text displayed in the agent adapter.

  • Control link behavior. You can control whether a link opens in the same tab or a new tab.

Container Optimized OS

cos-109-17800-309-7

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-admin/google-guest-configs to 20240607.00.

Upgraded app-containers/containerd to 1.7.19.

Upgraded sys-auth/pambase to v20240128.

Upgraded app-containers/docker, app-containers/docker-test, app-containers/docker-cli to v24.0.9.

Upgraded app-containers/docker-credential-gcr to v2.1.22.

Upgraded app-containers/docker-credential-helpers to v0.8.1.

Upgraded app-containers/cni-plugins to v1.4.1.

Upgraded net-misc/rsync to v3.2.7-r5.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.

Fixed CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 in sys-libs/libsepol.

Runtime sysctl changes:

  • Added: net.core.mem_pcpu_rsv: 256

cos-113-18244-151-9

Kernel Docker Containerd GPU Drivers
COS-6.1.100 v24.0.9 v1.7.19 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-admin/google-guest-configs to 20240607.00.

Upgraded app-containers/containerd to 1.7.19.

Upgraded net-misc/rsync to v3.2.7-r5.

Upgraded sys-apps/less to v661.

Enabled the feature to utilize the gpu_driver_versions proto file for controlling the specific GPU driver version to be installed for each GPU type.

Upgraded cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Removed crash-reporter KVM support.

Removed dev-go/grpc.

Upgraded curl to v8.9.0. This fixes CVE-2024-6197.

Upgraded dev-python/setuptools to v70.3.0. This fixes CVE-2024-6345.

Runtime sysctl changes:

  • Changed: fs.file-max: 812026 -> 812030

Google Kubernetes Engine

You can now keep a GKE Standard cluster on a minor version for longer with the Extended release channel. Clusters running 1.27 or later can be enrolled in the Extended channel, and automatically receive security patches during the extended support period after the end of standard support. To learn more, see Get long-term support with the Extended channel.

Vertex AI Agent Builder

Vertex AI Search: Layout parser GA

The layout parser for Vertex AI Agent Builder is Generally available. The layout parser transforms documents in various formats into structured representations. It makes content like paragraphs, tables, lists, and structural elements like headings, page headers, and footers easily accessible.

For more information, see Layout parser.

Vertex AI Search: Generative answers performance improvements

Generative answers have been updated with performance improvements.

  • Re-ranking for generative answers has been updated to decrease response latency.
  • Detection of adversarial queries has been updated for improved accuracy.

August 05, 2024

AlloyDB for PostgreSQL

AlloyDB Omni version 15.5.5 is now generally available (GA). This version includes the following features and changes:

Apigee Advanced API Security

On August 5, 2024 we released an updated version of Advanced API Security.

Shadow API Discovery, which is in preview, now supports the use of tags to label and organize observation results.

For usage information, see Use tags.

Cloud Load Balancing

Regional external Application Load Balancer, regional internal Application Load Balancer, and cross-region internal Application Load Balancer support mutual TLS (mTLS).

With mTLS, the load balancer requests that the client send a certificate to authenticate itself during the TLS handshake with the load balancer. You can configure a trust store to validate the client certificate's chain of trust.

For details, see the following:

This capability is in General Availability.

Global external Application Load Balancer and global external Application Load Balancer (classic) already support frontend mTLS (General Availability).

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/logging

11.2.0 (2024-07-15)

Features
  • Open telemetry integration and span Id fix for nodejs logging library (#1497) (91577e0)

Java

Changes for google-cloud-logging

3.20.0 (2024-08-02)

Features
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#1664) (cb6de76)
Documentation
  • Documentation update for OpenTelemetry and tracing (#1657) (e3c6670)
Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.41.0 (2024-07-31)

Features
  • Enable gRPC client open telemetry metrics reporting (#2590) (d153228)
Bug Fixes
  • Add UnknownHostException to set of retriable exception (#2651) (18de9fc)
  • Update grpc resumable upload error categorization to be more tolerant (#2644) (95697dd)
  • Update Storage#readAllBytes to respect shouldReturnRawInputStream option (#2635) (dc883cc)
  • Update TransferManager downloads to reduce in memory buffering (#2630) (fc2fd75)
  • Use fast calculation for totalRemaining number of bytes from multiple ByteBuffers (#2633) (758b3dd)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240625-2.0.0 (#2616) (b22babb)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240706-2.0.0 (#2634) (1ccaa0c)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#2647) (8196259)
  • Update dependency net.jqwik:jqwik to v1.9.0 (#2608) (a20eb66)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2604) (8c79f39)
  • Update junit-platform.version to v5.10.3 (#2605) (a532ee4)

You can now use parallel downloads with Cloud Storage FUSE to accelerate read performance of large files over 1 GB in size. When enabled, parallel downloads use multiple workers to download a file in parallel, accelerating file reads. For more information, see Improve read performance using parallel downloads.

Colab Enterprise

Fixed an issue in which users weren't able to access the Colab Enterprise UI when Colab Service Status was OFF for everyone in Google Workspace.

Confidential VM

AMD has notified Google about 3 new (2 medium risk, 1 high risk) firmware vulnerabilities affecting SEV-SNP in AMD EPYC 3rd generation (Milan) and 4th generation (Genoa) CPUs (CVE-2023-31355, CVE-2024-21978, and CVE-2024-21980).

For more information, see the GCP-2024-046 security bulletin.

Config Connector

Config Connector version 1.121.0 is now available.

The state-into-spec is default to Absent in any new ConfigController clusters.

Starting in version 1.122, this will be the default for all the ConfigController clusters

Starting in version 1.123, this will be the default for all ConfigConnector clusters.

DataformRepository (Alpha) now uses direct reconciliation.

BigtableInstance

  • When autoscaling is enabled (spec.cluster[].autoscalingConfig.), does not use numNodes (spec.cluster[].numNodes=2) as that applies only to manual scaling.

BigQueryConnection

  • Added status.observedState field to store the output-only fields which are previously mistakenly defined in spec.
Contact Center AI Platform

Version 3.23 is released

All release notes published on this date are part of version 3.23.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Cancel partial responses for virtual agents

You can now configure virtual agents (VAs) to enable cancellation of the playback of partial-responses fulfillment when the final fulfillment is returned. For example, if a webhook is called by the VA and partial responses is enabled, the fulfillment is returned to CCAI Platform and it starts playing the message to the end-user. If the final fulfillment is sent by Dialogflow to CCAI Platform while the partial-responses fulfillment is still being played, it is possible to interrupt this playback and play the final fulfillment.

For more information, see Support for partial response in Dialogflow CX.

New force logout endpoint in the Apps API

You can now do a force logout on agents, using agent ID or IP address, by making a POST call to a new Apps API endpoint: POST /apps/api/v1/agent_statuses/force_logout. This endpoint lets you immediately log out an agent who is not currently on a call or chat. If the agent is on a call or chat, they are automatically logged out after the call or chat ends.

Updated agent statuses endpoint

The agent statuses endpoint, apps/api/v1/agent_statuses, now returns an agent's IP address.

Contact lists

Agents can now use contact lists, which improve the organization and accessibility of external contacts. Agents can use a centralized workspace to create a personal contact list or a favorite contact list. Agents can access global and custom lists, depending on how your configure CCAIP. Administrators have the ability to: (1) Manage list visibility at the team or queue level, (2) Bulk upload CSV files containing contact lists, and (3) Add, edit, or delete contacts and destinations, including SIP URI addresses and phone numbers.

Auto answer settings are relocated

The following auto answer settings for calls and chats have been relocated. Functionality remains the same:

Global settings (moved to the Operations Management Routing page):

  • Old Locations:

    • Calls: Settings > Call

    • Chats: Settings > Chat

  • New Locations:

    • Calls: Settings > Operation Management > Routing > Call Routing > Deltacast

    • Chats: Settings > Operation Management > Routing > Chat Routing > Deltacast

Queue-level settings (moved to the Deltacast Settings page):

  • Old Locations:

    • Calls: Settings > Queue > [IVR] [Mobile] [Web]

    • Chats: Settings > Queue > Web

  • New Locations:

    • Calls: Settings > Queue > [IVR] [Mobile] [Web] > Routing > Call Routing > Deltacast

    • Chats: Settings > Queue > Web > Routing > Call Routing > Deltacast

For more information, see Auto answer.

End-of-session transfers for virtual agents

You can now set up a virtual agent (VA) to handle end-of-session interactions. When a live agent ends a session, it's transferred to a VA for wrap-up. You can use end-of-session transfers for interactions such as post-session surveys or feedback. This feature is available for both calls and chats.

Queue-level whisper settings for calls

Whisper settings for calls are now available at the queue level. This feature allows you to turn off whisper messages for specific queues or customize the whisper message. For example, on a billing queue, you could provide agents with instructions such as, "Call coming through the billing queue. Remember to redact if taking any payments." In addition, you can customize the call countdown timer and enable Use countdown at the queue level for calls.

For more information, see Configure whisper announcements at the queue level.

Workforce management

Workforce management (WFM) provides simple, flexible, real-time forecasting, scheduling, and adherence monitoring. Here are some key features:

  • Dynamic scheduling to optimize staffing. Save time by automating scheduling based on expected staffing needs. Allow agents to pick their schedule based on availability and skillset. WFM is customizable so you can create schedules that account for agent skills, time zones, channel coverage, employee time-off requests, and more.

  • Intelligent, flexible forecasting. Quickly create accurate omnichannel forecasts that model staffing requirements using both historical and real-time data. Interval, weekly, and monthly patterns and in-forecast updates provide day-to-day flexibility. You can make changes on the fly, or "set it and forget it."

  • Schedule adherence. WFM helps you avoid costly mistakes by providing agents and managers with real-time access to adherence and performance monitoring. This helps to ensure that agents are in the right place at the right time so there are no gaps in your customer service experience.

For more information, see Workforce management.

Queue-level configuration of the cascade group timer

You can now configure the cascade group timer at the queue level, instead of only at the global level. This would be useful, for example, if you wanted the agents assigned to a VIP queue to have more time to answer before the session is moved to the next cascade group.

For more information, see Configure a cascade group at the queue level.

Queue-level configuration of the percent allocation group timer

You can now configure the percent allocation group timer at the queue level, instead of only at the global level.

For more information, see Percent allocation groups.

Settings version control

Settings version control is a new feature that lets administrators more easily migrate the queue menu structure and settings from one tenant to another. Settings version control consists of two main components: (1) Exporting and importing queue menu structure and settings, and (2) Viewing and managing version history. You can save the current configuration of an existing tenant to a JSON file and then import the file and apply it to a new tenant. You can also create a reusable configuration template, making the creation of new tenants faster and more consistent. The version history feature lets administrators track the change history of a tenant, providing an overview of all previous settings applied. Administrators can revert to previous settings if they are not satisfied with recent changes. Settings version control is in Preview. For more information, see Settings version control.

New quality management (QM) session event field

CCAIP now passes a new field in the session event payload for calls.

The new field is available in the following event payload streams:

  • QM call events

  • External call events

The new session event field is the same as the agent_number field in the CCAIP metadata. This field is passed in the payload for all session events that have an agent participant.

Here is an example of a session event field: "agent_number":"1660"

Fixed an issue where calls would sometimes not ring for an agent while connecting to a caller.

Fixed an issue where agents with chat concurrency set to 1 were incorrectly receiving new chat offers while already handling a chat.

Fixed a co-browse display issue.

Fixed an issue where chats continued to be translated after being transferred to a queue that had live translation turned off.

Fixed an issue where the agent adapter was not triggering events in an iframe when starting or ending a co-browse session.

Fixed an issue where the Telnyx API was throwing an error when verifying a number, preventing BYOC numbers from being added.

Dataform

Access Approval supports Dataform in the GA stage.

Generative AI on Vertex AI

The translation LLM now supports Arabic, Hindi, and Russian. For the full list of supported languages, see the Translate text page.

Google Cloud Architecture Center

Disaster recovery scenarios for data: Added guidance about using the following capabilities to back up and recover self-managed databases deployed in Google Cloud:

Disaster recovery scenarios for applications: Added guidance about using the following capabilities to back up and recover applications deployed in Google Cloud:

NetApp Volumes

For the Flex service level, Google Cloud NetApp Volumes offers its services in the following regions:

  • europe-west8 (Milan)

  • europe-west9 (Paris)

  • europe-west12 (Turin)

To learn more, see NetApp Volumes key features.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

Beta release for the pubsub opentelemetry tracing feature

OpenTelemetry tracing standards are in active development, and thus attributes, links, and span names are EXPERIMENTAL and subject to change or removal without notice.

1.41.0 (2024-08-01)

Features
  • pubsub/pstest: Add Message.Topic field and populate on publish (#10510) (01bf051)
  • pubsub: Add max messages batching for Cloud Storage subscriptions (1bb4c84)
Bug Fixes

Java

Changes for google-cloud-pubsub

1.132.0 (2024-08-01)

Features
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.41.0 (#2093) (217b8a3)
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.42.0 (#2124) (24ebe24)
  • Update dependency com.google.cloud:google-cloud-core to v2.41.0 (#2120) (1f6428a)
  • Update dependency com.google.cloud:google-cloud-storage to v2.40.1 (#2095) (0d64d6c)
  • Update dependency com.google.cloud:google-cloud-storage to v2.41.0 (#2129) (2348d20)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#2121) (7fbea6d)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.27.2 (#2091) (9859f11)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2096) (42f12ed)
Documentation

Python

Changes for google-cloud-pubsub

2.23.0 (2024-07-29)

Features
  • Add max messages batching for Cloud Storage subscriptions (#1224) (91c89d3)
Sensitive Data Protection

The ORGANIZATION_NAME infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

The STREET_ADDRESS infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

August 03, 2024

Google SecOps SOAR

Release 6.3.13 is now in General Availability.

August 02, 2024

Apigee Advanced API Security

The preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents is now re-enabled after resolution of the known issue noted on July 19.

For usage instructions, see the Incident details documentation.

Apigee Integration

Redirecting from Apigee Integration to Application Integration

We are converging Apigee Integration and Application Integration. This change involves the following updates:

For more information, see Use Application Integration.

Generative AI on Vertex AI

Vertex AI SDK for Python supports token listing and counting for prompts without the need to make API calls. This feature is available in (Preview). For details, see List and count tokens.

Google Kubernetes Engine

The NVIDIA GPU Operator can now be used as an alternative to fully managed GKE for both Container-Optimized OS and Ubuntu node images. Choose this option to manage your GPU stack if you're looking for a consistent multi-cloud experience, already using the NVIDIA GPU Operator, or have software reliant on it.

Google SecOps SOAR

Release 6.3.14 is currently in Preview.

Unable to rerun a failed playbook step when the parameter is very large. As part of the fix, large parameter values will show as truncated on the platform but will not change the actual value sent to the playbook. (ID #49774296)

The platform does not show the correct error when trying to save a playbook which is open in another tab. (ID #00269661)

Can't remove the remote agent after host/container has stopped (ID #49024310)

List and multi-select parameters not appearing correctly in the IDE (ID # 51995565)

Playbook simulator sometimes not executing actions in the correct order (ID #48264534)

Missing audit log entries when deleting permission groups (ID #51496411)

Vertex AI

The Vertex AI Model Registry now offers Preview support for model copy across different projects. For information about how to copy your model projects and regions, see Copy models in Model Registry.

August 01, 2024

Apigee X

On August 1, 2024, we released an updated version of Apigee (1-13-0-apigee-1).

New flow variables are now available:

  • request.headers.names.string
  • request.queryparams.names.string
  • request.formparams.names.string
  • message.headers.names.string
  • message.queryparams.names.string
  • message.formparams.names.string
  • response.headers.names.string

These context variables can be used to return header, query parameter, and form parameter names in string format that can be used in API proxy logic. Each variable returns a comma-separated list of names.

For more information, see the Flow variables reference.

Bug ID Description
308583363, 332464869 Security fix for apigee-mart.

This addresses the following vulnerabilities:
332465218 Security fix for apigee-runtime.

This addresses the following vulnerabilities:
341994213, 333971421 Security fixes for Cassandra emulator.

These address the following vulnerabilities:
329762216

Security fix for apigee-installer.

This addresses the following vulnerability: CVE-2024-24786
342630443, 342714341, 343202829

Security fixes to address the following vulnerabilities:
Bug ID Description
293150694 <HTTPMonitor> now supports the <UseTargetServerSSLInfo> element and can trust TLS certs from non-public CAs.
329874359 Decreased the default value of <CacheLookupTimeoutInSeconds> from 30 seconds to 12 seconds.
334442202 Added specific and informative error messaging for App query failures resulting from discrepancies between developers and apps.
333919279 Improved reliability for Developer, App and API products APIs.
339169651 Fixed potential HTTP request smuggling vulnerability when using the OPTIONS method.
297539870 <HTTPTargetConnection> property io.timeout.millis is honored when used with WebSockets.
N/A Updated infrastructure and libraries.
BeyondCorp Enterprise

Generally available: The Chrome Enterprise Premium file transfer connector. You can use this feature to scan files that are transferred between different file systems on ChromeOS.

Bigtable

Bigtable supports querying in SQL. This feature is available in Preview. For more information, see Introduction to SQL for Bigtable.

The Bigtable Studio query editor is available in Preview. For more information, see Manage your data using Bigtable Studio.

Bigtable aggregates let you build distributed counters and aggregate your Bigtable data at write time using min, max, sum, or HLL. This feature is generally available (GA). For more information, see Aggregate values at write time.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Compute Engine
    • compute.googleapis.com/InstantSnapshot
Cloud Composer

In July and August 2024, new Cloud Composer 2 environments keep switching to using GKE 1.29 and PSC as a connectivity channel to the GKE control plane. Creating new Cloud Composer 2 private IP environments will require using PSC SERVICE_PRODUCER endpoints, which might be blocked by the Disable Private Service Connect for Consumers organization policy constraint. Previously, this org policy limitation could be addressed by using VPC peerings instead of PSC, but starting from GKE 1.29, this workaround is no longer available.

(Cloud Composer 3 only) The July 24th issue with Airflow upgrade operations for Cloud Composer 3 environments is now fixed. Airflow upgrade operations are now being re-enabled, and should reach all Cloud Composer 3 environments within the next couple of days.

The initial synchronization of DAGs and plugins in Airflow workloads is performed in a separate container and utilizes full resources of the Pod.

(Cloud Composer 3) Fixed an error that happened when values in certain formats were used for Airflow configuration options.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.2
  • composer-3-airflow-2.7.3-build.11

Cloud Composer 2.8.8 images are available:

  • composer-2.8.8-airflow-2.9.1
  • composer-2.8.8-airflow-2.7.3 (default)

Airflow 2.6.3 is no longer included in Cloud Composer 2 images.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for SQL Server

Cloud SQL for SQL Server now offers two editions of Cloud SQL to support your various business and application needs: Cloud SQL Enterprise Plus edition and Cloud SQL Enterprise edition. Each edition provides different performance and availability characteristics to meet the needs of your applications.

Cloud SQL Enterprise Plus edition has new machines for better performance, higher availability, and advanced disaster recovery. Existing instances become Cloud SQL Enterprise edition for SQL Server instances with no changes to pricing or features. You can upgrade existing instances to the Cloud SQL Enterprise Plus edition in-place using the Google Cloud Console, the gCloud CLI, or the API with minimal downtime.

For more information about Cloud SQL editions, see Introduction to Cloud SQL editions.

Cloud Storage

Beginning November 1, 2024, BigQuery users will start seeing charges for Cloud Storage usage as per pricing documentation, which was not metered before due to a billing bug.

Compute Engine

Generally available: You can use instant snapshots to take in-place disk backups that can be restored to new disks in under a minute.

Instant snapshots are ideal for rapid data restoration within the same location as the source disk. For more information, see Instant snapshots.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.16.11-gke.25 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.11-gke.25 runs on Kubernetes v1.27.15-gke.1200.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

Existing Seesaw load balancers now require TLS 1.2.

The following vulnerabilities are fixed in 1.16.11-gke.25:

Google Distributed Cloud (software only) for bare metal

Release 1.28.800-gke.111

Google Distributed Cloud for bare metal 1.28.800-gke.111 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.800-gke.111 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, including the following: Cluster, NodePool, BareMetalMachine and BareMetalCluster.

Fixes:

The following container image security vulnerabilities have been fixed in 1.28.800-gke.111:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

You can now enable NCCL Fast Socket on your multi-GPU Autopilot workloads. NCCL Fast Socket is a transport layer plugin designed to improve NVIDIA Collective Communication Library (NCCL) performance on Google Cloud. To enable NCCL Fast Socket on GKE Autopilot, you must use a GKE Autopilot cluster with control plane version 1.30.2-gke.1023000 or later. For more information, see Improve workload efficiency using NCCL Fast Socket.

Autopilot nodes use Google Virtual NIC (gVNIC) for 1.30.2-gke.1023000 and later.

Google SecOps

Customers can now configure direct ingestion of Google Cloud data without using a 1-time Google Security Operations access code. This feature will be launched over a period of several weeks. For more information, see Enable direct ingestion from Google Cloud.

Google SecOps SIEM

Customers can now configure direct ingestion of Google Cloud data without using a 1-time Google Security Operations access code. This feature will be launched over a period of several weeks. For more information, see Enable direct ingestion from Google Cloud.

Looker Studio

Audit logging for Gemini in Looker

You can view Gemini in Looker log events in the Admin Console (Security Investigation Tool). Gemini in Looker can be enabled for Looker Studio Pro subscriptions, which are associated with a Google Cloud project. To see which Google Cloud projects have Gemini in Looker enabled, as well as those with Gemini in Looker's Trusted Tester capabilities, filter the log by choosing the Setting name attribute and view the entries in the Project ID column.

Learn more about Looker Studio log events.

Spanner

Spanner now offers Spanner Graph in Preview, which unites purpose-built graph database capabilities with Spanner. Spanner Graph includes a graph query interface compatible with the ISO GQL (Graph Query Language) standards, and interoperability between relational and graph models. For more information, see the following:

Spanner full-text search (Preview) lets you search a table to find words, phrases, or integers, instead of just searching for exact matches in structured fields. Spanner full-text search capabilities also include making spelling corrections, automating language detection of search input, and ranking search results. To learn more, see the Full-text search overview.

July 31, 2024

AlloyDB for PostgreSQL

Gemini in Databases assistance in AlloyDB for PostgreSQL is now available in Preview for standard and enhanced query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you monitor and troubleshoot your AlloyDB resources. For more information, see Monitor and troubleshoot with Gemini assistance.

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Apigee hybrid

hybrid 1.11.2-hotfix.2

On July 31, 2024 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.2.

Note: This release reflects a change to the component images and not the Helm chart templates. If your hybrid installation is currently on Apigee hybrid v1.11.2, Apply this hotfix with the following steps:

  1. In your overrides file, update the image.url and image.tag properties of ao and runtime: 

    ao:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-operators"
    tag: "1.11.2-hotfix.2"
runtime:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-runtime"
    tag: "1.11.2-hotfix.2"

  2. Install the hotfix release:

    • For Helm-managed releases, update the apigee-operator with the helm upgrade command and your current overrides files: 

      helm upgrade operator apigee-operator/ \
  --namespace apigee-system \
  --atomic \
  -f overrides.yaml

      For each environment in your Apigee org:

      helm upgrade ENV_NAME apigee-env/ \
  --namespace apigee \
  --atomic \
  -f overrides.yaml

    • For apigeectl-managed releases:

      1. install the hotfix release with apigeectl init using your updated overrides file: 

        ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client

        Followed by:

        ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE

      2. Apply the hotfix release with apigeectl apply: 

        ${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs --dry-run=client

        Followed by:

        ${APIGEECTL_HOME}/apigeectl apply -f OVERRIDES_FILE --all-envs
Bug ID Description
351868444 Tolerations are now working for Redis's Envoy pod.
297539870 HTTPTargetConnection property io.timeout.millis is now honored correctly when using websockets.
App Engine flexible environment Ruby App Engine standard environment Ruby BigQuery

When you translate SQL queries from your source database, you can use configuration YAML files to optimize and improve the performance of your translated SQL. This feature is in preview.

Workload management now provides the following benefits:

  • The autoscaler now scales up immediately.
  • The autoscaler now scales more precisely.
  • The autoscaler scales to the nearest multiple of 50 slots, instead of 100.
  • You can now purchase capacity commitments, set baseline slots, and set autoscale max slots in incremental steps of 50 slots.
  • If one minute or more has passed since the most recent increase in capacity, you can now reduce capacity without resetting the one minute minimum. This allows for multiple consecutive decreases without a one minute delay between them.

These features are now generally available (GA).

Cloud DNS

Health checks for external endpoints in Cloud DNS routing policies are now available in Preview.

Cloud Functions

Cloud Functions now supports the Ruby 3.3 runtime at the General Availability release level.

Cloud Load Balancing

Cloud Load Balancing now supports failover for global, classic, and regional external Application Load Balancers. Failover is handled by creating two or more regional external Application Load Balancers in the regions where you want the traffic to failover to. Only regional external Application Load Balancers can be used as failover backup load balancers.

For details, see Failover for external Application Load Balancers.

This feature is available in Preview.

Cloud SQL for MySQL

Gemini in Databases assistance in Cloud SQL for MySQL is now available in Preview for query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you observe and troubleshoot your Cloud SQL resources. For more information, see Observe and troubleshoot with Gemini assistance.

Cloud SQL for PostgreSQL

Gemini in Databases assistance in Cloud SQL for PostgreSQL is now available in Preview for query insights, system insights, index advisor, and active queries. You can use Gemini assistance to help you observe and troubleshoot your Cloud SQL resources. For more information, see Observe and troubleshoot with Gemini assistance.

Cloud Storage

You can now use list caching with Cloud Storage FUSE, which is a cache for directory and file list, or ls, responses that improves list operation speeds. To learn more about list caching and how to enable it, see the Cloud Storage FUSE caching overview page.

You can now use the Google Cloud console to set a default soft delete retention duration. For more information, see Use tags to set a default soft delete retention duration for new buckets.

Container Optimized OS

cos-113-18244-85-65

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Runtime sysctl changes:

  • Changed: fs.file-max: 812041 -> 812026

Dataform

The maximum size limit for repositories encrypted with customer-managed encryption keys (CMEK) is 512 MB. For more information about Dataform quotas and limits, see Quotas and limits. For more information about encrypting Dataform repositories with CMEK, see Use customer-managed encryption keys.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.74
  • 1.2.18
  • 2.0.82
  • 2.2.18

Dataproc Serverless for Spark: Upgraded Spark BigQuery connector to version 0.36.4 in the latest 1.2 and 2.2 Dataproc Serverless for Spark runtime versions.

Generative AI on Vertex AI

New Imagen on Vertex AI image generation model and features

The Imagen 3 image generation models (imagen-3.0-generate-001 and the low-latency version imagen-3.0-fast-generate-001) are now available. These model offers the following additional features:

  • Additional aspect ratios (1:1, 3:4, 4:3, 9:16, 16:9)
  • Digital watermark (SynthID) enabled by default
  • Watermark verification
  • User-configurable safety features (safety setting, person/face setting)

For more information, see Model versions and Generate images using text prompts.

Gemma 2 2B is available in Model Garden. For details, see Use Gemma open models.

The following models have been added to Model Garden:

  • Gemma 2 2B: A foundation LLM by Google Deepmind.
  • Qwen2: An LLM series by Alibaba Cloud.
  • Phi-3: An LLM series by Microsoft.

Resource and deployment settings were made to the following models:

Google Kubernetes Engine

(2024-R27) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.30.2-gke.1587003 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.14-gke.1059002
    • 1.27.15-gke.1125000
    • 1.28.11-gke.1260000
    • 1.28.11-gke.1289000
    • 1.29.6-gke.1038001
    • 1.29.6-gke.1137000
    • 1.30.1-gke.1329003
    • 1.30.2-gke.1394003
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.2-gke.1587003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

Regular channel

  • Version 1.29.6-gke.1254000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

Stable channel

  • Version 1.29.6-gke.1038001 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1042001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

Extended channel

  • Version 1.29.6-gke.1254000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

No channel

GKE Autopilot versions 1.28.6-gke.1317000 and later fixes a known issue for ephemeral storage requests. If the combined ephemeral storage requests across all containers in your workload exceed 10 GiB, your workload will be rejected with an error message. This differs from earlier versions, which admitted the workload if it requested more than 10 GiB while only actually provisioning 10 GiB, which would result in workload eviction when the workload used more than 10 GiB.

To ensure uninterrupted operation with GKE Autopilot versions 1.28.6-gke.1317000 and later, do the following:

  • Verify that containers injected by webhooks don't cause Pods to exceed the maximum Autopilot resource limits.
  • Adjust workload resource requests to account for any containers that may be injected by webhooks.
  • If any Pods are rejected after updating, reduce their ephemeral storage requests to meet the limit for your workload configuration.

To learn more, see Automatic resource management in Autopilot.

(2024-R27) Version updates

  • Version 1.30.2-gke.1587003 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.14-gke.1059002
    • 1.27.15-gke.1125000
    • 1.28.11-gke.1260000
    • 1.28.11-gke.1289000
    • 1.29.6-gke.1038001
    • 1.29.6-gke.1137000
    • 1.30.1-gke.1329003
    • 1.30.2-gke.1394003
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.15-gke.1252000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1315000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1326000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.2-gke.1587003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

(2024-R27) Version updates

  • Version 1.29.6-gke.1254000 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

(2024-R27) Version updates

  • Version 1.29.6-gke.1038001 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.14-gke.1042001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R27) Version updates

  • Version 1.29.6-gke.1254000 is now the default version in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.14-gke.1059002
    • 1.28.11-gke.1019001
    • 1.29.6-gke.1038001
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.15-gke.1154000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.6-gke.1254000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.2-gke.1587003 with this release.

(2024-R27) Version updates

You can now keep a GKE Standard cluster on a minor version for longer with the Extended release channel. Clusters running 1.27 or later can be enrolled in the Extended channel, and automatically receive security patches during the extended support period after the end of standard support. To learn more, see Get long-term support with the Extended channel.

Sensitive Data Protection

The DATE_OF_BIRTH infoType detection model that was previously only accessible by setting InfoType.version to latest has been promoted to be the default detection model for this infoType. The new model offers improved detection quality.

To use the new model, leave InfoType.version unset, or set it to latest or stable. To use the old detection model, set InfoType.version to legacy. You can continue to use the legacy model for 90 days.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.64.0 (2024-06-29)

Features
  • spanner: Add field lock_hint in spanner.proto (3df3c04)
  • spanner: Add field order_by in spanner.proto (3df3c04)
  • spanner: Add LockHint feature (#10382) (64bdcb1)
  • spanner: Add OrderBy feature (#10289) (07b8bd2)
  • spanner: Add support of checking row not found errors from ReadRow and ReadRowUsingIndex (#10405) (5cb0c26)
Bug Fixes
  • spanner: Fix data-race caused by TrackSessionHandle (#10321) (23c5fff), refs #10320
  • spanner: Fix negative values for max_in_use_sessions metrics (#10449) (a1e198a)
  • spanner: Prevent possible panic for Session not found errors (#10386) (ba9711f), refs #10385

Java

Changes for google-cloud-spanner

6.70.0 (2024-06-27)

Features
Bug Fixes
  • Do not end transaction span when rolling back to savepoint (#3167) (8ec0cf2)
  • Remove unused DmlBatch span (#3147) (f7891c1)
Dependencies
  • Update dependencies (#3181) (0c787e6)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#3184) (9c85a6f)
  • Update dependency commons-cli:commons-cli to v1.8.0 (#3073) (36b5340)

6.71.0 (2024-07-03)

Features

Node.js

Changes for @google-cloud/spanner

7.9.0 (2024-06-21)

Features
Bug Fixes
  • deps: Update dependency google-gax to v4.3.4 (#2051) (80abf06)
  • deps: Update dependency google-gax to v4.3.5 (#2055) (702c9b0)
  • deps: Update dependency google-gax to v4.3.6 (#2057) (74ebf1e)
  • deps: Update dependency google-gax to v4.3.7 (#2068) (28fec6c)

7.9.1 (2024-06-26)

Bug Fixes

7.10.0 (2024-07-19)

Features
  • Add field lock_hint in spanner.proto (47520e9)
  • Add field order_by in spanner.proto (47520e9)
  • Add QueryCancellationAction message in executor protos (47520e9)
  • Add support for change streams transaction exclusion option for Batch Write (#2070) (2a9e443)
  • Update Nodejs generator to send API versions in headers for GAPICs (47520e9)
Bug Fixes
VPC Service Controls

VPC Service Controls feature: VPC Service Controls supports using identity groups and third-party identities (only single identities) in ingress and egress rules to allow access to resources protected by service perimeters. This feature is available in Preview.

For more information, see Configure identity groups and third-party identities in ingress and egress rules. You can also learn an example of using identity groups and third-party identities in ingress and egress rules.

July 30, 2024

Apigee X

On July 30, 2024, we released an updated version of Apigee.

With this release, Apigee expanded its support for data residency to an additional region in Europe: europe-west6 (Zurich).

Data residency for Apigee meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Apigee data is stored.

For more information, see Introduction to data residency.

For a list of supported geographic locations, see Apigee locations.

Apigee hybrid

hybrid 1.12.1-hotfix.1

On July 30, 2024 we released an updated version of the Apigee hybrid software, 1.12.1-hotfix.1.

Note: This release reflects a change to the component images and not the Helm chart templates. If your hybrid installation is currently on Apigee hybrid v1.12.1, Apply this hotfix with the following steps:

  1. In your overrides file, update the ao.image.url and ao.image.tag properties: 

    ao:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-operators"
    tag: "1.12.1-hotfix.1"

  2. Install the hotfix release. Update the apigee-operator component with the helm upgrade command and your current overrides files: 

       helm upgrade operator apigee-operator/ \
     --namespace apigee-system \
     --atomic \
     -f overrides.yaml
Bug ID Description
351868444 Tolerations are now working for Redis's Envoy pod.
App Engine flexible environment .NET

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Go

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Java

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Node.js

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment PHP

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Python

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment Ruby

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine flexible environment custom runtimes

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Go

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Java

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Node.js

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment PHP

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Python

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

App Engine standard environment Ruby

In the App Engine page in the Google Cloud console, you can now filter your existing App Engine versions by runtime lifecycle stages. After you apply this filter, the console displays a warning icon for App Engine versions that are approaching end of support, have reached end of support, are deprecated, and are decomissioned.

BigQuery

You can now use the output_dimensionality argument of the ML.GENERATE_EMBEDDING function when you use the function with a remote model based on a Vertex AI multimodalembedding model. The output_dimensionality argument lets you specify the number of dimensions to use when generating embeddings. This feature is in Preview.

Cloud Monitoring

You can now troubleshoot Compute Engine issues involving host events, MIG autoscaling and health-check failures, resource-availability errors, and VM performance by using the new "interactive playbook" dashboards in Cloud Monitoring. You can access the playbook dashboards from the Dashboards page by selecting the GCP category or by filtering for "GCE Interactive Playbook".

Cloud SQL for MySQL

You can now use the gcloud CLI or the Cloud SQL Admin API to switch the storage location of transaction logs used for point-in-time recovery (PITR) on your instance from disk to Cloud Storage. For more information, see Use point-in-time recovery and Switch transaction log storage to Cloud Storage.

Container Optimized OS

cos-109-17800-218-88

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-arch/libarchive to version 3.7.4. This fixes CVE-2024-26256.

Fixed CVE-2024-39894.

Fixed CVE-2024-36891 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812285 -> 812261

Generative AI on Vertex AI Identity and Access Management

You can use IAM attributes in custom organization policies to control how your allow policies can be modified. For more information, see Use custom organization policies.

July 29, 2024

Backup for GKE

Backup for GKE now offers committed use discounts (CUDs) that provide 20% discount (one year term) and 45% discount (3 year term) on backup management fee in exchange for your commitment. For more information, see Backup for GKE Committed use discounts.

BigQuery

The RANGE data type is now a supported JSON encoding. This feature is Generally Available (GA).

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.62.0 (2024-07-22)

Features
  • bigquery/analyticshub: Support Direct Table Access Toggle (Egress GA) (b660d68)
  • bigquery/analyticshub: Support public directory self service for Listings/Exchanges (#10485) (b660d68)
  • bigquery: Add rounding mode to FieldSchema (#10328) (1a9e204)
  • bigquery: Json support on managedwriter/adapt pkg (#10542) (978d4a1)
  • bigquery: Support column name character map in load jobs (#10425) (b829327)
Bug Fixes
Documentation
  • bigquery/analyticshub: A comment for message DataExchange is changed (b660d68)
  • bigquery/analyticshub: A comment for message Listing is changed (b660d68)
  • bigquery/datatransfer: Update OAuth links in CreateTransferConfigRequest and UpdateTransferConfigRequest (3df3c04)
  • bigquery: Improve Inserter and StructSaver godoc (#10170) (c1cffb6)
  • bigquery: Update description of query preview feature (#10554) (25c5cbe)

Java

Changes for google-cloud-bigquery

2.42.0 (2024-07-28)

Features
  • Add ability to specify RetryOptions and BigQueryRetryConfig when create job and waitFor (#3398) (1f91ae7)
  • Add additional parameters to CsvOptions and ParquetOptions (#3370) (34f16fb)
  • Add remaining Statement Types (#3381) (5f39b19)
Bug Fixes
Dependencies
  • Update actions/upload-artifact action to v4.3.4 (#3382) (efa1aef)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.48.0 (#3374) (45b7f20)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240616-2.0.0 (#3368) (ceb270c)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240623-2.0.0 (#3384) (e1de34f)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240629-2.0.0 (#3392) (352562d)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.52.0 (#3375) (2115c04)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.33.0 (#3405) (a4a9999)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#3371) (2e804c5)
  • Update github/codeql-action action to v2.25.11 (#3376) (f1e0014)
  • Update github/codeql-action action to v2.25.12 (#3387) (af60b30)
  • Update github/codeql-action action to v2.25.13 (#3395) (95c8d6f)
  • Update github/codeql-action action to v2.25.15 (#3402) (a61ce7d)
  • Update ossf/scorecard-action action to v2.4.0 (#3408) (66777a2)
Documentation

You can now use the administrative jobs explorer to help you quickly monitor jobs activity across your organization. This feature is generally available (GA).

Vector indexes support the TreeAH index type, which uses Google's ScaNN algorithm. The TreeAH index is optimized for batch queries that process hundreds or more query vectors. This feature is in Preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

5.1.2 (2024-07-22)

Bug Fixes
  • Throw away excess data in order to avoid delivering duplicate data (#1453) (069239d)

Java

Changes for google-cloud-bigtable

2.41.0 (2024-07-24)

Features
  • Add MergeToCell to Mutation APIs (#2279) (0ce8a2a)
  • Add support for MergeToCell API (#2258) (191d15c)
  • Add support for new functions (#2287) (dd6583a)
  • Create new environment variable to toggle directpath scoped to cloud bigtable. (#2261) (9062944)
  • Implement ExecuteQuery API for SQL support (#2280) (25218e8)
Dependencies
  • Update dependency com.google.truth.extensions:truth-proto-extension to v1.4.4 (#2282) (d00a9e0)

Python

Changes for google-cloud-bigtable

2.25.0 (2024-07-18)

Features
  • Publish ProtoRows Message (7ac8e14)
  • Publish the Cloud Bigtable ExecuteQuery API (7ac8e14)
Bug Fixes
Capacity Planner

Preview: Capacity planner supports the following for data aggregated by folder ID:

  • View and export the actual and forecasted usage data of the VMs, Persistent Disk volumes, and GPUs in your folder.

  • Generate gcloud CLI commands to create future reservation requests based on the actual or forecasted usage data of your VMs or GPUs by folder.

For more information, see the following pages:

Cloud Database Migration Service

Database Migration Service support for homogeneous MySQL to Cloud SQL for MySQL migrations with physical backup files created by using the Percona XtraBackup utility is now Generally Available (GA).

For more information, see Migrate your databases by using a Percona XtraBackup physical file.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for logging/apiv2

1.11.0 (2024-07-24)

Features
  • logging: OpenTelemetry trace/span ID integration for Go logging library (#10030) (c6711b8)
Bug Fixes
Documentation
  • logging: Documentation for automatic trace/span ID extraction (#10536) (8cf89a3)

Python

Changes for google-cloud-logging

3.11.0 (2024-07-15)

Features
  • OpenTelemetry trace/spanID integration for Python handlers (#889) (78168a3)
Bug Fixes
  • Added environment specific labels to client library when running in Cloud Run Jobs (#877) (9c5e8f0)
  • Added missing import into logger.py (#896) (9ca242d)
  • Added type hints to CloudLoggingHandler constructor (#903) (6959345)
Documentation
  • Add summary_overview template (#878) (b60714c)
  • Changed table in web-framework-integration to bulleted list (#875) (a4aa3a7)
  • Documentation update for OpenTelemetry (#915) (2a0539a)
  • Update dictConfig snippet (#885) (6264107)
Cloud SQL for MySQL

Migrating your external MySQL 5.7 and 8.0 databases into Cloud SQL for MySQL by using Percona XtraBackup physical files is now generally available (GA).

For more information, see Migrate to Cloud SQL from an XtraBackup physical file.

Cloud Service Mesh

Updated August 8, 2024

Cloud Service Mesh with a Traffic Director control plane implementation is incompatible with Envoy version v1.31.0.

If you manually control your Envoy version, do not upgrade to this version as there is an existing issue with connecting to Traffic Director. If you run into issues with v1.31.0, set GRPC_DNS_RESOLVER=native.

If you do not manually control your Envoy version, you don't have to do anything. Google's data plane management will not select this version for you.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-storage

2.18.0 (2024-07-09)

Features
  • Add OpenTelemetry Tracing support as a preview feature (#1288) (c2ab0e0)
Bug Fixes
Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.11 (2024-07-24)

Bug Fixes
  • dataflow: Update dependencies (257c40b)
Dataplex

Metadata import for Dataplex Catalog entries and their aspects is available in preview. For more information, see Import metadata.

Firestore

You can now apply range and inequality filters to multiple fields in a query. This feature is generally available (GA).

For more information, see Query with range and inequality filters on multiple fields overview.

Firestore in Datastore mode

You can now apply range and inequality filters to multiple fields in a query. This feature is generally available (GA).

For more information, see Query with range and inequality filters on multiple fields overview.

Google Cloud Marketplace

Google Private Marketplace and Product Requests are now Generally Available.

  • Google Private Marketplace lets organizations govern their software usage and control costs by ensuring that their users can only procure Google Cloud Marketplace solutions that have been approved by administrators, FinOps, or procurement team members.
  • Product Requests lets your users file requests to use or procure specific products.
Google Cloud VMware Engine

You can now purchase Fully licensed commitments, Fully licensed convertible commitments, and Portable License commitments. For more information, see Purchasing VMware Engine commitments.

Google SecOps SIEM

Curated Detections has been enhanced with new detection content for Cloud Threats to include rule packs covering Microsoft Entra ID, Entra ID Audit and Azure Compute and are in public preview for customers with a Google Security Operations or Enterprise Plus license.

Google SecOps SOAR

Release 6.3.12 is now in General Availability.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.5 (2024-07-24)

Bug Fixes
  • secretmanager: Update dependencies (257c40b)
Security Command Center

Detector for Container Threat Detection released to General Availability

Container Threat Detection, a built-in service available in Security Command Center Premium and Enterprise, has launched a new detector, Unexpected Child Shell, in General Availability.

The detector monitors all process executions and generates a finding if a process that does not normally invoke shells spawns a shell process.

For more information, see Container Threat Detection detectors.

Assign high-value resources based on Sensitive Data Protection insights for Cloud Storage

The attack path simulations feature can now automatically set the resource value of a Cloud Storage resource based on the sensitivity of the data that the bucket contains.

For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.

For information about how to configure Sensitive Data Protection to send data sensitivity classifications to Security Command Center, see Publish data profiles to Security Command Center.

Preview of curated detections for Microsoft Azure data

New curated detections in the Cloud Threats category that identify suspicious patterns in Microsoft Azure data are currently available in Preview.

For more information, see curated detections for Microsoft Azure data in the Security Command Center documentation.

July 28, 2024

Google SecOps

Creating a new playbook using prompts is now supported by Gemini. This feature is in public preview. For more information, refer to Create playbooks with Gemini.

July 27, 2024

Google SecOps SOAR

Release 6.3.13 is currently in Preview.

Create a Playbook with Gemini

You can now use Gemini to create Playbooks. Gemini can create a functional playbook based on your prompts. This feature is in public preview. For more information, refer to Create playbooks with Gemini.

Scheduled reports failing due to Microsoft email server authentication token request throttling (ID #00277914)

July 26, 2024

Apigee Advanced API Security

On July 26, 2024, we released an updated version of Advanced API Security.

Advanced API Security now supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Advanced API Security data is stored. For more information, see Introduction to data residency.

Apigee Monetization

On July 26, 2024, we released an updated version of Apigee Monetization.

Monetization functionality, including rate plan creation and managing rate plans for API Products, is now available in the Apigee UI in Cloud Console.

For information, see Manage Rate Plans and Create API Products.

Monetization now supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Monetization data is stored. For more information, see Introduction to data residency.

Cloud SQL for MySQL

IAM group authentication is now generally available (GA) for Cloud SQL for MySQL. You can add IAM groups to Cloud SQL instances and manage database access at the group level. To use IAM group authentication, you must have [MySQL version].R20230909.02_00 or later installed on your instance.

Cloud SQL for PostgreSQL

IAM group authentication is now generally available (GA) for Cloud SQL for PostgreSQL. You can add IAM groups to Cloud SQL instances and manage database access at the group level. To use IAM group authentication, you must have [PostgreSQL version].R20240514.00_04 or later installed on your instance.

Compute Engine

Persistent Disk Asynchronous Replication can now replicate up to 12.5 GB per minute per disk of compressed changed blocks, which is an increase from the previous maximum of 2 GB per minute. This increase helps to support scaled production databases and other demanding workloads. You can read more about PD Async Replication performance in the documentation. There is no action required to use the increased performance - new and existing PD Async Replication disks automatically have more headroom to replicate.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.73
  • 1.2.17
  • 2.0.81
  • 2.2.17
Dialogflow

Dialogflow CX: You can now enable consent-based end-user content redaction. If this setting is enabled, it lets you use a special session parameter to control whether end-user input and parameters are redacted from conversation history and Cloud logging. See the agent settings documentation for details.

Dialogflow CX: Dialogflow now uses corresponding Cloud Text-to-Speech regions for Neural2 voices.

The status of the Dialogflow Speech-to-Text model migrations has changed:

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.300-gke.184 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.300-gke.184 runs on Kubernetes v1.29.6-gke.600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed In 1.29.300-gke.184:

Google Kubernetes Engine

With GKE patch version 1.30.1-gke.115600 and later, if you don't specify the gpu-driver-version flag when creating new GPU node pools, then GKE automatically installs the default GPU driver version that corresponds to the GKE version. If you prefer to manually install the GPU driver, set gpu-driver-version=disabled. To learn more, see Create a GPU node pool.

Google SecOps SIEM

After July 2025, the Enterprise Insights page and the CBN alerts will no longer be available. Use the Alerts and IOCs page to view the alerts. We recommend that you migrate the existing CBN alerts to the YARA-L detection engine.

reCAPTCHA

reCAPTCHA Mobile SDK v18.6.0-beta02 is now available for Android.

This version contains Java support for the fetchClient API.

Docker container for password leak detection is now available in Preview.

You can now use Docker container client to detect password leaks and breached credentials to prevent account takeovers (ATOs) and credential stuffing attacks. For more information, see check for breached and leaked credentials using Docker container.

July 25, 2024

Anthos Config Management

Improved error handling in the oci-sync container by adding exponential backoff.

Upgraded bundled Kustomize version from v5.3.0 to v5.4.2 to pick up vulnerability fixes. To understand the changes in each release, review the changelogs.

Fixed a regression introduced in 1.17.0 that caused Config Sync to crash when connecting to certain Kubernetes clusters. GKE clusters were not affected by this issue. For more details, please refer to Fixed: Config Sync reconciler is crashlooping.

Fixed a regression in 1.17.3 causing SSH authentication failures with GitHub. This was resolved by upgrading the git-sync dependency from v4.2.1 to v4.2.3. For more details, please refer to Fixed: Git SSH Authentication Failure with GitHub.

Apigee X

On July 25, 2024, we released an updated version of Apigee.

This release includes an update to Advanced API Operations Anomaly Detection functionality: the Anomaly Detection functionality is now available in the Apigee UI in Cloud Console and is renamed to "Operations Anomalies."

For information, see the Operations Anomalies overview for information on the functionality in Apigee UI in Cloud Console.

Operations Anomalies supports data residency. Data residency meets compliance and regulatory requirements by allowing you to specify the geographic locations (regions) where Operations Anomalies data is stored. For more information, see Introduction to data residency.

BigQuery

You can now use table explorer to examine table data and create data exploration queries. This feature is in preview.

IAM deny policies now support additional permissions, including bigquery.tables.getData which can deny permission to read tables. Consider special cases when you create deny policies for bigquery.tables.getData and other BigQuery permissions. This feature is in preview.

Bigtable

The Preview of automated backup has been expanded to let you enable and disable automated backup in the Google Cloud console. For more information, see the automated backup documentation.

Cloud Composer

Cloud Composer now verifies that the environment's service account is enabled before starting an environment creation operation. As a result, this type of error is reported sooner and the operation does not start.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.1
  • composer-3-airflow-2.7.3-build.10

Cloud Composer 2.8.7 images are available:

  • composer-2.8.7-airflow-2.9.1
  • composer-2.8.7-airflow-2.7.3 (default)
  • composer-2.8.7-airflow-2.6.3

Cloud Composer version 2.3.5 has reached its end of support period.

Cloud Database Migration Service Cloud SQL for MySQL

You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability. The previous limitation on upgrading the network architecture of these instances is removed. To check whether your Cloud SQL instance has high availability enabled, see Verify an instance's high availability configuration.

For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.

Cloud SQL for PostgreSQL

You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability. The previous limitation on upgrading the network architecture of these instances is removed. To check whether your Cloud SQL instance has high availability enabled, see Verify an instance's high availability configuration.

For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.

Cloud SQL for SQL Server

You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability. The previous limitation on upgrading the network architecture of these instances is removed. To check whether your Cloud SQL instance has high availability enabled, see Verify an instance's high availability configuration.

For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.

Cloud Service Mesh

1.22.3-asm.1 is now available for in-cluster Cloud Service Mesh.

You can now download 1.22.3-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.22.3 subject to the list of supported features.

Cloud Service Mesh 1.22.3-asm.1 uses Envoy v1.30.3.

1.22 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout.

Cloud Translation

The translation LLM has been enhanced with the following changes:

  • In addition to plain text, you can send HTML as input for text translations.
  • When you use the translation LLM for text translations, you can use a glossary with your translation requests.

Adaptive translations with reference sentence pairs support a larger context window, on par with zero-shot translations. For example, when sending a paragraph for translation, Cloud Translation translates the whole paragraph at once instead of translating each sentence one at a time.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.113-debian10, 2.0.113-rocky8, 2.0.113-ubuntu18
  • 2.1.61-debian11, 2.1.61-rocky8, 2.1.61-ubuntu20, 2.1.61-ubuntu20-arm
  • 2.2.27-debian12, 2.2.27-rocky9, 2.2.27-ubuntu22

Enabled user sync by default for clusters using Ranger.

Replaced Spark external packages with connector folder on Dataproc 2.2 clusters.

Fixed a bug that caused intermittent delays and failures in clusters with 3 HDFS.

Google Cloud VMware Engine

VMware Engine ve2 nodes are available in the following additional zones:

  • Sydney, Australia, APAC (australia-southeast1-b)
  • Ashburn, Virginia, North America (us-east4-b)
Google Distributed Cloud (software only) for bare metal

Release 1.29.300-gke.185

Google Distributed Cloud for bare metal 1.29.300-gke.185 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.300-gke.185 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated registry mirror support to allow you to specify a port for host addresses.

  • Updated Kubernetes audit logging to include request and response payloads from the Kubernetes API server for bare metal custom resources, such as Cluster, NodePool, BareMetalMachine, and BareMetalCluster.

Fixes:

The following container image security vulnerabilities have been fixed in 1.29.300-gke.185:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.16.11

Google Distributed Cloud for bare metal 1.16.11 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.11 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

The following container image security vulnerabilities have been fixed in 1.16.11:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

In GKE version 1.30.2-gke.1100 and later, the _CMDLINE field is removed from kubelet log entries to reduce spamming logs.

If you need to access _CMDLINE information, you have two options:

  1. SSH into the node:

    • SSH into the relevant node.
    • Run the following command: ps aux | grep kubelet.

  2. Search cloud logging:

    • Use the Cloud Logging interface or API.

    • Apply the following filter to search kubelet startup logs:

      resource.type="k8s_node"
log_name="projects/{PROJECT_ID}/logs/kubelet"
resource.labels.cluster_name="{CLUSTER_NAME}"
SEARCH("`FLAG:`")

    Remember to replace {PROJECT_ID} and {CLUSTER_NAME} with the appropriate values for your environment.

(2024-R26) Version updates

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable.

  • Airlock Digital Application Allowlisting (AIRLOCK_DIGITAL)
  • Akamai SIEM Connector (AKAMAI_SIEM_CONNECTOR)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Arista Switch (ARISTA_SWITCH)
  • Aruba (ARUBA_WIRELESS)
  • Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
  • Atlassian Confluence (ATLASSIAN_CONFLUENCE)
  • Auth0 (AUTH_ZERO)
  • AWS CloudTrail (AWS_CLOUDTRAIL)
  • AWS Config (AWS_CONFIG)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure App Service (AZURE_APP_SERVICE)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
  • BIND (BIND_DNS)
  • BloxOne Threat Defense (BLOXONE)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Broadcom SSL Visibility Appliance (BROADCOM_SSL_VA)
  • Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Checkpoint SmartDefense (CHECKPOINT_SMARTDEFENSE)
  • Cimcor | File Integrity Monitoring (CIMCOR)
  • CipherTrust Manager (CIPHERTRUST_MANAGER)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Stealthwatch (CISCO_STEALTHWATCH)
  • Cisco VPN (CISCO_VPN)
  • Citrix Analytics (CITRIX_ANALYTICS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Identity Devices (GCP_CLOUDIDENTITY_DEVICES)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cofense (COFENSE_TRIAGE)
  • Comforte SecurDPS (COMFORTE_SECURDPS)
  • Compute Engine (GCP_COMPUTE)
  • Corelight (CORELIGHT)
  • Cribl Stream (CRIBL_STREAM)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk (CYBERARK)
  • DigitalArts i-Filter (DIGITALARTS_IFILTER)
  • Duo Auth (DUO_AUTH)
  • Duo User Context (DUO_USER_CONTEXT)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • Ergon Informatik Airlock IAM (ERGON_INFORMATIK_AIRLOCK_IAM)
  • ESET AV (ESET_AV)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • Fidelis Network (FIDELIS_NETWORK)
  • FileZilla (FILEZILLA_FTP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • Forgerock OpenIdM (FORGEROCK_OPENIDM)
  • Fortinet FortiAuthenticator (FORTINET_FORTIAUTHENTICATOR)
  • Google App Engine (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • IBM DataPower Gateway (IBM_DATAPOWER)
  • IBM DB2 (DB2_DB)
  • IBM Guardium (GUARDIUM)
  • IBM Security QRadar SIEM (IBM_QRADAR)
  • Imperva Audit Trail (IMPERVA_AUDIT_TRAIL)
  • Ingrian Networks DataSecure Appliance (INGRIAN_NETWORKS_DATASECURE_APPLIANCE)
  • ION Spectrum (ION_SPECTRUM)
  • JAMF Pro (JAMF_PRO)
  • Jenkins (JENKINS)
  • Juniper Junos (JUNIPER_JUNOS)
  • Juniper Mist (JUNIPER_MIST)
  • Juniper MX Router (JUNIPER_MX)
  • Keeper Enterprise Security (KEEPER)
  • Linux Auditing System (AuditD) (AUDITD)
  • Linux Sysmon (LINUX_SYSMON)
  • Lucid (LUCID)
  • Maria Database (MARIA_DB)
  • Microsoft AD (WINDOWS_AD)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mimecast URL Logs (MIMECAST_URL_LOGS)
  • Netapp Storagegrid (NETAPP_STORAGEGRID)
  • Netskope (NETSKOPE_ALERT)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Network Policy Server (MICROSOFT_NPS)
  • Noname API Security (NONAME_API_SECURITY)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Open LDAP (OPENLDAP)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Passwordstate (PASSWORDSTATE)
  • Ping Identity (PING)
  • Portnix CEF (PORTNOX_CEF)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Quest Change Auditor for EMC (QUEST_CHANGE_AUDITOR_EMC)
  • Radware Alteon (RADWARE_ALTEON)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Red Hat Directory Server LDAP (REDHAT_DIRECTORY_SERVER)
  • Riverbed Steelhead (STEELHEAD)
  • RSA SecurID Access Identity Router (RSA_SECURID)
  • Ruckus Networks (RUCKUS_WIRELESS)
  • Salesforce (SALESFORCE)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • SEPPmail Secure Email (SEPPMAIL)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • SiteMinder Web Access Management (CA_SSO_WEB)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Solarwinds Kiwi Syslog Server (SOLARWINDS_KSS)
  • SonicWall (SONIC_FIREWALL)
  • Sonrai Enterprise Cloud Security Solution (SONRAI)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Sysdig (SYSDIG)
  • Tableau (TABLEAU)
  • Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
  • Thinkst Canary (THINKST_CANARY)
  • Thycotic (THYCOTIC)
  • Trend Micro (TIPPING_POINT)
  • Ubika WAAP (UBIKA_WAAP)
  • Ubika Waf (UBIKA_WAF)
  • UPX AntiDDoS (UPX_ANTIDDOS)
  • Vectra Stream (VECTRA_STREAM)
  • Velo Firewall (VELO_FIREWALL)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • Versa Firewall (VERSA_FIREWALL)
  • Virtru Email Encryption (VIRTRU_EMAIL_ENCRYPTION)
  • VMware ESXi (VMWARE_ESX)
  • VMware NSX (VMWARE_NSX)
  • VMware vCenter (VMWARE_VCENTER)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Workday (WORKDAY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • Zscaler Private Access (ZSCALER_ZPA)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Backstage (BACKSTAGE)
  • Bitwarden Password Manager User Context (BITWARDEN_USER_CONTEXT)
  • Boomi App (BOOMI_APP)
  • ChatGPT Audit Logs (CHATGPT_AUDIT_LOGS)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • Coda Io (CODA_IO)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • Fusion Auth (FUSION_AUTH)
  • Google Cloud Abuse Events (GCP_ABUSE_EVENTS)
  • Google Cloud Monitoring Alerts (GCP_MONITORING_ALERTS)
  • Gong (GONG)
  • Grafana (GRAFANA)
  • IBM Cloud Activity Tracker (IBM_CLOUD_ACTIVITY_TRACKER)
  • IBM Cloud System (IBM_CLOUD_SYSTEM)
  • Incident Io (INCIDENT_IO)
  • Kentik DDoS Detection (KENTIK_ALERTS)
  • Lockself Lockpass (LOCKSELF_LOCKPASS)
  • Magic Collaboration Studio (MAGIC_CS)
  • Metaswitch Perimeta (METASWITCH_PERIMETA)
  • Microsoft Defender Endpoint for iOS Logs (MICROSOFT_DEFENDER_ENDPOINT_IOS)
  • 9NowAudit (NINENOW_AUDIT)
  • Oracle Cloud Guard (OCI_CLOUDGUARD)
  • Oort Security Tool (OORT)
  • OpsRamp (OPSRAMP)
  • Ops Genie (OPS_GENIE)
  • People Strong (PEOPLE_STRONG)
  • Pingdom (PINGDOM)
  • Proofpoint Tap Campaign (PROOFPOINT_TAP_CAMPAIGN)
  • Proofpoint Tap Forensics (PROOFPOINT_TAP_FORENSICS)
  • Proofpoint Tap People (PROOFPOINT_TAP_PEOPLE)
  • Proofpoint Tap Threats (PROOFPOINT_TAP_THREATS)
  • Proofpoint Tis IOC (PROOFPOINT_TIS_IOC)
  • Push Security (PUSH_SECURITY)
  • Recordedfuture Alerts (RECORDEDFUTURE_ALERTS)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sentry (SENTRY)
  • Servertech PDUs (SERVERTECH_PDUS)
  • Sprinkledata(DWH) (SPRINKLEDATA_DWH)
  • Tenable Audit (TENABLE_AUDIT)
  • TINTRI (TINTRI)
  • WPass (WPASS)
  • WPEngine (WPENGINE)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

The Google Security Operations alert metadata fields for UDM idm.is_significant and idm.is_alert have been deprecated. Use YARA-L detection rule alerts for alert metadata.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable.

  • Airlock Digital Application Allowlisting (AIRLOCK_DIGITAL)
  • Akamai SIEM Connector (AKAMAI_SIEM_CONNECTOR)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Arista Switch (ARISTA_SWITCH)
  • Aruba (ARUBA_WIRELESS)
  • Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
  • Atlassian Confluence (ATLASSIAN_CONFLUENCE)
  • Auth0 (AUTH_ZERO)
  • AWS CloudTrail (AWS_CLOUDTRAIL)
  • AWS Config (AWS_CONFIG)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure App Service (AZURE_APP_SERVICE)
  • Azure WAF (AZURE_WAF)
  • BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
  • BIND (BIND_DNS)
  • BloxOne Threat Defense (BLOXONE)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Broadcom SSL Visibility Appliance (BROADCOM_SSL_VA)
  • Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
  • Check Point (CHECKPOINT_FIREWALL)
  • Checkpoint Audit (CHECKPOINT_AUDIT)
  • Checkpoint SmartDefense (CHECKPOINT_SMARTDEFENSE)
  • Cimcor | File Integrity Monitoring (CIMCOR)
  • CipherTrust Manager (CIPHERTRUST_MANAGER)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Stealthwatch (CISCO_STEALTHWATCH)
  • Cisco VPN (CISCO_VPN)
  • Citrix Analytics (CITRIX_ANALYTICS)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloud Identity Devices (GCP_CLOUDIDENTITY_DEVICES)
  • Cloud Load Balancing (GCP_LOADBALANCING)
  • Cloud SQL (GCP_CLOUDSQL)
  • Cofense (COFENSE_TRIAGE)
  • Comforte SecurDPS (COMFORTE_SECURDPS)
  • Compute Engine (GCP_COMPUTE)
  • Corelight (CORELIGHT)
  • Cribl Stream (CRIBL_STREAM)
  • CrowdStrike Falcon (CS_EDR)
  • CyberArk (CYBERARK)
  • DigitalArts i-Filter (DIGITALARTS_IFILTER)
  • Duo Auth (DUO_AUTH)
  • Duo User Context (DUO_USER_CONTEXT)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • Ergon Informatik Airlock IAM (ERGON_INFORMATIK_AIRLOCK_IAM)
  • ESET AV (ESET_AV)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 Shape (F5_SHAPE)
  • F5 Silverline (F5_SILVERLINE)
  • Fidelis Network (FIDELIS_NETWORK)
  • FileZilla (FILEZILLA_FTP)
  • Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • Forgerock OpenIdM (FORGEROCK_OPENIDM)
  • Fortinet FortiAuthenticator (FORTINET_FORTIAUTHENTICATOR)
  • Google App Engine (GCP_APP_ENGINE)
  • GitHub (GITHUB)
  • IBM DataPower Gateway (IBM_DATAPOWER)
  • IBM DB2 (DB2_DB)
  • IBM Guardium (GUARDIUM)
  • IBM Security QRadar SIEM (IBM_QRADAR)
  • Imperva Audit Trail (IMPERVA_AUDIT_TRAIL)
  • Ingrian Networks DataSecure Appliance (INGRIAN_NETWORKS_DATASECURE_APPLIANCE)
  • ION Spectrum (ION_SPECTRUM)
  • JAMF Pro (JAMF_PRO)
  • Jenkins (JENKINS)
  • Juniper Junos (JUNIPER_JUNOS)
  • Juniper Mist (JUNIPER_MIST)
  • Juniper MX Router (JUNIPER_MX)
  • Keeper Enterprise Security (KEEPER)
  • Linux Auditing System (AuditD) (AUDITD)
  • Linux Sysmon (LINUX_SYSMON)
  • Lucid (LUCID)
  • Maria Database (MARIA_DB)
  • Microsoft AD (WINDOWS_AD)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph Activity Logs (MICROSOFT_GRAPH_ACTIVITY_LOGS)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mimecast URL Logs (MIMECAST_URL_LOGS)
  • Netapp Storagegrid (NETAPP_STORAGEGRID)
  • Netskope (NETSKOPE_ALERT)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Network Policy Server (MICROSOFT_NPS)
  • Noname API Security (NONAME_API_SECURITY)
  • Office 365 (OFFICE_365)
  • Office 365 Message Trace (OFFICE_365_MESSAGETRACE)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Open LDAP (OPENLDAP)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Passwordstate (PASSWORDSTATE)
  • Ping Identity (PING)
  • Portnix CEF (PORTNOX_CEF)
  • PostFix Mail (POSTFIX_MAIL)
  • Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
  • Proofpoint Sendmail Sentrion (PROOFPOINT_SENDMAIL_SENTRION)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Quest Change Auditor for EMC (QUEST_CHANGE_AUDITOR_EMC)
  • Radware Alteon (RADWARE_ALTEON)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • Red Hat Directory Server LDAP (REDHAT_DIRECTORY_SERVER)
  • Riverbed Steelhead (STEELHEAD)
  • RSA SecurID Access Identity Router (RSA_SECURID)
  • Ruckus Networks (RUCKUS_WIRELESS)
  • Salesforce (SALESFORCE)
  • SentinelOne EDR (SENTINEL_EDR)
  • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF)
  • SEPPmail Secure Email (SEPPMAIL)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • SiteMinder Web Access Management (CA_SSO_WEB)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Solarwinds Kiwi Syslog Server (SOLARWINDS_KSS)
  • SonicWall (SONIC_FIREWALL)
  • Sonrai Enterprise Cloud Security Solution (SONRAI)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec VIP Authentication Hub (SYMANTEC_VIP_AUTHHUB)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Sysdig (SYSDIG)
  • Tableau (TABLEAU)
  • Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
  • Thinkst Canary (THINKST_CANARY)
  • Thycotic (THYCOTIC)
  • Trend Micro (TIPPING_POINT)
  • Ubika WAAP (UBIKA_WAAP)
  • Ubika Waf (UBIKA_WAF)
  • UPX AntiDDoS (UPX_ANTIDDOS)
  • Vectra Stream (VECTRA_STREAM)
  • Velo Firewall (VELO_FIREWALL)
  • VeridiumID by Veridium (VERIDIUM_ID)
  • Versa Firewall (VERSA_FIREWALL)
  • Virtru Email Encryption (VIRTRU_EMAIL_ENCRYPTION)
  • VMware ESXi (VMWARE_ESX)
  • VMware NSX (VMWARE_NSX)
  • VMware vCenter (VMWARE_VCENTER)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Local Administrator Password Solution (MICROSOFT_LAPS)
  • Workday (WORKDAY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler CASB (ZSCALER_CASB)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • Zscaler Private Access (ZSCALER_ZPA)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Backstage (BACKSTAGE)
  • Bitwarden Password Manager User Context (BITWARDEN_USER_CONTEXT)
  • Boomi App (BOOMI_APP)
  • ChatGPT Audit Logs (CHATGPT_AUDIT_LOGS)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • Coda Io (CODA_IO)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • Fusion Auth (FUSION_AUTH)
  • Google Cloud Abuse Events (GCP_ABUSE_EVENTS)
  • Google Cloud Monitoring Alerts (GCP_MONITORING_ALERTS)
  • Gong (GONG)
  • Grafana (GRAFANA)
  • IBM Cloud Activity Tracker (IBM_CLOUD_ACTIVITY_TRACKER)
  • IBM Cloud System (IBM_CLOUD_SYSTEM)
  • Incident Io (INCIDENT_IO)
  • Kentik DDoS Detection (KENTIK_ALERTS)
  • Lockself Lockpass (LOCKSELF_LOCKPASS)
  • Magic Collaboration Studio (MAGIC_CS)
  • Metaswitch Perimeta (METASWITCH_PERIMETA)
  • Microsoft Defender Endpoint for iOS Logs (MICROSOFT_DEFENDER_ENDPOINT_IOS)
  • 9NowAudit (NINENOW_AUDIT)
  • Oracle Cloud Guard (OCI_CLOUDGUARD)
  • Oort Security Tool (OORT)
  • OpsRamp (OPSRAMP)
  • Ops Genie (OPS_GENIE)
  • People Strong (PEOPLE_STRONG)
  • Pingdom (PINGDOM)
  • Proofpoint Tap Campaign (PROOFPOINT_TAP_CAMPAIGN)
  • Proofpoint Tap Forensics (PROOFPOINT_TAP_FORENSICS)
  • Proofpoint Tap People (PROOFPOINT_TAP_PEOPLE)
  • Proofpoint Tap Threats (PROOFPOINT_TAP_THREATS)
  • Proofpoint Tis IOC (PROOFPOINT_TIS_IOC)
  • Push Security (PUSH_SECURITY)
  • Recordedfuture Alerts (RECORDEDFUTURE_ALERTS)
  • Rippling Activity Logs (RIPPLING_ACTIVITYLOGS)
  • Sentry (SENTRY)
  • Servertech PDUs (SERVERTECH_PDUS)
  • Sprinkledata(DWH) (SPRINKLEDATA_DWH)
  • Tenable Audit (TENABLE_AUDIT)
  • TINTRI (TINTRI)
  • WPass (WPASS)
  • WPEngine (WPENGINE)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

The Google Security Operations alert metadata fields for UDM idm.is_significant and idm.is_alert have been deprecated. Use YARA-L detection rule alerts for alert metadata.

Sensitive Data Protection

Sensitive Data Protection can now apply tags to your profiled resources based on their calculated data sensitivity. Using these tags, you can configure IAM conditions that automatically grant or deny IAM access to resources based on the sensitivity of the data in those resources.

For more information, see Control IAM access to resources based on data sensitivity.

Vertex AI Agent Builder

Vertex AI Search: Domain verification (GA)

Domain verification for advanced website indexing using domain association is Generally available (GA). You can use domain association to associate your Vertex AI Search data store to the specified domain. This is useful when you're not the owner of the specified domain or when you don't have access to the Google Search console needed to verify the domain.

For more information, see Verify website domains.

July 24, 2024

Cloud Composer

2024-08-01 Update: This issue has been resolved. For more information, see the release note from August 1st 2024.

(Cloud Composer 3 only) We are currently experiencing an issue with the Airflow upgrade operations for Cloud Composer 3 environments. Upgrading Airflow builds for Cloud Composer 3 is temporarily disabled as we continue our work to restore Airflow upgrade functionalities.

Data Catalog

Column-level data lineage for BigQuery is available in Preview for allowlisted users. The existing data lineage feature tracks how BigQuery data moves through your systems at the table level. Column-level lineage extends this feature to let you track BigQuery data movement at the column level.

To sign up for access, fill out the Column-level lineage sign-up form.

Dataplex

Column-level data lineage for BigQuery is available in Preview for allowlisted users. The existing data lineage feature tracks how BigQuery data moves through your systems at the table level. Column-level lineage extends this feature to let you track BigQuery data movement at the column level.

To sign up for access, fill out the Column-level lineage sign-up form.

Generative AI on Vertex AI

Mistral AI

Managed models from Mistral AI are available on Vertex AI. To use a Mistral AI model on Vertex AI, send a request directly to the Vertex AI API endpoint. For more information, see Mistral AI models.

Google Cloud Architecture Center

File storage on Compute Engine: Added guidance about Filestore Regional.

(New guide) Architect your workloads: Design resilient, single-region environments on Google Cloud.

Google Cloud VMware Engine

New VMware Engine ve2 node types are available in the australia-southeast1, us-central1, and us-east4 regions:

HCI node types

  • ve2-standard-96
  • ve2-mega-96
  • ve2-mega-128

Storage only node types

  • ve2-standard-so
  • ve2-mega-so

See VMware Engine node types for more information on node types.

Google Kubernetes Engine

In GKE versions starting from 1.29.4-gke.1542000 and earlier than 1.29.7-gke.1008000, while Anthos Service Mesh is enabled, Pods that utilize Google Cloud Storage FUSE CSI driver volumes might encounter scheduling issues, with this error message:

Pod "your-pod-name" is invalid: [spec.volumes[x].name: Duplicate value: "gke-gcsfuse-tmp", spec.initContainers[x].name: Duplicate value: "gke-gcsfuse-sidecar"]

This issue has been resolved in GKE version 1.29.7-gke.1008000.

Google SecOps

The Incident Manager in Google Security Operations will be fully decommissioned on July 22, 2025. Google Cloud will provide full support and maintenance until July 22, 2025 but no new features will be released.

Google SecOps SOAR

The Incident Manager in Google Security Operations will be fully decommissioned on July 22, 2025. Google Cloud will provide full support and maintenance until July 22, 2025 but no new features will be released.

Managed Kafka

Client library samples for Python are now added to all relevant pages. For more information, see Apache Kafka for BigQuery client libraries.

Migrate to Virtual Machines

Generally available: Migrate to Virtual Machines lets you import a machine image from a virtual appliance. You can use machine images to store the configuration, metadata, permissions, and data from one or more disks for a virtual machine (VM) instance running on Compute Engine.

Vertex AI Workbench

M123 release

The M123 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.
  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.
Virtual Private Cloud

The following producer load balancers now support all Private Service Connect monitoring metrics:

  • Regional internal Application Load Balancer
  • Regional internal proxy Network Load Balancer

Predefined dashboards for monitoring Private Service Connect connections have been enhanced:

July 23, 2024

BigQuery

Starting September 17, 2024, the bigquery.datasets.update permission check when creating or updating authorized datasets will be removed. For more information, see Required permissions and roles for authorized datasets.

You can now configure SAP Datasphere connections with network attachments to help secure connections. SAP Datasphere connections are in preview.

Manifest files are now supported for Amazon S3 and Azure Blob Storage. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Monitoring
    • monitoring.googleapis.com/UptimeCheckConfig
Cloud Monitoring

Starting October 22, 2024, Monitoring Query Language (MQL) will no longer be a recommended query language for Cloud Monitoring, and we will begin to turn off certain usability features. For more information, see the deprecation note for MQL.

Cloud Storage

You can now use tags to set a default soft delete retention duration on newly created buckets in your organization. To learn how to customize a default soft delete retention duration, see Set a default soft delete retention duration.

Datastream

Datastream support for SQL Server as a source is now generally available (GA). For more information, see the documentation.

Generative AI on Vertex AI

Llama 3.1

The Llama 3.1 405B model is available in Preview on Vertex AI. Llama 3.1 405B provides capabilities from synthetic data generation to model distillation, steerability, math, tool use, multilingual translation, and more. For more information, see Llama models.

Google Kubernetes Engine

(2024-R26) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

Rapid channel

Extended channel

(2024-R26) Version updates

(2024-R26) Version updates

(2024-R26) Version updates

(2024-R26) Version updates

Google SecOps SOAR

Release 6.3.11 is now in General Availability.

Release 6.3.12 is currently in Preview.

Logs of newly created jobs are not accessible (ID #51865082)

Trying to export case reports results in an error (ID #52316269)

Saved filters in Cases screen disappear (ID #50834432)

Integration update might fail in an environment with an extremely high number of playbooks (ID #51785856)

Storage Transfer Service

We've released a lighter weight (~50% reduction in image size) and more secure version of the transfer agent container image. If you're running agents that were installed on or before June 17th, 2024, we highly recommend that you delete those agents and install new agents into your agent pool. Any existing transfers using that pool will resume once the new agents are installed.

Vertex AI Agent Builder

Vertex AI Search: Widget uses new method for generative answers

The search widget now uses the search and answer methods together, instead of the older search with summaries for Search with an answer and the converse method for Search with follow-ups.

The answer method is expected to improve the quality of the results.

For general information about the answer method, see Get answers and follow-ups.

July 22, 2024

AlloyDB for PostgreSQL

Support for public IP addresses with AlloyDB instances and creating organization policies with custom constraints is now generally available (GA).

Application Integration

The Solace trigger is now available in preview.

BigQuery

The CHANGES change history function is now in preview. This table-valued function provides a history of table changes over a window of time and captures the following operations:

You can use data manipulation language (DML) to modify rows that have been recently written to a BigQuery table by the Storage Write API. This is now generally available (GA).

The BigQuery continuous queries feature is now in preview.

Continuous queries let you build long-lived, continuously processing SQL statements that can analyze, process, and perform machine learning (ML) inference on incoming data in BigQuery in real time. You can configure continuous queries to replicate query results to a Pub/Sub topic, Bigtable instance, or another BigQuery table, a process also known as Reverse ETL.

You can use continuous queries to perform the following tasks, using the accessible language of SQL:

  • Transform incoming data and act immediately on insights.
  • Use Vertex AI to apply real time ML insights.
  • Build automated event-driven data pipelines.
  • Replicate real-time events to downstream operational systems like Bigtable.

To try BigQuery continuous queries, see Create continuous queries.

You can now use BigQuery Omni Virtual Private Cloud (VPC) allowlists to restrict access to AWS S3 buckets and Azure Blob Storage from specific BigQuery Omni VPCs. This feature is in preview.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Secure Source Manager
    • securesourcemanager.googleapis.com/Instance
Cloud Billing

Track credits for your spend-based milestone credit programs (contract pricing)

If you have a custom pricing contract, you might be enrolled in spend-based milestone credit programs, where you earn promotional credits for spending specific amounts on Google Cloud.

In the Google Cloud console, you can now track the promotional credits for your spend-based milestone programs. The promotional credits that you receive act as a payment method, and are automatically applied to your costs.

Learn about tracking spend-based milestone credits.

Cloud NAT

Hybrid NAT supports Cloud Interconnect in Preview.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.12.0 (2024-07-15)

Features
  • Add function to allow user to set destination in transfer manager (#2497) (dc1e488)
Container Optimized OS

cos-113-18244-85-64

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Disable NVIDIA persistence mode with -no-verify flag

Fixed CVE-2024-39894 in net-misc/openssh.

Fixed CVE-2024-36891 in the Linux kernel

Fixed CVE-2024-38662 in the Linux kernel

Fixed CVE-2024-39482 in the Linux kernel

Fixed CVE-2024-39474 in the Linux kernel

Fixed CVE-2024-39476 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812036 -> 812041

cos-109-17800-218-83

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Disable NVIDIA persistence mode with -no-verify flag

Fixed CVE-2024-38662 in the Linux kernel

Fixed CVE-2024-39482 in the Linux kernel

Fixed CVE-2024-39474 in the Linux kernel

Fixed CVE-2024-39476 in the Linux kernel

cos-dev-117-18567-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.40 v24.0.9 v2.0.0rc2 See List

Updated the Linux kernel to v6.6.40.

Disable NVIDIA persistence mode with -no-verify flag

Fixed CVE-2024-39894 in net-misc/openssh.

cos-105-17412-370-78

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-39482 in the Linux kernel

Fixed CVE-2024-39476 in the Linux kernel

Runtime sysctl changes:

  • Changed: fs.file-max: 812694 -> 812698

cos-101-17162-463-62

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Added the package revision number to the SSH banner in net-misc/openssh.

Fixed CVE-2024-24790 and CVE-2024-24789 in dev-lang/go.

Dataplex

Dataplex Explore is deprecated. Please follow the instructions for how to migrate Dataplex Explore to BigQuery Studio.

Dataproc

Hyperdisks for Dataproc clusters are now created with default throughput and IOPS. When this behavior becomes configurable, it will be announced in a future release note.

Added support for N4 and C4 machine types for Dataproc image versions 2.1 and above. The following default configurations are now applied to clusters created with N4 or C4 machine types:

  • bootdisktype = "hyperdisk-balanced"
  • nictype = "gvnic"

When a Cluster, Job, AutoscalingPolicy, or WorkflowTemplate API resource does not exist and the requestor does not have access to the project, a 403 error code is now issued instead of a 404 error code.

NetApp Volumes

Flex service level now supports CMEK (in Preview). For more information, see About CMEK.

Pub/Sub

If you retain unacknowledged messages in a subscription for more than 24 hours, you incur additional charges. For more information, see Storage costs.

Virtual Private Cloud

In the Google Cloud Console, the Effective routes tab on the Routes page shows only routes that are effective. You can optionally show suppressed routes by using the Show suppressed routes toggle. You can also view the reason why a given route is suppressed. For more information, see List routes for a VPC network.

July 19, 2024

Apigee Advanced API Security

The preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents has been temporarily disabled due to a known issue. We will announce in a release note when the functionality is re-enabled.

Cloud Load Balancing

Regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, cross-region internal proxy Network Load Balancers, and regional external proxy Network Load Balancers support IPv4 and IPv6 (dual-stack) backends.

Ingress IPv4 traffic can now be proxied over an IPv4 or IPv6 connection to the IPv4 and IPv6 (dual-stack) backends.

The following backends support dual stack:

  • VM instance group
  • Zonal NEGs (GCE_VM_IP_PORT)

You can now convert the load balancers from IPv4 based deployments to dual stack (IPv4 and IPv6) deployments.

For details, see:

This feature is available in Preview.

Cloud Logging

The permissions required to use saved and recent queries have changed. You can also define a location in your default resource settings where saved and recent queries are saved. This location must align with your organization policy.

Cloud SQL for SQL Server

You can now use Extended Events (XEvents) on your Cloud SQL for SQL Server instance to monitor, identify, and troubleshoot the performance of the databases on your instance.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.72
  • 1.2.16
  • 2.0.80
  • 2.2.16

Note: Dataproc Serverless for Spark runtime versions 1.1.71, 1.2.15, 2.0.79, and 2.2.15 were not released.

Google Cloud VMware Engine

VMware Engine ve2-standard-128 node type is generally available in us-central1 region. For more information on the node type, see Node types. To use the node type in us-central1 region, contact your Google account team.

Vertex AI Agent Builder

Vertex AI Search: Multi-step retrieval for answer (GA)

For the answer method, multi-step retrieval using multi-step (ReAct) reasoning is Generally available (GA).

For information about this feature, see Query rephrasing and Search and answer (specify maximum steps).

July 18, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921

For more details, see the GCP-2024-043 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921

For more details, see the GCP-2024-043 security bulletin.

BeyondCorp Enterprise

Generally Available: Rule-based custom messages for Chrome Enterprise Premium

You can now specify a custom warning message when creating Chrome DLP rules. These messages are shown to end users when their actions are blocked as a result of a rule triggering in Chrome. To learn more, see Use Chrome Enterprise Premium to integrate DLP with Chrome.

Generally Available: Chrome OCR for Chrome Enterprise Premium

You can now scan text in image (BMP, GIF, JPEG, PNG, and TIFF) files and images in PDFs for sensitive content with optical character recognition (OCR). To learn more, see Use Chrome Enterprise Premium to integrate DLP with Chrome.

Generally Available: Generative AI URL Category for Chrome Enterprise Premium

You can now use the Generative AI URL category when creating Chrome DLP rules. This category is assigned to websites that use AI to create new content, like text, images, music, audio, and videos.

BigQuery

The following BigQuery migration assessment features are now generally available (GA):

  • When you run a migration assessment, the migration assessment now automatically creates a BigQuery dataset to store the assessment results. You can also choose to store assessment results in an existing empty dataset or manually create a dataset with a custom name.
  • While a migration assessment is running, you can view the assessment report with partial data. You can also view its progress and estimated completion time in the status icon tooltip.
  • You can view more information and errors about a migration assessment in the assessment details page.
Cloud Composer

Information about excluded Cloud Storage objects in the environment's bucket is no longer logged. This change reduces the usage of the Storage API during the synchronization of DAG files, which improves the performance of Airflow components and results in fewer Airflow component restarts. The change will gradually become available in all Cloud Composer environments.

Cloud Data Fusion

Cloud Data Fusion versions 6.9 and later store pipeline run records for 30 days by default. For more information, see View run records.

Cloud Run

You can now disable the default run.app URL for your Cloud Run services (Preview).

Cloud SQL for MySQL

You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.

Cloud SQL for PostgreSQL

You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.

Cloud SQL for SQL Server

You can now create custom organization policies for Cloud SQL instances. For more information, see Add custom organization policies.

Dataform

As of Dataform Core 3.0.0., Dataform doesn't distribute a Docker image. You can build your own Docker image of Dataform, which you can use to run the equivalent of Dataform CLI commands. To build your own Docker image, see Containerize an application in the Docker documentation.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.112-debian10, 2.0.112-rocky8, 2.0.112-ubuntu18
  • 2.1.60-debian11, 2.1.60-rocky8, 2.1.60-ubuntu20, 2.1.60-ubuntu20-arm
  • 2.2.26-debian12, 2.2.26-rocky9, 2.2.26-ubuntu22
Document AI

For custom extractor with generative AI, model pretrained-foundation-model-v1.1-2024-03-12 provides fine-tuning for US/EU in Public preview. For more information about custom extractor models, see Custom extractor model versions.

Google SecOps

When you migrate an existing Google SecOps instance so that it is bound to a Google Cloud project, you can also use auto-generated commands to migrate your existing feature RBAC configuration to IAM permissions and roles. For more information, see Migrate existing permissions to IAM.

Google SecOps SIEM

When you migrate an existing Google SecOps instance so that it is bound to a Google Cloud project, you can also use auto-generated commands to migrate your existing feature RBAC configuration to IAM permissions and roles. For more information, see Migrate existing permissions to IAM.

Looker Studio

Ads Location Extension Fields

The following asset location fields are available in the Google Ads and New Search Ads 360 connectors:

  • Asset location address line 1
  • Asset location address line 2
  • Asset location business name
  • Asset location city
  • Asset location country code
  • Asset location phone number
  • Asset location postal code
  • Asset location province

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

SAP on Google Cloud

New SAP certifications: C3 bare metal machine types

SAP has certified the following Compute Engine bare metal machine types:

  • c3-highmem-192-metal for use with SAP HANA OLAP and OLTP workloads.
  • c3-standard-192-metal and c3-highmem-192-metal for use with SAP NetWeaver workloads.

For more information, see the following:

Spanner

Spanner now includes the JSON_ARRAY() and JSON_OBJECT() functions for building JSON types in GoogleSQL. For more information, see JSON functions in GoogleSQL.

July 17, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

AutoML Tables

The shutdown date for AutoML Tables has changed from Mar 31, 2024 to July 24, 2024.

BigQuery

You can now configure the default storage billing model for new datasets. This feature is generally available (GA).

Cloud Composer

Airflow 2.9.1 is available in Cloud Composer images and builds. We recommend checking the list of changes in Apache Airflow release notes before upgrading to this version.

(Airflow 2.9.1) Task context logging is disabled, and it is not possible to enable it.

(Airflow 2.9.1) Raw HTML code in DAG docs and DAG parameter descriptions is disabled by default.

(Airflow 2.9.1) Audit log permissions are revoked from all roles except Admin.

The apache-airflow-providers-google package was upgraded to version 10.21.0 in Cloud Composer 2 images with Airflow 2.7.3 and 2.9.1, and in all latest Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-google changelog from version 10.18.0 to version 10.21.0.

When installing PyPI packages, if you want your builds to run with a custom service account, you can override the COMPOSER_AGENT_BUILD_SERVICE_ACCOUNT environment variable with the chosen service account. For more information, see Install Python dependencies.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.9.1-build.0
  • composer-3-airflow-2.7.3-build.9

Cloud Composer 2.8.6 images are available:

  • composer-2.8.6-airflow-2.9.1
  • composer-2.8.6-airflow-2.7.3 (default)
  • composer-2.8.6-airflow-2.6.3

Support dates for previous Cloud Composer 3 builds are available. All Cloud Composer 3 builds with Airflow 2.7.3 are supported until July 17, 2025.

Cloud Composer version 2.3.4 has reached its end of support period.

Cloud SQL for PostgreSQL

You can now use the following optional flags when you export and import files into Cloud SQL instances:

  • --clean: if you export files, then this flag enables you to include the DROP <object> SQL statement that's required to drop (clean) database objects before you import them. If you import files, then this flag enables you to clean database objects before you recreate them.
  • --if-exists: this flag enables you to include the IF EXISTS SQL statement with each DROP statement that's produced by the clean flag.

If you import files, then these flags apply only if you use the --parallel flag. If you export files, then use these flags only if you're not exporting files in parallel.

Contact Center AI Platform

Version 3.20 is released

All release notes published on this date are part of version 3.20.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Agent chat adapter redesign

We have redesigned the agent chat adapter to streamline workflows, boost productivity, and improve the agent experience. Here are the highlights:

  • A new chat details screen where agents can reference information about the end-user and the chat while the chat is active.

  • An improved chat transfer experience, including:

    • Separate tabs for agents and queues.

    • The ability to search by queue.

  • An expandable chat overview screen where agents can see additional information for each active chat. From this screen, agents can transfer chats, add users to chats, access chat options, and more.

  • An new action bar that puts an agent's most important actions within easy reach.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.70
  • 1.2.14
  • 2.0.78
  • 2.2.14
Google Cloud Armor

Granular models for Cloud Armor Adaptive Protection are now Generally Available. For more information, see the Adaptive Protection overview.

Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26925

For more details, see the GCP-2024-045 security bulletin.

(2024-R25) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.29.6-gke.1038001 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1059001
    • 1.27.15-gke.1154000
    • 1.28.10-gke.1058001
    • 1.28.11-gke.1170000
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

Stable channel

  • Version 1.29.5-gke.1091002 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.13-gke.1201002
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058001
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

Regular channel

  • Version 1.29.6-gke.1038001 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1042001
    • 1.27.14-gke.1059001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1019001
    • 1.28.11-gke.1170000
    • 1.29.6-gke.1254000
    • 1.30.2-gke.1447000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.

GKE Autopilot now supports opportunistic bursting and lower Pod minimums upon cluster creation or upgrade to 1.30.2-gke.1394000 or later, resolving a previous issue with containerd.

(2024-R25) Version updates

  • Version 1.29.6-gke.1038001 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1059001
    • 1.27.15-gke.1154000
    • 1.28.10-gke.1058001
    • 1.28.11-gke.1170000
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
    • 1.29.6-gke.1254000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R25) Version updates

  • Version 1.29.5-gke.1091002 is now the default version in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.27.13-gke.1201002
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058001
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1091001
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

(2024-R25) Version updates

  • Version 1.29.6-gke.1038001 is now the default version in the Regular channel.
  • The following versions are no longer available in the Regular channel:
    • 1.27.14-gke.1042001
    • 1.27.14-gke.1059001
    • 1.28.10-gke.1075001
    • 1.29.5-gke.1091002
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R25) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.27.15-gke.1154000
    • 1.28.11-gke.1019001
    • 1.28.11-gke.1170000
    • 1.29.6-gke.1254000
    • 1.30.2-gke.1447000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1172000 with this release.
Google SecOps

On December 31, 2024, the managed BigQuery data lake for export will not be accessible to Google SecOps customers except for customers in the Enterprise Plus Tier. Enterprise Plus Tier customers will retain access until a replacement is available. Other customers can use their own BigQuery instance to export telemetry data, a feature currently in preview. For more information, see Configure a data export to BigQuery in a self-managed Google Cloud project.

Google SecOps SIEM

On December 31, 2024, the managed BigQuery data lake for export will not be accessible to Google SecOps customers except for customers in the Enterprise Plus Tier. Enterprise Plus Tier customers will retain access until a replacement is available. Other customers can use their own BigQuery instance to export telemetry data, a feature currently in preview. For more information, see Configure a data export to BigQuery in a self-managed Google Cloud project.

Sensitive Data Protection

The ARMENIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

VPC Service Controls

Preview stage support for the following integration:

Vertex AI Agent Builder

Vertex AI Search: Evaluate search quality (Public preview)

Evaluate the search quality of your generic search applications using sample query sets. This lets you assess your search engine's performance, understand potential biases or shortcomings in ranking algorithms, and compare historical evaluation results to understand the impact of changes in your search configuration.

For more information, see Evaluate search quality. This feature is in Public preview.

Virtual Private Cloud

Private Service Connect backends can be used to reach regional endpoints for supported Google APIs. Regional endpoints replace locational endpoints for Private Service Connect backends.

The list of supported regional endpoints that can be accessed by Private Service Connect endpoints and backends is updated to include additional supported Google APIs and regions.

July 16, 2024

AlloyDB for PostgreSQL

Cross-region backup location is now generally available (GA).

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26809

For more information, see the GCP-2024-042 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36972

For more details, see the GCP-2024-044 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26809

For more information, see the GCP-2024-042 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36972

For more details, see the GCP-2024-044 security bulletin.

Apigee Integrated Portal

On July 16, 2024 we released a new version of the Apigee integrated portal.

This release includes general improvements to performance and availability.

App Engine standard environment Java

You can now configure an HTTP connector to improve CPU and memory utilization for your App Engine apps. To configure an HTTP connector, include the appengine.use.httpconnector system property in your appengine-web.xml file. For more information, see Google App Engine Java new performant HTTP connector GitHub page.

BigQuery

When you run a migration assessment for Amazon Redshift, Teradata, or Snowflake, the service also creates a dataset containing only highly aggregated assessment results. This aggregated dataset doesn't contain any query logs; therefore, no personally identifiable information (PII) or business-sensitive information is visible. You can share this dataset with users that are not in your project. This feature is in preview.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for MySQL

Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.

You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.

Cloud SQL for PostgreSQL

Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.

You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.

Cloud SQL for SQL Server

Cloud SQL Studio is now generally available. For more information, see Manage your data using Cloud SQL Studio.

You can now search for and manage your Cloud SQL resources by using Dataplex Catalog. For more information about the integration of Cloud SQL and Dataplex Catalog, see Manage your Cloud SQL resources using Dataplex Catalog.

Colab Enterprise

All Colab Enterprise runtimes are automatically configured with a 100 GiB boot disk in addition to the disk specified in the runtime template. Starting July 16, 2024, the boot disk of a newly created Colab Enterprise runtime automatically defaults to an SSD Persistent Disk. Previously, the boot disk default was a Standard Persistent Disk.

Because of this change, default boot disks of Colab Enterprise runtimes are billed as SSD Persistent Disks instead of Standard Persistent Disks. For more information, see Colab Enterprise pricing.

Compute Engine

Generally available: C3 bare metal machine types are available in the C3 machine series. Bare metal instances let you create an instance with direct access to the machine's CPU and memory, without a virtualization layer in the middle. With bare metal instances, you can access all the raw compute resources of the server. For more information, see the C3 machine series.

Deep Learning Containers

M123 release

  • Hugging Face Text Generation Inference 2.1 GPU container images are now available.
Deep Learning VM Images

M123 release

  • TensorFlow 2.16 images are now available.
Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921
  • CVE-2024-36972

For more details, see the GCP-2024-043 and GCP-2024-044 security bulletins.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26921

For more details, see the GCP-2024-043 security bulletin.

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-36972

For more details, see the GCP-2024-044 security bulletin.

Compute flexible committed use discounts (CUDs), previously known as Compute Engine Flexible CUDs, have been expanded to include several GKE Autopilot and Cloud Run SKUs (see the GKE CUD documentation for details). The legacy GKE Autopilot CUD will be removed from sale on October 15, 2024. GKE Autopilot CUDs purchased before this date will continue to apply through their term.

SAP on Google Cloud

New SAP certification for operating systems

For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system Red Hat Enterprise Linux (RHEL) for SAP 9.4.

For more information about SAP-certified operating systems, see:

Spanner

Spanner now supports the following PostgreSQL JSONB functions:

  • jsonb_array_elements()
  • spanner.bool_array()
  • spanner.float32_array()
  • spanner.float64_array()
  • spanner.int64_array()
  • spanner.string_array()

For more information, see JSONB functions and Spanner specific JSONB functions.

Spanner now supports the following GoogleSQL JSON functions:

  • BOOL_ARRAY: Converts a JSON array of booleans to a SQL ARRAY<BOOL> value.
  • FLOAT32: Converts a JSON number to a SQL FLOAT32 value.
  • FLOAT32_ARRAY: Converts a JSON array of numbers to a SQL ARRAY<FLOAT32> value.
  • FLOAT64_ARRAY: Converts a JSON array of numbers to a SQL ARRAY<FLOAT64> value.
  • INT64_ARRAY: Converts a JSON array of numbers to a SQL INT64_ARRAY value.
  • STRING_ARRAY: Converts a JSON array of strings to a SQL ARRAY<STRING> value.

Spanner now supports the GoogleSQL PDML_MAX_PARALLELISM statement-level hint. For more information, see Statement hints.

The following are now supported for the INSERT statement:

Spanner now supports geo-partitioning (in Preview). You can use geo-partitioning to segment and store rows in your database table across different configurations. For more information, see the Geo-partitioning overview.

Vertex AI Workbench

M123 release

The M123 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.
  • Fixed a bug for custom container instances using a disabled root.

M123 release

The M123 release of Vertex AI Workbench instances includes the following:

  • Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.

July 15, 2024

Application Integration

You can now share custom connectors between different Google Cloud projects by exporting and importing the connector specification. This feature is in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigtable

5.1.1 (2024-07-11)

Bug Fixes
  • Ensure that during resumption of a scan, rows that have not been observed by the caller are re-requested (#1444) (2d8de32)
  • Remove custom readrows retry logic and rely on gax for retries (#1422) (3e0a46e)

Java

Changes for google-cloud-bigtable

2.40.0 (2024-06-28)

Features
  • Add String type with Utf8Raw encoding to Bigtable API (#2191) (e7f03fc)
Bug Fixes
Dependencies
  • Update dependency com.google.truth.extensions:truth-proto-extension to v1.4.3 (#2268) (4573220)
  • Update dependency org.junit.vintage:junit-vintage-engine to v5.10.3 (#2269) (69fef96)
  • Update shared dependencies (#2265) (61014ca)
Cloud Composer

It is no longer possible to create Cloud Composer 1 environments in Google Cloud console. It's still possible to create Cloud Composer 1 environments through Google Cloud SDK, Terraform, and API in projects that support creating new Cloud Composer 1 environments.

Cloud Data Fusion

The Cloud Storage Copy/Move plugin version 0.23.2, which is bundled with Google Cloud Platform plugin, is available in Cloud Data Fusion versions 6.10.0 and later. The release lets you use a wildcard character (*) in the source path to copy and move multiple files. For example, the source path gs://demo0/prod/reports/*.csv copies and moves all CSV files in the reports directory (PLUGIN-698).

Cloud Run

Compute flexible committed use discounts are now available for Cloud Run services with CPU always allocated, and Cloud Run jobs. A single flexible commitment covers eligible spend across Compute Engine, GKE, and Cloud Run. For more information, see Committed use discounts.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.11.3 (2024-07-09)

Bug Fixes
  • Error serialization in resumable-upload.ts (#2493) (c2e555c)
  • Handle unhandled error in startResumableUpload_ (#2495) (d5257ba)
  • Make CreateBucketRequest extend from BucketMetadata to allow all… (#2489) (013a5a4)
Compute Engine

Compute flexible committed use discounts (CUDs)—previously known as Compute Engine flexible CUDs—have been expanded to also cover your Cloud Billing account's spend across Google Kubernetes Engine (GKE) and Cloud Run. A single flexible commitment covers your eligible spend across all three services. For more information, see Compute flexible CUDs.

To learn about how flexible CUDs apply to the other services, see the following:

Generally available: You can limit the run time of VMs, which automatically stops or deletes a VM after a specific time or duration. Limiting your VMs' run times can help you optimize temporary workloads by minimizing costs and releasing quota. For more information, see Limit the run time of a VM and Limit the runtime of VMs in a MIG.

Config Controller

Config Controller now uses the following versions of its included products:

Contact Center AI Platform

Mobile SDK 2.8 is released

Mobile SDK 2.8 includes the following update: added support for landscape mode.

For more information, see the following:

Container Optimized OS

cos-dev-117-18555-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.37 v24.0.9 v2.0.0rc2 See List

Upgrade fluent-bit to v3.0.6.

Upgraded app-admin/node-problem-detector to v0.8.19.

Upgraded app-containers/cni-plugins to v1.5.1.

Upgraded app-admin/google-guest-configs to v20240607.00.

Added support for TPU v6 devices.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2792.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2437.

Upgraded sys-apps/dbus to v1.14.10-r192.

Upgraded chromeos-base/shill-client to v0.0.1-r4577.

Upgraded chromeos-base/debugd-client to v0.0.1-r2703.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2937.

Upgraded chromeos-base/minijail to v18-r142.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r633.

Upgraded dev-embedded/libftdi to v1.5-r7.

Upgraded sys-apps/pv to v1.8.10.

Upgraded net-dns/c-ares to v1.31.0.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded dev-python/pygobject to v3.46.0-r1.

Upgraded dev-db/sqlite to v3.46.0.

Upgraded dev-libs/nss to v3.101.

Upgraded sys-apps/hwdata to v0.383.

Upgraded net-misc/rsync to v3.3.0.

Upgraded sys-apps/findutils to v4.10.0.

Upgraded sys-libs/libseccomp to v2.5.5-r1.

Upgraded net-misc/curl to v8.8.0-r1.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Fixed glibc-2.36 build errors in sys-boot/syslinux.

Upgraded dev-lang/go to v1.22.4. This fixes CVE-2024-24790 and CVE-2024-24789.

Fixed CVE-2024-35195 in dev-python/requests.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 811785 -> 811776

cos-109-17800-218-76

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded app-editors/vim to v9.1.0470, Upgraded app-editors/vim-core to v9.1.0470.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded net-misc/rsync to v3.2.7-r4.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Upgraded sys-process/lsof to v4.99.3.

Upgraded sys-apps/file to v5.45-r4.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded net-misc/curl to v8.8.0-r1.

Updated cos-gpu-installer to v2.3.5 - Improved error messaging for incompatible GPU driver input.

Added the package revision number to the SSH banner in net-misc/openssh.

Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

cos-105-17412-370-75

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Upgraded app-admin/logrotate to v3.22.0.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-apps/dmidecode to v3.6.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded app-shells/dash to v0.5.12.

Upgraded sys-apps/attr to v2.5.2-r1.

Upgraded sys-apps/diffutils to v3.10.

Upgraded net-dns/libidn2 to v2.3.7.

Upgraded net-misc/wget to v1.21.4.

Upgraded app-misc/mime-types to v2.1.54.

Upgraded net-analyzer/netcat to v110.20180111-r2.

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Fixed CVE-2024-24790 and CVE-2024-24789 in dev-lang/go.

Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

cos-113-18244-85-54

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Updated cos-gpu-installer to v2.3.5.

Added the package revision number to the SSH banner in net-misc/openssh.

Updated net-misc/wget to version 1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

cos-101-17162-463-58

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Updated cos-gpu-installer to v2.3.5.

Updated net-misc/wget to v1.24.5. This fixed CVE-2024-38428.

Fixed CVE-2024-36978 in the Linux kernel.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.10 (2024-07-10)

Bug Fixes
Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

For more details, see the GCP-2024-042 security bulletin.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26809

For more details, see the GCP-2024-042 security bulletin.

Google SecOps

The third-party API feed Symantec Event Export has been discontinued due to the deprecation of Symantec Event Export API. To ingest data, use a Cloud Storage bucket. For more information, see Add a feed.

Google SecOps SIEM

The third-party API feed Symantec Event Export has been discontinued due to the deprecation of Symantec Event Export API. To ingest data, use a Cloud Storage bucket. For more information, see Add a feed.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.4 (2024-07-10)

Bug Fixes
Vertex AI Agent Builder

Vertex AI Search: Rotation of CMEK keys, which protect data stores (Private preview)

Customer-managed encryption keys (CMEK) for data stores associated with search apps can be rotated.

Don't rotate keys for data stores associated with recommendations apps. Also, if you rely on analytics, don't rotate keys.

Key rotation is available in Private preview. For information about rotating CMEK keys to protect Vertex AI Agent data stores, see Customer-managed encryption keys.

July 14, 2024

Vertex AI Vision

Model output visualization tool in vaictl

You can now visualize model output using the vaictl command line tool available through the Vertex AI Vision SDK. This visualization combines real-time video streams with annotations and statistics generated by Vertex AI Vision models. This feature lets you better understand model output by visualizing output information over your video stream.

Features:

  • Visualize command added to vaictl command-line tool.
  • Support added to visualize Occupancy Analytics model annotations.

For more information, see Visualize model output.

Motion filtering - motion detection zone

You can now specify zones for motion detection, or areas to omit from motion detection. For more information, see the motion filtering guide.

July 13, 2024

Google SecOps

Python 2.7 is being deprecated and will be fully removed on October 13, 2024.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

Support for Python 3.11: Google SecOps now supports Python 3.11 in all the certified integrations. This feature is in General Availability.

IDE Staging mode: A staging mode has been added to the IDE where you can test certified and custom integrations as well as custom items. The staging mode acts as a sandbox where you can test the new Python 3.11 code or any upgraded integration before pushing to production. For more information, refer to Test integrations in staging mode. This feature is in General Availability.

Google SecOps SOAR

Python 2.7 is being deprecated and will be fully removed on October 13, 2024.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

Support for Python 3.11: Google SecOps now supports Python 3.11 in all the certified integrations. This feature is in General Availability.

IDE Staging mode: A staging mode has been added to the IDE where you can test certified and custom integrations as well as custom items. The staging mode acts as a sandbox where you can test the new Python 3.11 code or any upgraded integration before pushing to production. For more information, refer to Test integrations in staging mode. This feature is in General Availability.

July 12, 2024

Access Approval

Access Approval supports Dataform in the GA stage.

App Engine flexible environment .NET

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Go

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Java

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Node.js

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment PHP

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Python

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment Ruby

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine flexible environment custom runtimes

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.
  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change, you can do the following:

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.
  • Grant the Editor role to the App Engine default service account.
App Engine standard environment Go

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Java

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Node.js

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment PHP

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Python

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

App Engine standard environment Ruby

Deployments for new projects might be impacted from the following changes to org policies:

  • Starting in May 2024, Google Cloud enforces secure-by-default organization policies for all organization resources. This policy prevents App Engine from granting the Editor role to the App Engine default services accounts by default.

  • Starting in June 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying versions for the first time may be using the default App Engine service account with insufficient permissions for deploying versions.

If you are impacted by this change you can do one of the following:

  • Grant the Editor role to the App Engine default service account.

  • Review the Cloud Build guidance on changes to the default service account and opt out of these changes.

Compute Engine

Preview: Hyperdisk Balanced High Availability provides cross-zonal, synchronous replication for your disk data, offering the best set of options for RPO, RTO, and performance.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.111-debian10, 2.0.112-rocky8, 2.0.112-ubuntu18
  • 2.1.59-debian11, 2.1.60-rocky8, 2.1.60-ubuntu20, 2.1.60-ubuntu20-arm
  • 2.2.25-debian12, 2.2.26-rocky9, 2.2.26-ubuntu22
Google SecOps SOAR

Release 6.3.10 is now in General Availability.

Memorystore for Redis Cluster

Single-zone instances are now Generally Available on Memorystore for Redis Cluster.

Spanner

Spanner now supports dual-region instance configurations in Australia, Germany, India, and Japan. Dual-region configurations let you replicate data in multiple zones across two regions in a single country. This helps you meet your data residency requirements, while taking advantage of 99.999% availability. For more information, see Dual-region configurations.

Spanner now supports the approximate nearest neighbor (ANN) distance functions (APPROX_COSINE_DISTANCE(), APPROX_EUCLIDEAN_DISTANCE(), and APPROX_DOT_PRODUCT()) in the GoogleSQL dialect (in Preview). If you have tables with a large amount of unstructured data that can be represented as vector data, you can create a vector index using DDL statements and accelerate similarity searches and nearest neighbor queries using standard SQL using these functions without having to copy the data into a separate system. For more information, see Find approximate nearest neighbors to index and query vector embeddings in Spanner.

July 11, 2024

Anti Money Laundering AI

A new major engine version is now available for Retail and Commercial lines of business, within the v4 tuning version. This includes:

  • Additional data validation errors with more granular checks and corresponding actionable error messages
  • Improved accuracy and better descriptions for existing data validation checks
  • A fix for processing of alert events in the Risk Case Event table
  • Improved reliability of training, prediction, and backtesting operations for very large datasets (greater than 20 million parties)
  • Reduction in the time taken for tuning when creating an engine config
Apigee X

On July 11, 2024, we released an updated version of Apigee (1-12-0-apigee-8).

This release addresses the security concerns in GCP-2024-032 from Google Anthos Service Mesh.

Bug ID Description
330175485 Security fix for apigee-ingress.
This addresses the following vulnerabilities:
Bug ID Description
N/A Updated libraries and infrastructure.
Application Integration BeyondCorp Enterprise

Generally available: Chrome Enterprise Premium watermarking

You can now display a custom watermark on web pages that match the data protection rules that you set. For more information, see Display watermark on certain webpages.

BigQuery

You can now use EXPORT DATA statements to reverse ETL BigQuery data to Spanner. This feature is in preview.

Cloud Functions

Starting in July 2024, Cloud Build has changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change. As a result of this change, new projects deploying functions for the first time may be using a default Cloud Build service account with insufficient permissions for building a function. If you are impacted by this change you can do one of the following:

Cloud Run

Starting July 2024, Cloud Build changed the default behavior for how Cloud Build uses service accounts in new projects. This change is detailed in Cloud Build Service Account Change documentation. As a result of this change, new projects deploying to Cloud Run from source code for the first time may be using a default Cloud Build service account with insufficient permissions for deploying from source.

If you are impacted by this change, you can do one of the following:

Cloud Storage

You can now specify Frankfurt (europe-west3) and Zürich (europe-west6) as a predefined dual-region pairing. For more information, see Predefined dual-regions.

Compute Engine

You can only create on-demand reservations of A3 VMs if you create specifically targeted reservations. This restriction doesn't affect reservations that were created before July 11, 2024, which you can continue to consume based on their consumption type.

For more information, see the following pages:

Dataflow

You can now use the Dataflow job builder UI to create and run Dataflow pipelines in the Google Cloud console, without writing any code. This feature is generally available (GA).

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.69
  • 1.2.13
  • 2.0.77
  • 2.2.13
Dialogflow

Vertex AI Agents: Agent apps now provide generative settings for input token limit, output token limit, and temperature.

Google Cloud VMware Engine

Added missing release notes for ve2-standard-128 availability in australia-southeast1 region

Looker Studio

Pro feature: Gemini in Looker public preview features

The following Gemini in Looker features are now available in Public Preview:

Learn more about Gemini in Looker and how to enable it in Looker Studio.

Partner Connector launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Search Ads 360 connector deprecation complete

The Search Ads 360 connector deprecation that was announced on April 2, 2024 is complete. Please use the New Search Ads 360 connector.

Spanner

You can now use EXPORT DATA statements to reverse ETL BigQuery data to Spanner. This feature is in Preview.

reCAPTCHA

reCAPTCHA for WAF integration with Akamai is now available in Preview. For more information, see Integrate reCAPTCHA for WAF with Akamai .

July 10, 2024

AlloyDB for PostgreSQL Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

App Engine flexible environment .NET

.NET version 3 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of .NET.

App Engine flexible environment Go

Go version 1.19 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Go.

App Engine flexible environment Node.js

Node.js version 16 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Node.js.

App Engine flexible environment PHP

PHP version 7.4 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of PHP.

App Engine flexible environment Python

Python version 3.7 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Python.

App Engine flexible environment Ruby

Ruby version 3.1 and earlier have reached end of support. You cannot re-deploy versions that use runtimes after their end of support date. We recommend that you upgrade your app to use the latest version of Ruby.

Cloud Billing

You can now view granular AlloyDB for PostgreSQL usage in the Cloud Billing Detailed export to BigQuery

You can now view granular AlloyDB for PostgreSQL cluster, instance, and backup data in the Google Cloud Billing detailed export. Use the resource.global_name and resource.name fields in the export to view and filter your detailed AlloyDB cluster, instance, and backup usage.

Review the schema of the Detailed cost data export.

Tags data for AlloyDB for PostgreSQL cluster, instance, and backup usage is available in both the Standard usage cost export and the Detailed usage cost export.

To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see about tags and query examples with tags.

Datastream

Datastream is now available in the us-east5 (Columbus) region. For the list of all available regions, see IP allowlists and regions.

Google Cloud Marketplace Partners

We've made the following changes to Cloud Marketplace partner reports:

Google Kubernetes Engine

(2024-R24) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.29.5-gke.1091002 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.11-gke.1062004
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.9-gke.1000000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.4-gke.1043002
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
    • 1.29.6-gke.1038000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

Stable channel

  • Version 1.28.9-gke.1289002 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1043002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.

Regular channel

  • Version 1.29.5-gke.1091002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.27.13-gke.1201000
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.28.9-gke.1289000
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1058001
    • 1.28.10-gke.1075000
    • 1.29.4-gke.1043002
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.5-gke.1091000
    • 1.29.5-gke.1091002
    • 1.29.6-gke.1038000
    • 1.30.1-gke.1329000
    • 1.30.2-gke.1023000
    • 1.30.2-gke.1023004
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R24) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.5-gke.1091000
    • 1.29.5-gke.1091002
    • 1.29.6-gke.1038000
    • 1.30.1-gke.1329000
    • 1.30.2-gke.1023000
    • 1.30.2-gke.1023004
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.11-gke.1019001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.6-gke.1038001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.6-gke.1038001 with this release.

(2024-R24) Version updates

  • Version 1.28.9-gke.1289002 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1070002
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.29.4-gke.1043002
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.

(2024-R24) Version updates

  • Version 1.29.5-gke.1091002 is now the default version.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.26.15-gke.1090000
    • 1.26.15-gke.1090004
    • 1.26.15-gke.1191000
    • 1.26.15-gke.1191001
    • 1.26.15-gke.1300000
    • 1.26.15-gke.1300001
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.26.15-gke.1404000
    • 1.26.15-gke.1404002
    • 1.26.15-gke.1469000
    • 1.26.15-gke.1469001
    • 1.27.11-gke.1062004
    • 1.27.13-gke.1070000
    • 1.27.13-gke.1166000
    • 1.27.13-gke.1166001
    • 1.27.13-gke.1201000
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1059000
    • 1.27.14-gke.1100000
    • 1.27.14-gke.1100002
    • 1.27.15-gke.1012000
    • 1.27.15-gke.1012003
    • 1.28.9-gke.1000000
    • 1.28.9-gke.1069000
    • 1.28.9-gke.1069002
    • 1.28.9-gke.1209000
    • 1.28.9-gke.1209001
    • 1.28.9-gke.1289000
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1089000
    • 1.28.10-gke.1089002
    • 1.28.10-gke.1148000
    • 1.28.10-gke.1148001
    • 1.28.11-gke.1019000
    • 1.29.4-gke.1043002
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
    • 1.29.6-gke.1038000
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.

(2024-R24) Version updates

  • Version 1.29.5-gke.1091002 is now the default version in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.26.15-gke.1320000
    • 1.26.15-gke.1320002
    • 1.26.15-gke.1381000
    • 1.26.15-gke.1381001
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1390001
    • 1.27.13-gke.1201000
    • 1.27.13-gke.1201002
    • 1.27.14-gke.1022000
    • 1.27.14-gke.1022001
    • 1.27.14-gke.1042000
    • 1.28.9-gke.1289000
    • 1.28.9-gke.1289002
    • 1.28.10-gke.1058000
    • 1.28.10-gke.1058001
    • 1.28.10-gke.1075000
    • 1.29.4-gke.1043002
    • 1.29.4-gke.1043004
    • 1.29.5-gke.1060000
    • 1.29.5-gke.1060001
    • 1.29.5-gke.1091000
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.14-gke.1042001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.10-gke.1075001 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
Google SecOps SOAR

Release 6.3.11 is currently in Preview.

Case tag filter pagination is not working in cases page (ID #339581969)

Issues when testing SOAR Webhooks for ingestion. (ID #51862016)

Looker

Looker 24.12 includes the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, July 15, 2024

  • Expected Looker (original) final deployment and download available: Thursday, July 25, 2024

  • Expected Looker (Google Cloud core) deployment start: Monday, July 15, 2024

  • Expected Looker (Google Cloud core) final deployment: Monday, July 29, 2024

A LookML validator error, which catches illegal sql_trigger values in models with parameterized connections, has been added.

The Chart Config Editor now supports the following pie chart legend properties: align, verticalAlign, and layout.

Admins can now edit groups and roles for users who only have API keys.

When a file or folder is created, updated, or accessed in the Looker IDE, Looker now displays a loading indicator.

A new Explore from Here icon now appears on dashboard tiles and lets dashboard viewers explore a tile's data in one click. Note: This feature will be released in late July. Update: Because of a code freeze during the Olympics, this feature will be released in mid-August.

Looker now supports Databricks Unity Catalog. When you create a Databricks connection in Looker, you can define the Databricks catalog in which Looker will run queries.

For LookML projects that are configured with the Use Legacy Runtime feature, the LookML Validator may return an information-level alert that the legacy runtime is being deprecated. We recommend that you migrate LookML projects to the new LookML runtime.

A new Create button in the main navigation panel lets users create dashboards, boards, LookML models, and database connections. To view the button, users must have the permissions to create dashboards, models, or connections. Note: This feature will be released in late July. Update: Because of a code freeze during the Olympics, this feature will be released in mid-August.

An issue has been fixed where filter values with a special character and a trailing space would filter out valid results. This feature now performs as expected.

An issue has been fixed where Aurora MySQL connections that do not provide the lookerFailover parameter in the Additional JDBC parameters setting would fail to connect. This feature now performs as expected.

The LookML validator will now return an error if a sql_distinct_key is used in a field type that does not support it.

An issue where PDT overrides could not be toggled off in some situations has been fixed. This feature now performs as expected.

An issue was causing tooltips on timeline visualizations to not respect timezone conversion settings. This feature now performs as expected.

Rendering for dashboards that include special characters in their titles has been fixed. This feature now performs as expected.

Query results that contained characters that aren't in the UTF-8 character set could cause queries to fail. This feature now performs as expected.

Previously, extra filter suggestions queries would run when a filter was removed in an Explore. This feature now performs as expected.

An issue was causing the LookML validator to return an incorrect error for an improperly formed value format string. This feature now performs as expected.

An issue was causing visualization formats to round incorrectly. This feature now performs as expected.

Previously, some Looks had a null Look ID in System Activity Explores. This feature now performs as expected.

An issue was causing Looker to sometimes incorrectly generate date literals for Postgres queries. This feature now performs as expected.

Previously, queries could not be sorted on date fields in specific situations. This feature now performs as expected.

Previously, user attribute values that contained certain special characters could not be saved. This feature now performs as expected.

An issue was causing Looker to generate incorrect join SQL for circular join references. This feature now performs as expected.

Previously, drill-downs didn't work properly in some map visualizations. This feature now performs as expected.

An issue with the Closed System option allowed the name of the user who created or updated a dashboard last to be viewed by users who weren't in the same group. This feature now performs as expected.

OpenJDK 8 is no longer supported. Self-hosted customers must upgrade to OpenJDK 11.

A new Labs feature, Delegate Schedule Management, introduces the manage_schedules permission. This permission lets users reassign and delete schedules on the Schedules page for the models that they can access.

If a Looker instance does not yet have any Looks or dashboards, the Looker homepage now shows sample dashboards. Note: This feature will be released in late July. Update: Because of a code freeze during the Olympics, this feature will be released in mid-August.

Looker (Google Cloud core) now supports connections to Teradata databases.

Managed Kafka

Terraform samples are now available for creating clusters and topics. For more information, see Provision Apache Kafka for BigQuery resources with Terraform.

Migrate to Virtual Machines

The Migrate Connector, the virtual appliance used to connect VMware sources to Migrate to Virtual Machines, is exposed to a security vulnerability on SSHD (CVE-2024-6387). Migrate Connector version 2.6.2497 has been released to mitigate this issue and is being gradually rolled out. For information, see the GCP-2024-040 security bulletin.

Vertex AI Agent Builder

Vertex AI Search: Edit the schema for structured data on import (Public preview)

When you create a data store by importing structured data from BigQuery or Cloud Storage, you can review and edit the schema before you import the data. This saves time over the alternative method of importing the data first and subsequently editing the schema.

This feature is available in Public preview and applies to generic and media data stores. To try this feature for healthcare data stores, contact your Google account team and ask for access to the Private preview.

Vertex AI Search: Bring your own schema for media data stores (Public preview)

Previously, all media data stores had to follow a JSON schema for media predefined by Google. However, now you can use your own JSON schema for media data, provided that you map fields in your schema to the key properties: category, media_available_time, media_duration, title, and uri.

This feature is in Public preview.

Vertex AI Search: Media app creation (Public preview)

Media data stores can be created directly from the Data Stores page.

This is an alternative to the method where you create a media data store as part of the app creation workflow.

This feature is available in Public preview.

July 09, 2024

AlloyDB for PostgreSQL

The extension pgvector is updated to version 0.7.0.

Performing a switchover with zero data loss in cross-region replication setups, to test disaster recovery (DR) or to perform workload migration, is now generally available (GA).

Apigee X

Updated: Limit on number of basepaths per environment

Apigee is raising the temporary limit of 1000 basepaths per environment to avoid potential failures when deploying API proxy revisions.

While this limit is in place, you can deploy up to 1000 API proxy revisions (each containing a single basepath) per environment. If your API proxies or revisions contain more than one basepath, the total number of basepaths per environment must not exceed 1000.

To track the status of this issue, see Apigee Known Issues.

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Google Kubernetes Engine
    • admissionregistration.k8s.io/MutatingWebhookConfiguration
    • apps.k8s.io/DaemonSet
    • apps.k8s.io/StatefulSet
    • batch.k8s.io/CronJob
    • extensions.k8s.io/DaemonSet
    • k8s.io/PersistentVolume
    • k8s.io/PersistentVolumeClaim
    • k8s.io/PodTemplate
    • k8s.io/ReplicationController
    • k8s.io/ResourceQuota
    • policy.k8s.io/PodDisruptionBudget
    • storage.k8s.io/StorageClass
    • gateway.networking.k8s.io/Gateway
    • gateway.networking.k8s.io/GatewayClass
    • gateway.networking.k8s.io/HTTPRoute
Cloud Build

Cloud Build users can connect to Bitbucket Cloud and Bitbucket Data Center hosts and add repositories with the Terraform provider for Google Cloud.

To learn more, see Connect to a Bitbucket Cloud host and Connect to a Bitbucket Data Center host.

Cloud Composer

A new Airflow build is available in Cloud Composer 3:

  • composer-3-airflow-2.7.3-build.8

Cloud Composer 2.8.5 images are available:

  • composer-2.8.5-airflow-2.7.3 (default)
  • composer-2.8.5-airflow-2.6.3
Cloud Healthcare API

Using customer-managed encryption keys (CMEK) to encrypt Cloud Healthcare API datasets is generally available (GA) and available in Preview. For more information, see Enable customer-managed encryption keys (CMEK) for Cloud Healthcare API datasets.

Cloud Monitoring

Starting no sooner than January 7, 2025, Cloud Monitoring will begin charging for alerting. For information about the pricing model and examples of pricing scenarios, see Pricing for alerting.

Compute Engine

Generally available: You can create GPU VMs in a managed instance group (MIG) by using resize requests. Resize requests help you create VMs all at once and give you higher chances to obtain highly demanded resources such as GPUs.

For more information, see About resize requests in a MIG.

Generally available: Hyperdisk ML, block storage designed specifically for high-performance AI workloads. Each Hyperdisk ML volume can achieve up to 1,200,000 MBps of throughput. For large-scale training and inference workloads, you can attach a single Hyperdisk ML volume to up to 2,500 VM instances. For more information, see About Hyperdisk.

Config Connector

Config Connector version 1.120.1 is now available.

IAM configuration can now be applied to PrivateCACAPool.

You can configure the ConfigConnector operator to roll back to install the v1.119.0 CRDs by specifying spec.version: 1.119.0 in the ConfigConnectorContext CR (namespaced mode).

CloudBuildWorkerPool is promoted from alpha to beta.

CloudIDSEndpoint is promoted from alpha to beta.

ComputeMangedSSLCertificate is promoted from alpha to beta.

AlloyDBInstance

  • Added networkConfig field to support Public-IP feature.

MonitoringAlertPolicy

  • Added spec.severity field.

MonitoringDashboard

  • Added dashboardFilters support.
  • Added alertChart widgets.
  • Added collapsibleGroup widgets.
  • Added pieChart widgets.
  • Added sectionHeader widgets.
  • Added singleViewGroup widgets.

  • Added timeSeriesTable widgets.

  • Added blankView to scorecard widgets.

  • Added dataSets.targetAxis and y2Axis fields to xyChart widgets.

  • Added id field to all widgets.

  • Added prometheusQuery and outputFullDuration to timeSeriesQuery.

  • Added style fields to text widgets.

  • Added targetAxis field to thresholds.

StorageBucket

  • Added spec.softDeletePolicy field.
  • Added status.observedState.softDeletePolicy field.
Contact Center AI Platform

Version 3.18 is released

All release notes published on this date are part of version 3.18.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

New custom data types for events

The following custom data types for events are now available using the Web SDK:

  • custom_data_secured
  • custom_data_not_secured

For more information, see Data for events.

New session events for quality management

The following session events are now available for quality management (QM) integration:

  • Hold
  • Mute
  • Redaction
  • Recording indication
  • Queue information

Fixed an issue where agents were not receiving audio notifications for breakthrough calls.

Fixed an issue where saving queue-level wrap-up settings to the global defaults was not behaving as expected.

Fixed an issue where viewing agent assignments was not possible for agents with a custom role.

Google Cloud Architecture Center Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.200-gke.245 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.200-gke.245 runs on Kubernetes v1.29.5-gke.800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed In 1.29.200-gke.245:

Google Distributed Cloud for VMware 1.28.700-gke.151 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.28.700-gke.151 runs on Kubernetes v1.28.10-gke.2100.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following issues are fixed in 1.28.700-gke.151:

  • Fixed the known issue where the Binary Authorization webhook blocked the CNI plugin, which caused user cluster creation to stall.

  • Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes.

The following vulnerabilities are fixed In 1.28.700-gke.151:

Google Distributed Cloud for VMware 1.16.10-gke.36 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.16.10-gke.36 runs on Kubernetes v1.27.14-gke.1600.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following vulnerabilities are fixed In 1.16.10-gke.36:

Google Distributed Cloud (software only) for bare metal

Release 1.28.700-gke.150

Google Distributed Cloud for bare metal 1.28.700-gke.150 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.700-gke.150 runs on Kubernetes 1.28.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

The following container image security vulnerabilities have been fixed in 1.28.700-gke.150:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Google SecOps SOAR

Release 6.3.9 is now in General Availability.

July 08, 2024

Agent Assist

Agent Assist now offers a new version of summarization with custom sections in preview. Summarization with custom sections V3.0 reduces latency from V2.1.

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Cloud Data Fusion

You can configure maintenance windows for Cloud Data Fusion instances, in versions 6.8 and later, in Preview.

Cloud Database Migration Service

Database Migration Service for heterogeneous Oracle migrations can now migrate tables without primary or unique constraints that have more than 500 million rows. The previous maximum row limitation for such tables is no longer in place. For more information on known limitations, see:

Cloud Logging

Log buckets in all regions supported by Cloud Logging can now be upgraded to use Log Analytics. For more information, see Supported regions.

Cloud Monitoring

Your dashboards will now recommend event types for display. For more information, see Show events on a dashboard.

Cloud Service Mesh

1.21.4-asm.5 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.4-asm.5 uses Envoy v1.29.7.

1.20.8-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.20.8-asm.1 uses Envoy v1.28.5.

1.19.10-asm.9 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for an Envoy bug where the additional cookie attributes are not properly sent to clients. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.19.10-asm.9 uses Envoy v1.27.7.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for storage/internal/apiv2

1.43.0 (2024-07-03)

Features
  • storage/transfermanager: Add DownloadDirectory (#10430) (0d0e5dd)
  • storage/transfermanager: Automatically shard downloads (#10379) (05816f9)
Bug Fixes
Documentation
  • storage/control: Remove allowlist note from Folders RPCs (d6c543c)

You can now specify London (europe-west2) and Frankfurt (europe-west3) as a predefined dual-region pairing. For more information, see Predefined dual-regions.

Dataflow

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.9 (2024-07-01)

Bug Fixes
Dataplex

Dataplex Catalog is generally available (GA). Dataplex Catalog provides a platform for storing, managing, and accessing your metadata.

For more information, see Dataplex Catalog overview, Search for data assets, Manage aspects and enrich metadata, and Manage entries and ingest custom sources.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.110-debian10, 2.0.110-rocky8, 2.0.110-ubuntu18
  • 2.1.58-debian11, 2.1.58-rocky8, 2.1.58-ubuntu20, 2.1.58-ubuntu20-arm
  • 2.2.24-debian12, 2.2.24-rocky9, 2.2.24-ubuntu22
Google Distributed Cloud (software only) for VMware

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

For more information, see the GCP-2024-041 security bulletin.

Google Distributed Cloud connected

This is a minor release of Google Distributed Cloud connected (version 1.7.0).

The following new functionality has been introduced in this release of Google Distributed Cloud connected:

  • Customer-sourced hardware. You now have the option to purchase the Google Distributed Cloud connected hardware from a Google-partnered System Integrator (SI) and retain full ownership instead of leasing it from Google. For more information, contact Google Support.

  • Refreshed machine hardware. The server machines comprising Google Distributed Cloud connected racks have been updated to a more powerful hardware configuration. For more information, contact Google Support.

  • Flexible rack configuration. You can now order a Google Distributed Cloud connected rack with 3, 6, 9, or 12 server machines. For more information, contact Google Support.

  • IPv4/IPv6 dual-stack networking. Google Distributed Cloud connected now supports IPv6 networking in addition to IPv4 networking. For more information, see IPv4/IPv6 dual-stack networking.

  • Pod image caching. Google Distributed Cloud connected now supports local caching of Pod images. For more information, see Configure a Pod for image caching.

  • Kafka support. Google Distributed Cloud now supports collecting workload metrics with Apache Kafka. For more information, see Logs and metrics.

  • Cluster connection state indication. You can now check whether a cluster is connected, disconnected, or reconnected and synchronizing with Google Cloud Platform. For more information, see Survivability mode.

  • Cluster maintenance exclusion windows. You can now specify one or more maintenance exclusion windows for a cluster. This prevents Google from performing maintenance or software upgrades on the cluster during the specified times. For more information, see Understand software updates and maintenance windows.

  • GDC Hardware Management API. You can now place orders for Google Distributed Cloud connected hardware programmatically using the GDC Hardware Management API. For more information, see Google Distributed Cloud connected CLI and API reference. This is a Preview-level feature.

The following changes to existing functionality have been introduced in this release of Google Distributed Cloud connected:

  • Bastion host GA. The bastion host feature of Google Distributed Cloud connected is now generally available. For more information, see Configure a bastion host.

  • Worker node software upgrades are now staggered. Google Distributed Cloud connected now upgrades worker node software in stages instead of all at once. This allows your workloads to continue running on some nodes, while others are upgrading. You have the option to specify the number of worker nodes that can go down for a software upgrade simultaneously. For more information, see Software update staggering.

  • GPU support is now automatically enabled. You no longer have to modify the VMRuntime resource to enable GPU support on Google Distributed Cloud connected. GPU support is now automatically enabled if a GPU is detected on a Google Distributed Cloud connected machine.

  • Google Distributed Cloud connected component updates:

    • GKE on Bare Metal. This component has been updated from version 1.1.6.1 to version 1.28.500.
    • Kubernetes control plane. This component has been updated from version 1.27.9 to version 1.28.8.
    • Symcloud Storage. This component has been updated from version 5.4.6 to version 5.4.8.

  • Anthos branding has been replaced with Google Kubernetes Service branding. Anthos features and services that Google Distributed Cloud connected relies on, such as Anthos Identity Service, have been rebranded to Google Kubernetes Service. You might still see references to the legacy branding in Google Distributed Cloud connected command output and error messages.

The following functionality has been deprecated in this release of Google Distributed Cloud connected:

  • Cloud control plane cluster support. As of this release, Google Distributed Cloud connected no longer supports Cloud control plane clusters. Local control plane clusters are now the only supported cluster type.

  • Raw block storage for virtual machine workloads. As of this release, you can no longer provision virtual machine workloads with raw block storage. Symcloud Storage is now the only supported storage type for virtual machine workloads.

The following issues have been resolved in this release of Google Distributed Cloud connected:

  • Symcloud Storage volume clean-up now functions correctly. Single node failures, such as power loss or network disconnection, no longer cause rescheduling failures for virtual machines that use Symcloud Storage volumes. When a node fails, virtual machines are automatically rescheduled onto another node and then scheduled back onto the original node once that node returns to operation.

  • Virtual machines no longer enter a stuck state when node network connections are intermittent. Virtual machines no longer get stuck in container creation state when their network connections repeatedly disconnect and reconnect. When all three nodes in a Google Distributed Cloud connected server group regain network connectivity, the affected virtual machines are automatically rescheduled back onto their original nodes.

  • Virtual machine restore operations now complete successfully. Problems related to taking subsequent snapshots of virtual machines after the initial ones have been resolved. These problems caused virtual machine restore operations to fail.

  • Virtual machine heartbeat has been tuned to increase failover resilience. Occasionally, when a node failed, virtual machines on other nodes in the cluster would fail multiple successive heartbeats to the Kubernetes control plane that ran on the failed node. The heartbeat configuration has been tuned to mitigate this and increase failover resilience.

  • Intermittent SR-IOV device availability on large deployments has been resolved. SR-IOV devices are no longer intermittently unavailable on large, long-uptime deployments of Google Distributed Cloud connected after creating SR-IOV network node policies.

Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected:

  • CVE-2024-26934, CVE-2024-27013, CVE-2024-26884, CVE-2024-26902, CVE-2022-48659, CVE-2024-26901, CVE-2024-26910, CVE-2024-26883, CVE-2024-26898, CVE-2024-26882, CVE-2024-26908, CVE-2024-26585, CVE-2021-46904, CVE-2021-46905, CVE-2020-36775, CVE-2021-46909, CVE-2021-46906, CVE-2019-25162, CVE-2024-26606, CVE-2024-26602, CVE-2024-26600, CVE-2023-52469, CVE-2023-52470, CVE-2022-48626, CVE-2024-26597, CVE-2023-52464, CVE-2024-26598, CVE-2024-0340, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2023-52439, CVE-2023-52435, CVE-2023-52443, CVE-2023-46343, CVE-2024-0607, CVE-2024-22705, CVE-2023-46838, CVE-2023-51782, CVE-2023-51781, CVE-2023-51780, CVE-2024-1086, CVE-2024-0584, CVE-2024-0562, CVE-2023-6915, CVE-2024-0646, CVE-2023-6040, CVE-2023-46862, CVE-2023-46813, CVE-2023-6932, CVE-2023-6931, CVE-2023-5178, CVE-2023-5717

This release of Google Distributed Cloud connected contains the following known issues:

  • Refreshed Google Distributed Cloud connected hardware requires Google Distributed Cloud connected software version 1.7.0 or later. The refreshed Google Distributed Cloud connected hardware does not support versions of Google Distributed Cloud connected prior to release 1.7.0.

  • Virtual machine workloads might temporarily go down when upgrading Google Distributed Cloud connected software to release 1.7.0. The virtual machine workloads will go back up and be healthy once the Google Distributed Cloud software upgrade completes.

  • **Cluster upgrades to software release 1.7.0 might fail with an ABM upgrade timed out error. Under certain conditions, if the GKE token expires while a cluster upgrade is in progress, the upgrade fails with an ABM upgrade timed out error and a missing gkehub.memberships.update permission is recorded in the logs. If you encounter this issue, contact Google Support.

  • Storage operations hang when volume replicas are deleted from a cluster without removing the corresponding Symcloud Storage persistent volume intent. If you delete the volume replicas for a Symcloud Storage persistent volume but do not remove the corresponding intent, TCMU devices on the worker node hang, causing storage operations to stall indefinitely. This can affect both your workload data availability as well core system functionality of Google Distributed Cloud connected. To prevent this, you must always remove a Symcloud Storage persistent volume before deleting its associated volume replicas.

  • Virtual machines might not get scheduled onto nodes after their network has been partitioned. When you partition a network, some virtual machines using that network might not get scheduled back onto their node after the node reconnects to the network. To work around this issue, restart the affected virtual machines or contact Google Support.

  • Cluster deletion can fail due to stale Symcloud Storage data. When attempting to delete a cluster during disaster recovery or cluster reset, the deletion might fail due to the corresponding Symcloud Storage volumes not having been cleaned up. To resolve this issue, contact Google Support.

  • Virtual machine management can fail after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you might not be able to manage the virtual machines scheduled on the corresponding nodes after you power the machines back up, even though those virtual machine workloads continue to run. To resolve this issue, contact Google Support.

  • Nodes can get stuck in Ready,SchedulingDisabled state after applying configuration changes. Applying or deleting the NodeSystemConfigUpdate or SriovNetworkNodePolicy resources can result in a node that's stuck in the Ready, Scheduling Disabled state after it reboots. To resolve this issue, see Troubleshoot Google Distributed Cloud connected.

  • The Kubernetes API server might return 404 errors when attempting to access virt-api endpoints. To work around this issue, contact Google Support.

  • Changes required to VMRuntime resource before upgrading to Google Distributed Cloud connected version 1.7.0. To ensure your existing virtual machine workloads successfully upgrade to Google Distributed Cloud connected version 1.7.0, you must modify the VMRuntime resource before upgrading the cluster as described in Upgrade existing virtual machines to Google Distributed Cloud connected version 1.7.0.

  • The containerd daemon state might not be reset after deleting a cluster. In very rare situations, cluster deletion does not reset the state of the containerd daemon. To resolve this issue, contact Google Support.

  • GKE Identity Service (GKE IS) Pods stuck in Failed state after machine reboot. Rebooting a machine might spawn one or more GKE IS (formerly branded as Anthos IS) Pods stuck in a Failed state, even though the GKE IS deployment is healthy and running. This does not impact the cluster nor the GKE IS functionality. Since GKE IS Pods are deployed into a protected namespace, contact Google Support to resolve this issue.

  • Cluster software upgrades might fail. If there are GKE IS pods stuck in a Failed state after a machine reboot, you might experience the following behavior on the affected cluster:

    • Automatic software upgrades never start.
    • Manually initiated software upgrades stall and enter a Paused state.

    Workloads on the cluster continue to run and the cluster remains healthy. To resolve this issue, contact Google Support.

Google Kubernetes Engine

Ray Operator on GKE is now generally available in the Rapid channel. Ray Operator is a GKE add-on that allows you to manage and scale Ray applications. To learn more, see the Ray Operator documentation.

(2024-R23) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

  • Version 1.29.4-gke.1043004 is now the default version.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

Stable channel

  • Version 1.27.13-gke.1070002 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

Regular channel

  • Version 1.29.4-gke.1043004 is now the default version in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

Rapid channel

  • Version 1.30.1-gke.1329003 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329003 with this release.

(2024-R23) Version updates

  • Version 1.29.4-gke.1043004 is now the default version.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

(2024-R23) Version updates

  • Version 1.27.13-gke.1070002 is now the default version in the Stable channel.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.25 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.26.15-gke.1090004 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

(2024-R23) Version updates

  • Version 1.29.4-gke.1043004 is now the default version in the Regular channel.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.25 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.26 to version 1.26.15-gke.1320002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.27.13-gke.1201002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.9-gke.1289002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.4-gke.1043004 with this release.

(2024-R23) Version updates

  • Version 1.30.1-gke.1329003 is now the default version in the Rapid channel.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.5-gke.1091002 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329003 with this release.
Network Intelligence Center

The GKE Enterprise view of Network Topology is generally available. Network Topology now shows the infrastructure of your GKE deployments - clusters, namespaces, workloads, and pods, and their associated metrics.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-pubsub

2.22.0 (2024-07-06)

Features
  • Add service_account_email for export subscriptions (ec0cc34)
  • Add use_topic_schema for Cloud Storage Subscriptions (ec0cc34)
SAP on Google Cloud

New SAP HANA certification: 16 TB X4 bare metal machine type for OLAP workloads

SAP has certified the Compute Engine 16 TB x4-megamem-960-metal machine type for use with SAP HANA OLAP workloads in scale-out configurations with up to 4 nodes.

For more information, see X4 memory-optimized bare metal machine types.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.3 (2024-07-01)

Bug Fixes

July 05, 2024

Access Approval

Access Approval supports Cloud Armor in the Preview stage.

Access Approval supports Cloud DNS in the GA stage.

Access Transparency

Access Transparency supports Cloud Armor in the Preview stage.

Access Transparency supports Cloud DNS in the GA stage.

Access Transparency supports Cloud Router in the GA stage.

Access Transparency supports Google Security Operations SOAR in the GA stage.

Dataflow

The remote code execution vulnerability, CVE-2024-6387, in OpenSSH has been mitigated. A patched Dataflow VM image that includes an updated OpenSSH is available. For more information about how to apply mitigations, see the GCP-2024-040 security bulletin.

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.68
  • 1.2.12
  • 2.0.76
  • 2.2.12
Google SecOps SOAR

Remote Agents Release 2.0.2 is currently in Preview. Note the version number has been changed from 2.0.0 to 2.0.2.

July 04, 2024

Google SecOps SOAR

Release 6.3.10 is now in Preview.

The limit for action result attachments has now been raised to 50 MB. (ID #00294694)

Playbook is stuck in the queue. (ID #51894700)

Issues when importing a custom list which contains duplicated records.

July 03, 2024

Anthos clusters on AWS

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Anthos clusters on Azure

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Cloud Composer

New Cloud Composer 2 environments are gradually switched to using GKE 1.29 and PSC as a connectivity channel to the GKE control plane. The IP address for the PSC endpoint will be taken from the nodes IP range. This change might require using a larger IP range for the nodes when you create an environment.

Cloud Database Migration Service

Database Migration Service for heterogeneous Oracle migrations to AlloyDB for PostgreSQL now supports network connectivity with Private Service Connect for AlloyDB clusters with Private Service Connect enabled. For more information, see Configure Private Service Connect.

Cloud Logging

Agent-installation policies for the Ops Agent are now GA. For more information, see Overview of agent policies for the Ops Agent.

You can now view the estimated number of byte processed along with the validation status of your SQL query when running queries in Log Analytics. You can use this information to understand the relative volume of data that your SQL query will scan.

Cloud Monitoring

Agent-installation policies for the Ops Agent are now GA. For more information, see Overview of agent policies for the Ops Agent.

Dataflow

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. Dataflow jobs might create VMs that use an OS image with versions of OpenSSH that are vulnerable to CVE-2024-6387. For more information, see the GCP-2024-040 security bulletin.

Dataplex

Data Lineage now supports location organization policy. For more information, see Resource locations supported services.

Dataproc

Added Cloud Profiler support in Dataproc Serverless for Spark. Enable profiling via the dataproc.profiling.enabled=true property and configure it via dataproc.profiling.name=<PROFILE_NAME>

New Dataproc on Compute Engine subminor image versions:

  • 2.0.109-debian10, 2.0.109-rocky8, 2.0.109-ubuntu18
  • 2.1.57-debian11, 2.1.57-rocky8, 2.1.57-ubuntu20, 2.1.57-ubuntu20-arm
  • 2.2.23-debian12, 2.2.23-rocky9, 2.2.23-ubuntu22
Google Distributed Cloud (software only) for VMware

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Google Distributed Cloud (software only) for bare metal

Security bulletin (all minor versions)

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. At the time of publication, exploitation is believed to be difficult and take several hours per machine being attacked. We are not aware of any exploitation attempts. This vulnerability has a Critical severity.

For mitigation steps and more details, see the GCP-2024-040 security bulletin.

Google Kubernetes Engine

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that can be used to obtain access to a remote shell, enabling attackers to gain root access. This vulnerability has a Critical severity for GKE. An expedited rollout is in progress to make patch versions available.

For patch versions and mitigation steps, see the GCP-2024-040 security bulletin.

(2024-R22) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

Regular channel

Rapid channel

You can now preload data or container images in new nodes on GKE, enabling faster workload deployment and autoscaling. This feature is Generally Available and production-ready, with support for Autopilot and Terraform. To learn more, see Use secondary boot disks to preload data or container images.

GKE Managed DCGM Metrics Package is now available in Preview for both GKE Standard and Autopilot clusters running version 1.30.1-gke.1204000 and later.

You can now configure Autopilot and Standard clusters to export a predefined list of DCGM metrics emitted by GKE Managed DCGM exporter including metrics for GPU performance, utilization, and I/Os in the GPU node pools with GKE-managed NVIDIA drivers. These metrics are collected by Google Cloud Managed Service for Prometheus. You can view the curated DCGM metrics in the Observability Tab on the Kubernetes Clusters page or in Cloud Monitoring.

For more information, see Collect and view DCGM metrics.

Policy Intelligence

You can use Policy Troubleshooter to troubleshoot principal access boundary policies. This feature is available in Preview.

Spanner

Spanner now allows privileged users to cancel long-running queries. For more information, see GoogleSQL Query cancellation or PostgreSQL Query cancellation.

Multiplexed sessions are now generally available. Multiplexed session is a new session management model which simplifies the pool management in clients. For more information, see Multiplexed sessions.

Vertex AI Agent Builder

Vertex AI Search: On July 6, text-bison@001/answer_gen/v1 is discontinued

As of July 6, 2024, model version text-bison@001/answer_gen/v1 is discontinued.

If you specify text-bison@001/answer_gen/v1 by name in your search requests, replace text-bison@001/answer_gen/v1 with a newer model or with stable.

For more information, see Answer generation model versions and lifecycle.

Vertex AI Search: gemini-1.5-flash-001/answer_gen/v1 for answer generation

Model version gemini-1.5-flash-001/answer_gen/v1 is the stable model for generating answers in Vertex AI Search.

For more information, see Answer generation model versions and lifecycle.

Vertex AI Search: You can't use the Folder option to upload structured data from Cloud Storage

When creating a data store for structured or media data, you must use the File option when importing from a Cloud Storage bucket. Choosing the Folder option results in an error, "Schema preview failed. Requested entity was not found."

To work around this issue, use the File option and upload one file from the folder. After you've created the data store, import the folder contents from the Documents tab of the data store.

July 02, 2024

Apigee X

On July 2, 2024, we published a security bulletin for Apigee.

A remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH. The vulnerability exploits a race condition that could be used to obtain access to a remote shell, enabling attackers to gain root access to GKE or VM nodes.

Security bulletin published: GCP-2024-040

Cloud Billing

Simulate scenarios in FinOps hub to maximize your savings from spend-based CUDs

In the FinOps hub, you can now use a spend-based CUD recommendation as a starting point to simulate various usage scenarios, and customize the recommendation to purchase a CUD that maximizes your savings.

Learn about simulating scenarios for spend-based CUDs.

Cloud Build

Cloud Build is introducing new organization policy constraints.

The default behavior for how Cloud Build uses service accounts in new projects was changed to improve the security posture of our customers going forward. Organizations can opt out of these changes using new organization policy boolean constraints.

To learn more about these changes, see Cloud Build Service Account Change.

Cloud Composer

2024-07-03 Update: Resolution status updated.

The CVE-2024-6387 vulnerability in the OpenSSH package issue was discovered recently. GKE clusters used by Cloud Composer environments are impacted by this vulnerability, and Cloud Composer 1 and 2 environments that use Public IP networking are especially vulnerable to the described issue. For more information about CVE-2024-6387, see Google GKE Security bulletins.

  • Newly created Composer environments should not be impacted by this issue any more

  • Composer-owned GKE clusters will be auto-upgraded to newer GKE versions including the fix for CVE-2024-6387. Other components of Composer environments using older versions of COS images will also be upgraded. These operations will be done in an expedited manner so some of the update operations might be done outside environment's regular maintenance windows.

While Google works on resolving this issue so Composer environments are immune to CVE-2024-6387, you can disallow SSH to the Cloud Composer's cluster nodes through establishing proper firewall rules on the environment's cluster as described in the Google GKE Security bulletins. Follow the steps outlined for GKE.

A new Airflow build is available in Cloud Composer 3:

  • composer-3-airflow-2.7.3-build.7

Cloud Composer 2.8.4 images are available:

  • composer-2.8.4-airflow-2.7.3 (default)
  • composer-2.8.4-airflow-2.6.3

Cloud Composer version 2.3.3 has reached its end of support period.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud SQL for MySQL

Cloud SQL Enterprise Plus edition now supports the southamerica-west1 (Santiago) region.

Cloud SQL for PostgreSQL

Cloud SQL Enterprise Plus edition now supports the southamerica-west1 (Santiago) region.

Cloud Storage

You can now disable soft delete for multiple buckets at a time or for all buckets in a project. To learn more, see Bulk disable soft delete.

Generative AI on Vertex AI

Google's open weight Gemma 2 model is available in Model Garden. For details, see Use Gemma open models.

MaMMUT is now available in Model Garden. MaMMUT is a vision-encoder and text-decoder model for multimodal tasks such as visual question answering, image-text retrieval, text-image retrieval, and generation of multimodal embeddings.

Google Kubernetes Engine

A faulty component in the Persistent Disk CSI (PDCSI) driver may cause mount failures for NVMe block devices on specific GKE clusters. This issue affects machine types that exclusively use the NVMe interface for attached Persistent Disks, such as third-generation machine types, T2A instances, and Confidential VMs. For more details, see About persistent disks.

Impacted GKE versions include:

  • 1.30.2-gke.1023000
  • 1.27.15-gke.1012000
  • 1.27.14-gke.1100000

Mount failures will log errors indicating difficulties verifying and re-linking the GCE Persistent Disk. You will see log errors like this:

"Error when getting device path: rpc error: code = Internal desc = error verifying GCE PD ("$PVC") is attached: failed to find and re-link disk $PVC with udevadm after retrying for 3s: couldn't get serial number for disk $PVC at device path /dev/$NVME_PATH: google_nvme_id failed for device "/dev/$NVME_PATH" with output [**numbers**]: exit status 1"

This issue will be resolved in the next GKE releases. In the meantime, if you are experiencing mount failures, upgrade your cluster to the default version 1.30.1-gke.1329000 for the 1.30 release channel or 1.27.14-gke.1059000 for the 1.27 release channel.

Google SecOps SOAR

Remote Agents Release 2.0.1 is currently in Preview. Note that the version number has changed from 2.0.0 to 2.0.1.

VPC Service Controls

VPC Service Controls feature: Support to programmatically retrieve the list of services that are supported by VPC Service Controls is generally available. Using this feature, you also can retrieve the list of methods and permissions supported by VPC Service Controls for a service.

  • The following changes are made in the output of the gcloud access-context-manager supported-services list command:
    • The field name SUPPORT_STAGE is changed into SERVICE_SUPPORT_STAGE.
    • The status BETA is changed into PREVIEW in the SERVICE_SUPPORT_STAGE field.
    • A new status DEPRECATED is added in the SERVICE_SUPPORT_STAGE field.
  • The field name supportStage is changed into serviceSupportStage in the output of the gcloud access-context-manager supported-services describe command.

July 01, 2024

API Gateway

As of July 1, 2024, API gateways located in asia-east1 are decommissioned and will no longer serve traffic.

Between October 2021 and October 2022, customers with gateways located in asia-east1 were notified of the planned decommissioning and advised to delete or relocate any gateways in this region. A final reminder was sent in May, 2024.

As of July 1, 2024, any remaining gateways located in asia-east1 are fully decommissioned.

Access Approval

Access Approval supports Storage Transfer Service in the Preview stage.

Access Transparency

Access Transparency supports Storage Transfer Service in the Preview stage.

AlloyDB for PostgreSQL

The AlloyDB free trial clusters are now generally available (GA). These clusters let you test the majority of AlloyDB features for up to 30 days through a 8 vCPU basic primary instance along with an optional 8 vCPU read pool instance, and automatically scale storage up to 1TB.

Bare Metal Solution

Performance SSD storage is now available in all Bare Metal Solution regions.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.8.0 (2024-06-19)

Features

Java

Changes for google-cloud-bigquery

2.41.0 (2024-06-25)

Features
  • Add columnNameCharacterMap to LoadJobConfiguration (#3356) (2f3cbe3)
  • Add MetadataCacheMode to ExternalTableDefinition (#3351) (2814dc4)
Bug Fixes
  • Add clustering value to ListTables result (#3359) (5d52bc9)
Dependencies
  • Update actions/checkout action to v4.1.7 (#3349) (0857234)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20240602-2.0.0 (#3273) (7b7e52b)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#3360) (4420996)
  • Update github/codeql-action action to v2.25.10 (#3348) (8b6feff)

Cloud console updates: You can now drag a tab in the details pane to open a new column and compare tabs. You can also drag the tab to a new position in the current or an adjacent column. This feature is in preview.

The following Analytics Hub features are now generally available:

  • Making exchanges and listings publicly discoverable.
  • Highlighting listings in the Featured section of the Analytics Hub catalog.
  • Generating unauthenticated URLs for public listings.

Data publishers can now share Pub/Sub topics and manage subscriptions in Analytics Hub. This feature is in preview.

Capacity Planner

Preview: Capacity Planner displays GPU usage and forecasts of the GPUs in your Google Cloud project or organization. This is useful to plan and optimize your GPU consumption.

For more information, see the following pages:

Cloud Billing

View your Carbon Footprint in the FinOps hub

In the FinOps hub, you can now view the estimated greenhouse gas emissions for your Google Cloud usage by visiting the Carbon Footprint dashboard.

Learn about Carbon Footprint data.

Cloud Interconnect

Partner Cross-Cloud Interconnect for Oracle Cloud Infrastructure is now generally available. It lets you connect any Google Cloud and OCI resources privately with no data transfer charges.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.19.0 (2024-06-26)

Features
  • logging: OpenTelemetry trace/span ID integration for Java logging library (#1596) (67db829)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#1649) (cb428d1)
Cloud Monitoring

You can now create private uptime checks that issue TCP requests. For more information, see Create private uptime checks.

Cloud Service Mesh

New fleets that provision managed Cloud Service Mesh in organizations that have existing fleets with the managed istiod control plane implementation will receive the Traffic Director control plane implementation by default.

If you received a Service Announcement, or requested an exception from your account team, then your organization's default control plane implementation for new fleets continues to be istiod.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.40.1 (2024-06-26)

Bug Fixes
  • Add a workaround to make sure grpc clients' hosts always match their universe domain (#2588) (87bf737)
  • Include x-goog-user-project on resumable upload puts for grpc transport (#2586) (6f2f504)
  • Update grpc bidi resumable uploads to validate ack'd object size (#2570) (5c9cecf)
  • Update grpc finalize on close resumable uploads to validate ack'd object size (#2572) (55a6d15)
  • Update grpc single-shot uploads to validate ack'd object size (#2567) (65c8808)
Dependencies
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240524-2.0.0 (#2565) (d193243)
  • Update dependency com.google.apis:google-api-services-storage to v1-rev20240621-2.0.0 (#2596) (73b8753)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#2597) (25940a4)
Documentation
  • Add Hierarchical Namespace Bucket and Folders samples (#2583) (3030081), closes #2569
  • Remove allowlist note from Folders RPCs (#2593) (82161de)
  • Update DeleteObject Sample to be clearer on object versioning behavior (#2595) (79b7cf0)
Compute Engine

The issue related to creating larger (>90 vCPUs) C3D standard-lssd or highmem-lssd VM instances.

Container Optimized OS

cos-113-18244-85-49

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Upgraded sys-apps/dmidecode to v3.6.

Upgraded dev-embedded/libftdi to v1.5-r7.

Upgraded app-admin/logrotate to v3.22.0.

Upgraded sys-apps/hwdata to v0.383.

Upgraded net-misc/curl to v8.8.0-r1.

Upgraded sys-apps/sed to v4.9-r1.

Upgraded dev-libs/libusb to v1.0.27-r1.

Upgraded sys-block/thin-provisioning-tools to v0.9.0-r4.

Upgraded sys-apps/ethtool to v6.9.

Upgraded sys-apps/grep to v3.11-r1.

Upgraded sys-apps/pv to v1.8.10.

Added tcp_rto_min_us sysctl.

Upgraded dev-lang/go to v1.21.11. This fixes CVE-2024-24790 and CVE-2024-24789.

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-36901 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812039 -> 812035

Fixed CVE-2024-6387 in net-misc/openssh.

cos-109-17800-218-69

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-36901 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812261 -> 812270

Fixed CVE-2024-6387 in net-misc/openssh.

cos-105-17412-370-67

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-35195 in dev-python/requests.

Fixed CVE-2024-38662 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000
  • Changed: fs.file-max: 812707 -> 812700

Fixed CVE-2024-6387 in net-misc/openssh.

cos-101-17162-463-55

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-38662 in the Linux kernel.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_rto_min_us: 200000

Fixed CVE-2024-6387 in net-misc/openssh.

Dataflow

Dataflow batch jobs are now cancelled after ten days. Previously, they were cancelled after 30 days. See Quotas and limits.

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for dataflow/apiv1beta3

0.9.8 (2024-06-26)

Bug Fixes
  • dataflow: Enable new auth lib (b95805f)
Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/datastore

9.1.0 (2024-06-24)

Features
Bug Fixes

Java

Changes for google-cloud-datastore

2.20.2 (2024-06-28)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#1492) (d940c93)
Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26923) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-039 security bulletin.

Google Distributed Cloud (software only) for bare metal

Release 1.16.10

Google Distributed Cloud for bare metal 1.16.10 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.16.10 runs on Kubernetes 1.27.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Fixes:

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

The following container image security vulnerabilities have been fixed in 1.16.10:

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Migrate to Virtual Machines

Generally available: Migrate to Virtual Machines lets you import a virtual disk image to a Compute Engine image. If you have virtual disk images with software and configurations that you need, you can save time by importing these virtual disk images to Compute Engine images, and use this image to create virtual machine instances or persistent disks.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.40.0 (2024-06-26)

Features
  • pubsub: Add client ID to initial streaming pull request (#10436) (a3d70ed)
  • pubsub: Add use_topic_schema for Cloud Storage Subscriptions (d6c543c)

Java

Changes for google-cloud-pubsub

1.131.0 (2024-06-25)

Features
  • Add use_topic_schema for Cloud Storage Subscriptions (#2082) (11d67d4)
Dependencies
  • Update dependency com.google.cloud:google-cloud-core to v2.40.0 (#2087) (26b01c9)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.32.0 (#2088) (aebc3ed)

Public preview: Data publishers can now share Pub/Sub topics and manage subscriptions in Analytics Hub.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.13.2 (2024-06-26)

Bug Fixes
  • secretmanager: Enable new auth lib (b95805f)
Security Command Center

Working with findings and resources in the Security Operations console

Security Command Center Enterprise customers can now work with findings and affected resources using the Security Operations console. For example, you can do the following in the Security Operations console:

  • Filter for findings and resources based on different attributes.
  • Fine-tune your queries.
  • View the details of specific findings and resources.
  • View high-value resources and their attack exposure scores.
  • View the changes to a resource.

This feature is available in Preview.

For more information, see the following:

Sensitive Data Protection

The BELARUS_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Vertex AI Agent Builder

Vertex AI Search: Filter search results by relevance (Public preview)

Each document returned by a search query is given an estimated level of relevance to the query. When you make a query through an API call, you can set a relevance threshold.

Setting a high relevance threshold can greatly reduce the number of documents returned by a query. You can experiment with low, medium, and high thresholds to find the right level for your users.

Filter by relevance is available in Public preview.

For more information, see Filter searches by document-level relevance.

Vertex AI Search: Healthcare search using natural language query with generative AI answers (GA with allowlist)

Healthcare data search using natural language query with generative AI answer is Generally available to select Google customers (GA with allowlist).

For more information, see Search using natural language query with generative AI answer.

June 30, 2024

Dataproc Metastore

Dataproc Metastore managed migrations is generally available (GA)

Dataproc Metastore autoscaling is generally available (GA)

Google Cloud Architecture Center

(New guide) From edge to multi-cluster mesh: Globally distributed applications exposed through GKE Gateway and Cloud Service Mesh: Describes exposing applications externally through Google Kubernetes Engine (GKE) Gateways running on multiple GKE clusters within a service mesh.

(New guide) From edge to multi-cluster mesh: Deploy globally distributed applications through GKE Gateway and Cloud Service Mesh: Provides the steps needed to deploy applications externally through Google Kubernetes Engine (GKE) Gateways running on multiple GKE clusters within a service mesh.

June 28, 2024

Access Context Manager

Generally available: You can now use an internal IP address when specifying an IP address range in basic access levels.

For more information, see Creating a basic access level.

Access Transparency

Access Transparency supports Pub/Sub in the GA stage.

Access Transparency supports Dataform in the GA stage.

Access Transparency supports Cloud Build in the GA stage.

Anthos Attached Clusters

This release includes the following GKE attached clusters platform versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26923

For more information, see the GCP-2024-039 security bulletin.

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26923

For more information, see the GCP-2024-039 security bulletin.

Apigee hybrid

hybrid v1.12.1

On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.12.1.

Bug ID Description
347798999 Fixed an issue preventing configuration of forward proxies for OpenTelemetry collector pods.
345501069 Fixed issue with Hybrid Guardrails resource configuration preventing the Guardails pod from starting.
341797795 Autofill the Hybrid Guardrails checkpoint value if a checkpoint is not provided.
340248314 Added support for targetCPUUtilizationPercentage to apigeeIngressGateway and ingressGateways. The default value is 75.
324779388 Improved error handling for backup and restore.
311489774 Removed inclusion of Java in Cassandra client image..
310338146 Fixed invalid download directory output from the create-service-account tool.
300135626 Removed inclusion of Java in Cassandra Backup Utility image.
239523766 Remove "Unable to evaluate jsonVariable, returning null" logging string from ExtractVariables Policy
Bug ID Description
345791712 Security fix for fluent-bit.
This addresses the following vulnerability:
335910066 Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerability:
335909737 Security fixes for apigee-asm-ingress.
This addresses the following vulnerabilities:
335909397 Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
335908990 Security fixes for apigee-asm-istiod.
This addresses the following vulnerabilities:
335908985 Security fix for apigee-prometheus-adapter.
This addresses the following vulnerabilities: .
335908657 Security fixes for apigee-prom-prometheus.
This addresses the following vulnerabilities:
335908139 Security fix for fluent-bit.
This addresses the following vulnerability:
332821083 Security fix for apigee-operators.
This addresses the following vulnerability:
317528509 Security fixes for apigee-synchronizer.
This addresses the following vulnerabilities:
308835165 Security fix for apigee-synchronizer.
This addresses the following vulnerability:
N/A Security fixes for apigee-asm-ingress.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-asm-istiod.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-cassandra-backup-utility.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-stackdriver-prometheus-sidecar.
This addresses the following vulnerabilities:

hybrid 1.11.2-hotfix.1

On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.11.2-hotfix.1.

Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.11.2, Apply this hotfix with the following steps:

  1. In your overrides file, update the ao.image url and tag: 

    ao:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-operators"
    tag: "1.11.2-hotfix.1"

  2. Install the hotfix release:

    • For Helm-managed releases, update the apigee-operator with the helm upgrade command and your current overrides files: 

      helm upgrade operator apigee-operator/ \
  --namespace apigee-system \
  --atomic \
  -f overrides.yaml

    • For apigeectl-managed releases, install the hotfix release with apigeectl init using your updated overrides files: 

      ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client

      Followed by:

      ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE
Bug ID Description
347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics.

hybrid 1.10.5-hotfix.1

On June 28, 2024 we released an updated version of the Apigee hybrid software, 1.10.5-hotfix.1.

Note: This release reflects a change to the Helm chart templates and not a change to the images. If your hybrid installation is currently on Apigee hybrid v1.10.5, Apply this hotfix with the following steps:

  1. In your overrides file, update the ao.image url and tag: 

    ao:
  image:
    url: "gcr.io/apigee-release/hybrid/apigee-operators"
    tag: "1.10.5-hotfix.1"

  2. Install the hotfix release with apigeectl init using your updated overrides files: 

    ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE --dry-run=client

    Followed by:

    ${APIGEECTL_HOME}/apigeectl init -f OVERRIDES_FILE
Bug ID Description
347997965 Upgrading to Apigee Hybrid 1.11.2 and 1.10.5 can cause missing metrics.
Cloud Data Fusion

The Cloud Storage Multi File sink plugin version 0.23.2 is available in Cloud Data Fusion version 6.10.1 and later. The release fixes an issue in the Cloud Storage Multi File sink causing pipelines to fail when the Flexible schema property was set to true (PLUGIN-1780).

Cloud Functions

Cloud Functions 1st gen and 2nd gen now support custom service accounts for Cloud Build at the General Availability release level.

Cloud Storage

You can now specify the Frankfurt, Germany (europe-west3) and Paris, France (europe-west9) regions when using regional endpoints.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.108-debian10, 2.0.108-rocky8, 2.0.108-ubuntu18
  • 2.1.56-debian11, 2.1.56-rocky8, 2.1.56-ubuntu20, 2.1.56-ubuntu20-arm
  • 2.2.22-debian12, 2.2.22-rocky9, 2.2.22-ubuntu22

Backported fixes for HIVE-25958 and HIVE-20220 (new configuration hive.groupby.enable.deterministic.distribution=false/true).

Firestore

Scheduled backups are now available in GA.

Firestore in Datastore mode

Scheduled backups are now available in GA.

Generative AI on Vertex AI

The following models have been added to Model Garden:

For more information, see the Hugging Face model deployment in the console.

Launched Hex-LLM for high-efficiency large language model serving. This performant TPU serving solution is based on XLA and optimized kernels to achieve high throughput and low latency.

Hex-LLM uses several parallelism strategies for multiple TPU chips, quantizations, dynamic LoRA, and more. Hex-LLM supports the following dense and sparse LLMs:

  • Gemma 2B and 7B
  • Gemma 2 9B and 27B
  • Llama 2 7B, 13B and 70B
  • Llama 3 8B and 70B
  • Mistral 7B and Mixtral 8x7B
  • Updated Docker images in Llama 3 notebooks that are more efficient at tuning.
  • A notebook-based interactive workshop UI was added in Model Garden for image generative models such as stable-diffusion-xl-base, image inpainting, controlnet. You can find these models from the Open Notebook list.
  • Colab Notebooks for frequently used models in Model Garden have been revised with no-code or low-code implementations to improve accessibility and user experience.
Google Cloud Architecture Center

(New guide) Migrate from AWS to Google Cloud: Migrate from Amazon RDS for SQL Server to Cloud SQL for SQL Server: Describes how to design, implement, and validate a plan to migrate from Amazon Relational Database Service (RDS) to Cloud SQL for SQL Server.

Google Cloud Deploy

You can now set the logging level to debug, or the equivalent, for Skaffold, gcloud, and kubectl, using the verbose flag in each target's execution environment.

Google Kubernetes Engine

Resource requests for anetd Pods have been increased from 200mil CPU and 110m memory to 205mil CPU and 230m memory. In some cases, if the CPU and memory budgets on the nodes are limited, GKE might evict workloads to facilitate anetd during control plane upgrades. This can occur if your clusters are being upgraded from earlier versions to one of the following versions:

  • 1.28.5-gke.1217000 and later
  • 1.29 and later
  • 1.30 and later

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26923

For more information, see the GCP-2024-039 security bulletin.

Google SecOps SOAR

Release 6.3.8 is now in General Availability.

Remote Agents Release 2.0.1 is now in General Availability. Note that the version number has changed from 2.0.0 to 2.0.1.
This Release Note is incorrect; see entry for July 2, 2024.

Identity-Aware Proxy

On February 14, 2024, the Cloud Audit Logging (CAL) type was inadvertently changed from DATA_ACCESS to ADMIN_ACTIVITY. This change causes a change in the log name and log bucket location for the UpdateIapSettings and ValidateIapAttributeExpression methods.

The CAL type has been changed back to DATA_ACCESS.

Sensitive Data Protection

Terraform support

You can now use Terraform to create and manage scan configurations. Terraform management of discovery scan configurations is supported for BigQuery data, Cloud SQL data, and secrets in Cloud Functions environment variables. For a detailed reference document about Terraform resources, see data_loss_prevention_discovery_config in the Terraform documentation.

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-spanner

6.68.0 (2024-05-27)

Features
  • Allow passing libraries_bom_version from env (#1967) (#3112) (7d5a52c)
  • Allow DML batches in transactions to execute analyzeUpdate (#3114) (dee7cda)
  • spanner: Add support for Proto Columns in Connection API (#3123) (7e7c814)
Bug Fixes
  • Allow getMetadata() calls before calling next() (#3111) (39902c3)
Dependencies
  • Update dependency org.graalvm.buildtools:native-maven-plugin to v0.10.2 (#3117) (ddebbbb)

6.69.0 (2024-06-12)

Features
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.31.0 (#3159) (1ee19d1)

Python

Changes for google-cloud-spanner

3.47.0 (2024-05-22)

Features
Vertex AI

Vertex AI custom training on TPU VMs support customer managed encryption keys (CMEK).

Virtual Private Cloud

Bring your own IP does not support creating BYOIP addresses in Shared VPC service projects. This limitation is documented, but was previously not enforced. Enforcement has been added to prevent the creation of BYOIP addresses in service projects. If you're using bring your own IP with Shared VPC, use the project architecture described in BYOIP addresses administration with Shared VPC.

June 27, 2024

Anthos Config Management

Reverted an undocumented change to a metric name. The Cloud Monitoring metric current_declared_resources (introduced in version 1.16.1) has been renamed to its original name, declared_resources. For reference see Monitor Config Sync with Cloud Monitoring.

Upgraded the Open Telemetry image from v0.99.0 to v0.102.0 to pick up vulnerability fixes. To understand the changes in each release, review the full changelog for opentelemetry-collector-contrib.

Resolved an issue that prevented the declared_resources metric from decrementing when an object became unmanaged by Config Sync.

Apigee Advanced API Security

On June 27, 2024 we released a new version of Advanced API Security

Rollouts of this feature are ongoing and will take multiple days to complete across all Google Cloud zones. You might not be able to use the functionality until the rollout is complete.

Preview release of generative AI incident report summaries

This release introduces the preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents. The new generative AI features are available for all Advanced API Security-enabled projects and do not require the Gemini Code Assist add-on.

For usage information, see the Abuse Detection customer documentation.

Apigee X

On June 27, 2024, we released an updated version of Apigee.

Apigee is now available in new regions:

  • Europe - Berlin (europe-west10)
  • Africa - Johannesburg (africa-south1)

See Apigee locations for more information about available regions.

Backup for GKE

Backup for GKE now supports creating a backup plan when creating a cluster.

BigQuery

You can now use tags on BigQuery tables to conditionally grant or deny access with Identity and Access Management (IAM) policies. This feature is generally available (GA). You can also attach tags to BigQuery datasets during dataset creation to conditionally grant or deny access with IAM policies.

Cloud Functions

To simplify searches and improve your documentation experience, we have split the 1st generation and 2nd generation documentation into separate documentation sets.

Cloud Run

The following IAM roles are now available in preview:

Cloud Service Mesh

1.21.4-asm.0 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for a security vulnerability where the Datadog tracer does not handle trace headers with unicode characters. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.4-asm.0 uses Envoy v1.29.6.

Dialogflow

Dialogflow ES: As of May 27 2024, Twilio no longer supports integrations with Dialogflow ES. For more details and information about migrating to Dialogflow CX, see the Twilio documentation.

Dialogflow CX: The gemini-1.5-flash generative model is now available for the generators feature.

Generative AI on Vertex AI

Context caching is available for Gemini 1.5 Pro. Use context caching to reduce the cost of requests that contain repeat content with high input token counts. For more information, see Context caching overview.

Google Cloud Armor

Cloud Armor supports IP address groups in Preview.

Google Cloud Deploy

Cloud Deploy now supports deploying using a proxy for Google Kubernetes Engine targets. Learn more.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud for VMware 1.29.200-gke.242 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.200-gke.242 runs on Kubernetes v1.29.5-gke.800.

If you are using a third-party storage vendor, check the GDCV Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

The following issues are fixed in 1.29.200-gke.242:

  • Fixed the known issue that caused cluster creation to fail because the control plane VIP was in a different subnet from other cluster nodes.
  • Fixed the known issue where the Binary Authorization webook blocked the CNI plugin, which caused user cluster creation to stall.
  • Fixed the known issue that caused the Connect Agent to lose connection to Google Cloud after a non-HA to HA admin cluster migration.
  • Fixed the known issue that caused an admin cluster upgrade to fail for clusters created on versions 1.10 or earlier.
  • Added back the CNI binaries to the OS image so that multiple network interfaces with standard CNI will work (see this known issue).

The following vulnerabilities are fixed in 1.29.200-gke.242:

High-severity container vulnerabilities:

Container-optimized OS vulnerabilities:

Ubuntu vulnerabilities:

Google Distributed Cloud (software only) for bare metal

Release 1.29.200-gke.243

Google Distributed Cloud for bare metal 1.29.200-gke.243 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.200-gke.243 runs on Kubernetes 1.29.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

Functionality changes:

  • Updated registry mirror support to allow you to specify a port for host addresses.

  • Updated the networking preflight check to verify that either the ip_tables or the nf_tables kernel module is available for loading, instead of being explicitly loaded.

  • Added support for Red Hat Enterprise Linux 8.10 for Google Distributed Cloud software version 1.29.200-gke.243 and higher.

Fixes:

  • Fixed an issue where upgraded clusters didn't get label updates that match the labels applied for newly created clusters, for a given version.

  • Fixed an issue where service accounts created by using the --create-service-accounts flag with the bmctl create config command don't have enough permissions.

The following container image security vulnerabilities have been fixed in 1.29.200-gke.243

Known issues:

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26924

For more information, see the GCP-2024-038 security bulletin.

Google SecOps SOAR

Release 6.3.9 is currently in Preview.

Case List preferences are now saved permanently per user. This includes column selection, order of columns, and sorting within columns.

Environment table column width display issue when using dynamic parameters with many characters (ID #51611835)

Editing or saving any step in the playbook resets the view to zoom out (ID #00162859, #48257046)

Managed Kafka

Client library samples for Java and Go are now added to all relevant pages. For more information, see Apache Kafka for BigQuery client libraries.

Network Connectivity Center

Route exchange with VPC spokes is now available in public preview.

This feature lets you lets you connect VPC spokes and hybrid spokes, such as Cloud Interconnect VLAN attachments, HA VPN tunnels, and Router appliance VMs on the same hub.

SAP on Google Cloud

New SAP certification: 16 TB X4 bare metal machine type

The Compute Engine memory-optimized bare metal machine type x4-megamem-960-metal is generally available (GA) and certified by SAP for use with SAP HANA scale-up (OLAP and OLTP) and SAP NetWeaver workloads.

For more information, see:

Google Cloud's Agent for SAP version 3.4

Version 3.4 of Google Cloud's Agent for SAP is generally available (GA). This version introduces a workload performance diagnostic tool, and enhancements to the Backint and disk snapshot features.

For more information, see What's new with Google Cloud's Agent for SAP.

Sensitive Data Protection

The INDIA_PASSPORT infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

If you set InfoType.version to latest when including the PHONE_NUMBER infoType in your InspectConfig, Sensitive Data Protection will now include US_TOLLFREE_PHONE_NUMBER findings as type PHONE_NUMBER in the scan results.

You can still use the old functionality by setting InfoType.version to stable or leaving it unset when using the PHONE_NUMBER infoType. In 30 days, the new functionality will be promoted to stable.

VPC Service Controls

VPC Service Controls feature: Support for using an internal IP address to allow access to protected resources is generally available.

For more information, see Allow access to protected resources from an internal IP address. Make sure that you read the updated Limitations section before using this feature.

Vertex AI Agent Builder

Vertex AI Search: Connect BigQuery datasets to Vertex AI Search (Public preview)

You can create Vertex AI Search data stores that periodically sync with data in BigQuery datasets. You can choose how often you want to update your data stores: every day, every 3 days, or every 5 days.

Synchronizing BigQuery data to Vertex AI Search is available in Public preview.

For more information, see Import from BigQuery.

June 26, 2024

Anthos clusters on AWS

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2023-52654
  • CVE-2023-52656

For more information, see the GCP-2024-041 security bulletin.

Anthos clusters on Azure

The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes:

  • CVE-2024-26924

For more information, see the GCP-2024-038 security bulletin.

Apigee X

On June 26, 2024, we released an updated version of Apigee (1-12-0-apigee-7).

Bug ID Description
N/A Upgraded infrastructure and libraries.

These issues were fixed in 1-12-0-apigee-4-hotfix and are included in this release:

Bug ID Description
337876238, 330314128, 333762214 Resolved issues resulting in an increase in 404/503 responses.

Upgraded storage for the Apigee router to the latest version to resolve 404 responses.

Adjusted traffic weight and delays in the older replica set to handle traffic divergence during the release process to address any 5xx responses.
335832119 Fixed 404 errors caused during Apigee instance update/rollback.
255772956 Turned off asynchronous services callout when the <Response> element is not present due to inconsistent scaling of runtime pods.
338717278 Reverted problematic commit to address thread pool exhaustion.
App Hub

App Hub support is available in the asia-east2 (Hong Kong) and europe-west3 (Frankfurt, Germany) regions.

Cloud Logging

You can now analyze your billable log volume when using Log Analytics. This feature is in Public Preview. For more information, see Analyze log volume with Log Analytics.

Cloud Monitoring

You can now configure your dashboards to show disruptions in Google Cloud Services. This feature is GA. For more information, see the following pages:

Dataproc

New Dataproc Serverless for Spark runtime versions:

  • 1.1.67
  • 1.2.11
  • 2.0.75
  • 2.2.11

Dataproc Serverless for Spark: To fix compatibility with open table formats (Apache Iceberg, Apache Hudi and Delta Lake), the ANTLR version downgraded from 4.13.1 to 4.9.3 in Dataproc Serverless for Spark runtime versions 1.2 and 2.2.

Google Distributed Cloud (software only) for VMware

A vulnerability (CVE-2024-26924) was discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes.

For more information, see the GCP-2024-038 security bulletin.

Google Kubernetes Engine

(2024-R21) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

No channel

Stable channel

  • Version 1.27.13-gke.1070000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062004
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069000 with this release.

Regular channel

Rapid channel

  • Version 1.30.1-gke.1329000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1436000
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1093000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1141000
    • 1.29.5-gke.1121000
    • 1.29.5-gke.1192000
    • 1.30.1-gke.1156000
    • 1.30.1-gke.1500000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329000 with this release.

(2024-R21) Version updates

  • Version 1.30.1-gke.1329000 is now the default version in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.26.15-gke.1390000
    • 1.26.15-gke.1436000
    • 1.27.14-gke.1042000
    • 1.27.14-gke.1093000
    • 1.28.10-gke.1075000
    • 1.28.10-gke.1141000
    • 1.29.5-gke.1121000
    • 1.29.5-gke.1192000
    • 1.30.1-gke.1156000
    • 1.30.1-gke.1500000
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.25 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.26 to version 1.26.15-gke.1404000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.27.14-gke.1059000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.10-gke.1089000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.1-gke.1329000 with this release.

(2024-R21) Version updates

(2024-R21) Version updates

  • Version 1.27.13-gke.1070000 is now the default version in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.27.11-gke.1062004
    • 1.28.9-gke.1000000
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.26 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.27.13-gke.1070000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.9-gke.1069000 with this release.

(2024-R21) Version updates

Google SecOps

You can use the BindPlane agent to collect Windows event logs, query SQL databases, read logs from files, and receive logs using syslog. The agent sends data directly to the Google Security Operations ingestion API or to a Google SecOps forwarder. For more information, see Use the BindPlane agent.

Google SecOps SIEM

You can use the BindPlane agent to collect Windows event logs, query SQL databases, read logs from files, and receive logs using syslog. The agent sends data directly to the Google Security Operations ingestion API or to a Google SecOps forwarder. For more information, see Use the BindPlane agent.

June 25, 2024

AlloyDB for PostgreSQL

AlloyDB Omni version 15.5.4 is generally available (GA). This version includes the following features and changes:

  • The simplified installation method for AlloyDB Omni is now generally available (GA). You can install and manage your AlloyDB Omni installation using common container-management tools such as Docker. For information on upgrading an existing AlloyDB Omni installation, see Migrate from an earlier version of AlloyDB Omni to the latest version.
  • AlloyDB Omni supports the Podman container tool on Red Hat Enterprise Linux (RHEL).
  • Support for Arm-based architectures is now available in Preview.
  • Various bug fixes and performance improvements.
BigQuery

You can now use the BigQuery JupyterLab plugin to explore your data, use BigQuery DataFrames in a Jupyter notebook, and deploy a BigQuery DataFrames notebook to Cloud Composer. This feature is in preview.

Cloud Build

Cloud Build support for Supply-chain Levels for Software Artifacts (SLSA) version 1.0 compliant provenance is now generally available to help you safeguard your automated build pipelines.

Build provenance is verifiable metadata that you can use to audit builds. Cloud Build can generate provenance aligned with the SLSA v1.0 spec when you use the option requestedVerifyOption with triggered builds.

Learn how to use build provenance in Cloud Build.

Cloud Composer

Cloud Composer is now available in Johannesburg (africa-south1).

Cloud Logging

Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). For more information, see Operating systems.

Cloud Monitoring

Ops Agent version 2.48.0 introduces support for Compute Engine VMs that are running Deep Learning VM Images based on Debian 11 (Bullseye). For more information, see Operating systems.

Config Controller

Config Controller is now supported in regions europe-west8, us-central2 and us-east7.

Config Controller now uses the following versions of its included products:

Dataproc

The Dataproc Component Gateway is now activated by default when you create a Dataproc on Compute Engine cluster using the Google Cloud console.

Generative AI on Vertex AI

Controlled generation is available on Gemini 1.5 Pro and supports the JSON schema. For more information, see Control generated output.

Google Cloud Armor

Cloud Armor support for Layer 7 filtering in globally scoped edge security policies for Media CDN is now Generally Available.

Media CDN

Globally scoped Cloud Armor edge security policies for Layer 7 filtering are now Generally Available. For an example, see Example: Deny requests for cached content with specific headers.

NetApp Volumes

NetApp Volumes now supports committed use discounts (CUDs). For more information, see NetApp Volumes committed use discounts.

Security Command Center

Introducing the Security Command Center Risk Engine

Security Command Center introduces Risk Engine as the name of the functionality that provides attack path simulations, attack exposure scores, attack path visualizations, and toxic combination findings.

For more information, see Assess risk with Risk Engine.

Toxic combination findings release to Preview

In the Enterprise tier of Security Command Center, the Risk Engine generates a finding when it detects a toxic combination during attack path simulations. A toxic combination is a group of security issues that, when they occur together in a particular pattern, create a path to one or more of your high-value resources.

The toxic combinations features introduces a new finding class, Toxic combination, and adds new fields in the Finding object to hold information about toxic combinations.

For more information, see Overview of toxic combinations.

UPDATE: The Preview release of the toxic combination feature is being rolled out to customers in stages. You might not receive toxic combination findings or see the new features in the Security Operations console for up to two weeks.

The release note for the toxic combination feature published on June 25, 2024 was updated to explain the staged release of the feature.

Install new version of the Security Command Center Enterprise use case

The installation and configuration of a new version of the SCC Enterprise - Cloud Orchestration & Remediation use case in the Security Operations console is required for the toxic combination functionality of Security Command Center Enterprise. The new use case, identified by date, June 25, 2024, introduces new widgets, new playbooks, and other enhancements to support the management of toxic combination findings and cases in the Security Operations console.

For installation instructions, see Update Enterprise use case, June 2024.

June 24, 2024

Access Approval

Access Approval supports Apigee in the GA stage.

Access Transparency

Access Transparency supports Apigee in the GA stage.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigquery

3.25.0 (2024-06-17)

Features
  • Add prefer_bqstorage_client option for Connection (#1945) (bfdeb3f)
  • Support load job option ColumnNameCharacterMap (#1952) (7e522ee)
Bug Fixes
  • Do not overwrite page_size with max_results when start_index is set (#1956) (7d0fcee)
Certificate Authority Service

Certificate Authority Service is now available in the following region:

  • africa-south1

For more information, see Certificate Authority Service locations.

Cloud Billing

Avoid getting charged for idle Compute Engine reservations in the FinOps hub

You can now get recommendations to modify or delete your idle, on-demand reservations for Compute Engine resources when you haven't consumed any resources for at least 7 days.

Learn about idle reservation recommendations.

Cloud Functions

Cloud Functions (2nd gen) now supports fully automatic security updates. For details, see the document Execution environment security.

Cloud Logging

Gauges and scorecards are now available to visualize the results of your SQL queries. For more information, see Chart query results with Log Analytics.

Cloud Monitoring

You can now configure your dashboards to show when incidents were opened. For more information, see Alert events.

Cloud SQL for MySQL

You can now upgrade the network architecture of Cloud SQL for MySQL instances that store transaction logs used for point-in-time recovery (PITR) in Cloud Storage. The previous limitation on upgrade of such instances is removed. To check where your MySQL instance stores its PITR logs, see Check the storage location of transaction logs used for PITR.

For more information about upgrading your network architecture, see Upgrade an instance to the new network architecture.

Container Optimized OS

cos-dev-117-18514-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.34 v24.0.9 v2.0.0rc2 v535.183.01(default),v550.90.07(latest)

Disabled default automatic updates. Automatic updates must now be explicitly enabled by setting the cos-update-strategy metadata to "update_enabled".

Updated R550, latest driver to v550.90.07.This fixes CVE‑2024‑0090, CVE‑2024‑0091 and CVE‑2024‑0092.

Updated R535, default driver to v535.183.01.This fixes CVE‑2024‑0090 and CVE‑2024‑0092.

Runtime sysctl changes:

  • Added: net.ipv4.tcp_backlog_ack_defer: 1
  • Changed: fs.epoll.max_user_watches: 1809452 -> 1809007
  • Changed: fs.fanotify.max_user_marks: 67560 -> 67544
  • Changed: fs.file-max: 811880 -> 811785
  • Changed: fs.inotify.max_user_watches: 63441 -> 63425
  • Changed: kernel.threads-max: 63503 -> 63487
  • Changed: net.core.optmem_max: 20480 -> 131072
  • Changed: net.ipv4.tcp_mem: 94065 125423 188130 -> 94041 125391 188082
  • Changed: net.ipv4.udp_mem: 188133 250847 376266 -> 188085 250783 376170
  • Changed: user.max_cgroup_namespaces: 31751 -> 31743
  • Changed: user.max_fanotify_marks: 67560 -> 67544
  • Changed: user.max_inotify_watches: 63441 -> 63425
  • Changed: user.max_ipc_namespaces: 31751 -> 31743
  • Changed: user.max_mnt_namespaces: 31751 -> 31743
  • Changed: user.max_net_namespaces: 31751 -> 31743
  • Changed: user.max_pid_namespaces: 31751 -> 31743
  • Changed: user.max_time_namespaces: 31751 -> 31743
  • Changed: user.max_user_namespaces: 31751 -> 31743
  • Changed: user.max_uts_namespaces: 31751 -> 31743
  • Changed: vm.lowmem_reserve_ratio: 256 256 32 0 -> 256 256 32 0 0

cos-105-17412-370-61

Kernel Docker Containerd GPU Drivers
COS-5.15.154 v23.0.3 v1.7.15 v470.256.02(default),v550.90.07(latest)

Fixed CVE-2024-26584 in the Linux kernel.

Fixed CVE-2024-26583 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812704 -> 812707

Fixed a crash in the Linux kernel.

cos-113-18244-85-39

Kernel Docker Containerd GPU Drivers
COS-6.1.90 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Added support for TPU v6 devices.

Runtime sysctl changes:

  • Changed: fs.file-max: 812036 -> 812039

Fixed a crash in the Linux kernel.

cos-109-17800-218-62

Kernel Docker Containerd GPU Drivers
COS-6.1.85 v24.0.9 v1.7.15 v535.183.01(default),v550.90.07(latest),v470.256.02(R470 for compatibility with K80 GPUs)

Runtime sysctl changes:

  • Changed: fs.file-max: 812259 -> 812261

Fixed a crash in the Linux kernel.

cos-101-17162-463-51

Kernel Docker Containerd GPU Drivers
COS-5.15.155 v20.10.27 v1.6.28 v470.256.02(default),v550.90.07(latest)

Fixed upload throughput in gVisor container in gVNIC.

Fixed a crash in the Linux kernel.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.107-debian10, 2.0.107-rocky8, 2.0.107-ubuntu18
  • 2.1.55-debian11, 2.1.55-rocky8, 2.1.55-ubuntu20, 2.1.55-ubuntu20-arm
  • 2.2.21-debian12, 2.2.21-rocky9, 2.2.21-ubuntu22
Google SecOps

You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. For more information about onboarding, see Onboarding or migrating a Google Security Operations instance.

During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features. For more information, see Link Google SecOps to Google Cloud services.

Google SecOps SIEM

You can now configure Cloud Identity or Google Workspace as an identity provider during the Google Security Operations onboarding steps. For more information about onboarding, see Onboarding or migrating a Google Security Operations instance.

During the Google Security Operations onboarding steps, you can now specify identity provider groups that include administrators who configure user access to SOAR-related features. For more information, see Link Google SecOps to Google Cloud services.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.39.0 (2024-06-18)

Features
  • pubsub/pstest: Add support to register other servers into grpc.Server (#9722) (db8216e)
  • pubsub: Add service_account_email for export subscriptions (92dc381)
  • pubsub: Batch receipt modacks (#10234) (4c2cd10)
  • pubsub: Make lease management RPCs concurrent (#10238) (426a8c2)
Bug Fixes

Python

Changes for google-cloud-pubsub

2.21.5 (2024-06-20)

Bug Fixes

2.21.4 (2024-06-18)

Documentation
  • samples: Add code sample for optimistic subscribe (#1182) (d8e8aa5)
Sensitive Data Protection

The RELIGIOUS_TERM infoType detector is available in Preview in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

A new detection model is available for the ORGANIZATION_NAME infoType detector. The new model offers improved detection quality. You can try it out by setting InfoType.version to latest when including the ORGANIZATION_NAME infoType in your InspectConfig.

You can still use the old model by setting InfoType.version to stable or leaving it unset when using the ORGANIZATION_NAME infoType. In 30 days, the new model will be promoted to stable.

Vertex AI Agent Builder

Vertex AI Search: Check ingested data quality for media recommendations (Public preview)

You can check the quality of your ingested data for media recommendations.

By running the Public preview requirements:checkRequirement method, you find out if your data store meets the minimum quality requirements for your recommendations app. If your data doesn't meet the minimum threshold for the key metrics for your model and objective, you receive a warning about the issues. Address the issues and rerun the check.

For more information, see Check data quality for media recommendations.

June 21, 2024

BigQuery

The BigQuery migration assessment for Amazon Redshift is now generally available (GA). You can use this feature to assess the complexity of migrating from your Amazon Redshift data warehouse to BigQuery.

Cloud SQL for PostgreSQL

You can now use the in-place major version upgrade feature to upgrade your Cloud SQL for PostgreSQL instance to PostgreSQL 16.

Dataflow

Dataflow SQL is deprecated. As of July 31, 2024, you can't access Dataflow SQL in the Google Cloud console. As of January 31, 2025, you can't use Dataflow SQL in the Google Cloud CLI. As a replacement, use Beam SQL.

Dataform

The 3.0.0 version of the open-source Dataform framework is available.

The workflow_settings.yaml file, which was introduced in Dataform Core 3.0.0-beta.0, replaces dataform.json.

You can specify the Dataform Core version directly in the workflow_settings.yaml file, which removes the need for package.json for most repositories. To have package dependencies other than @dataform/core, the package.json file is still required.

No immediate action to convert existing Dataform code is required. You can continue to use dataform.json and package.json in existing repositories.

You can convert your dataform.json file into workflow_settings.yaml by following the instructions in the 3.0.0 GitHub release.

New repositories use workflow_settings.yaml by default. You can replace the workflow_settings.yaml file with dataform.json to continue using the JSON format. If you remove workflow_settings.yaml, you need to add a package.json file to your repository to install @dataform/core.

For more information, see the 3.0.0 release on GitHub.

Dataproc

Dataproc Serverless for Spark: To fix compatibility with open table formats (Apache Iceberg, Apache Hudi and Delta Lake), the ANTLR version will be downgraded from 4.13.1 to 4.9.3 in Dataproc Serverless for Spark runtime versions 1.2 and 2.2 on June 26, 2024.

Datastream

Datastream now supports the change tables CDC method for SQL Server sources. For more information, see the Source SQL Server database page.

Deep Learning Containers

M122 release

  • TensorFlow 2.16 container images are now available.
  • PyTorch Inference 2.2 GPU container images are now available.
  • PyTorch Inference 2.2 CPU container images are now available.
Deep Learning VM Images

M122 release

  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.
Google SecOps SOAR

Release 6.3.7 is now in General Availability.

Sensitive Data Protection

The discovery service of Sensitive Data Protection now supports Cloud Storage. You can run discovery at the organization, folder, or project level to generate data profiles of your Cloud Storage buckets. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.

To get started on profiling Cloud Storage data, see the following:

For more information about sensitive data discovery, see Data profiles.

Vertex AI Agent Builder

Vertex AI Search: Answers with summaries and follow-ups (GA)

The answer API improves on the search with summary and search with follow-ups features. For example, it better handles complex queries and provides customization of answer styles.

The answer API is Generally available (GA). However, the multi-step retrieval functionality remains in Public preview.

For more information, see Get answers and follow-ups.

Vertex AI Search: The answer method can skip irrelevant answers

The answer method can be set to generate an answer only if at least one of the results is deemed relevant.

If you choose to ignore low relevant content and if all the results are deemed irrelevant or almost irrelevant, then the answer method doesn't generate an answer. Instead, a fallback message replaces the answer.

For more information, see Show only relevant answers.

Vertex AI Search: Add structured data for advanced website indexing (Public preview)

If advanced website indexing is enabled in your data store, you can use structured data, such as schema.org data, to enrich your indexing.

For more information, see Use structured data for advanced site indexing.

Vertex AI Search: Generate grounded answers (GA with allowlist)

You can add system instructions as preambles to your prompts. System instructions govern the behavior of the model and modify the output accordingly. For example, you can add a persona to the generated answer or instruct the model to format the output text a certain way.

For more information, see Generate grounded answers.

Vertex AI Search: The generated answer message doesn't contain the name field for synchronous and sessionless queries

The name field is only included in the answer response for session queries and for asynchronous queries. These are stateful and context-aware queries.

If a query is a synchronous and stateless query, the name field is no longer included in the generated answer message.

For more information about the answer method, see Get answers and follow-ups.

Vertex AI Search: Choose when to enable autocomplete

You can choose to enable autocomplete as soon as possible instead of waiting a couple of days for sufficiently good autocomplete data. If you choose to make autocomplete available sooner, at first, you won't get suggestions for all queries and some suggestions might be of poor quality.

For more information, see Enable autocomplete in Update autocomplete settings.

Vertex AI Workbench

M122 release

The M122 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.

M122 release

The M122 release of Vertex AI Workbench instances includes the following:

  • Updated Nvidia drivers to version 550.90.07 to fix vulnerabilities.

June 20, 2024

Apigee X

On June 20, 2024, we released an updated version of Apigee.

This release includes a change in the user experience of selecting a physical location for control plane hosting when provisioning a Subscription or Pay-as-you-go Apigee organization with data regionalization enabled.

The new provisioning experience provides the opportunity to select a control plane hosting jurisdiction that refers to a location within a geopolitical boundary that may span more than one region. For more information, see Select an Apigee API control plane hosting jurisdiction.

Assured Workloads

During the Regional Controls Public Preview, the ComplianceRegime enum value has changed from FREE_REGIONS to REGIONAL_CONTROLS. When using the REST API, Terraform, or gcloud, ensure that you use the new REGIONAL_CONTROLS value. This change does not impact existing Assured Workloads folders that were created using the old value. However, areas with potential impact include the following:

Cloud Composer

​​We are thrilled to announce the Public Preview launch of the new generation of Cloud Composer, Cloud Composer 3. The new version is now publicly available in all regions supported by Cloud Composer. It comes with a number of new features and characteristics:

  • All infrastructure hidden in a tenant project
  • Evergreen versioning
  • Simplified networking configuration
  • Improved performance
  • More reliable DAG parsing and scheduling as DAG Processor and Schedulers are now separate components
  • 10 times bigger storage for Airflow workers

As well as most functionalities already known from the previous Composer versions. To see the list of features already supported by Composer 3, see Comparison of Cloud Composer versions.

(Airflow 2.7.3) New operators for executing jobs in Google Kubernetes Engine and Kubernetes are available. For example, you can use these operators with Kueue.

Operators for Google Kubernetes Engine:

  • GKEStartJobOperator
  • GKEStartKueueInsideClusterOperator
  • GKEDescribeJobOperator
  • GKEListJobsOperator
  • GKECreateCustomResourceOperator
  • GKEDeleteCustomResourceOperator
  • GKEStartKueueJobOperator
  • GKEDeleteJobOperator
  • GKESuspendJobOperator
  • GKEResumeJobOperator

Operators for Kubernetes:

  • KubernetesJobOperator
  • KubernetesPatchJobOperator
  • KubernetesDeleteJobOperator

(Airflow 2.7.3) The apache-airflow-providers-google package was upgraded to version 10.18.0. For more information about changes, see the apache-airflow-providers-google changelog from version 10.17.0 to version 10.18.0.

(Airflow 2.7.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 8.3.1.

(Airflow 2.7.3) The apache-beam package was upgraded to version 2.56.0.

A new Airflow build is available in Cloud Composer 3:

  • composer-3-airflow-2.7.3-build.6

Cloud Composer 2.8.3 images are available:

  • composer-2.8.3-airflow-2.7.3 (default)
  • composer-2.8.3-airflow-2.6.3

Cloud Composer versions 2.3.2, 2.3.1, and 2.3.0 have reached their end of full support period.

Cloud Composer 2.8.3 is a version with an extended upgrade timeline.

Cloud Data Fusion

The Oracle sink plugin version 1.10.7 is available in Cloud Data Fusion version 6.9. The release fixes an issue in the Oracle sink causing null values to be assigned to fields in the input schema that have lowercase letters in the field name (PLUGIN-1793).

Cloud Domains

You can migrate your Google Domains DNS settings and export your domain and email forwarding configurations if you use Google Domains as your DNS provider. For more information, see Migrate Google Domains DNS settings.

Cloud SQL for MySQL

You can now use the gcloud sql instances describe command or the SQL Admin API to retrieve a list of database versions that are available to your MySQL instance for upgrade. For more information, see Plan a major version upgrade and Upgrade the database minor version.

Cloud SQL for PostgreSQL

You can now use the gcloud sql instances describe command or the SQL Admin API to retrieve a list of database versions that are available to your PostgreSQL instance for upgrade. For more information, see Plan a major version upgrade.

Cloud SQL for SQL Server

You can now use the gcloud sql instances describe command or the SQL Admin API to retrieve a list of database versions that are available to your SQL Server instance for upgrade. For more information, see Plan a major version upgrade.

Dataproc

Dataproc Serverless for Spark: Spark runtime version 2.2 will become the default Dataproc Serverless for Spark runtime version on August 1, 2024.

New Dataproc Serverless for Spark runtime versions:

  • 1.1.66
  • 1.2.10
  • 2.0.74
  • 2.2.10
Generative AI on Vertex AI

The Anthropic Claude Sonnet 3.5 is Generally Available. To learn more, view the Claude Sonnet 3.5 model card in Model Garden.

Google SecOps SOAR

Release 6.3.8 is currently in Preview.

When running an imported playbook with an assigned user that doesn't exist, the playbook stops working when it gets to manual actions. (ID #00290960)

Entity properties not showing in the platform if the key name contains the time string (ID #51599403)

Network Connectivity Center

Include export filters is now available in public preview.

This feature lets you limit connectivity by specifying a list of permitted CIDR ranges, thereby blocking all but the permitted IP address ranges.

Spanner

Named schemas is now generally available. With named schemas, you can group database objects in a namespace to avoid naming conflicts and collectively manage their FGAC permissions, see Named schemas.

Vertex AI

Vertex AI custom training supports TPU v5e in us-central1. For details, see Vertex AI locations.

June 19, 2024

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud VPN

Cloud VPN lets you connect two VPC networks in different regions by using HA VPN gateways.

For more information, see HA VPN topologies.

Datastream

Datastream now supports the append-only write mode when ingesting data to BigQuery. For more information, see Configure write mode.

reCAPTCHA

reCAPTCHA Enterprise Mobile SDK v18.6.0-beta01 is now available for Android.

This version contains the following changes:

  • A new API, fetchClient, is available that provides built-in retries for network issues.
  • Bug fixes and improvements.