Google Cloud release notes

The following release notes cover the most recent changes over the last 60 days. For a comprehensive list of product-specific release notes, see the individual product release note pages.

You can also see and filter all release notes in the Google Cloud console or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

March 07, 2025

Apigee Advanced API Security

On March 7, 2025 we released an updated version of Apigee Advanced API Security.

Availability of data obfuscation support with Advanced API Security

With this release, data obfuscation can be used with Advanced API Security.

For usage information, see Obfuscate user data for Apigee API Analytics and Data obfuscation with Advanced API Security.

Compute Engine

Generally available: Configure the host error detection time, which is the the maximum amount of time Compute Engine waits to restart or terminate an instance after detecting that the instance is unresponsive. For more information, see Set VM host maintenance policy.

Contact Center AI Insights

You can integrate Agent Assist summarization generators with Conversational Insights. Summarization uses existing LLM generators to automatically summarize conversations. You can then export those summaries along with your other Insights data.

Google Cloud Architecture Center

Infrastructure for a RAG-capable generative AI application using Vertex AI and Vector Search: Added information about the Terraform configuration sample to deploy the architecture.

Google Kubernetes Engine

GKE now allows you to enable logging of Horizontal Pod Autoscaler decisions starting from GKE version 1.31.5-gke.1090000 or later, or version 1.32.1-gke.1260000 or later. These logs include atomic recommendations (based on individual metrics) and final recommendations (consolidated HPA decisions). The logs are stored in Cloud Logging and offer insights into the decision-making process of the Horizontal Pod Autoscaler.

You can now monitor startup latency of Kubernetes workloads and nodes using the new Startup Latency dashboard available in the Observability tab on the Deployment details and Cluster details pages in the GKE Console. The dashboard is useful for tracking, troubleshooting and optimizing startup latency of your GKE workloads.

Virtual Private Cloud

The following features of internal ranges are available in Preview:

  • Reserving internal ranges with IPv6 addresses
  • Creating immutable internal ranges (ranges that can't be updated, except for the description)
  • Editable descriptions

For more information, see Internal ranges overview.

You can exclude IP address ranges from internal range automatic IP address allocation. This feature is available in Preview. For more information, see Reserve internal ranges.

You can create internal ranges that overlap with routes and subnets. This feature is available in General Availability. For more information, see Internal ranges overview.

March 06, 2025

Anthos Config Management

Fixed an issue where ConfigManagement uninstall could get stuck when Policy Controller was enabled via ConfigManagement. This was caused by Policy Controller finalizers not being properly removed during the uninstallation process.

BigQuery

BigQuery Data Transfer Service now supports custom reports for Google Ads. You can use Google Ads Query Language (GAQL) queries in your transfer configuration to ingest custom Google Ads reports and fields beyond those available in the standard reports and fields. This feature is now generally available (GA).

Cloud Run

The following new region is now available: europe-north2.

Container Registry

The schedule for the Container Registry shutdown has changed. After March 18, 2025, writing images to Container Registry is unavailable. After May 20, 2025, reading images from Container Registry is unavailable. For more information about the shutdown, see Container Registry deprecation.

Looker Studio

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Security Command Center

The AWS connector has changed to enable additional use cases and requires the collection of AWS organization and organizational unit (OU) data. This change may require you to take additional action. For details about the change, see the AWS connector changelog.

Text-to-Speech

Chirp 3: HD voices now supports 8 new speakers in 31 new locales: ar-XA, bn-IN, cmn-CN, de-DE, en-AU, en-GB, en-IN, en-US, es-ES, es-US, fr-CA, fr-FR, gu-IN, hi-IN, id-ID, it-IT, ja-JP, kn-IN, ko-KR, ml-IN, mr-IN, nl-NL, pl-PL, pt-BR, ru-RU, sw-KE, ta-IN, te-IN, th-TH, tr-TR, and vi-VN.

March 05, 2025

Cloud Composer

A new Cloud Composer release has started on March 5, 2025. Get ready for upcoming changes and features as we roll out the new release to all regions. This release is in progress at the moment. Listed changes and features might not be available in some regions yet.

You can now specify an order in which Airflow searches for secrets by overriding the [secrets]backends_order Airflow configuration option.

Fixed an issue in Cloud Composer REST API that allowed some environment.patch operations to succeed when multiple update masks that aren't related to each other were passed in a request. Now operations with such masks fail with an error.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.10 (default)
  • composer-3-airflow-2.9.3-build.17

New images are available in Cloud Composer 2:

  • composer-2.11.4-airflow-2.10.2 (default)
  • composer-2.11.4-airflow-2.9.3

Cloud Composer versions 2.6.2 and 2.6.3 have reached their end of support period.

Container Optimized OS

cos-beta-121-18867-0-24

Kernel Docker Containerd GPU Drivers
COS-6.6.74 v25.0.7 v2.0.2 See List

Updates to Major Packages:

Upgraded app-admin/google-osconfig-agent to v20250121.00-r1.

Upgraded app-containers/cri-tools to v1.31.1-r1.

Upgraded app-containers/docker to v25.0.7.

Upgraded app-containers/runc to v1.2.4-r1.

Upgraded net-misc/openssh to v9.9_p1.

Upgraded app-admin/fluent-bit to v3.2.5-r1.

Upgraded app-containers/containerd to v2.0.2-r1.

Upgraded app-emulation/cloud-init to v24.4.1-r1.

Upgraded app-admin/google-guest-agent to v20250204.02-r1.

Upgraded app-admin/oslogin to 20241216.00-r1.

Upgraded app-containers/cni-plugins to v1.6.2-r1.

New Features and Changes in the Linux Kernel:

Removed the capability to change the kernel's preemption model on the kernel command line.

Added support for nftables flow offload and the flowtable infrastructure.

New Features and Changes in the Image:

Removed support for R550, R560, and R565 Nvidia drivers.

Updates to Minor Packages:

Removed dev-libs/confuse.

Removed sys-libs/libsepol.

Removed dev-go/protobuf.

Removed chromeos-base/chromeos-ec-headers.

Removed sys-libs/libselinux.

Removed dev-go/protobuf-legacy-api.

Removed sys-libs/gdbm.

Removed dev-go/appengine.

Removed dev-python/more-itertools.

Removed dev-python/typing-extensions.

Removed dev-python/webcolors.

Removed dev-python/ordered-set.

Removed dev-python/platformdirs.

Removed dev-python/trove-classifiers.

Removed dev-python/tomli.

Removed dev-python/jaraco-context.

Removed dev-python/autocommand.

Removed dev-python/zipp.

Removed dev-python/zope-interface.

Removed dev-python/wheel.

Removed dev-python/jaraco-functools.

Removed dev-python/importlib_resources.

Removed dev-python/pydantic.

Removed dev-python/inflect.

Removed dev-python/jaraco-text.

Removed dev-libs/libusb.

Removed virtual/libusb.

Removed dev-embedded/libftdi.

Removed chromeos-base/dlcservice-client.

Removed chromeos-base/libec.

Removed dev-python/setuptools.

Removed dev-python/setuptools_scm.

Updated dev-libs/expat to v2.6.4.

Updated net-libs/libtirpc to v1.3.6.

Updated sys-libs/libcap to v2.71.

Updated chromeos-base/power_manager-client to v0.0.1-r2960.

Updated chromeos-base/chromeos-common-script to v0.0.1-r656.

Updated chromeos-base/debugd-client to v0.0.1-r2725.

Updated chromeos-base/session_manager-client to v0.0.1-r2816.

Updated sys-apps/diffutils to v3.11.

Updated net-dns/c-ares to v1.34.4.

Updated app-admin/extensions-manager to v0.0.1-r58.

Updated sys-apps/gentoo-functions to v1.7.3.

Updated sys-libs/libseccomp to v2.5.5-r2.

Updated chromeos-base/minijail to v18-r158.

Updated net-libs/libnetfilter_conntrack to v1.1.0.

Updated sys-apps/pv to v1.9.27.

Updated net-firewall/iptables to v1.8.10-r3.

Updated dev-db/sqlite to v3.47.2.

Updated dev-libs/nss to v3.107.

Updated dev-go/oauth2 to v0.23.0-r1.

Updated sys-fs/xfsprogs to v6.9.0.

Updated dev-python/chardet to v3.0.4-r2.

Updated net-misc/curl to v8.11.1-r2.

Updated app-admin/sudo to v1.9.16_p2-r1.

Updated sys-apps/flashrom to v0.9.9-r1626.

Updated chromeos-base/shill-client to v0.0.1-r4812.

Updated chromeos-base/update_engine-client to v0.0.1-r2469.

Updated chromeos-base/update_engine to v0.0.3-r4806.

Updated chromeos-base/crash-reporter to v0.0.1-r4257.

Google Cloud Architecture Center

Infrastructure for a RAG-capable generative AI application using Vertex AI and Vector Search: Updated the data processing component in the reference architecture to use a Cloud Run function in place of a Cloud Run job.

Google Distributed Cloud (software only) for VMware

The Envoy project recently announced several new security vulnerabilities (CVE-2024-53269, CVE-2024-53270, and CVE-2024-53271) that could allow an attacker to crash Envoy.

For more details, see the GCP-2025-009 security bulletin.

Google Distributed Cloud (software only) for bare metal

Security bulletin

The Envoy project recently announced several new security vulnerabilities (CVE-2024-53269, CVE-2024-53270, and CVE-2024-53271) that could allow an attacker to crash Envoy.

For more details, see the GCP-2025-009 security bulletin.

Google Kubernetes Engine

(2025-R09) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

Regular channel

  • Version 1.31.5-gke.1233000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.29.13-gke.1109000
    • 1.30.9-gke.1127000
    • 1.31.5-gke.1169000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.13-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.9-gke.1201000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.13-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.9-gke.1201000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.5-gke.1233000 with this release.

Stable channel

  • Version 1.30.9-gke.1046000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.29.13-gke.1006000
    • 1.30.9-gke.1009000
    • 1.31.5-gke.1023000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.9-gke.1046000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.5-gke.1068000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.32 to version 1.32.1-gke.1357001 with this release.

Extended channel

  • Version 1.31.5-gke.1233000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2477000
    • 1.28.15-gke.1641000
    • 1.28.15-gke.1881000
    • 1.29.13-gke.1109000
    • 1.30.9-gke.1127000
    • 1.31.5-gke.1169000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1781000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.13-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.9-gke.1201000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.5-gke.1233000 with this release.

No channel

The Envoy project recently announced several new security vulnerabilities (CVE-2024-53269, CVE-2024-53270, and CVE-2024-53271) that could allow an attacker to crash Envoy.

For more details, see the GCP-2025-009 security bulletin.

(2025-R09) Version updates

(2025-R09) Version updates

  • Version 1.31.5-gke.1233000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.29.13-gke.1109000
    • 1.30.9-gke.1127000
    • 1.31.5-gke.1169000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.13-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.9-gke.1201000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.13-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.9-gke.1201000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.5-gke.1233000 with this release.

(2025-R09) Version updates

  • Version 1.30.9-gke.1046000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.29.13-gke.1006000
    • 1.30.9-gke.1009000
    • 1.31.5-gke.1023000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.9-gke.1046000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.5-gke.1068000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.32 to version 1.32.1-gke.1357001 with this release.

(2025-R09) Version updates

  • Version 1.31.5-gke.1233000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2477000
    • 1.28.15-gke.1641000
    • 1.28.15-gke.1881000
    • 1.29.13-gke.1109000
    • 1.30.9-gke.1127000
    • 1.31.5-gke.1169000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1781000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.13-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.9-gke.1201000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.5-gke.1233000 with this release.

(2025-R09) Version updates

Google SecOps

Gemini documentation summaries

You can use Gemini to answer questions about Google SecOps based on the documentation. Enter a prompt in the Gemini pane to request information about any aspect of how to use Google SecOps. Gemini generates a summary based on relevant documentation. This feature is in public preview.

For more information, see Gemini documentation summaries.

Google SecOps SIEM

Gemini documentation summaries

You can use Gemini to answer questions about Google SecOps based on the documentation. Enter a prompt in the Gemini pane to request information about any aspect of how to use Google SecOps. Gemini generates a summary based on relevant documentation. This feature is in public preview.

For more information, see Gemini documentation summaries.

Google SecOps SOAR

The phased rollout to regions as described here is postponed to Sunday, March 16th, 2025.

Memorystore for Redis Cluster

Memorystore for Redis Cluster supports storing and querying vector data. This feature is now Generally Available (GA). For more information, see About Vector Search.

SAP on Google Cloud

Google Cloud's Agent for SAP version 3.7

Version 3.7 of Google Cloud's Agent for SAP is generally available (GA). This version introduces the following:

  • Support for the disk snapshot based backup and recovery of SAP HANA scale-out systems, except those with the host auto-failover solution.
  • Enhancements for Backint based backup and recovery of SAP HANA.
  • Enhancements for evaluating Pacemaker configurations by using Workload Manager.
  • Support for showing annotations for SAP events in Cloud Monitoring and predefined observability dashboards.
  • Support to validate the Google Cloud setup for using the agent features.
  • Automatic polling of agent configuration, negating the need to restart the agent after you change its configuration.

For more information, see What's new with Google Cloud's Agent for SAP.

March 04, 2025

AlloyDB for PostgreSQL

AlloyDB for PostgreSQL is now available in the following region: europe-north2 (Stockholm). For more information, see AlloyDB Locations.

Artifact Registry

Artifact Registry is available in the europe-north2 region (Stockholm). For more information, see Global locations.

BigQuery

BigQuery is now available in the Stockholm (europe-north2) region.

Bigtable

Bigtable is available in the europe-north2 (Stockholm) region. For more information, see Bigtable locations.

Cloud Build

Cloud Build is now available in the northamerica-south1 region.

For more information, see Cloud Build locations.

Cloud Composer

Cloud Composer 3 supports Customer Managed Encryption Keys (CMEK).

Cloud Interconnect

Dedicated Cloud Interconnect support is available in the following colocation facilities:

  • Stockholm, Sweden

For more information, see the Locations table and Global Locations.

Cloud Key Management Service

Cloud KMS is available in the following region:

  • europe-north2

For more information, see Cloud KMS locations.

Cloud Run

The following new region is now available: northamerica-south1.

Cloud SQL for MySQL

Cloud SQL Enterprise edition now supports the europe-north2 (Stockholm) region.

Cloud SQL for MySQL now supports minor version 8.0.41. To upgrade your existing instance to the new version, see Upgrade the database minor version.

Cloud SQL for PostgreSQL

Cloud SQL Enterprise edition now supports the europe-north2 (Stockholm) region.

Cloud SQL for SQL Server

Cloud SQL Enterprise edition now supports the europe-north2 (Stockholm) region.

Cloud Storage

Cloud Storage now offers support in the Stockholm, Sweden (europe-north2) region. To learn more about supported locations, see Cloud Storage bucket locations.

Cloud VPN

Cloud VPN is now available in region europe-north2 (Stockholm, Sweden). For more information, see Global locations.

Pricing is available on the Cloud VPN pricing page.

Compute Engine

Generally available: Stockholm, Sweden, Europe (europe-north2-a,b,c) has launched with N4, C3D highmem, C4 highmem, and E2 machine types available in all three zones. For more information, see Cloud locations and VM instance pricing.

Cortex Framework

Release 6.2

New Data Sources

  • Marketing: Cross Media & Product Connected Insights. Understand the effectiveness of marketing campaigns running across media platforms such as Google Ads, YouTube (with DV360), Meta, and TikTok for product and product category sales performance with the power of Gemini Flash 2.0. Access the Looker Block for Cross Media with sample dashboards for further analytics.
  • Cortex Common Dimensions: Newly added utility views and tables created within the Data Foundation to enable advanced use cases across different data sources, such as Cross Media & Product Connected Insights. Currently Country, Product Hierarchy and Currency Conversion are available.
  • Minor refactoring for Data Mesh configuration specs code, which are now moved to the /src/common/py_libs directory.
  • SAP CDC Deployer now provides detailed error messages on failure.
  • SAP Reporting - Fixing abundant join condition in PurchaseDocuments_Flow view.
  • For all DAGs, BigQuery execution now happens in the same location as the dataset.
  • 1-click deployer usability fixes for CM360 and SFMC bucket names.
Dataflow

Dataflow is now available in Stockholm (europe-north2).

Dataproc

Dataproc is now available in the europe-north2 region (Stockholm, Sweden).

Firestore

Firestore now supports the europe-north2 Stockholm region.

For a full list of supported locations, see Locations.

Firestore in Datastore mode

Firestore in Datastore mode now supports the europe-north2 Stockholm region.

For a full list of supported locations, see Locations.

Generative AI on Vertex AI

Vertex AI Agent Engine

Vertex AI Agent Engine is now generally available (GA).

Billing for Vertex AI Agent Engine starts on March 4, 2025. We recommend that you delete unused resources to avoid incurring unwanted costs. For more information, see Pricing.

LangChain on Vertex AI has been renamed to Vertex AI Agent Engine.

Google Kubernetes Engine

The europe-north2 region in Stockholm, Sweden is now available. For more information, see the Global Locations.

The europe-north2 region in Stockholm, Sweden is now available. For more information, see the Global Locations.

Memorystore for Memcached

Memorystore is available in the europe-north2 (Stockholm) region. For more information, see Regions and zones.

Memorystore for Redis

Memorystore is available in the europe-north2 (Stockholm) region. For more information, see Regions and zones.

Memorystore for Redis Cluster

Memorystore is available in the europe-north2 (Stockholm) region. For more information, see Memorystore for Redis Cluster locations.

Oracle Database@Google Cloud

You can now start, stop, and restart your Autonomous Databases through the Google Cloud console. This feature is generally available (GA).

Pub/Sub

Pub/Sub is now available in the europe-north2 region (Stockholm, Sweden, Europe). For more information, see Cloud locations.

Sensitive Data Protection

Sensitive Data Protection is available in the europe-north2 region. For more information, see Sensitive Data Protection locations.

Spanner

You can create Spanner regional instance configurations in Stockholm, Sweden (europe-north2). For more information, see Google Cloud locations and Spanner pricing.

A new multi-region instance configuration is now available in Europe - eur7 (Milan/Frankfurt/Turin).

Virtual Private Cloud

For auto mode VPC networks, added a new subnet 10.226.0.0/20 for the Stockholm europe-north2 region. For more information, see Global Locations and Auto mode IP ranges.

March 03, 2025

App Engine flexible environment Go App Engine standard environment Go

App Engine now sets the automatic scaling maximum instances default for standard environment deployments to 20. This change doesn't impact existing apps. To override the default, specify a new max_instances value in your app.yaml file, and deploy a new version or redeploy over an existing version.

App Engine standard environment Java

App Engine now sets the automatic scaling maximum instances default for standard environment deployments to 20. This change doesn't impact existing apps. To override the default, specify a new max_instances value in your app.yaml file, and deploy a new version or redeploy over an existing version.

App Engine standard environment Node.js

App Engine now sets the automatic scaling maximum instances default for standard environment deployments to 20. This change doesn't impact existing apps. To override the default, specify a new max_instances value in your app.yaml file, and deploy a new version or redeploy over an existing version.

App Engine standard environment PHP

App Engine now sets the automatic scaling maximum instances default for standard environment deployments to 20. This change doesn't impact existing apps. To override the default, specify a new max_instances value in your app.yaml file, and deploy a new version or redeploy over an existing version.

App Engine standard environment Python

App Engine now sets the automatic scaling maximum instances default for standard environment deployments to 20. This change doesn't impact existing apps. To override the default, specify a new max_instances value in your app.yaml file, and deploy a new version or redeploy over an existing version.

App Engine standard environment Ruby

App Engine now sets the automatic scaling maximum instances default for standard environment deployments to 20. This change doesn't impact existing apps. To override the default, specify a new max_instances value in your app.yaml file, and deploy a new version or redeploy over an existing version.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.48.1 (2025-02-26)

Dependencies
  • Update actions/upload-artifact action to v4.6.1 (#3691) (9c0edea)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.60.0 (#3680) (6d9a40d)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20250216-2.0.0 (#3688) (e3beb6f)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.64.0 (#3681) (9e4e261)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.44.0 (#3694) (f69fbd3)
  • Update dependency com.google.oauth-client:google-oauth-client-java6 to v1.38.0 (#3685) (53bd7af)
  • Update dependency com.google.oauth-client:google-oauth-client-jetty to v1.38.0 (#3686) (d71b2a3)
  • Update ossf/scorecard-action action to v2.4.1 (#3690) (cdb61fe)

Python

Changes for google-cloud-bigquery

3.30.0 (2025-02-26)

Features
  • Add roundingmode enum, wiring, and tests (#2121) (3a48948)
  • Adds foreign_type_info attribute to table class and adds unit tests. (#2126) (2c19681)
  • Support resource_tags for table (#2093) (d4070ca)
Bug Fixes
  • Avoid blocking in download thread when using BQ Storage API (#2034) (54c8d07)
  • Retry 404 errors in Client.query(...) (#2135) (c6d5f8a)
Dependencies
  • Updates required checks list in github (#2136) (fea49ff)
  • Use pandas-gbq to determine schema in load_table_from_dataframe (#2095) (7603bd7)
Documentation

Gemini in BigQuery can help you complete Python code with contextually appropriate recommendations that are based on content in the query editor. This feature is now generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.53.0 (2025-02-21)

Features

Python

Changes for google-cloud-bigtable

2.29.0 (2025-02-26)

Features
  • Add support for array and float32 SQL query params (#1078) (89b8da8)
Bug Fixes
Certificate Authority Service

Certificate Authority Service is now available in the following region:

  • europe-north2 (Stockholm)

For more information, see Certificate Authority Service locations.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.21.4 (2025-02-26)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.54.0 (67fa9fb)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.44.0 (#1768) (a69e699)
  • Update googleapis/sdk-platform-java action to v2.54.0 (#1762) (d50a8d2)
Cloud Run

Support for the Go 1.23 runtime is now in general availability (GA).

Cloud Run functions

Cloud Run functions now supports the Go 1.23 runtime at the General Availability release level.

Cloud SQL for PostgreSQL

The rollout of the following minor versions, extension versions, and plugin versions is complete:

Minor versions

  • 12.21 is upgraded to 12.22.
  • 13.18 is upgraded to 13.20.
  • 14.15 is upgraded to 14.17.
  • 15.10 is upgraded to 15.12
  • 16.6 is upgraded to 16.8.
  • 17.2 is upgraded to 17.4.

Extensions and plugins

  • PostGIS is upgraded from 3.4.3 to 3.4.4.

To use these versions of the extensions, update your instance to [PostgreSQL version].R20250112.01_14.

If you use a maintenance window, then the updates to the minor, extension, and plugin versions happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

For more information on checking your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.49.0 (2025-02-26)

Features
  • Add new Options to allow per method header values (#2941) (297802d)
  • transfer-manager: Add ParallelUploadConfig.Builder#setUploadBlobInfoFactory (#2936) (86e9ae8), closes #2638
Bug Fixes
  • Categorize a WatchdogTimeoutException as retriable for grpc ReadObject (#2954) (b53bd53)
  • deps: Update the Java code generator (gapic-generator-java) to 2.53.0 (9946d6b)
  • Update grpc based Storage to defer project id validation (#2930) (cc03784)
  • Update kms key handling when opening a resumable upload to clear the value in the json to be null rather than empty string (#2939) (43553de)
Dependencies
Documentation

Python

Changes for google-cloud-storage

3.1.0 (2025-02-27)

Features
  • Add api_key argument to Client constructor (#1441) (c869e15)
  • Add Bucket.move_blob() for HNS-enabled buckets (#1431) (24c000f)
Container Optimized OS

cos-113-18244-291-53

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.

Upgraded moby/buildkit to v0.12.5. This fixes CVE-2024-23653 in app-containers/docker v24.0.9.

Upgraded sys-apps/which to v2.23.

Upgraded sys-apps/diffutils to v3.11-r1.

Upgraded net-misc/socat to v1.8.0.3.

Fixed KCTF-638ba50 in the Linux kernel.

Fixed CVE-2025-21690 in the Linux kernel.

cos-109-17800-436-48

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

Updated cos-gpu-installer to v2.4.8: Add the -skip-nvidia-smi flag to disable the execution of nvidia-smi verification during gpu driver installation.

Upgraded sys-apps/diffutils to v3.11-r1.

Upgraded moby/buildkit to v0.12.5. This fixes CVE-2024-23653 in app-containers/docker v24.0.9.

Fixed CVE-2025-21690 in the Linux kernel.

cos-105-17412-535-63

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

Upgraded sys-apps/diffutils to v3.11-r1.

Upgraded sys-apps/which to v2.23.

Fixed CVE-2025-21690 in the Linux kernel.

cos-117-18613-164-49

Kernel Docker Containerd GPU Drivers
COS-6.6.72 v24.0.9 v1.7.24 See List

Upgraded moby/buildkit to v0.12.5. This fixes CVE-2024-23653 in app-containers/docker v24.0.9.

Fixed CVE-2025-21690 in the Linux kernel.

Dataproc Google SecOps

The Custom Fields feature is now in General Availability.

Google SecOps SOAR

Beginning on Sunday, March 9, 2025, we will initiate a phased rollout of releases.

The first stage will be rolled out in the following regions on Sunday, March 9, 2025:

  • Japan
  • India
  • Australia
  • Canada
  • Germany
  • Switzerland

The second stage will be rolled out in the remaining regions on Sunday, March 16, 2025:

  • Singapore
  • Qatar
  • Saudi Arabia
  • Israel
  • UK (London)
  • Italy
  • EU (multi-region)
  • US (multi-region)

If you're unsure of your assigned region, contact your Google SecOps representative.

Oracle Database@Google Cloud

You can now choose an Exadata Infrastructure instance from a project other than your default current project while creating a VM cluster. This feature is in Public Preview.

Policy Controller

Policy Controller version 1.20.1 is now available.

Pub/Sub

You can now ingest streaming data into Pub/Sub by using an import topic, from the following external sources:

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.137.1 (2025-02-26)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.54.0 (ccf670f)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.48.0 (#2343) (3bbd7e1)
  • Update dependency com.google.cloud:google-cloud-core to v2.52.0 (#2348) (f0977b4)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.44.0 (#2349) (90ed10b)
  • Update googleapis/sdk-platform-java action to v2.54.0 (#2347) (ac8db2d)
Secret Manager

Secret Manager is now available in the following region:

  • europe-north2 (Stockholm)

For more information, see Secret Manager locations.

Security Command Center

You can use Virtual Machine Threat Detection to scan your Amazon Elastic Compute Cloud (EC2) VM disks for malware. To enable this feature, see Enable VM Threat Detection for AWS. This feature is in Preview.

March 02, 2025

Google SecOps SOAR

Release 6.3.37 is currently in Preview. This release contains internal and customer bug fixes.

March 01, 2025

Apigee hybrid

hybrid v1.12.4

On March 1, 2025 we released an updated version of the Apigee hybrid software, 1.12.4.

This release enhances the security posture within the JavaCallout and PythonScript policies. This release does not include any new features or general bug fixes.

Bug ID Description
390258745, 388608440 Any left over Cassandra snapshots are automatically removed. This fixes known issue 388608440.

Stricter class instantiation checks included in this release.

JavaCallout policy now includes additional security during Java class instantiation. The enhanced security measure prevents the deployment of policies that directly or indirectly attempt actions that require permissions that are not allowed.

In most cases, existing policies will continue to function as expected without any issues. However, there is a possibility that policies relying on third-party libraries, or those with custom code that indirectly triggers operations requiring elevated permissions, could be affected.

To test your installation, follow the procedure in Validate policies after upgrade to 1.12.4 to validate policy behavior.

Bug ID Description
391923260 Security fixes for apigee-watcher.
This addresses the following vulnerabilities:
385394193, 383850393, 383778273 Security fixes for apigee-cassandra-backup-utility, apigee-cassandra-client, and apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
382967738 Fixed a vulnerability in PythonScript policy.
365178914 Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra.
This addresses the following vulnerability:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerability:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerability:
N/A Security fixes for apigee-kube-rbac-proxy.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerability:
N/A Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
N/A Security fixes for apigee-udca.
This addresses the following vulnerability:

hybrid v1.13.3

On March 1, 2025 we released an updated version of the Apigee hybrid software, 1.13.3.

This release enhances the security posture within the JavaCallout and PythonScript policies. This release does not include any new features or general bug fixes.

Bug ID Description
396886110 Fixed a bug where the HPA max replicas could be lower than min.
391861216 Restore for GCP and HYBRID Cloud Providers no longer affects system keyspaces. This fixes Known Issue 391861216.
390258745, 388608440 Any left over Cassandra snapshots are automatically removed. This fixes known issue 388608440.
383441226 Added the following metrics configuration properties:

Stricter class instantiation checks included in this release.

JavaCallout policy now includes additional security during Java class instantiation. The enhanced security measure prevents the deployment of policies that directly or indirectly attempt actions that require permissions that are not allowed.

In most cases, existing policies will continue to function as expected without any issues. However, there is a possibility that policies relying on third-party libraries, or those with custom code that indirectly triggers operations requiring elevated permissions, could be affected.

To test your installation, follow the procedure in Validate policies after upgrade to 1.13.3 to validate policy behavior.

Bug ID Description
385394193, 383850393, 383778273 Security fixes for apigee-cassandra-backup-utility, apigee-cassandra-client, and apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
382967738 Fixed a vulnerability in PythonScript policy.
N/A Security fixes for apigee-envoy.
This addresses the following vulnerability:
N/A Security fixes for apigee-fluent-bit.
This addresses the following vulnerability:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
N/A Security fixes for apigee-redis.
This addresses the following vulnerabilities:
N/A Security fixes for livenessprobe.
This addresses the following vulnerability:

hybrid v1.14.1

On March 1, 2025 we released an updated version of the Apigee hybrid software, 1.14.1.

This release enhances the security posture within the JavaCallout and PythonScript policies. This release does not include any new features or general bug fixes.

Bug ID Description
396886110 Fixed a bug where the HPA max replicas could be lower than min.
392547038 Add Helm chart template checks for non-existent environments and virtualhosts.
391861216 Restore for GCP and HYBRID Cloud Providers no longer affects system keyspaces. This fixes Known Issue 391861216.
383441226 Added the following metrics configuration properties:

Stricter class instantiation checks included in this release.

JavaCallout policy now includes additional security during Java class instantiation. The enhanced security measure prevents the deployment of policies that directly or indirectly attempt actions that require permissions that are not allowed.

In most cases, existing policies will continue to function as expected without any issues. However, there is a possibility that policies relying on third-party libraries, or those with custom code that indirectly triggers operations requiring elevated permissions, could be affected.

To test your installation, follow the procedure in Validate policies after upgrade to 1.14.1 to validate policy behavior.

Bug ID Description
385394193, 383850393, 383778273 Security fixes for apigee-cassandra-backup-utility, apigee-cassandra-client, and apigee-hybrid-cassandra.
This addresses the following vulnerabilities:
383113773, 382967738 Fixed a vulnerability in PythonScript policy.
365178914 Security fixes for apigee-cassandra-backup-utility and apigee-hybrid-cassandra.
This addresses the following vulnerability:
N/A Security fixes for apigee-asm-istiod.
This addresses the following vulnerability:
N/A Security fixes for apigee-hybrid-cassandra.
This addresses the following vulnerability:
N/A Security fixes for apigee-mint-task-scheduler.
This addresses the following vulnerabilities:
N/A Security fixes for apigee-open-telemetry-collector.
This addresses the following vulnerability:
N/A Security fixes for apigee-prometheus-adapter.
This addresses the following vulnerabilities:
Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.134-debian10, 2.0.134-rocky8, 2.0.134-ubuntu18
  • 2.1.82-debian11, 2.1.82-rocky8, 2.1.82-ubuntu20, 2.1.82-ubuntu20-arm
  • 2.2.48-debian12, 2.2.48-rocky9, 2.2.48-ubuntu22

Dataproc on Compute Engine: Explicitly disabled sha1, md5 algorithms for use with kex and kex-gss sshd features.

Google SecOps SOAR

Release 6.3.36 is now in General Availability.

February 28, 2025

Apigee X

On February 28, 2025, we released an updated version of Apigee (1-14-0-apigee-8).

Bug ID Description
382883585 Fixed a vulnerability in the JavaCallout policy.
N/A Updates to security infrastructure and libraries.
Artifact Registry

Artifact Registry is now enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see Enabling customer-managed encryption keys. To learn more about Cloud KMS Autokey, see Autokey overview.

Assured Workloads

The IL4 and IL5 control packages now supports the following products. See Supported products by control package for more information:

  • Artifact Registry
  • Cloud Composer
  • Cloud Run
  • Cloud Tasks
  • Spanner
Cloud Asset Inventory Config Connector

Config Connector version 1.129.2 is now available.

New Beta resources (direct reconciler)

Reconciliation Improvements

  • SQLInstance

    • All SQLInstance types are now reconciled using the new direct controller instead of the legacy Terraform-based controller. The previous "opt-in" annotation (document reference) no longer applies. Users no longer need to apply the "opt-in" annotation to SQLInstance resources to enable the direct controller. Regardless of the presence (or absence) of an opt-in annotation on SQLInstance resources, the direct reconciler will be used.
    • This change enables all SQLInstance resources to switch from edition ENTERPRISE to ENTERPRISE_PLUS and fixes the bug that prevented SQL Instance upgrade.

New Alpha resources (direct reconciler)

  • ManagedKafkaTopic
  • ApigeeInstanceAttachment
  • ApigeeEnvgroupAttachment
  • ApigeeEndpointAttachment
Google Kubernetes Engine

New recommendations of NODE_SA_MISSING_PERMISSIONS subtype are added to the portfolio of GKE Recommendations. Use the new recommendations to identify clusters with node service accounts missing IAM permissions that are critical for normal cluster operations.

If your organization has a policy to disable automatic role grants to default service accounts, the created default GKE node service account will not get the necessary permissions. Missing critical permissions can degrade your essential cluster operations, such as logging and monitoring.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • 1Password Audit Events (ONEPASSWORD_AUDIT_EVENTS)
  • AIX system (AIX_SYSTEM)
  • Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
  • Alveo Risk Data Management (ALVEO_RDM)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Apache Tomcat (TOMCAT)
  • Appian Cloud (APPIAN_CLOUD)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Asset Panda (ASSET_PANDA)
  • Aware Audit (AWARE_AUDIT)
  • Aware Signals (AWARE_SIGNALS)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS ECS Metrics (AWS_ECS_METRICS)
  • AWS Elastic Load Balancer (AWS_ELB)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Inspector (AWS_INSPECTOR)
  • AWS Lambda Function (AWS_LAMBDA_FUNCTION)
  • AWS RDS (AWS_RDS)
  • AWS Redshift (AWS_REDSHIFT)
  • AWS Route 53 DNS (AWS_ROUTE_53)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS WAF (AWS_WAF)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Key Vault logging (AZURE_KEYVAULT_AUDIT)
  • Barracuda CloudGen Firewall (BARRACUDA_CLOUDGEN_FIREWALL)
  • Barracuda WAF (BARRACUDA_WAF)
  • BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Broadcom Support Portal Audit Logs (BROADCOM_SUPPORT_PORTAL)
  • Cato Networks (CATO_NETWORKS)
  • Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
  • Check Point (CHECKPOINT_FIREWALL)
  • ChromeOS XDR (CHROMEOS_XDR)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco ISE (CISCO_ISE)
  • Cisco NX-OS (CISCO_NX_OS)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
  • Cisco vManage SD-WAN (CISCO_SDWAN)
  • Cisco VPN (CISCO_VPN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Citrix Storefront (CITRIX_STOREFRONT)
  • Claroty Xdome (CLAROTY_XDOME)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • CommVault (COMMVAULT)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CrowdStrike Falcon (CS_EDR)
  • CrowdStrike Falcon Stream (CS_STREAM)
  • Crowdstrike Identity Protection Services (CS_IDP)
  • CrushFTP (CRUSHFTP)
  • Custom Application Access Logs (CUSTOM_APPLICATION_ACCESS)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • Cybereason EDR (CYBEREASON_EDR)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Datadog (DATADOG)
  • Delinea Secret Server (DELINEA_SECRET_SERVER)
  • Dell CyberSense (DELL_CYBERSENSE)
  • Digicert (DIGICERT)
  • Edgio WAF (EDGIO_WAF)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • F5 ASM (F5_ASM)
  • F5 DNS (F5_DNS)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint NGFW (FORCEPOINT_FIREWALL)
  • Forgerock OpenIdM (FORGEROCK_OPENIDM)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • Fortinet Web Application Firewall (FORTINET_FORTIWEB)
  • GitHub (GITHUB)
  • Gitlab (GITLAB)
  • Harness IO (HARNESS_IO)
  • Hashicorp Vault (HASHICORP)
  • Hillstone Firewall (HILLSTONE_NGFW)
  • Huawei Switches (HUAWEI_SWITCH)
  • IBM Guardium (GUARDIUM)
  • Imperva Database (IMPERVA_DB)
  • Intel Endpoint Management Assistant (INTEL_EMA)
  • JAMF Security Cloud (JAMF_SECURITY_CLOUD)
  • JFrog Artifactory (JFROG_ARTIFACTORY)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper (JUNIPER_FIREWALL)
  • Kaspersky AV (KASPERSKY_AV)
  • Kaspersky Endpoint (KASPERSKY_ENDPOINT)
  • Kolide Endpoint Security (KOLIDE)
  • Kubernetes Audit (KUBERNETES_AUDIT)
  • Layer7 SiteMinder (SITEMINDER_SSO)
  • Linux Auditing System (AuditD) (AUDITD)
  • Looker Audit (LOOKER_AUDIT)
  • ManageEngine ADAudit Plus (ADAUDIT_PLUS)
  • ManageEngine ADManager Plus (ADMANAGER_PLUS)
  • McAfee Web Gateway (MCAFEE_WEBPROXY)
  • Metabase (METABASE)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft IIS (IIS)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft Sentinel (MICROSOFT_SENTINEL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • Mimecast (MIMECAST_MAIL)
  • MISP Threat Intelligence (MISP_IOC)
  • NetIQ eDirectory (NETIQ_EDIRECTORY)
  • Netskope V2 (NETSKOPE_ALERT_V2)
  • Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
  • Oort Security Tool (OORT)
  • Open Cybersecurity Schema Framework (OCSF) (OCSF)
  • Open LDAP (OPENLDAP)
  • Opnsense (OPNSENSE)
  • Ops Genie (OPS_GENIE)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Guard (OCI_CLOUDGUARD)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Orca Cloud Security Platform (ORCA)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Access (PAN_CASB)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Pharos (PHAROS)
  • Privacy-I (PRIVACY_I)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • ReviveSec (REVIVESEC)
  • Rubrik (RUBRIK)
  • Salesforce (SALESFORCE)
  • Sangfor Proxy (SANGFOR_PROXY)
  • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
  • Security Command Center Threat (N/A)
  • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snipe-IT (SNIPE_IT)
  • Snyk Group level audit/issues logs (SNYK_ISSUES)
  • SonicWall (SONIC_FIREWALL)
  • Sophos Central (SOPHOS_CENTRAL)
  • Swimlane Platform (SWIMLANE)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Event export (SYMANTEC_EVENT_EXPORT)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Tanium Question (TANIUM_QUESTION)
  • Tanium Threat Response (TANIUM_THREAT_RESPONSE)
  • Teleport Access Plane (TELEPORT_ACCESS_PLANE)
  • Tenable Active Directory Security (TENABLE_ADS)
  • Tenable CSPM (TENABLE_CSPM)
  • tenable.io (TENABLE_IO)
  • Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
  • Thinkst Canary (THINKST_CANARY)
  • ThreatX WAF (THREATX_WAF)
  • Trend Micro Email Security Advanced (TRENDMICRO_EMAIL_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • TXOne Stellar (TRENDMICRO_STELLAR)
  • UKG (UKG)
  • Unix system (NIX_SYSTEM)
  • UPX AntiDDoS (UPX_ANTIDDOS)
  • VanDyke SFTP (VANDYKE_SFTP)
  • Varonis (VARONIS)
  • Vectra Alerts (VECTRA_ALERTS)
  • Vectra Stream (VECTRA_STREAM)
  • VMware AirWatch (AIRWATCH)
  • Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
  • VMware ESXi (VMWARE_ESX)
  • VMware Horizon (VMWARE_HORIZON)
  • Watchguard EDR (WATCHGUARD_EDR)
  • Windows Defender AV (WINDOWS_DEFENDER_AV)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workday Audit Logs (WORKDAY_AUDIT)
  • Workday User Activity (WORKDAY_USER_ACTIVITY)
  • WPEngine (WPENGINE)
  • Zimperium (ZIMPERIUM)
  • Zscaler (ZSCALER_WEBPROXY)
  • ZScaler DNS (ZSCALER_DNS)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • ZScaler NGFW (ZSCALER_FIREWALL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Autodesk Cad Cam (AUTODESK_CAD_CAM)
  • Azure Risk Events (AZURE_RISK_EVENTS)
  • Azure Risky Users (AZURE_RISKY_USERS)
  • Azure Service Principal Logins (AZURE_SERVICE_PRINCIPAL_LOGINS)
  • Belden Switch (BELDEN_SWITCH)
  • Blue Voyant (BLUE_VOYANT)
  • Cisco NetFlow (CISCO_NETFLOW)
  • Citrix Receiver (CSG_CITRIX_RX)
  • Clavistier Firewall (CLAVISTER_FIREWALL)
  • ClickHouse (CLICKHOUSE)
  • Cloudflare Pageshield (CLOUDFLARE_PAGESHIELD)
  • CrowdStrike DLP (CROWDSTRIKE_DLP)
  • Crowdstrike Recon (TI) (CROWDSTRIKE_RECON)
  • Cynerio Healthcare NDR (CYNERIO_NDR_H)
  • Exterro FTK Central (EXTERRO_FTK_CENTRAL)
  • Fortra Vulnerability Management (FORTRA_VM)
  • GCP Cloud Asset Inventory (GCP_CLOUD_ASSET_INVENTORY)
  • Health ISAC (H_ISAC)
  • HP Router (HP_ROUTER)
  • Huawei Wireless (HUAWEI_WIRELESS)
  • IBM Sense (IBM_SENSE)
  • IIJ_LanScope (IIJ_LANSCOPE)
  • Joblogic (JOBLOGIC)
  • OneIdentity Safeguard (ONEIDENTITY_SAFEGUARD)
  • OpenText Cordy (OPENTEXT_CORDY)
  • Pave (PAVE)
  • Proofpoint Identity Threat Platform (PROOFPOINT_IDENTITY_THREAT_PLATFORM)
  • Rapid Identity (RAPID_IDENTITY)
  • Raven DB (RAVEN_DB)
  • SolidServer (SOLIDSERVER)
  • Spacelift (SPACELIFT)
  • Trend Micro Vision One Activity (TRENDMICRO_VISION_ONE_ACTIVITY)
  • Trend Micro Vision One Container Vulnerabilities (TRENDMICRO_VISION_ONE_CONTAINER_VULNERABILITIES)
  • Trend Micro Vision One Detections (TRENDMICRO_VISION_ONE_DETECTIONS)
  • Vectra XDR (VECTRA_XDR)
  • Vicarious VRX Events (VICARIUS_VRX_EVENTS)
  • WireGuard VPN Logs (WIREGUARD_VPN)
  • Zero Networks (ZERO_NETWORKS)
  • Zoho Assist (ZOHO_ASSIST)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • 1Password Audit Events (ONEPASSWORD_AUDIT_EVENTS)
  • AIX system (AIX_SYSTEM)
  • Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
  • Alveo Risk Data Management (ALVEO_RDM)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Apache Tomcat (TOMCAT)
  • Appian Cloud (APPIAN_CLOUD)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Asset Panda (ASSET_PANDA)
  • Aware Audit (AWARE_AUDIT)
  • Aware Signals (AWARE_SIGNALS)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS ECS Metrics (AWS_ECS_METRICS)
  • AWS Elastic Load Balancer (AWS_ELB)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Inspector (AWS_INSPECTOR)
  • AWS Lambda Function (AWS_LAMBDA_FUNCTION)
  • AWS RDS (AWS_RDS)
  • AWS Redshift (AWS_REDSHIFT)
  • AWS Route 53 DNS (AWS_ROUTE_53)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • AWS WAF (AWS_WAF)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Key Vault logging (AZURE_KEYVAULT_AUDIT)
  • Barracuda CloudGen Firewall (BARRACUDA_CLOUDGEN_FIREWALL)
  • Barracuda WAF (BARRACUDA_WAF)
  • BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Broadcom Support Portal Audit Logs (BROADCOM_SUPPORT_PORTAL)
  • Cato Networks (CATO_NETWORKS)
  • Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
  • Check Point (CHECKPOINT_FIREWALL)
  • ChromeOS XDR (CHROMEOS_XDR)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco EStreamer (CISCO_ESTREAMER)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco ISE (CISCO_ISE)
  • Cisco NX-OS (CISCO_NX_OS)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
  • Cisco vManage SD-WAN (CISCO_SDWAN)
  • Cisco VPN (CISCO_VPN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Citrix Storefront (CITRIX_STOREFRONT)
  • Claroty Xdome (CLAROTY_XDOME)
  • Cloud Audit Logs (N/A)
  • Cloud Data Loss Prevention (N/A)
  • Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • CommVault (COMMVAULT)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CrowdStrike Falcon (CS_EDR)
  • CrowdStrike Falcon Stream (CS_STREAM)
  • Crowdstrike Identity Protection Services (CS_IDP)
  • CrushFTP (CRUSHFTP)
  • Custom Application Access Logs (CUSTOM_APPLICATION_ACCESS)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • Cybereason EDR (CYBEREASON_EDR)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Datadog (DATADOG)
  • Delinea Secret Server (DELINEA_SECRET_SERVER)
  • Dell CyberSense (DELL_CYBERSENSE)
  • Digicert (DIGICERT)
  • Edgio WAF (EDGIO_WAF)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • F5 ASM (F5_ASM)
  • F5 DNS (F5_DNS)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint NGFW (FORCEPOINT_FIREWALL)
  • Forgerock OpenIdM (FORGEROCK_OPENIDM)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet Fortimanager (FORTINET_FORTIMANAGER)
  • Fortinet Web Application Firewall (FORTINET_FORTIWEB)
  • GitHub (GITHUB)
  • Gitlab (GITLAB)
  • Harness IO (HARNESS_IO)
  • Hashicorp Vault (HASHICORP)
  • Hillstone Firewall (HILLSTONE_NGFW)
  • Huawei Switches (HUAWEI_SWITCH)
  • IBM Guardium (GUARDIUM)
  • Imperva Database (IMPERVA_DB)
  • Intel Endpoint Management Assistant (INTEL_EMA)
  • JAMF Security Cloud (JAMF_SECURITY_CLOUD)
  • JFrog Artifactory (JFROG_ARTIFACTORY)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper (JUNIPER_FIREWALL)
  • Kaspersky AV (KASPERSKY_AV)
  • Kaspersky Endpoint (KASPERSKY_ENDPOINT)
  • Kolide Endpoint Security (KOLIDE)
  • Kubernetes Audit (KUBERNETES_AUDIT)
  • Layer7 SiteMinder (SITEMINDER_SSO)
  • Linux Auditing System (AuditD) (AUDITD)
  • Looker Audit (LOOKER_AUDIT)
  • ManageEngine ADAudit Plus (ADAUDIT_PLUS)
  • ManageEngine ADManager Plus (ADMANAGER_PLUS)
  • McAfee Web Gateway (MCAFEE_WEBPROXY)
  • Metabase (METABASE)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure Activity (AZURE_ACTIVITY)
  • Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft IIS (IIS)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft Sentinel (MICROSOFT_SENTINEL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • Mimecast (MIMECAST_MAIL)
  • MISP Threat Intelligence (MISP_IOC)
  • NetIQ eDirectory (NETIQ_EDIRECTORY)
  • Netskope V2 (NETSKOPE_ALERT_V2)
  • Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
  • Oort Security Tool (OORT)
  • Open Cybersecurity Schema Framework (OCSF) (OCSF)
  • Open LDAP (OPENLDAP)
  • Opnsense (OPNSENSE)
  • Ops Genie (OPS_GENIE)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Guard (OCI_CLOUDGUARD)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Orca Cloud Security Platform (ORCA)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Access (PAN_CASB)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Pharos (PHAROS)
  • Privacy-I (PRIVACY_I)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • ReviveSec (REVIVESEC)
  • Rubrik (RUBRIK)
  • Salesforce (SALESFORCE)
  • Sangfor Proxy (SANGFOR_PROXY)
  • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
  • Security Command Center Threat (N/A)
  • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snipe-IT (SNIPE_IT)
  • Snyk Group level audit/issues logs (SNYK_ISSUES)
  • SonicWall (SONIC_FIREWALL)
  • Sophos Central (SOPHOS_CENTRAL)
  • Swimlane Platform (SWIMLANE)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Event export (SYMANTEC_EVENT_EXPORT)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Tanium Question (TANIUM_QUESTION)
  • Tanium Threat Response (TANIUM_THREAT_RESPONSE)
  • Teleport Access Plane (TELEPORT_ACCESS_PLANE)
  • Tenable Active Directory Security (TENABLE_ADS)
  • Tenable CSPM (TENABLE_CSPM)
  • tenable.io (TENABLE_IO)
  • Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
  • Thinkst Canary (THINKST_CANARY)
  • ThreatX WAF (THREATX_WAF)
  • Trend Micro Email Security Advanced (TRENDMICRO_EMAIL_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • TXOne Stellar (TRENDMICRO_STELLAR)
  • UKG (UKG)
  • Unix system (NIX_SYSTEM)
  • UPX AntiDDoS (UPX_ANTIDDOS)
  • VanDyke SFTP (VANDYKE_SFTP)
  • Varonis (VARONIS)
  • Vectra Alerts (VECTRA_ALERTS)
  • Vectra Stream (VECTRA_STREAM)
  • VMware AirWatch (AIRWATCH)
  • Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
  • VMware ESXi (VMWARE_ESX)
  • VMware Horizon (VMWARE_HORIZON)
  • Watchguard EDR (WATCHGUARD_EDR)
  • Windows Defender AV (WINDOWS_DEFENDER_AV)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Sysmon (WINDOWS_SYSMON)
  • Workday Audit Logs (WORKDAY_AUDIT)
  • Workday User Activity (WORKDAY_USER_ACTIVITY)
  • WPEngine (WPENGINE)
  • Zimperium (ZIMPERIUM)
  • Zscaler (ZSCALER_WEBPROXY)
  • ZScaler DNS (ZSCALER_DNS)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • ZScaler NGFW (ZSCALER_FIREWALL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Autodesk Cad Cam (AUTODESK_CAD_CAM)
  • Azure Risk Events (AZURE_RISK_EVENTS)
  • Azure Risky Users (AZURE_RISKY_USERS)
  • Azure Service Principal Logins (AZURE_SERVICE_PRINCIPAL_LOGINS)
  • Belden Switch (BELDEN_SWITCH)
  • Blue Voyant (BLUE_VOYANT)
  • Cisco NetFlow (CISCO_NETFLOW)
  • Citrix Receiver (CSG_CITRIX_RX)
  • Clavistier Firewall (CLAVISTER_FIREWALL)
  • ClickHouse (CLICKHOUSE)
  • Cloudflare Pageshield (CLOUDFLARE_PAGESHIELD)
  • CrowdStrike DLP (CROWDSTRIKE_DLP)
  • Crowdstrike Recon (TI) (CROWDSTRIKE_RECON)
  • Cynerio Healthcare NDR (CYNERIO_NDR_H)
  • Exterro FTK Central (EXTERRO_FTK_CENTRAL)
  • Fortra Vulnerability Management (FORTRA_VM)
  • GCP Cloud Asset Inventory (GCP_CLOUD_ASSET_INVENTORY)
  • Health ISAC (H_ISAC)
  • HP Router (HP_ROUTER)
  • Huawei Wireless (HUAWEI_WIRELESS)
  • IBM Sense (IBM_SENSE)
  • IIJ_LanScope (IIJ_LANSCOPE)
  • Joblogic (JOBLOGIC)
  • OneIdentity Safeguard (ONEIDENTITY_SAFEGUARD)
  • OpenText Cordy (OPENTEXT_CORDY)
  • Pave (PAVE)
  • Proofpoint Identity Threat Platform (PROOFPOINT_IDENTITY_THREAT_PLATFORM)
  • Rapid Identity (RAPID_IDENTITY)
  • Raven DB (RAVEN_DB)
  • SolidServer (SOLIDSERVER)
  • Spacelift (SPACELIFT)
  • Trend Micro Vision One Activity (TRENDMICRO_VISION_ONE_ACTIVITY)
  • Trend Micro Vision One Container Vulnerabilities (TRENDMICRO_VISION_ONE_CONTAINER_VULNERABILITIES)
  • Trend Micro Vision One Detections (TRENDMICRO_VISION_ONE_DETECTIONS)
  • Vectra XDR (VECTRA_XDR)
  • Vicarious VRX Events (VICARIUS_VRX_EVENTS)
  • WireGuard VPN Logs (WIREGUARD_VPN)
  • Zero Networks (ZERO_NETWORKS)
  • Zoho Assist (ZOHO_ASSIST)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Secret Manager

Parameter Manager, currently in Preview, now offers a console for storing, accessing, and managing the lifecycle of your workload parameters. For more information, see the Parameter Manager documentation.

Security Command Center

Event Threat Detection, a built-in service of Security Command Center, has released new detectors. The following detectors, which are available in Preview with the Enterprise and Premium tiers of Security Command Center, allow users to manage threats to their Google Cloud Backup and Disaster Recovery assets in Security Command Center:

  • BACKUP_DELETE_VAULT
  • BACKUP_DELETE_VAULT_BACKUP
  • BACKUP_DELETE_BACKUP_PLAN_ASSOCIATION

In addition, we updated the existing BACKUP_REMOVE_PLAN detector to support findings on Google Cloud Backup and Disaster Recovery assets that are managed in the Google Cloud console. This detector will dynamically generate finding descriptions based on the finding source.

Spanner

Full-text search is now generally available for PostgreSQL-dialect databases.

A monthly digest of client library updates from across the Cloud SDK.

Go

Changes for spanner/admin/database/apiv1

1.74.0 (2025-01-24)

Features
  • spanner/admin/instance: Exposing FreeInstanceAvailability in InstanceConfig (4254053)
  • spanner/admin/instance: Exposing FreeInstanceMetadata in Instance configuration (to define the metadata related to FREE instance type) (4254053)
  • spanner/admin/instance: Exposing InstanceType in Instance configuration (to define PROVISIONED or FREE spanner instance) (4254053)
  • spanner/admin/instance: Exposing QuorumType in InstanceConfig (4254053)
  • spanner/admin/instance: Exposing storage_limit_per_processing_unit in InstanceConfig (4254053)
  • spanner: Add the last statement option to ExecuteSqlRequest and ExecuteBatchDmlRequest (8dedb87)
  • spanner: Add UUID in Spanner TypeCode enum (46fc993)
  • spanner: Implement generation and propagation of "x-goog-spanner-request-id" Header (#11048) (10960c1)
Bug Fixes
  • spanner/spansql: PROTO BUNDLE and protobuf type parsing fixes (#11279) (b1ca714)
  • spanner/test/opentelemetry/test: Update golang.org/x/net to v0.33.0 (e9b0b69)
  • spanner: ReadWriteStmtBasedTransaction would not remember options for retries (#11443) (7d8f0c5)
  • spanner: Support setting monitoring host via env and override any endpoint override from spanner options with default one (#11141) (3d61545)
  • spanner: Update golang.org/x/net to v0.33.0 (e9b0b69)
Documentation
  • spanner/admin/database: Fix typo timzeone -> timezone (a694e11)
  • spanner/admin/instance: A comment for enum DefaultBackupScheduleType is changed (4254053)
  • spanner/admin/instance: A comment for enum value AUTOMATIC in enum DefaultBackupScheduleType is changed (4254053)
  • spanner/admin/instance: A comment for enum value GOOGLE_MANAGED in enum Type is changed (4254053)
  • spanner/admin/instance: A comment for enum value NONE in enum DefaultBackupScheduleType is changed (4254053)
  • spanner/admin/instance: A comment for enum value USER_MANAGED in enum Type is changed (4254053)
  • spanner/admin/instance: A comment for field base_config in message .google.spanner.admin.instance.v1.InstanceConfig is changed (4254053)
  • spanner/admin/instance: A comment for field default_backup_schedule_type in message .google.spanner.admin.instance.v1.Instance is changed (4254053)
  • spanner/admin/instance: A comment for field filter in message .google.spanner.admin.instance.v1.ListInstanceConfigOperationsRequest is changed (4254053)
  • spanner/admin/instance: A comment for field filter in message .google.spanner.admin.instance.v1.ListInstancePartitionOperationsRequest is changed (4254053)
  • spanner/admin/instance: A comment for field instance_config in message .google.spanner.admin.instance.v1.CreateInstanceConfigRequest is changed (4254053)
  • spanner/admin/instance: A comment for field instance_partition_deadline in message .google.spanner.admin.instance.v1.ListInstancePartitionOperationsRequest is changed (4254053)
  • spanner/admin/instance: A comment for field location in message .google.spanner.admin.instance.v1.ReplicaInfo is changed (4254053)
  • spanner/admin/instance: A comment for field node_count in message .google.spanner.admin.instance.v1.Instance is changed (4254053)
  • spanner/admin/instance: A comment for field node_count in message .google.spanner.admin.instance.v1.InstancePartition is changed (4254053)
  • spanner/admin/instance: A comment for field operations in message .google.spanner.admin.instance.v1.ListInstanceConfigOperationsResponse is changed (4254053)
  • spanner/admin/instance: A comment for field operations in message .google.spanner.admin.instance.v1.ListInstancePartitionOperationsResponse is changed (4254053)
  • spanner/admin/instance: A comment for field optional_replicas in message .google.spanner.admin.instance.v1.InstanceConfig is changed (4254053)
  • spanner/admin/instance: A comment for field parent in message .google.spanner.admin.instance.v1.ListInstancePartitionsRequest is changed (4254053)
  • spanner/admin/instance: A comment for field processing_units in message .google.spanner.admin.instance.v1.Instance is changed (4254053)
  • spanner/admin/instance: A comment for field processing_units in message .google.spanner.admin.instance.v1.InstancePartition is changed (4254053)
  • spanner/admin/instance: A comment for field referencing_backups in message .google.spanner.admin.instance.v1.InstancePartition is changed (4254053)
  • spanner/admin/instance: A comment for field replicas in message .google.spanner.admin.instance.v1.InstanceConfig is changed (4254053)
  • spanner/admin/instance: A comment for field storage_utilization_percent in message .google.spanner.admin.instance.v1.AutoscalingConfig is changed (4254053)
  • spanner/admin/instance: A comment for field unreachable in message .google.spanner.admin.instance.v1.ListInstancePartitionsResponse is changed (4254053)
  • spanner/admin/instance: A comment for message CreateInstanceConfigRequest is changed (4254053)
  • spanner/admin/instance: A comment for message DeleteInstanceConfigRequest is changed (4254053)
  • spanner/admin/instance: A comment for message UpdateInstanceConfigRequest is changed (4254053)
  • spanner/admin/instance: A comment for method CreateInstance in service InstanceAdmin is changed (4254053)
  • spanner/admin/instance: A comment for method CreateInstanceConfig in service InstanceAdmin is changed (4254053)
  • spanner/admin/instance: A comment for method CreateInstancePartition in service InstanceAdmin is changed (4254053)
  • spanner/admin/instance: A comment for method ListInstanceConfigOperations in service InstanceAdmin is changed (4254053)
  • spanner/admin/instance: A comment for method ListInstanceConfigs in service InstanceAdmin is changed (4254053)
  • spanner/admin/instance: A comment for method ListInstancePartitionOperations in service InstanceAdmin is changed (4254053)
  • spanner/admin/instance: A comment for method MoveInstance in service InstanceAdmin is changed (4254053)
  • spanner/admin/instance: A comment for method UpdateInstance in service InstanceAdmin is changed (4254053)
  • spanner/admin/instance: A comment for method UpdateInstanceConfig in service InstanceAdmin is changed (4254053)
  • spanner/admin/instance: A comment for method UpdateInstancePartition in service InstanceAdmin is changed (4254053)

1.75.0 (2025-02-02)

Features
  • spanner/admin/database: Add AddSplitPoints API (59fe58a)
Bug Fixes
  • spanner: Inject "x-goog-spanner-request-id" into outgoing client context (#11544) (a8f16ef), refs #11543

1.76.0 (2025-02-20)

DO NOT USE This version is retracted due to https://github.com/googleapis/google-cloud-go/issues/11630, use version >=v1.76.1

Features
  • spanner/admin/database: Add instance partitions field in backup proto (c6a6dc7)
  • spanner: Support multiplexed session for read-write transactions & partition ops (#11615) (4b40201)
Performance Improvements

1.76.1 (2025-02-21)

Bug Fixes
  • spanner: Multiplexed_session_previous_transaction_id is not supported in the request for a non multiplexed session (#11626) (a940bef)

Java

Changes for google-cloud-spanner

6.86.0 (2025-01-31)

Features
  • Add sample for asymmetric autoscaling instances (#3562) (3584b81)
  • Support graph and pipe queries in Connection API (#3586) (71c3063)
Bug Fixes
  • Always add instance-id for built-in metrics (#3612) (705b627)
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.1 (3e27251)
  • deps: Update the Java code generator (gapic-generator-java) to 2.52.0 (bf69673)
  • spanner: Moved mTLSContext configurator from builder to construtor (#3605) (ac7c30b)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.42.0 (#3616) (2ea59f0)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.46.0 (#3530) (d505850)
Documentation
  • Clarify how async updates can overtake each other (#3581) (1be250f)
  • Fix typo timzeone -> timezone (bf69673)
  • Fixed parameter arguments for AbstractResultSet's Listener's on TransactionMetadata doc (#3602) (1f143a4)
  • samples: Add samples and tests for change streams transaction exclusion (#3098) (1f81600)

6.87.0 (2025-02-20)

Features
  • Add AddSplitPoints API (a5ebcd3)
  • Add option for multiplexed sessions with partitioned operations (#3635) (dc89b4d)
  • Add option to indicate that a statement is the last in a transaction (#3647) (b04ea80)
  • Adding gfe_latencies metric to built-in metrics (#3490) (314dadc)
  • spanner: Support multiplexed session for read-write transactions (#3608) (bda78ed)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.53.0 (20a3d0d)
  • spanner: End spans for read-write methods (#3629) (4a1f99c)
  • spanner: Release resources in TransactionManager (#3638) (e0a3e5b)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.43.0 (#3642) (c12968a)

Node.js

Changes for @google-cloud/spanner

7.18.0 (2025-01-29)

Features
  • Add gcp client attributes for Opentelemetry traces (#2215) (d2ff046)

7.18.1 (2025-02-05)

Bug Fixes

Python

Changes for google-cloud-spanner

3.52.0 (2025-02-19)

Features
  • Add additional opentelemetry span events for session pool (a6811af)
  • Add GCP standard otel attributes for python client (#1308) (0839f98)
  • Add updated span events + trace more methods (#1259) (ad69c48)
  • MetricsTracer implementation (#1291) (8fbde6b)
  • Support GRAPH and pipe syntax in dbapi (#1285) (959bb9c)
  • Support transaction and request tags in dbapi (#1262) (ee9662f)
  • x-goog-spanner-request-id: Introduce AtomicCounter (#1275) (f2483e1)
Bug Fixes
  • Retry UNAVAILABLE errors for streaming RPCs (#1278) (ab31078), closes #1150
  • tracing: Ensure nesting of Transaction.begin under commit + fix suggestions from feature review (#1287) (d9ee75a)
  • tracing: Only set span.status=OK if UNSET (#1248) (1d393fe), closes #1246
  • Update retry strategy for mutation calls to handle aborted transactions (#1279) (0887eb4)
Vertex AI Agent Builder

Vertex AI Search: Document-relevance scores for search results (GA)

You can ask to have a relevance score returned for each search result associated with a query. The returned score can be used to do post-search ranking or filtering of the results. This feature is available for search apps associated with structured and unstructured data stores.

This feature is Generally available (GA). For more information, see Get document-relevance score with search results.

Virtual Private Cloud

Accessing supported global Google APIs through Private Service Connect backends is available in General Availability.

Workflows

Support to create and manage tags is available. You can use tags to group workflows and other resources for reporting, auditing, and access control.

February 27, 2025

AlloyDB for PostgreSQL

AlloyDB's cross-region replication supports up to five secondary regions. You can use additional secondary regions to further harden disaster recovery response, or to serve geographically distributed workloads. For more information, see Cross-region replication overview and Work with cross-region replication.

Apigee UI

On February 27, 2025, we released an updated version of the Apigee Proxy Debug tool.

Overview

This release introduces a redesigned debugging experience for API proxies in the Apigee UI, which is available in Google Cloud console.

This new feature, Debug Sequence View (v2), addresses user feedback and aims to streamline the process of identifying and resolving issues in your API proxies.

We believe that Debug Sequence View will significantly improve the API proxy debugging experience. We encourage you to try it out and provide your valuable feedback as we continue to refine and enhance this feature!

Key highlights

  • Intuitive horizontal layout:
    The new Debug Sequence View (v2) features a horizontal sequence diagram, mirroring the familiar layout of the classic Apigee Console UI, making it easier to understand the flow of your API proxy transactions at a glance.
  • Enhanced clarity:
    The horizontal visualization, coupled with improved grouping of events, provides a clearer picture of policy execution, highlighting errors and their context within the transaction flow.
  • Streamlined workflow:
    Debug Sequence View (v2) is designed to reduce the need for disruptive pop-ups and sifting through events, offering a smoother and more focused debugging experience. Reimagined icons help quickly understand a transaction at a glance.
  • Feature parity:
    Debug Sequence View (v2) is designed for users already familiar with debugging in Apigee Classic UI to quickly be proficient.
  • Search:
    You can now search for a specific string in the sequence diagram and details pane.
  • Improved API status display:
    The API status display in the transaction list has been improved for increased readability.
  • Consolidated FlowInfo events:
    FlowInfo events are now grouped together in the sequence diagram.
  • Target URL displayed:
    Displayed target URL on "Request Sent" node when relevant
Cloud Composer

Database retention policy is available in Cloud Composer 3. You can use this feature to automatically delete older records from the Airflow database, which helps to maintain the Airflow database's size.

Cloud Load Balancing

In typical HTTPS communication, neither the load balancer nor the backend verify each other's identity, assuming that they are within a secure perimeter and can be trusted. However, when perimeter security needs reinforcement or communication extends beyond the perimeter, backend mTLS becomes essential. Backend mTLS ensures secure communication by requiring both the load balancer and the backend to mutually verify their identities.

With backend authenticated TLS, the load balancer verifies the backend server's certificate by checking its chain of trust, thereby confirming the backend's identity. Conversely, with backend mTLS, the backend server verifies the client certificate presented by the load balancer. Together, these mechanisms enable backend mTLS, ensuring that both parties validate each other's identity.

Backend mTLS complements frontend mTLS, which is already generally available (GA).

For details, see the following:

This capability is in Preview for global external Application Load Balancers.

Cloud Monitoring

On your custom dashboards, you can reduce the load time of the dashboard by using group widgets. The tab-group widget displays one member of a collection, and it provides tabs on the toolbar to let you select which member to display:

Colab Enterprise

You can use Terraform resources to schedule notebook runs, and to manage runtimes and runtime templates. To learn more, see the following:

Datastream

Datastream now supports Salesforce as a source. The feature is in Preview.

For more information, see the Datastream documentation.

Google Cloud Contact Center as a Service

Patch 3.31.36

This patch does the following:

  • Fixes an issue where the chat adapter was not appearing in the agent desktop when an incoming chat was received.
  • Fixes an issue where agents in Unavailable or Wrap up status were not receiving incoming contacts and were put into Unresponsive status.
  • Fixes a security vulnerability.
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.1100-gke.82 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.1100-gke.82 runs on Kubernetes v1.29.13-gke.500.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The 1.29.1100-gke.82 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

Google Distributed Cloud (software only) for bare metal

Release 1.30.600-gke.69

Google Distributed Cloud for bare metal 1.30.600-gke.69 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.600-gke.69 runs on Kubernetes v1.30.9-gke.100.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following functional change was made in 1.30.600-gke.69:

  • Cluster deletion now deletes worker node pools prior to deleting any control plane node pools.

The following issues are fixed in 1.30.600-gke.69:

  • Fixed an issue where node upgrades failed due to missing super-admin.conf file.

  • Fixed an issue where bmctl update clustercommand fails for user clusters that were created with thecloudOperationsServiceAccountKeyPath setting in the header section of the cluster configuration file.

The 1.30.600-gke.69 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.30.500-gke.127

Google Distributed Cloud for bare metal 1.30.500-gke.127 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.500-gke.127 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following issues are fixed in 1.30.500-gke.127:

  • Fixed an issue where node upgrades failed due to missing super-admin.conf file.

  • Fixed an issue where prompting during bmctl update cluster prevented use of automation. You can now use the --quiet flag to skip prompting.

  • Fixed an issue where node machines didn't update when the registry mirror hosts field was updated.

The 1.30.500-gke.127 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.31.200-gke.59

Google Distributed Cloud for bare metal 1.31.200-gke.59 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.200-gke.59 runs on Kubernetes v1.31.5-gke.300.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following issue is fixed in 1.31.200-gke.69:

  • Fixed an issue where node upgrades failed due to missing super-admin.conf file.

The 1.31.200-gke.59 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.29.1100-gke.84

Google Distributed Cloud for bare metal 1.29.1100-gke.84 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.1100-gke.84 runs on Kubernetes v1.29.13-gke.500.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The 1.29.1100-gke.84 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

The initial patch releases for 1.30.500, 1.30.600, and 1.31.200 contained a known issue that blocked cluster upgrades. This issue is fixed in the following updated patches:

  • 1.31.200-gke.59
  • 1.30.600-gke.69
  • 1.30.500-gke.127

The release notes and related documentation have been updated to reflect the updated patch version information.

Google Kubernetes Engine

The GKE Autopilot partner program now lets partners create and manage allowlists that correspond to specific partner workloads. In GKE version 1.32.1-gke.1729000 and later, you can explicitly install allowlists in your clusters to run only the partner solutions that you need.

To learn more, see Run privileged workloads from GKE Autopilot partners.

Network Connectivity Center

Producer VPC Spokes is generally available.

If you have a VPC network that consumes a service offered through private services access, you can use a Network Connectivity Center producer VPC spoke to make the service reachable by other spokes on a hub.

Network Intelligence Center

Flow Analyzer is available in General availability.

VPC Service Controls

Preview stage support for the following integration:

Virtual Private Cloud

The following Private Service Connect monitoring metrics are available for both producers and consumers in General Availability:

  • Closed connections count
  • Received packets dropped count
  • Sent packets dropped count
  • New connections count
  • Open connections
  • Received bytes count
  • Received packets count
  • Sent bytes count
  • Sent packets count

Additionally, the NAT IP address capacity metric is available for producers in General Availability.

You can use these metrics to help monitor and troubleshoot published services, endpoints that connect to published services, and backends that connect to published services. For more information, see Monitor Private Service Connect connections.

February 26, 2025

Cloud Database Migration Service

Database Migration Service for homogeneous Cloud SQL for PostgreSQL migrations now lets you migrate specific databases from your source instance. You can view metrics, statuses, and errors separately for each database.

For more information about migrating specific databases, see:

Cloud Monitoring

You can now enable and disable the logging of uptime-check failures by using the log_check_failures field in the Cloud Monitoring API.

Cloud SQL for MySQL

You can now include replicas when you perform an in-place major version upgrade using gcloud or the Cloud SQL Admin API. For more information, see Upgrade the database major version in-place.

Cloud SQL for PostgreSQL

You can now include replicas when you perform an in-place major version upgrade using gcloud or the Cloud SQL Admin API. For more information, see Upgrade the database major version in-place.

Cloud Storage

Bucket relocation for Cloud Storage is generally available (GA). You can use bucket relocation to relocate buckets between geographic locations.

Google Kubernetes Engine

(2025-R08) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.32.1-gke.1729000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.29.13-gke.1109000
    • 1.29.13-gke.1169000
    • 1.30.9-gke.1201000
    • 1.30.9-gke.1231000
    • 1.31.5-gke.1169000
    • 1.31.5-gke.1233000
    • 1.32.1-gke.1489001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.14-gke.1018000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.10-gke.1022000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.6-gke.1020000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.14-gke.1018000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.10-gke.1022000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.6-gke.1020000 with this release.

Regular channel

  • Version 1.31.5-gke.1169000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.29.13-gke.1038000
    • 1.30.9-gke.1046000
    • 1.31.5-gke.1068000
    • 1.32.1-gke.1200003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.9-gke.1127000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.9-gke.1127000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.5-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.1-gke.1357001 with this release.

Stable channel

  • Version 1.30.9-gke.1009000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.29.12-gke.1270000
    • 1.30.8-gke.1261000
    • 1.31.4-gke.1372000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.9-gke.1009000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.5-gke.1023000 with this release.

Extended channel

  • Version 1.31.5-gke.1169000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2440000
    • 1.28.15-gke.1612000
    • 1.28.15-gke.1844000
    • 1.29.13-gke.1038000
    • 1.30.9-gke.1046000
    • 1.31.5-gke.1068000
    • 1.32.1-gke.1200003
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1641000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.9-gke.1127000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.5-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.1-gke.1357001 with this release.

No channel

(2025-R08) Version updates

  • Version 1.32.1-gke.1729000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.29.13-gke.1109000
    • 1.29.13-gke.1169000
    • 1.30.9-gke.1201000
    • 1.30.9-gke.1231000
    • 1.31.5-gke.1169000
    • 1.31.5-gke.1233000
    • 1.32.1-gke.1489001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.14-gke.1018000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.10-gke.1022000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.6-gke.1020000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.14-gke.1018000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.10-gke.1022000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.6-gke.1020000 with this release.

(2025-R08) Version updates

  • Version 1.31.5-gke.1169000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.29.13-gke.1038000
    • 1.30.9-gke.1046000
    • 1.31.5-gke.1068000
    • 1.32.1-gke.1200003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.9-gke.1127000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.9-gke.1127000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.5-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.1-gke.1357001 with this release.

(2025-R08) Version updates

  • Version 1.30.9-gke.1009000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.29.12-gke.1270000
    • 1.30.8-gke.1261000
    • 1.31.4-gke.1372000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.9-gke.1009000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.5-gke.1023000 with this release.

(2025-R08) Version updates

  • Version 1.31.5-gke.1169000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2440000
    • 1.28.15-gke.1612000
    • 1.28.15-gke.1844000
    • 1.29.13-gke.1038000
    • 1.30.9-gke.1046000
    • 1.31.5-gke.1068000
    • 1.32.1-gke.1200003
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1641000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.9-gke.1127000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.5-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.1-gke.1357001 with this release.

(2025-R08) Version updates

Network Connectivity Center

Private Service Connect connection propagation is asynchronous after spoke creation or deletion. When a VPC spoke is removed from a hub, it can take some time to update propagated Private Service Connect connections. While the Private Service Connect propagation connection update is in progress, traffic from the VM within the VPC network can flow to the backend, even after the VPC spoke is added to a new hub. To avoid this issue, we recommend that before adding the spoke to another hub, make sure that all of the propagation status entries for the VPC network in the previous hub, whether as a source spoke or a target spoke, are deleted.

Private Service Connect connection propagation is generally available.

Connection propagation through the Network Connectivity Center hub provides access to Private Service Connect endpoints from other VPC networks.

Vertex AI Agent Builder

Vertex AI Search: Personalize responses from the answer method (GA)

When making a query call to the answer method, you can provide information about the user to personalize the generated answer.

This feature is Generally available (GA). For more information, see Personalize answers.

Virtual Private Cloud

Private Service Connect propagated connections are available in General Availability. With propagated connections, services that are accessible in one consumer VPC spoke through Private Service Connect endpoints can be privately accessed by other consumer VPC spokes that are connected to the same Network Connectivity Center hub.

February 25, 2025

AlloyDB for PostgreSQL

The alloydb_scann extension is updated to include the following vector search improvements in Preview:

  • AlloyDB for PostgreSQL introduces inline filtering for vector search. With inline filtering, SQL filter evaluation is performed at the same time as vector search. This feature mitigates potential issues from existing pre and post-filter evaluation mechanisms. For more information about scann.enable_inline_filtering, see ScaNN index reference.
  • A distribution histogram is available in the pg_stat_ann_indexes view, which helps you understand the distribution of vectors between partitions and num_leaves of your ScaNN index. For more information, including recommendations about tuning the distributionpercentile metric, see Tuning metrics.
BigQuery

You can now see a list of BigQuery API and service dependencies. You can also review the effects of disabling an API or service.

You can use the best sellers and price competitiveness migration guides to transition to the newer version of the reports. This feature is in preview.

BigQuery resource utilization charts provide metrics views and more chart configuration options in Preview.

Cloud Composer

Cloud Composer 3 is now available in Stockholm (europe-north2). The change is gradually rolling out.

Cloud SQL for PostgreSQL

You can now export or import all user databases in an instance using a directory-formatted, parallel export or import operation.

Cloud Service Mesh

Managed Cloud Service Mesh with the Traffic Director control plane now supports configuring the network topology to use X-Forwarded-For and X-Forwarded-Client-Cert headers by MeshConfig or annotations of workloads.

Config Controller

Config Controller now uses the following versions of its included products:

Generative AI on Vertex AI

Gemini 2.0 Flash-Lite is now generally available

Gemini 2.0 Flash-Lite is now generally available. For more information, see Gemini 2.0.

Google Cloud VMware Engine

Generally available: VMware Engine Update center on the Google Cloud console is now generally available. Update center lets you view and manage updates to your private clouds, including specifying start dates and times for schedulable VMware version updates, and viewing the status of in-progress schedulable and non-schedulable updates, such as security patches. For more information, see Update a private cloud.

Google Kubernetes Engine

Three new metrics are added for checking node and node pool status:

  • kubernetes.io/node/status_condition: The condition of a node from the node status condition field. The Ready field has Unknown status if the node controller has not heard from the node in the last node-monitor-grace-period period. This metric is available for clusters with GKE version 1.32.1-gke.1260000 and later.

  • kubernetes.io/node_pool/multi_host/available: The multi-host NodePool availability. When all the nodes in the node pool are available, the value is True. If any of the nodes in the node pool are unavailable, the value is False. This metric is available for Multi-host TPU node pools only.

  • kubernetes.io/node_pool/status: The current status of the node pool from the NodePool instance. Status updates happen after GKE API operations complete. This metric is available for Multi-host TPU node pools only.

Google SecOps

The Custom Fields feature has been rolled back.

Security Command Center

You can now use Organization Policy Service custom constraints to provide more granular control over specific fields for some Security Command Center resources. For more information, see Configure custom organization policies. This feature is in General Availability.

February 24, 2025

App Hub

App Hub supports resources from the following sources in Preview:

  • Bigtable
  • Cloud SQL
  • Cloud Storage
  • Memorystore for Redis
  • Pub/Sub
  • Spanner

BigQuery

You can now use the @@location system variable to set the location in which to run a query. This feature is in preview.

Bigtable

Bigtable Data Boost, a serverless compute service designed for high-throughput read jobs and queries, is generally available (GA).

Automated backup for Bigtable is generally available (GA). For more information, see the Backups overview.

Cloud Service Mesh

If you're a user of managed Cloud Service Mesh with the ISTIOD control plane implementation, you can now fine-tune your control plane modernization. See the Managed control plane modernization page for details.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.15.2 (2025-02-20)

Bug Fixes

You can move an object within a bucket with hierarchical namespace enabled using the Objects: move method.

Container Optimized OS

cos-dev-121-18867-0-24

Kernel Docker Containerd GPU Drivers
COS-6.6.74 v25.0.7 v2.0.2 See List

Updated app-admin/google-guest-configs to v20250207.00.

Upgraded app-admin/google-guest-agent to v20250204.02.

Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.

Upgraded cloud-init from 23.4.3 to 24.4.1.

Updated Konlet to v0.13.4.

Fixed CVE-2025-0840 in binutils.

Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.

Updated cos-gpu-installer to v2.4.7: 1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64

Upgraded app-admin/fluent-bit to v3.2.5.

Upgraded sys-apps/hwdata to v0.391.

Upgraded sys-apps/diffutils to v3.11.

Upgraded sys-apps/pv to v1.9.27.

Fixed CVE-2024-13176 in dev-libs/openssl.

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-9287 in dev-lang/python.

Runtime sysctl changes:

  • Changed: fs.file-max: 811771 -> 811788

cos-109-17800-436-42

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to v20250207.00.

Fixed CVE-2024-13176 in dev-libs/openssl.

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-9287 in dev-lang/python.

Fixed CVE-2024-56664 in the Linux kernel.

Fixed CVE-2024-57949 in the Linux kernel.

Fixed CVE-2024-57951 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812276 -> 812258

cos-117-18613-164-47

Kernel Docker Containerd GPU Drivers
COS-6.6.72 v24.0.9 v1.7.24 See List

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-9287 in dev-lang/python.

Updated app-admin/google-guest-configs to v20250207.00.

Fixed CVE-2024-13176 in dev-libs/openssl.

Fixed CVE-2024-57949 in the Linux kernel.

Fixed CVE-2024-57951 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811817 -> 811792

cos-113-18244-291-46

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

Updated app-admin/google-guest-configs to v20250207.00.

Fixed CVE-2024-13176 in dev-libs/openssl.

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-9287 in dev-lang/python.

Fixed CVE-2024-57949 in the Linux kernel.

Fixed CVE-2024-57951 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812031 -> 812058

cos-105-17412-535-61

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-9287 in dev-lang/python.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-57951 in the Linux kernel.

Fixed CVE-2024-53215 in the Linux kernel.

Fixed CVE-2024-56569 in the Linux kernel.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.133-debian10, 2.0.133-rocky8, 2.0.133-ubuntu18
  • 2.1.81-debian11, 2.1.81-rocky8, 2.1.81-ubuntu20, 2.1.81-ubuntu20-arm
  • 2.2.47-debian12, 2.2.47-rocky9, 2.2.47-ubuntu22
Dialogflow

Dialogflow CX (Conversational Agents): Text-to-speech used by Dialogflow now supports new Chirp HD voices.

Dialogflow CX (Conversational Agents) & ES: Text-to-speech removed support for voices across European markets. Affected users were sent an email announcement.

Generative AI on Vertex AI

Anthropic's Claude Sonnet 3.7 is in Preview on Vertex AI. To learn more, view the Claude Sonnet 3.7 model card in Model Garden.

Identity and Access Management

Workforce Identity Federation can map up to 400 groups from Microsoft Entra ID. The feature is generally available. To learn more, see Configure Workforce Identity Federation with Microsoft Entra ID and a large number of groups.

Looker

The following Gemini in Looker features are available in Preview for instances on Looker 25.2 and later:

To learn more about how to activate these features, see Admin settings – Gemini in Looker.

Conversational Analytics is now available in Preview for Looker (original) and Looker (Google Cloud core) instances on Looker 25.0 and later that have both Studio in Looker and Gemini in Looker enabled. You can use Conversational Analytics to query your Looker Explore data in natural language.

VPC Service Controls

VPC Service Controls feature (Status: Preview): The VPC Service Controls violation analyzer lets you diagnose access denial events for services in your perimeters using an encrypted troubleshooting token generated by VPC Service Controls. The violation analyzer also provides troubleshooting results that can help you understand and resolve the access denial events. This feature is available in Preview.

For more information, see Diagnose an access denial event using the VPC Service Controls violation analyzer.

February 22, 2025

Google SecOps

New Custom fields for case management

  • Added support for custom fields that analysts can fill out when working with cases or alerts, such as report time or false positives. These fields appear as a widget in the Case or Alert overview tab.
  • Custom fields can now be added to playbooks as actions or placeholders.
  • Requires downloading the latest Siemplify integration.

For more information about this new feature, see Create Custom Fields.

Google SecOps SOAR

Release 6.3.36 is currently in Preview. This release contains the following feature.

New Custom fields for case management

  • Added support for custom fields that analysts can fill out when working with cases or alerts, such as report time or false positives. These fields appear as a widget in the Case or Alert overview tab.
  • Custom fields can now be added to playbooks as actions or placeholders.
  • Requires downloading the latest Siemplify integration.

For more information about this new feature, see Create Custom Fields.

Release 6.3.35 is now in General Availability.

February 21, 2025

AlloyDB for PostgreSQL

You can use an API to import data to AlloyDB for PostgreSQL clusters. This feature is generally available (GA). You can also cancel the import of data and check the status of the import. For more information, see Import a CSV file and Import a SQL file.

You can perform an in-place major version upgrade of your AlloyDB cluster to PostgreSQL version 16 from PostgreSQL version 14 or 15. This feature is available in Preview.

Cloud Composer

Starting April 14, 2025, the Deployment Manager API won't be automatically enabled when you enable Cloud Composer API because this API isn't used by the Cloud Composer service.

Cloud DNS

Health checks for external endpoints in Cloud DNS routing policies are now available in GA.

Cloud Endpoints

Version 1.0.17 of the endpoints-management-java Java library is available.

This release contains no change in binaries.

Bug ID Description
387351751 Fixed Checkstyle violations in the ServiceConfigSupplierTest the of source code.
Cloud Key Management Service

Cloud KMS now supports the following post-quantum computing (PQC) algorithms for digital signatures in Public Preview:

  • PQ_SIGN_ML_DSA_65: Module-lattice-based digital signature algorithm
  • PQ_SIGN_SLH_DSA_SHA2_128S: Stateless hash-based digital signature algorithm

To Retrieve a public key for a PQC key, you must use the gcloud CLI or the Cloud KMS REST API.

  • For the gcloud CLI, use the --public-key-format nist-pqc flag.
  • For the REST API, use the public_key_format=NIST_PQC header parameter.

For more information about PQC algorithms, see PQC signing algorithms. For more information about PQC digital signatures, see Post-quantum cryptography (PQC) digital signature.

Gemini Code Assist

Gemini Code Assist now uses a code-optimized version of Gemini 2.0. This new model is used in the following experiences:

  • Chat
  • Code generation
  • Code transformation
Generative AI on Vertex AI
  • PEFT Docker updates
    • Added support for evaluation metrics like perplexity, bleu, google_bleu, rouge1, rouge2, rougeL, rougeLSum.
    • Uses the best checkpoint and loads the model based on the best eval metrics.
    • Run training and eval only for data which is less than or equal to the max_seq_length.
    • Use gcloud storage rsync instead of csfuse to save a checkpoint.
  • Fine tuning updates
  • Model updates
    • Updated the PaliGemma model card by supporting PaliGemma 2 mix models, and segmentation functionality to Paligemma 1 models.
    • Updated the LLaVa model card by supporting LLaVA Next models and adding vLLM to the notebook.
Google Distributed Cloud connected

This is a minor release of Google Distributed Cloud connected (version 1.8.0).

The following new functionality has been introduced in this release of Google Distributed Cloud connected:

  • Refreshed GDC connected rack hardware. New GDC connected rack hardware is now available for purchase as a preview-level offering. This new offering allows you to deploy GDC connected racks as combinations of base rack pairs and up to three expansion racks for each zone. Each rack is populated by up to four compute blocks of three machines each. For more information, see Google Distributed Cloud connected form factors.

  • GDC connected services platform. Google Distributed Cloud connected now ships with a platform supporting the deployment of select Google services. For more information, see Manage Google services.

  • GPU workloads on GDC connected servers. You can now deploy GPU-based workloads on Google Distributed Cloud connected servers. The machines now ship with optional NVIDIA L4 GPUs. For more information, see Manage GPU workloads. This is a limited-access feature; contact your Google field sales representative for details.

  • Configurable local storage schemas. You can now configure the local storage present on GDC connected deployments with custom schemas. For more information, see Configure local storage schemas.

  • Network connectivity verification tool. Google Distributed Cloud connected now offers a tool that allows you to verify that your local network meets the connectivity requirements for Google Distributed Cloud connected. For more information, see Validate your connectivity before ordering Distributed Cloud connected.

  • L2 load balancer virtual IP pool support. You can now specify IPv4 and IPv6 addresses, address ranges, or subnetworks for ingress traffic for services that run behind the GDC connected L2 load balancer when the cluster is running in survivability mode. For more information, see Layer 2 load balancing with MetalLB.

  • Terraform support for the Edge Container API. The Google Distributed Cloud Connected Edge Container API is now supported in Terraform. See the Terraform repository for details.

  • Symcloud Storage metrics. Certain metrics for Symcloud Storage are now available in Cloud Monitoring. For more information, see Google Distributed Cloud metrics.

The following changes to existing functionality have been introduced in this release of Google Distributed Cloud connected:

  • Kubernetes metadata API now required for cluster creation and upgrades. You must enable the kubernetesmetadata.googleapis.com API to create Google Distributed Cloud connected clusters. This API is also required for upgrading clusters to Google Distributed Cloud connected software version 1.8.0. For more information, see Create and manage clusters.

  • Configure CMEK on existing clusters and node pools. You can now enable and disable support for Customer-Managed Encryption Keys (CMEK) on existing Google Distributed Cloud connected clusters and node pools. For more information, see Local storage security.

  • Improved hardware ordering process. The ordering process for Google Distributed Cloud connected hardware has been improved. For more information, see Order hardware.

    • The order form for Google Distributed Cloud connected hardware in the Cloud console now has feature parity with the Google Distributed Cloud Hardware Management API.
    • The Google Distributed Cloud Hardware Management API has been improved with more robust functionality.

  • Overhauled pricing page. The pricing page for Google Distributed Cloud connected has been overhauled to include detailed pricing information for the supported form factors and their respective regions. For more information, see Pricing.

  • Hardware ordering documentation has been expanded. The "Order hardware" page has been expanded with additional information on prerequisites, enabling the Google Distributed Cloud Hardware Management API, and the actions that can be performed on an order. For more information, see Order hardware.

The following functionality has been deprecated in this release of Google Distributed Cloud connected:

  • Legacy GDC connected rack hardware. The legacy GDC connected rack hardware (also known as "Config 1" and "Config 2") has reached end-of-sale and can no longer be ordered. Google continues to support your existing legacy rack deployments until the end of your contract term. For more information, contact your Google field sales representative.

  • GPU workloads on refreshed GDC connected racks. The refreshed Google Distributed Cloud connected rack hardware does not support GPU workloads. GPU workloads are supported on Google Distributed Cloud connected legacy rack hardware and on Google Distributed Cloud connected servers as a limited-access feature.

  • Virtual machine workloads on refreshed GDC connected racks. The refreshed Google Distributed Cloud connected rack hardware does not support virtual machine workloads. Virtual machine workloads are supported on Google Distributed Cloud connected legacy rack hardware and on Google Distributed Cloud connected servers.

The following issues have been resolved in this release of Google Distributed Cloud connected:

  • Virtual machine management no longer fails after a node has been powered down for an extended time. If you power down your Google Distributed Cloud connected machines for an extended period of time, you can now reliably manage virtual machines scheduled on the corresponding nodes after you power the machines back up.

  • The Kubernetes API server no longer returns 404 errors when attempting to access virt-api endpoints.

  • Cluster deletion no longer fails due to stale Symcloud Storage data. You can now reliably delete a cluster during disaster recovery or cluster reset. Symcloud Storage now properly cleans up the corresponding Symcloud Storage volumes.

  • Containerized Data Importer (CDI) import performance has been improved. When creating a virtual machine that uses a block Symcloud Storage volume, the speed of importing machine images has been significantly improved.

This release of Google Distributed Cloud connected contains the following known issues:

  • Virtual machines using file-based Symcloud Storage volumes can experience a CDI import error. When creating a virtual machine that uses a file-based Symcloud Storage volume, you can experience a CDI import failure. To work around this issue, add the following annotation to the corresponding Symcloud storage class config:

    annotations:
        cdi.kubevirt.io/enable-qemu-target-zero-option: "false"

  • The Storage Infrastructure Cluster cannot be deleted. On refreshed rack hardware deployments, the first cluster in a Google Distributed Cloud connected zone, also known as the Storage Infrastructure Cluster (SIC) cannot be deleted. Doing so would render Google Distributed Cloud connected storage inoperable. This is intentional behavior. Legacy Google Distributed Cloud connected rack hardware deployments and Google Distributed Cloud connected server deployments are not affected by this issue.

  • You must manually copy storage secrets for corresponding buckets to the target clusters in a zone. For Google Distributed Cloud connected zones with more than one cluster deployed on refreshed rack hardware, management of storage buckets for all clusters must be done through the first cluster in the zone, also known as the Storage Infrastructure Cluster (SIC). This is because bucket access is granted through roles to users on the SIC. When access to a bucket is granted, a secret is generated on the SIC for the associated user, and Google Distributed Cloud connected does not synchronize storage secrets across clusters. To work around this issue, you must manually copy the respective storage secrets from the "storage infrastructure cluster" to the cluster on which the corresponding storage buckets are used. Legacy Google Distributed Cloud connected rack hardware deployments and Google Distributed Cloud connected server deployments do not use a SIC and are not affected by this issue.

  • Storage is not freed immediately upon cluster deletion. After deleting a cluster, the storage used by that cluster is not freed up immediately. This is because storage clean-up is part of a garbage collection task that runs infrequently. To work around this issue, manually delete all of a cluster's persistent volumes before deleting the cluster itself.

  • Machines can experience intermittent connectivity loss. Google Distributed Cloud connected machines can experience intermittent connectivity loss due to a rare condition that can occur with fleet credential management. To remedy this issue, contact Google Support.

  • After a network disruption, Symcloud Storage volumes can fail to mount or dismount. If a node that uses Symcloud Storage volumes experiences a network disconnection, the Symcloud Storage volumes can fail to mount or dismount after network connectivity is restored. This is caused by the iomgr service entering a degraded state. To work around this issue, delete the iomgr container on the affected node.

  • Reallocating a GPU resource from a VM to a container can cause an initialization error. When you reallocate a GPU from a virtual machine workload to a container workload, you might receive an NVML initialization error. To remedy this issue, contact Google Support.

  • The anthos-multinet container might take up to two hours to fully start. You might intermittently experience a slower than normal startup for the anthos-multinet container (up to two hours). To remedy this issue, contact Google Support.

The following Google Distributed Cloud connected components have been updated:

  • GKE on Bare Metal has been updated from version 1.28.700-gke.154 to version 1.29.800-gke.111. (This component was formerly known as Anthos Clusters on Bare Metal.)

  • Kubernetes has been updated from version 1.28.10 to version 1.29.

Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected:

  • OS layer security mitigations: CVE-2024-41087, CVE-2024-40961, CVE-2024-41000, CVE-2024-40995, CVE-2024-38588, CVE-2024-40905, CVE-2024-40959, CVE-2024-39487, CVE-2024-42131, CVE-2024-42145, CVE-2024-36901

  • GKE on Bare Metal security mitigations: CVE-2024-37371, CVE-2021-38297, CVE-2022-23806, CVE-2023-24538, CVE-2023-24540, CVE-2023-25775, CVE-2023-29402, CVE-2023-29404, CVE-2023-29405, CVE-2020-22218, CVE-2024-0553, CVE-2024-0567, CVE-2024-37370, GHSA-87m9-rv8p-rgmg, CVE-2024-39487, CVE-2024-41040, CVE-2024-41046, CVE-2024-41049, CVE-2024-41059, CVE-2024-41070, CVE-2024-42104, CVE-2024-42148, CVE-2023-49083, CVE-2024-0743, CVE-2024-6609, CVE-2024-46738, CVE-2024-46740, CVE-2024-46743, CVE-2024-46744, CVE-2024-46747, CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759, CVE-2024-46782, CVE-2024-46798, CVE-2024-46800, CVE-2024-46804, CVE-2024-46814, CVE-2024-46815, CVE-2024-46818, CVE-2024-46828, CVE-2024-46844, CVE-2020-29652, CVE-2021-29923, CVE-2021-33195, CVE-2021-33196, CVE-2021-33198, CVE-2021-39293, CVE-2021-41771, CVE-2021-41772, CVE-2021-44716, CVE-2022-2879, CVE-2022-2880, CVE-2022-21698, CVE-2022-23772, CVE-2022-23773, CVE-2022-24675, CVE-2022-24921, CVE-2022-28131, CVE-2022-28327, CVE-2022-28948, CVE-2022-30580, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41715, CVE-2022-41724, CVE-2022-41725, CVE-2023-5717, CVE-2023-6040, CVE-2023-6356, CVE-2023-6536, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24539, CVE-2023-29400, CVE-2023-29403, CVE-2023-29499, CVE-2023-35827, CVE-2023-46838, CVE-2023-51780, CVE-2023-51781, CVE-2023-51782, CVE-2023-52436, CVE-2023-52439, CVE-2023-52444, CVE-2023-52445, CVE-2023-52451, CVE-2023-52464, CVE-2023-52469, CVE-2024-1086, CVE-2024-26586, CVE-2024-26597, CVE-2024-26598, CVE-2023-6270, CVE-2023-39323, CVE-2023-45285, CVE-2023-45287, CVE-2023-52434, CVE-2024-0565, CVE-2024-0985, CVE-2024-26882, CVE-2024-26883, CVE-2024-26884, CVE-2024-26898, CVE-2024-26907, CVE-2024-26934, CVE-2024-27020, CVE-2022-48655, CVE-2019-16884, CVE-2021-30465, CVE-2021-33194, CVE-2021-38561, CVE-2021-43565, CVE-2021-43816, CVE-2022-23648, CVE-2022-27191, CVE-2022-27664, CVE-2022-32149, CVE-2022-41723, CVE-2022-43945, CVE-2024-36971, CVE-2024-38583, CVE-2024-39480, CVE-2024-39495, CVE-2024-40902, CVE-2024-7348, CVE-2023-47038, CVE-2024-42161, CVE-2024-42224, CVE-2024-6104, GHSA-mh55-gqvf-xfwm, CVE-2016-3709, CVE-2024-7264, CVE-2024-36901, CVE-2024-36938, CVE-2024-41009, CVE-2024-41012, CVE-2024-41055, CVE-2024-41063, CVE-2024-41064, CVE-2024-42101, CVE-2024-42102, CVE-2024-42131, CVE-2024-42137, CVE-2024-42152, CVE-2024-42153, CVE-2024-42154, CVE-2023-23931, CVE-2024-50096, CVE-2024-50099, CVE-2021-3669, CVE-2021-3733, CVE-2021-4189, CVE-2023-27043, CVE-2023-31083, CVE-2023-40217, CVE-2023-52889, CVE-2024-41098, CVE-2024-42114, CVE-2024-42246, CVE-2024-42259, CVE-2024-42272, CVE-2024-42283, CVE-2024-42286, CVE-2024-42287, CVE-2024-42288, CVE-2024-42289, CVE-2024-42297, CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-43828, CVE-2024-43829, CVE-2024-43834, CVE-2024-43835, CVE-2024-43846, CVE-2024-43849, CVE-2024-43853, CVE-2024-43854, CVE-2024-43856, CVE-2024-43860, CVE-2024-43861, CVE-2024-43871, CVE-2024-43884, CVE-2024-43889, CVE-2024-43890, CVE-2024-43892, CVE-2024-43893, CVE-2024-43894, CVE-2024-43905, CVE-2024-43907, CVE-2024-43908, CVE-2024-43914, CVE-2024-44935, CVE-2024-44944, CVE-2024-44946, CVE-2024-44947, CVE-2024-44954, CVE-2024-44960, CVE-2024-44965, CVE-2024-44968, CVE-2024-44971, CVE-2024-44988, CVE-2024-44989, CVE-2024-44990, CVE-2024-44995, CVE-2024-45003, CVE-2024-45006, CVE-2024-45016, CVE-2024-45018, CVE-2024-45021, CVE-2024-45025, CVE-2024-45028, CVE-2024-46675, CVE-2024-46676, CVE-2024-46677, CVE-2024-46679, CVE-2024-46685, CVE-2024-46689, CVE-2024-46702, CVE-2024-46707, CVE-2024-46714, CVE-2024-46719, CVE-2024-46721, CVE-2024-46737, CVE-2024-46739, CVE-2024-46750, CVE-2024-46755, CVE-2024-46763, CVE-2024-46771, CVE-2024-46777, CVE-2024-46780, CVE-2024-46781, CVE-2024-46783, CVE-2024-46791, CVE-2024-46817, CVE-2024-46819, CVE-2024-46822, CVE-2024-46829, CVE-2024-46840, CVE-2024-47663, CVE-2020-29509, CVE-2020-29511, CVE-2021-33197, CVE-2021-34558, CVE-2021-36221, CVE-2021-44879, CVE-2022-1705, CVE-2022-1962, CVE-2022-32148, CVE-2022-41717, CVE-2023-3446, CVE-2023-3817, CVE-2023-6004, CVE-2023-6121, CVE-2023-6915, CVE-2023-6918, CVE-2023-24532, CVE-2023-29406, CVE-2023-29409, CVE-2023-32611, CVE-2023-32665, CVE-2023-34324, CVE-2023-39198, CVE-2023-39804, CVE-2023-45863, CVE-2023-46218, CVE-2023-46343, CVE-2023-49290, CVE-2023-52443, CVE-2023-52449, CVE-2023-52470, CVE-2024-21664, CVE-2024-28085, GHSA-2c7c-3mj9-8fqh, CVE-2024-2961, CVE-2024-28182, CVE-2023-7042, CVE-2023-39318, CVE-2023-39319, CVE-2023-39326, CVE-2023-47233, CVE-2023-52429, CVE-2023-52435, CVE-2023-52458, CVE-2024-0340, CVE-2024-0607, CVE-2024-22099, CVE-2024-23849, CVE-2024-23851, CVE-2024-24857, CVE-2024-24858, CVE-2024-24861, CVE-2024-25739, CVE-2024-26600, CVE-2024-26602, CVE-2024-26606, CVE-2024-26901, CVE-2024-26903, CVE-2024-26910, CVE-2024-27013, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35997, GHSA-6xv5-86q9-7xr8, CVE-2024-26900, CVE-2024-28122, CVE-2024-35255, CVE-2024-36902, CVE-2019-19921, CVE-2021-31525, CVE-2021-32760, CVE-2021-41103, CVE-2021-43784, CVE-2022-23471, CVE-2022-29162, CVE-2022-29526, CVE-2022-31030, CVE-2022-40735, CVE-2022-41717, CVE-2023-25153, CVE-2023-25173, CVE-2023-28642, CVE-2023-48795, CVE-2024-27019, CVE-2024-36288, CVE-2024-38662, CVE-2024-38780, CVE-2024-39292, CVE-2024-39475, CVE-2024-39476, CVE-2024-39482, CVE-2024-39484, CVE-2024-39489, CVE-2024-39493, CVE-2024-42070, CVE-2024-42076, CVE-2024-42077, CVE-2024-42082, GHSA-7ww5-4wqc-m92c, CVE-2023-5981, CVE-2024-42157, CVE-2024-42223, CVE-2024-42229, CVE-2024-42232, CVE-2024-42236, CVE-2024-42244, CVE-2024-42247, CVE-2021-3426, CVE-2021-28861, CVE-2021-29921, CVE-2022-42919, CVE-2023-6597, CVE-2023-28450, CVE-2023-50387, CVE-2023-50868, CVE-2024-0397, CVE-2024-4032, CVE-2024-8088, CVE-2024-8508, CVE-2024-8775, CVE-2024-9287, CVE-2024-9902, CVE-2024-11168, CVE-2024-43841, CVE-2021-25743, CVE-2022-30629, CVE-2023-26604, CVE-2023-2975, CVE-2023-5178, CVE-2023-5197, CVE-2023-6531, CVE-2023-6817, CVE-2023-46813, CVE-2023-46862, CVE-2023-52438, CVE-2022-38096, CVE-2023-5363, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, CVE-2023-52447, CVE-2023-52489, CVE-2023-52492, CVE-2023-52493, CVE-2023-52497, CVE-2023-52616, CVE-2023-52627, CVE-2023-52637, CVE-2023-52672, CVE-2024-0841, CVE-2024-23850, CVE-2024-26581, CVE-2024-26593, CVE-2024-26601, CVE-2024-26610, CVE-2024-26627, CVE-2024-26643, CVE-2024-26665, CVE-2024-26673, CVE-2024-26684, CVE-2024-26688, CVE-2024-26695, CVE-2024-26698, CVE-2024-26702, CVE-2024-26707, CVE-2024-26712, CVE-2024-26727, CVE-2024-26748, CVE-2024-26749, CVE-2024-26753, CVE-2024-26781, CVE-2024-26782, CVE-2024-26787, CVE-2024-26788, CVE-2024-26790, CVE-2024-26795, CVE-2024-26808, CVE-2024-26809, CVE-2024-26814, CVE-2024-26833, CVE-2024-26835, CVE-2024-26848, CVE-2024-26855, CVE-2024-26861, CVE-2024-26862, CVE-2024-26870, CVE-2024-26877, CVE-2024-26885, CVE-2024-26891, CVE-2024-26895, CVE-2024-26897, CVE-2024-26924, CVE-2024-26925, CVE-2024-26926, CVE-2024-26935, CVE-2024-26937, CVE-2024-26950, CVE-2024-26951, CVE-2024-26970, CVE-2024-26978, CVE-2024-26988, CVE-2024-27030, CVE-2024-27038, CVE-2024-27044, CVE-2024-27045, CVE-2024-27047, CVE-2024-27052, CVE-2024-27053, CVE-2024-27065, CVE-2024-27076, CVE-2024-27414, CVE-2024-27417, CVE-2024-27431, CVE-2024-35785, CVE-2024-35796, CVE-2024-35813, CVE-2024-35829CVE-2023-25809, GHSA-5j5w-g665-5m35, GHSA-77vh-xpmg-72qh, GHSA-c9cp-9c75-9v8c, CVE-2022-48303, CVE-2022-2309, CVE-2024-41007, CVE-2024-43167, CVE-2024-43168, GHSA-xr7q-jx4m-x55m.

Google Kubernetes Engine

In GKE version 1.33 and later, if you omit the whenUnsatisfiable field in a new GKE compute class specification, the default value is DoNotScaleUp.

In GKE versions earlier than 1.33, the default value is ScaleUpAnyway. Ensure that your compute class specifications explicitly set a value in the whenUnsatisfiable field after you upgrade to version 1.33. This change only affects new ComputeClass objects that you create that omit the whenUnsatisfiable field. Any existing compute classes that omit the field continue to use ScaleUpAnyway as the default value even after you upgrade the cluster to version 1.33 or later.

To learn more about the whenUnsatisfiable field, see Define scaling behavior when no priority rules apply.

February 20, 2025

Cloud Composer

(Cloud Composer 3) Fixed a problem with configuring access to SMTP servers that don't support user and password authentication. The [smtp]smtp_user and [smtp]smtp_password Airflow configuration options are no longer preconfigured with placeholder values.

Improved the forbidden APIs check. When a new environment is created, Cloud Composer now checks for forbidden APIs that are required by a specific major version of Cloud Composer.

(Airflow 2.10.2 and 2.9.3) Preinstalled packages were changed:

  • virtualenv was downgraded from 20.29.1 to 20.28.1

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.9 (default)
  • composer-3-airflow-2.9.3-build.16

New images are available in Cloud Composer 2:

  • composer-2.11.3-airflow-2.10.2 (default)
  • composer-2.11.3-airflow-2.9.3

Cloud Composer version 2.6.1 has reached its end of support period.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Load Balancing

Cleartext HTTP/2 over TCP, also known as H2C, lets you use HTTP/2 without TLS. H2C is supported by internal and external Application Load Balancers for both of the following connections:

  • Connections between clients and the load balancer. No special configuration is required. Support for this capability is in General Availability.

  • Connections between the load balancer and its backends. Support for this capability is in Preview.

    To configure H2C for connections between the load balancer and its backends, you set the backend service protocol to H2C.

Cloud Monitoring

When you add an Observability Analytics widget to a custom Cloud Monitoring dashboard, you can now select other log views and analytics views to query in the Views & Schema section. For more information, see Display charts generated from a Log Analytics query.

Cloud SQL for MySQL

You can now create a final backup of your data before you delete a Cloud SQL instance. You can use the final backup to restore your data to a new instance. This way, you can recover your data after you delete the instance. For more information, see About Cloud SQL backups.

Cloud SQL for PostgreSQL

You can now create a final backup of your data before you delete a Cloud SQL instance. You can use the final backup to restore your data to a new instance. This way, you can recover your data after you delete the instance. For more information, see About Cloud SQL backups.

Cloud SQL for SQL Server

You can now create a final backup of your data before you delete a Cloud SQL instance. You can use the final backup to restore your data to a new instance. This way, you can recover your data after you delete the instance. For more information, see About Cloud SQL backups.

Google Kubernetes Engine

GKE Managed NVIDIA Data Center GPU Manager (DCGM) Metrics Package is now generally available for both GKE Standard and Autopilot clusters running version 1.32.0-gke.1764000 and later. You can enable the feature via the Console, gcloud, or Terraform. Starting with cluster version 1.32.1-gke.1357000, GKE Managed NVIDIA DCGM will be default-on for new clusters.

GKE Managed DCGM provides a curated set of metrics for monitoring the utilization, performance, and health of NVIDIA GPUs. These metrics are collected by Google Cloud Managed Service for Prometheus and you can view the metric charts in the Observability Tab on the Kubernetes Clusters page or in Cloud Monitoring. For more information, see Collect and view DCGM metrics.

To learn more, see Collect and view DCGM metrics.

GKE automatically adds the following resource labels to node pools:

  • goog-gke-accelerator-type: The accelerator type used in the node pool.
  • goog-gke-tpu-node-pool-type: The TPU node pool type, which can be single-host or multi-host.
  • goog-gke-node-pool-provisioning-model: The provisioning model of the node pool. The nodes can be on demand, by reservation, or Spot VMs.

To learn more, see Automatically applied labels.

New GKE 1.27 patch versions starting with version 1.27.16-gke.2440000 are built with COS 109, because COS 105 is near the end of support. GKE makes new 1.27 patch versions available using COS 109. However, GKE won't auto-upgrade nodes across the COS milestone boundary, from a patch version using COS 105 to a patch version using COS 109.

If you manually upgrade your nodes to 1.27.16-gke.2440000 or later, GKE continues node auto-upgrades as normal. Control plane upgrades are unaffected, and cluster auto-upgrades to the next minor version towards the end of extended support proceed as normal.

To learn more, see Container-Optimized OS updates during the extended support period.

Google SecOps

Data tables

Data tables are multicolumn data constructs that let you input your own data into Google SecOps. They can act as lookup tables with defined columns and the data stored in rows. You can create or import a data table to your Google SecOps account using the Google SecOps UI, the data tables API, or by using a YARA-L query in rules. This feature is in public preview.

Enhanced Cloud Threat Detections by adding three new rules to the AWS - GuardDuty rule set.

Google SecOps SIEM

Data tables

Data tables are multicolumn data constructs that let you input your own data into Google SecOps. They can act as lookup tables with defined columns and the data stored in rows. You can create or import a data table to your Google SecOps account using the Google SecOps UI, the data tables API, or by using a YARA-L query in rules. This feature is in public preview.

Enhanced Cloud Threat Detections by adding three new rules to the AWS - GuardDuty rule set.

Organization Policy

Custom organization policies are now generally available for Cloud Healthcare API. For more information, see Use custom organization policies.

Resource Manager

Custom organization policies are now generally available for Cloud Healthcare API. For more information, see Use custom organization policies.

Spanner

The Java and Go clients for Spanner now implement multiplexed sessions. This allows all requests to be concurrently sent over a single session, thus eliminating the requirement that you define the minimum and maximum session count. Instead, you can use any number of requests to the configured gRPC channels. This approach eliminates the possibility of session leaks and reduces the occurrences of Transaction outcome unknown errors. You must set an environment variable in your client to opt in to this feature. For more information, see Multiplexed sessions.

Virtual Private Cloud

Private Service Connect service connectivity automation supports IPv6 connectivity to eligible managed services. This feature is available in General availability. For more information, see Endpoint IP versions.

reCAPTCHA

reCAPTCHA SMS defense (formerly SMS toll fraud protection) is now available in GA. For more information, see Detect and prevent SMS fraud.

February 19, 2025

Apigee X

On February 19, 2025, we released an updated version of Apigee (1-14-0-apigee-7).

Bug ID Description
391714121 Security fix for Apigee infrastructure.
This addresses the following vulnerability:
Bug ID Description
N/A Updates to security infrastructure and libraries.
App Hub Application Integration

Enhancements to Execution Logs

Application Integration Execution Logs now provides the following enhancements:

  • View detailed task execution information: The dedicated Task Execution pane displays comprehensive execution details, including start and end times, status, type, and variable payload information , enabling improved debugging.
  • Download execution logs in JSON format: You can now download integration execution logs as structured JSON files, facilitating easier log analysis.
  • View sub-integration execution logs: The Execution Logs page now displays all sub-integration execution logs within the same stack trace as the main integration, simplifying troubleshooting of complex integration flows.

For more information, see View execution logs.

Artifact Registry

Artifact Registry might give a 400 error on pushes or pulls for Workforce Identity Federation users. This issue is caused by Workforce Identity Federation attribute mappings in the Artifact Registry URL causing problems on the backend.

To mitigate this issue, you can push or pull from Artifact Registry without attribute mappings, or reduce the length of your attribute mappings.

Cloud Asset Inventory

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Compute Engine
    • compute.googleapis.com/NetworkEdgeSecurityService
  • Gemini for Google Cloud
    • cloudaicompanion.googleapis.com/CodeRepositoryIndex
    • cloudaicompanion.googleapis.com/RepositoryGroup
  • Google Cloud NetApp Volumes
    • netapp.googleapis.com/Backup
    • netapp.googleapis.com/BackupPolicy
    • netapp.googleapis.com/BackupVault
  • Memorystore
    • redis.googleapis.com/Cluster
Cloud Load Balancing

Internal and external passthrough Network Load Balancers now support connection draining for UDP and other non-TCP protocol traffic. For details, see Enable connection draining.

This feature is now generally available (GA).

Cloud Run

Support for deploying functions in Cloud Run is now in general availability (GA). Note that you must use Google Cloud SDK 511.0.0 version or later if using the gcloud CLI. Review the use cases guide for deploying new functions.

Support for configuring automatic base image updates for Cloud Run source deployed services and functions is now in general availability (GA). Note that you must use Google Cloud SDK 511.0.0 version or later if using the gcloud CLI.

Cloud Run functions

Support for deploying v2 functions in Cloud Run is now in general availability (GA). This lets you customize your function as you would a Cloud Run service. This change removes support for creating, deploying, or updating v2 functions in the Google Cloud console. However, you can still manage functions created with the Cloud Functions v2 API using the Cloud Functions gcloud CLI, the Cloud Functions v2 API, or the Cloud Run Cloud Console. See Cloud Run functions comparison for more details.

Cloud Service Mesh

Managed Cloud Service Mesh 1.20 is rolling out to the rapid channel.

Developer Connect

Developer Connect now lets you connect to repositories on private networks.

To get started, see the guide for your source code management provider:

Once they're connected, you can use Gemini Code Assist code customization on source code repositories outside of Google Cloud.

You can now use Developer Connect to act as a proxy to run Git commands on source code management tools. You can toggle Enable git proxy on in the Google Cloud console, or pass the --git-proxy-config-enabled flag in glcoud. This feature is in Preview.

Dialogflow

Conversational Agents (CX), ES & Agent Assist: Starting February 24, 2025, a limit of 5 phone numbers per project will be enforced. For instructions on deleting unused phone numbers and resolving the limit issue, see the RESOURCE_EXHAUSTED troubleshooting section. If you have a business requirement to increase the limit, request to increase the Phone numbers quota specifying the region and providing detailed justification for your request.

Gemini Code Assist

IntelliJ Gemini Code Assist now shows disconnected network status in the Gemini status bar instead of an error.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.30.600-gke.68 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.600-gke.68 runs on Kubernetes v1.30.9-gke.100.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.30.600-gke.68:

  • Fixed an issue that caused Runtime: out of memory errors after running gkeadm to create or upgrade clusters.

  • Fixed an issue to prevent checking for add-on node IP addresses for HA admin clusters with three control-plane nodes and no add-on nodes.

The 1.30.600-gke.68 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

Google Distributed Cloud (software only) for bare metal

Release 1.30.600-gke.68

Google Distributed Cloud for bare metal 1.30.600-gke.68 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.600-gke.68 runs on Kubernetes v1.30.9-gke.100.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following functional change was made in 1.30.600-gke.68:

  • Cluster deletion now deletes worker node pools prior to deleting any control plane node pools.

The following issue is fixed in 1.30.600-gke.68:

  • Fixed an issue where bmctl update clustercommand fails for user clusters that were created with thecloudOperationsServiceAccountKeyPath setting in the header section of the cluster configuration file.

The 1.30.600-gke.68 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google Kubernetes Engine

Starting on July 1, 2025, new organizations will no longer be able to create GKE clusters with Identity Service for GKE. You can continue to use Identity Service for GKE in existing organizations, but we encourage you to migrate to Workforce Identity Federation.

Workforce Identity Federation is the recommended method for configuring access to your GKE clusters from external identity providers. Workforce Identity Federation provides a single hosted solution for managing external IdPs across Google Cloud products. Unlike Identity Service for GKE, Workforce Identity Federation doesn't install components in your cluster.

For details and migration instructions, see Use external identity providers to authenticate to GKE.

Organization Policy

Custom organization policies are now generally available for Essential Contacts. For more information, see Creating custom constraints for Essential Contacts.

Resource Manager

Custom organization policies are now generally available for Essential Contacts. For more information, see Creating custom constraints for Essential Contacts.

Workflows

Workflows is available in the following additional region: europe-north2 (Stockholm, Sweden).

February 18, 2025

Cloud CDN

External HTTP(S) Load Balancing and Cloud CDN support early data for TLS 1.3, also known as 0-RTT or zero round trip. Early data helps clients include HTTP request data with a TLS handshake, which can improve web performance for resumed connections.

Cloud Load Balancing

TLS 1.3 early data is now supported on the target HTTPS proxy of global external Application Load Balancers and classic Application Load Balancers.

TLS 1.3 early data, also known as zero-round-trip time (0-RTT) data, can improve application performance for resumed connections by 30 to 50%.

For details, see TLS 1.3 early data support.

This feature is available in General Availability.

Cloud Logging

You can now use custom constraints with Organization Policy to provide more granular control over your Cloud Logging resources. For more information, see Use custom organization policies.

Cloud Run Container Optimized OS

cos-105-17412-535-59

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-9287 in dev-lang/python.

Fixed CVE-2023-27043 in dev-lang/python.

Fixed CVE-2024-53215 in the Linux kernel.

Fixed CVE-2024-56569 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812690 -> 812681

cos-117-18613-164-38

Kernel Docker Containerd GPU Drivers
COS-6.6.72 v24.0.9 v1.7.24 See List

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-9287 in dev-lang/python.

Runtime sysctl changes:

  • Changed: fs.file-max: 811817 -> 811794

cos-109-17800-436-37

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-9287 in dev-lang/python.

Runtime sysctl changes:

  • Changed: fs.file-max: 812276 -> 812258

cos-113-18244-291-40

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

Fixed CVE-2025-0395 in sys-libs/glibc.

Fixed CVE-2024-9287 in dev-lang/python.

Dataplex

Dataplex Attribute Store is deprecated and will be discontinued on February 18, 2026. For steps to transition to tags, policy tags, and IAM conditions, see Migrate from Attribute Store to tags and IAM conditions.

Gemini Code Assist

Code customization for Gemini Code Assist Enterprise now supports repositories hosted on the following:

Google Kubernetes Engine

(2025-R07) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.32.1-gke.1489001 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.29.13-gke.1038000
    • 1.30.9-gke.1046000
    • 1.30.9-gke.1127000
    • 1.31.5-gke.1068000
    • 1.32.1-gke.1200003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.9-gke.1201000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.5-gke.1169000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.9-gke.1201000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.5-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.1-gke.1357001 with this release.

Regular channel

  • Version 1.31.5-gke.1068000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.29.13-gke.1006000
    • 1.30.9-gke.1009000
    • 1.31.5-gke.1023000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.9-gke.1046000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.5-gke.1068000 with this release.

Stable channel

  • Version 1.30.8-gke.1261000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.29.12-gke.1143001
    • 1.30.8-gke.1162001
    • 1.31.4-gke.1256000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1261000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

Extended channel

  • Version 1.31.5-gke.1068000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2296000
    • 1.27.16-gke.2387000
    • 1.28.15-gke.1781000
    • 1.29.13-gke.1006000
    • 1.30.9-gke.1009000
    • 1.31.5-gke.1023000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.5-gke.1068000 with this release.

No channel

(2025-R07) Version updates

  • Version 1.32.1-gke.1489001 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.29.13-gke.1038000
    • 1.30.9-gke.1046000
    • 1.30.9-gke.1127000
    • 1.31.5-gke.1068000
    • 1.32.1-gke.1200003
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.9-gke.1201000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.5-gke.1169000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.13-gke.1109000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.9-gke.1201000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.5-gke.1169000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.1-gke.1357001 with this release.

(2025-R07) Version updates

  • Version 1.31.5-gke.1068000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.29.13-gke.1006000
    • 1.30.9-gke.1009000
    • 1.31.5-gke.1023000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.9-gke.1046000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.5-gke.1068000 with this release.

(2025-R07) Version updates

  • Version 1.30.8-gke.1261000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.29.12-gke.1143001
    • 1.30.8-gke.1162001
    • 1.31.4-gke.1256000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1261000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

(2025-R07) Version updates

  • Version 1.31.5-gke.1068000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2296000
    • 1.27.16-gke.2387000
    • 1.28.15-gke.1781000
    • 1.29.13-gke.1006000
    • 1.30.9-gke.1009000
    • 1.31.5-gke.1023000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.5-gke.1068000 with this release.

(2025-R07) Version updates

VPC Service Controls

Preview stage support for the following integration:

General availability support for the following integration:

February 17, 2025

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/bigquery

7.9.2 (2025-02-12)

Bug Fixes
  • Avoid schema field mutation when passing selectedFields opt (#1437) (27044d5)

Java

Changes for google-cloud-bigquery

2.48.0 (2025-02-13)

Features
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.59.0 (#3660) (3a6228b)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20250128-2.0.0 (#3667) (0b92af6)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.63.0 (#3661) (9bc8c01)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.43.0 (#3669) (4d9e0ff)
Documentation
  • Update CONTRIBUTING.md for users without branch permissions (#3670) (009b9a2)

Subscriber email logging lets you log the principal identifiers of users who execute jobs and queries against linked datasets. You can enable logging at the listing level and the data exchange level (for all the listings in the data exchange). Once you enable and save subscriber email logging, this setting cannot be edited. This feature is in preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.52.0 (2025-02-14)

Features
  • Automated backups are supported in the admin client (#2472) (48633e6)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.53.0 (47ca299)
  • Extend timeouts for check consistency (47ca299)
Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.52.0 (#2490) (ca25d4e)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.43.0 (#2481) (deb1f79)
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.21.3 (2025-02-12)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.52.0 (888a885)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.43.0 (#1763) (e0f9f27)
Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.15.1 (2025-02-11)

Bug Fixes
  • getFiles: Add nextPageToken to fields for autoPaginate (#2570) (75c309c)

Java

Changes for google-cloud-storage

2.48.2 (2025-02-11)

Dependencies
Documentation
  • Update storage_copy_file to include MegabytesCopiedPerChunk (#2910) (971ca5d)
Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.132-debian10, 2.0.132-rocky8, 2.0.132-ubuntu18
  • 2.1.80-debian11, 2.1.80-rocky8, 2.1.80-ubuntu20, 2.1.80-ubuntu20-arm
  • 2.2.46-debian12, 2.2.46-rocky9, 2.2.46-ubuntu22
Google Cloud Contact Center as a Service

Version 3.31 is released

All release notes published on this date are part of version 3.31.

The timing of the update to your instance depends on the deployment schedule that you have chosen. For more information, see Deployment schedules.

Transfer restrictions for teams

Transfer restrictions, which let you control the source and destination of transfers, is now available for teams. For more information, see Configure team transfer restrictions.

Additional options for maximum transfer limits for chats

You can now specify whether you want virtual agents, human agents, or both to be included in transfer counts. You can also specify whether you want the transfer count reset to zero when a chat is dismissed. For more information, see Configure transfer limits for chats.

Agents can configure spelling and grammar check in the chat adapter

You can let agents turn spelling and grammar check on and off in the chat adapter. You can also let agents select the language for spell and grammar check. For more information, see Turn on and configure Agent Assist for chat and Check spelling and grammar.

Get user configuration data using the Apps API

You can now use the Apps API to get user configuration data. For more information, see Get user configuration data.

Pass data parameters to a virtual agent mid-session

You can pass data parameters to a virtual agent while a session is in progress. For more information, see Pass data parameters to virtual agents mid-session.

Interaction history retrieval is extended to 90 days

There are two new settings for specifying how many days of interaction history to retrieve: 60 days and 90 days. For more information, see Set up interaction history.

Blended inbound and outbound calling

You can automatically transition agents between handling outbound campaign calls and inbound calls, based on call volumes and conditions that you configure. For more information, see Call blending.

Restrict outbound calling to emergency or special services

You can restrict outbound calling to emergency or special services by agent and location. The following configuration options are available:

  • Restrict specific agents from calling emergency or special service phone numbers.

  • Configure from which locations agents are permitted to call emergency or special service phone numbers.

For more information, see Restrict outbound calling for agents (new number).

Automatic redirect with percent allocation

You can configure automatic redirection so that specified percentages of sessions are redirected to the redirection groups that you specify. For more information, see Automatic redirection.

Custom agent status lists

You can create lists of custom statuses and assign them to queues or teams. This gives you control over the statuses that agents in queues and teams can use. For more information, see Agent status lists.

Availability preferences

You can create availability preferences filters and apply them to users and teams. This lets you filter incoming contacts so only the appropriate types of contacts enter their queues. You can also give agents the ability to create their own availability preference filters. Filtering criteria include channel, session direction, schedule, transfers, and more. For more information, see Availability preferences.

Fixed an issue where attempting to cancel a call transfer failed.

Fixed an issue where the SIP URI format was not accepted in the user interface.

Fixed an issue where chat shortcuts were not entered into message input fields when selected from the chat shortcut list.

Fixed an issue where character limits were causing errors when email templates were being created.

Fixed an issue where chats that were escalated from a virtual agent were assigned the wrong priority and never connected with an agent.

Fixed an issue where agents couldn't see waiting chat contacts when their statuses were set to Unavailable.

Fixed an issue where the Dismiss button in the agent adapter didn't meet accessibility requirements for contrast.

Fixed an issue with Co-browse taking too long to start.

Fixed an issue where the summary box in the chat adapter was not sized correctly when using a CRM.

Fixed an issue for custom CRM users where the CRM record was not appearing when a session started.

Fixed an issue where changing deflection settings for agent extensions in the call adapter failed.

Fixed an issue where agents could not set their statuses to Busy after calls.

For workforce management, fixed an issue where an error was returned when searching for an employee in the Assign Shift pane.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.137.0 (2025-02-12)

Features
  • Add support for message transforms to Topic and Subscription (3889a05)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.53.0 (b952e58)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.47.0 (#2331) (216feef)
  • Update dependency com.google.cloud:google-cloud-core to v2.51.0 (#2338) (ac2403e)
  • Update dependency com.google.cloud:google-cloud-storage to v2.48.1 (#2332) (23fd7a8)
  • Update dependency com.google.cloud:google-cloud-storage to v2.48.2 (#2341) (eeb99a9)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.43.0 (#2336) (996f4eb)
Documentation
  • A comment for field code in message .google.pubsub.v1.JavaScriptUDF is changed (3889a05)
Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.5 (2025-02-12)

Bug Fixes
  • secretmanager: Upgrade Go gRPC Protobuf generation (90140b1)

February 16, 2025

Google SecOps SIEM

Manage user preferences

The ability to manage platform time zones has been relocated to the new User Preferences dialog, accessible from your avatar. In addition, a new accessibility option in the User Preferences dialog lets you define how long feedback messages remain on the screen.

For more information, refer to Configure user preferences (SIEM only).

February 15, 2025

Google SecOps

Manage user preferences

The ability to manage platform time zones, date/time settings, and notifications has been relocated to the new User Preferences dialog, accessible from your avatar.

In addition, a new accessibility option in the User Preferences dialog lets you define how long feedback messages remain on the screen.

For more information, refer to Configure user preferences.

This feature is available in Preview.

New options to close a case

New custom field options have been added to the SOAR Settings > Case Data > Close Case page. Once you define these fields, analysts must enter specific types of information when closing a case.

For more information, refer to Customize the Close Case dialog.

Google SecOps SOAR

Release 6.3.35 is currently in Preview. This release contains the following feature.

New options for closing a case

This feature is currently in Preview.

New custom field options have been added to the Settings > Case Data > Close Case page. Once you define these fields, analysts must enter specific types of information when closing a case.

For more information, refer to Customize the Close Case dialog.

Release 6.3.34 is now in General Availability.

February 14, 2025

AlloyDB for PostgreSQL

Support for advanced query insights, index advisor, and active queries is now generally available (GA) in AlloyDB for PostgreSQL.

You cannot enable advanced query insights on clusters with secondary instances. See Limitations for more information.

BigQuery Engine for Apache Flink

BigQuery Engine for Apache Flink Preview will be discontinued on February 28, 2025.

Cloud Database Migration Service

Database Migration Service for homogeneous AlloyDB for PostgreSQL migrations now lets you migrate specific databases from your source instance. You can view metrics, statuses, and errors separately for each database.

For more information about migrating specific databases, see: Create a migration job to a new destination instance and Create a migration job to an existing destination instance.

Database Migration Service for homogeneous Cloud SQL for SQL Server migrations now lets you promote, restart, or view additional metrics for each database individually.

For more information, see: Migration job metrics and Manage migration jobs.

Cloud Monitoring

The Dashboards page of the Cloud Console has been refreshed. For more information about dashboards, see the following documents:

Cloud SQL for SQL Server

Point in time recovery (PITR) is available by default for all Cloud SQL Enterprise Plus edition for SQL Server instances.

Compute Engine

Starting as soon as February 14, 2025, projects might start seeing a Data protection pane on the Create an instance page in the Google Cloud console. If you see the Data protection pane, it selects an option to automatically back up data by default, which is recommended to make sure you can recover your data if it's lost due to unforeseen events. The backup incurs additional costs according to either Backup and DR pricing or Compute Engine pricing for disk snapshots.

If desired, you can select a different backup option (or disable backups) before you finish creating an instance. You can also change which backup option your project selects by default. For more information, see Configure the default backup setting for the console.

You can apply a Backup and DR Service backup plan during instance creation. Use backup plans to centralize backup management of instances across projects and improve cyber resilience through immutable and indelible backups to backup vaults.

Document AI

Custom extractor model pretrained-foundation-model-v1.4-2025-02-05 powered by Gemini 2.0 Flash LLM is available as Public Preview in US and EU regions with improved accuracy. The Custom Extractor Model supports a quota of up to 120 pages per minute for online process requests.

For more information about available models, see Custom extractor model versions.

Organization Policy

Custom organization policies are now generally available for Cloud Logging. For more information, see Use custom organization policies.

Resource Manager

Custom organization policies are now generally available for Cloud Logging. For more information, see Use custom organization policies.

Security Command Center

The attack path simulations feature can now automatically set the resource value of a Vertex AI dataset based on the sensitivity of the data that the dataset contains. For information about how to enable the automatic assignment of resource values based on data sensitivity, see Create a resource value configuration.

Sensitive Data Protection

Sensitive data discovery for Vertex AI is in General Availability. You can run discovery at the organization, folder, or project level to generate profiles of your Vertex AI training data. Data profiles provide metrics and insights about the sensitivity and risk levels of your data to help you plan your data governance workflows.

VPC Service Controls

VPC Service Controls feature (Status: Preview): The VPC Service Controls violation dashboard provides an aggregated view of all access denials by service perimeters in your organization. This feature is available in Preview.

For more information, see Set up and view the violation dashboard.

February 13, 2025

AlloyDB for PostgreSQL

The extension vector, which includes pgvector functions and operators, is updated to version 0.8.0.

Carbon Footprint

For the January 2025 semi-annual methodology refresh (released in mid-February 2025), we implemented the following improvements and updated the carbon model to version 12:

Improved internal cost accounting for Vertex AI and Notebooks services. This resulted in an improved allocation of energy consumption and emissions to these services. For more information on how we use internal cost to reallocate shared infrastructure, see Energy use and allocation to internal services.

Certificate Authority Service

Custom Authority Information Access (AIA) and CRL Distribution Point (CDP) extensions for certificate authorities (CAs) is now generally available (GA). You can create CAs with custom AIA and CDP certificate extensions. These custom URLs are embedded directly into certificates issued by your CA, providing precise control over certificate validation paths. If custom AIA and CDP extensions are not specified, the system continues to use the default Google Cloud Storage (GCS) publishing locations for AIA and CDP information in issued certificates. The AIA extension enables clients to locate the issuer's certificate, while the CDP extension provides access to the Certificate Revocation List (CRL).

Cloud CDN

Cloud CDN supports invalidation by using cache tags with faster performance and higher rate limits in Preview. By grouping objects together using cache tags, you can remove and refresh content at scale.

Cloud Composer

(Cloud Composer 3) The GOOGLE_CLOUD_PROJECT environment variable is changed to reserved for Cloud Composer 3. This fixes an issue where creating an environment with this variable failed with a non-specific error.

(Cloud Composer 2) The dependency_permissions_check_count metric now correctly reports the number of missing permissions.

(Cloud Composer 2) The list of permissions reported by dependency_permissions_check_count metric was updated. Now the metric reports more permissions that are required for a functioning environment. Permissions that weren't necessary were replaced or removed.

(New Cloud Composer environments only) Cloud Composer now enforces SSL connections to Cloud SQL instances.

This change implements a security compliance standard in Cloud Composer and enforces SSL usage. You can adopt other security standards by following recommendations listed in Vulnerability findings. Previously, it was possible to create a non-SSL connection to the Airflow database. After the change, the connection will be refused.

(Available without upgrading) Fixed a problem that caused Terraform to unnecessarily force the replacement of cloud_composer_network_ipv4_cidr_block, web_server_ipv4_cidr_block, and cloud_sql_ipv4_cidr_block fields in some configurations of Cloud Composer 2 and Cloud Composer 1 environments.

(Airflow 2.10.2 and 2.9.3) Preinstalled packages were changed:

  • logbook was removed from preinstalled packages
  • minimal-snowplow-tracker was removed from preinstalled packages
  • mashumaro was downgraded from 3.15 to 3.14

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.8 (default)
  • composer-3-airflow-2.9.3-build.15

New images are available in Cloud Composer 2:

  • composer-2.11.2-airflow-2.10.2 (default)
  • composer-2.11.2-airflow-2.9.3

Cloud Composer versions 2.6.0 and 2.6.1 have reached their end of support period.

Cloud SQL for MySQL

Cloud SQL for MySQL lets you recreate a lagging replica when replication falls behind a predefined length of time. For more information, see Recreate lagging replica. This feature is in Preview.

Google Cloud VMware Engine

Google Cloud VMware Engine now supports soft deletion for private clouds. This feature provides seven days of post delete data protection. See Delete a private cloud for more information.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.31.200-gke.58 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.31.200-gke.58 runs on Kubernetes v1.31.5-gke.300.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issue is fixed in 1.31.200-gke.58:

  • Fixed an issue that caused Runtime: out of memory errors after running gkeadm to create or upgrade clusters.

The 1.31.200-gke.58 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

Google Distributed Cloud (software only) for bare metal

Release 1.31.200-gke.58

Google Distributed Cloud for bare metal 1.31.200-gke.58 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.200-gke.58 runs on Kubernetes v1.31.5-gke.300.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The 1.31.200-gke.58 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Looker Studio

Sort by multiple columns

Viewers can now sort table charts by multiple columns by clicking multiple column headers while holding the Shift key.

Learn more about table charts.

Organization Policy

Custom organization policies are now generally available for security posture resources. For more information, see Add a custom organization policy.

Resource Manager

Custom organization policies are now generally available for security posture resources. For more information, see Add a custom organization policy.

Security Command Center

Security Command Center now supports integration with Snyk. This feature is in Preview.

Vertex AI Agent Builder

Vertex AI Search: Stream answers (GA)

Vertex AI Search now supports answer streaming. This feature returns generated answers in sequential parts, reducing the perception of latency. As the end users read the first part of the answer, the subsequent parts of the answer are being generated.

This feature also includes many of the features of the original answer method.

This feature is Generally available to all customers. For more information, see Stream answers.

February 12, 2025

Anthos Attached Clusters

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on AWS

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Anthos clusters on Azure

You can now launch clusters with the following Kubernetes versions. Click on the following links to see the release notes associated with these patches:

Cloud NAT

Cloud NAT gateways for Public NAT support IPv6 to IPv4 network address translation in Preview. For more information, see NAT64 in Public NAT.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL now supports the tds_fdw extension. This extension provides a foreign data wrapper (fdw) for accessing databases that use the Tabular Data Stream (TDS) protocol, such as Microsoft SQL Server or Sybase. Cloud SQL for PostgreSQL supports tds_fdw version 2.0.4. For more information about using this extension, see Configure PostgreSQL extensions.

You can now perform pg_replication_origin_* functions as a database user with the cloudsqlsuperuser role. For more information about cloudsqlsuperuser, see About PostgreSQL users and roles.

The rollout of the following extension version is underway:

  • rdkit is upgraded from 4.3.0 to 4.6.1

If you use a maintenance window, then the updates to the extension version happen according to the timeframe that you set in the window. Otherwise, the updates occur within the next few weeks.

The new maintenance version is [PostgreSQL version].R20250112.01_03. To learn how to check your maintenance version, see Self-service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

Container Optimized OS

cos-113-18244-291-36

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.

Updated Konlet to v.0.13.4.

Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.

Updated cos-gpu-installer to v2.4.7:

1.Added Support for NVIDIA B200 GPU.

2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64.

Upgraded sys-apps/diffutils to v3.11.

Upgraded sys-apps/hwdata to v0.391.

Fixed CVE-2025-0840 in binutils.

Fixed CVE-2024-56664 in the Linux kernel.

Fixed CVE-2024-50304 in the Linux kernel.

Fixed CVE-2024-50047 in the Linux kernel.

Fixed CVE-2025-21669 in the Linux kernel.

Fixed CVE-2025-21683 in the Linux kernel.

Fixed CVE-2024-40945 in the Linux kernel.

Fixed CVE-2025-21666 in the Linux kernel.

Fixed CVE-2025-21631 in the Linux kernel.

Fixed CVE-2025-21671 in the Linux kernel.

Fixed CVE-2024-50014 in the Linux kernel.

Fixed CVE-2024-49994 in the Linux kernel.

Fixed CVE-2025-21665 in the Linux kernel.

Fixed CVE-2025-21667 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812027 -> 812031

cos-109-17800-436-33

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

Added support for TPU v6 devices.

Runtime sysctl changes:

  • Changed: fs.file-max: 812272 -> 812276

Generative AI on Vertex AI

Deepseek-V3 and Deepseek-R1 have been added to Model Garden in Preview:

  • DeepSeek-V3 (671B) is a powerful Mixture-of-Experts (MoE) language model with 671B total parameters with 37B activated for each token.
  • DeepSeek-R1 (671B) is one of the first-generation reasoning models introduced by DeepSeek and offers performance comparable to OpenAI-o1 across math, code, and reasoning tasks.

You can use a notebook to deploy these models.

Google SecOps Google SecOps SIEM Looker

Looker 25.2 is expected to include the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Tuesday, February 18, 2025

  • Expected Looker (original) final deployment and download available: Thursday, February 27, 2025

  • Expected Looker (Google Cloud core) deployment start: Tuesday, February 18, 2025

  • Expected Looker (Google Cloud core) final deployment: Tuesday, March 4, 2025

The Search Content Summaries API endpoint now returns more secure results when a closed system is enabled for an instance. The target_user_id value must be a user who is visible to the user who is calling the endpoint, and the target_group_id value must be a group that the user is a part of.

Looker now prevents developers from creating new models named system__activity.

The Chart Config Editor now supports the median function in the formatters.select parameter.

The manage_modelsets_restricted permission is now generally available. This permission lets users add or remove models from specified model sets.

The manage_schedules permission is now generally available. This permission lets users reassign and delete schedules on the Schedules page for the models that they have access to.

Aggregate tables now support the publish_as_db_view parameter for database dialects that support PDT stable database views. When an aggregate table is configured with publish_as_db_view: yes, Looker creates a stable database view on your database for the aggregate table to enable querying the table outside of Looker. NOTE: This item was added on March 4, 2025.

An issue has been fixed where downloading a dashboard as a PDF with multiple pages could cause some content to be cut off. This feature now performs as expected.

An issue has been fixed where using a Snowflake or Postgres connection could trigger the following error message: Driver cannot be initialized: can't modify frozen String. This feature now performs as expected.

An issue has been fixed where creating a visualization with no unpivoted dimensions could cause Looker to display a vague error message for some chart types. Looker now informs the user that at least one unpivoted dimension is required for the visualization, and this feature now performs as expected.

An issue has been fixed where encoded embed domains could not be used with the Embed SDK. Looker can now decode URLs in the embed_domain parameter, and this feature now performs as expected.

An issue has been fixed where the Marketplace auto-update and auto-install processes could cause other parts of Looker to take longer to respond. This feature now performs as expected.

An issue has been fixed where searching terms with multiple words in the field picker would match each word separately. The search now correctly matches multi-word phrases, and this feature now performs as expected.

An issue has been fixed where an invalid conditional formatting string could cause the Explore page to crash. This feature now performs as expected.

An issue has been fixed where actions whose connection tests failed would continue to run excessive tests in the background. This feature now performs as expected.

An issue has been fixed where Looker did not correctly apply theme text colors to axis labels on timeline visualizations. This feature now performs as expected.

An issue has been fixed where setting a long external_group_id when creating an embed user caused Looker to display a vague error. The recommended external_group_id length is now documented as 81 characters, and this feature now performs as expected.

An issue has been fixed where navigating to a Look from another Look could cause incorrect System Activity records. This feature now performs as expected.

An issue has been fixed where reordering columns in an Explore could cause hidden table calculations to be removed from the table. This feature now performs as expected.

An issue has been fixed where adding multiple dashboard filters to the same date field could cause Looker to remove filters from the dashboard. This feature now performs as expected.

An issue has been fixed where tables could be cut off on dashboard PDFs that included multiple pages. This feature now performs as expected.

An issue has been fixed where dashboard filters could prevent users from using commas to add multiple filter conditions. This feature now performs as expected.

An issue has been fixed where certain custom visualization configurations could cause rendered PDF downloads to be blank. This feature now performs as expected.

An issue has been fixed where the LookML Validator could surface outdated LookML errors that were related to extensions. This feature now performs as expected.

An issue has been fixed where exploring from a merge query on an embedded dashboard could lead to a blank page. This feature now performs as expected.

An issue has been fixed where embed users were unable to see certain shared folders. This feature now performs as expected.

Security Command Center

Cloud Infrastructure Entitlement Management (CIEM) has launched support for the following:

  • AWS Managed Microsoft AD and on-premises Active Directory identities. This feature alerts you to potential misconfigurations in your on-premises Active Directory or AWS-managed Active Directory identities.
  • Account-level findings in AWS. This lets you set up AWS audit logs for individual AWS accounts—instead of mandating logs across the entire AWS organization—and helps reduce your total cost of operations for CIEM in Security Command Center Enterprise.
Service Extensions

Service Extensions plugins support Go-compiled Wasm, in addition to Rust and C++. For more information, see Prepare the plugin code.

February 11, 2025

Apigee API hub

IAM conditions for fine-grained access

API hub now integrates with IAM Conditions, enabling you to define and enforce granular, conditional attribute-based access control for your API hub resources. For more information, see Add IAM conditions.

Enhanced onboarding experience

After provisioning your API hub instance in your Google Cloud project, you'll now see an updated Overview page. You can also automatically attach your Apigee runtime projects right from this page. For more information, see Provision API hub in the Cloud console.

Auth support for Vertex AI extensions

API hub now supports the following authentication configurations for creating Vertex AI extensions:

  • API Key: Authenticate using API keys stored in Secret Manager.
  • HTTP Basic: Authenticate using credentials stored in Secret Manager.

For more information, see Create a Vertex AI extension.

Resource ID length limits increased

The maximum allowed length for API hub resource IDs has been increased. The new limits are as follows:

  • APIs: API unique IDs can now be up to 500 characters long.
  • Versions: Version unique IDs can now be up to 700 characters long.
  • Specs: Specification unique IDs can now be up to 1000 characters long.
Apigee UI

On February 11, 2025, we released an updated version of the Apigee UI.

Bug ID Description
356780408 Fixed issue preventing users from saving a proxy revision

Resolved issue in the proxy editor where navigating away from a proxy file containing an error would not properly clear the error state, requiring users to reload the page to save the edited proxy.
Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Run functions

Cloud Run functions created with the Cloud Functions (v2) API (cloudfunctions.googleapis.com) can now be detached so that they can only be managed through the Cloud Run Admin API (run.googleapis.com). When the detach operation completes, your function will retain its cloudfunctions.net URLs and triggers, and can only be managed using the Cloud Run Admin API. Note that the detach operation is irreversible. For more information see Manage functions.

Cloud SQL for MySQL

Cloud SQL for MySQL vector search is now generally available. After you store vector embeddings in a table, you can perform K-nearest neighbor (KNN) searches against your vector dataset. You can also add a vector search index to perform approximate nearest neighbor (ANN) searches.

For more information, see Vector search.

You can now use a custom DNS name to connect to your Cloud SQL instances by adding a custom subject alternative name (SAN) to your Cloud SQL instances. This feature is available for instances that are configured with Customer Managed CAS CA.. For more information, see Create instances.

You can also add, modify, and remove a custom SAN for existing Cloud SQL instances. For more information, see Edit instances.

This feature is available in Preview.

Cloud SQL for PostgreSQL

You can now use a custom DNS name to connect to your Cloud SQL instances by adding a custom subject alternative name (SAN) to your Cloud SQL instances. This feature is available for instances that are configured with Customer Managed CAS CA.. For more information, see Create instances.

You can also add, modify, and remove a custom SAN for existing Cloud SQL instances. For more information, see Edit instances.

This feature is available in Preview.

Cloud SQL for SQL Server

You can now use a custom DNS name to connect to your Cloud SQL instances by adding a custom subject alternative name (SAN) to your Cloud SQL instances. This feature is available for instances that are configured with Customer Managed CAS CA.. For more information, see Create instances.

You can also add, modify, and remove a custom SAN for existing Cloud SQL instances. For more information, see Edit instances.

This feature is available in Preview.

Dataplex

Data lineage for Dataproc Hive jobs is available in preview. For more information, see Enable Hive data lineage in Dataproc.

Dataproc

Data Lineage for Dataproc Hive is now in Public Preview, which can be enabled using the Hive Lineage initialization action.

Developer Connect

Developer Connect gcloud commands are now Generally Available (GA).

Developer Connect now supports connectivity with Bitbucket Cloud and Bitbucket Data Center. These features are Generally Available (GA). Learn how to get started at Connect to Bitbucket Cloud and Connect to Bitbucket Data Center.

Generative AI on Vertex AI

The Llama 3.3 70B model that is managed on Vertex AI is now in Preview.

Google Kubernetes Engine

(2025-R06) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.32.1-gke.1200003 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1641000
    • 1.28.15-gke.1673000
    • 1.28.15-gke.1720000
    • 1.29.13-gke.1006000
    • 1.30.9-gke.1009000
    • 1.31.5-gke.1023000
    • 1.32.0-gke.1448000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.5-gke.1068000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.5-gke.1068000 with this release.

Regular channel

  • Version 1.31.5-gke.1023000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1612000
    • 1.28.15-gke.1641000
    • 1.29.12-gke.1270000
    • 1.30.8-gke.1261000
    • 1.31.4-gke.1372000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.9-gke.1009000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.5-gke.1023000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.1-gke.1200003 with this release.

Stable channel

  • Version 1.30.8-gke.1162001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1480000
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1120001
    • 1.30.8-gke.1128001
    • 1.30.8-gke.1162000
    • 1.31.4-gke.1183000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1143001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1162001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1143001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1162001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

Extended channel

  • Version 1.31.5-gke.1023000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2246000
    • 1.27.16-gke.2342000
    • 1.29.12-gke.1270000
    • 1.30.8-gke.1261000
    • 1.31.4-gke.1372000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.5-gke.1023000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.1-gke.1200003 with this release.

No channel

(2025-R06) Version updates

  • Version 1.32.1-gke.1200003 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1641000
    • 1.28.15-gke.1673000
    • 1.28.15-gke.1720000
    • 1.29.13-gke.1006000
    • 1.30.9-gke.1009000
    • 1.31.5-gke.1023000
    • 1.32.0-gke.1448000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.5-gke.1068000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.13-gke.1038000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.9-gke.1046000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.5-gke.1068000 with this release.

(2025-R06) Version updates

  • Version 1.31.5-gke.1023000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1612000
    • 1.28.15-gke.1641000
    • 1.29.12-gke.1270000
    • 1.30.8-gke.1261000
    • 1.31.4-gke.1372000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.9-gke.1009000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.5-gke.1023000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.1-gke.1200003 with this release.

(2025-R06) Version updates

  • Version 1.30.8-gke.1162001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1480000
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1120001
    • 1.30.8-gke.1128001
    • 1.30.8-gke.1162000
    • 1.31.4-gke.1183000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1143001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1162001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1143001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1162001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

(2025-R06) Version updates

  • Version 1.31.5-gke.1023000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2246000
    • 1.27.16-gke.2342000
    • 1.29.12-gke.1270000
    • 1.30.8-gke.1261000
    • 1.31.4-gke.1372000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.5-gke.1023000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.1-gke.1200003 with this release.

(2025-R06) Version updates

Google SecOps

The following is a correction to the release note published on December 22, 2024.

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Absolute Mobile Device Management (ABSOLUTE)
  • Atlassian Cloud Admin Audit (ATLASSIAN_AUDIT)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Azure AD (AZURE_AD)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure SQL (AZURE_SQL)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Check Point Harmony (CHECKPOINT_HARMONY)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Umbrella SWG DLP (CISCO_UMBRELLA_SWG_DLP)
  • Cisco VPN (CISCO_VPN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Claroty Continuous Threat Detection (CLAROTY_CTD)
  • Cloud Audit Logs (N/A)
  • Cloud DNS (N/A)
  • Code42 Incydr (CODE42_INCYDR)
  • Colinet Trotta GAUS SEGUROS (CT_GAUS_SEGUROS)
  • CrowdStrike Falcon (CS_EDR)
  • Delinea Distributed Engine (DELINEA_DISTRIBUTED_ENGINE)
  • Druva Backup (DRUVA_BACKUP)
  • Duo Administrator Logs (DUO_ADMIN)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • Forcepoint NGFW (FORCEPOINT_FIREWALL)
  • FortiGate (FORTINET_FIREWALL)
  • GitHub (GITHUB)
  • Google Cloud Identity Context (CLOUD_IDENTITY_CONTEXT)
  • Guardicore Centra (GUARDICORE_CENTRA)
  • HPE Aruba Networking Central (ARUBA_CENTRAL)
  • Imperva Advanced Bot Protection (IMPERVA_ABP)
  • Kubernetes Audit Azure (KUBERNETES_AUDIT_AZURE)
  • Linux Auditing System (AuditD) (AUDITD)
  • Maria Database (MARIA_DB)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Opnsense (OPNSENSE)
  • Oracle NetSuite (ORACLE_NETSUITE)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Ping One (PING_ONE)
  • Proofpoint Observeit (OBSERVEIT)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • QNAP Systems NAS (QNAP_NAS)
  • Reserved LogType2 (RESERVED_LOG_TYPE_2)
  • Salesforce (SALESFORCE)
  • SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • Snort (SNORT_IDS)
  • Solaris system (SOLARIS_SYSTEM)
  • Sourcefire (SOURCEFIRE_IDS)
  • Suricata IDS (SURICATA_IDS)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Event export (SYMANTEC_EVENT_EXPORT)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • Twingate (TWINGATE)
  • Wazuh (WAZUH)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Network Policy Server (WINDOWS_NET_POLICY_SERVER)
  • Windows Sysmon (WINDOWS_SYSMON)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Addigy MDM (ADDIGY_MDM)
  • Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
  • Anzenna (ANZENNA)
  • AWS ECS Metrics (AWS_ECS_METRICS)
  • Azure Log Analytics Workspace (AZURE_LOG_ANALYTICS_WORKSPACE)
  • Blockdaemon API (BLOCKDAEMON_API)
  • Chronicle Feed (CHRONICLE_FEED)
  • Claroty xDome Secure Access (CLAROTY_XDOME_SECURE_ACCESS)
  • Cloudflare Spectrum (CLOUDFLARE_SPECTRUM)
  • Cloudsek Alerts (CLOUDSEK_ALERTS)
  • CloudWaves Sensato Nightingale Honeypot (SENSATO_HONEYPOT)
  • Docker Hub Activity (DOCKER_HUB_ACTIVITY)
  • Fortinet FortiDDoS (FORTINET_FORTIDDOS)
  • Honeywell Cyber Insights (HONEYWELL_CYBERINSIGHTS)
  • IPFire (IPFIRE)
  • Jamf Connect (JAMF_CONNECT)
  • KnowBe4 Audit Log (KNOWBE4)
  • LogicGate (LOGICGATE)
  • ManageEngine NCM (MANAGEENGINE_NCM)
  • Microsoft Dotnet Log Files (MICROSOFT_DOTNET)
  • Nessus Network Monitor (NESSUS_NETWORK_MONITOR)
  • Netography Fusion (NETOGRAPHY_FUSION)
  • Netwrix StealthAudit (NETWRIX_STEALTHAUDIT)
  • Oomnitza (OOMNITZA)
  • Open CTI Platform (OPENCTI)
  • Oracle EBS (ORACLE_EBS)
  • Oracle Zero Data Loss Recovery Appliance (ORACLE_ZDLRA)
  • PhishAlarm (PHISHALARM)
  • Savvy Security (SAVVY_SECURITY)
  • Symantec Security Analytics (SYMANTEC_SA)
  • Venafi ZTPKI (VENAFI_ZTPKI)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

The following is a correction to the release note published on December 22, 2024.

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • Absolute Mobile Device Management (ABSOLUTE)
  • Atlassian Cloud Admin Audit (ATLASSIAN_AUDIT)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Azure AD (AZURE_AD)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure SQL (AZURE_SQL)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Check Point Harmony (CHECKPOINT_HARMONY)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Umbrella SWG DLP (CISCO_UMBRELLA_SWG_DLP)
  • Cisco VPN (CISCO_VPN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Claroty Continuous Threat Detection (CLAROTY_CTD)
  • Cloud Audit Logs (N/A)
  • Cloud DNS (N/A)
  • Code42 Incydr (CODE42_INCYDR)
  • Colinet Trotta GAUS SEGUROS (CT_GAUS_SEGUROS)
  • CrowdStrike Falcon (CS_EDR)
  • Delinea Distributed Engine (DELINEA_DISTRIBUTED_ENGINE)
  • Druva Backup (DRUVA_BACKUP)
  • Duo Administrator Logs (DUO_ADMIN)
  • Elastic Audit Beats (ELASTIC_AUDITBEAT)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • Forcepoint NGFW (FORCEPOINT_FIREWALL)
  • FortiGate (FORTINET_FIREWALL)
  • GitHub (GITHUB)
  • Google Cloud Identity Context (CLOUD_IDENTITY_CONTEXT)
  • Guardicore Centra (GUARDICORE_CENTRA)
  • HPE Aruba Networking Central (ARUBA_CENTRAL)
  • Imperva Advanced Bot Protection (IMPERVA_ABP)
  • Kubernetes Audit Azure (KUBERNETES_AUDIT_AZURE)
  • Linux Auditing System (AuditD) (AUDITD)
  • Maria Database (MARIA_DB)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Opnsense (OPNSENSE)
  • Oracle NetSuite (ORACLE_NETSUITE)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Ping One (PING_ONE)
  • Proofpoint Observeit (OBSERVEIT)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • QNAP Systems NAS (QNAP_NAS)
  • Reserved LogType2 (RESERVED_LOG_TYPE_2)
  • Salesforce (SALESFORCE)
  • SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
  • Sentinelone Alerts (SENTINELONE_ALERT)
  • Snort (SNORT_IDS)
  • Solaris system (SOLARIS_SYSTEM)
  • Sourcefire (SOURCEFIRE_IDS)
  • Suricata IDS (SURICATA_IDS)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Event export (SYMANTEC_EVENT_EXPORT)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
  • Twingate (TWINGATE)
  • Wazuh (WAZUH)
  • Windows DHCP (WINDOWS_DHCP)
  • Windows Event (WINEVTLOG)
  • Windows Network Policy Server (WINDOWS_NET_POLICY_SERVER)
  • Windows Sysmon (WINDOWS_SYSMON)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Addigy MDM (ADDIGY_MDM)
  • Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
  • Anzenna (ANZENNA)
  • AWS ECS Metrics (AWS_ECS_METRICS)
  • Azure Log Analytics Workspace (AZURE_LOG_ANALYTICS_WORKSPACE)
  • Blockdaemon API (BLOCKDAEMON_API)
  • Chronicle Feed (CHRONICLE_FEED)
  • Claroty xDome Secure Access (CLAROTY_XDOME_SECURE_ACCESS)
  • Cloudflare Spectrum (CLOUDFLARE_SPECTRUM)
  • Cloudsek Alerts (CLOUDSEK_ALERTS)
  • CloudWaves Sensato Nightingale Honeypot (SENSATO_HONEYPOT)
  • Docker Hub Activity (DOCKER_HUB_ACTIVITY)
  • Fortinet FortiDDoS (FORTINET_FORTIDDOS)
  • Honeywell Cyber Insights (HONEYWELL_CYBERINSIGHTS)
  • IPFire (IPFIRE)
  • Jamf Connect (JAMF_CONNECT)
  • KnowBe4 Audit Log (KNOWBE4)
  • LogicGate (LOGICGATE)
  • ManageEngine NCM (MANAGEENGINE_NCM)
  • Microsoft Dotnet Log Files (MICROSOFT_DOTNET)
  • Nessus Network Monitor (NESSUS_NETWORK_MONITOR)
  • Netography Fusion (NETOGRAPHY_FUSION)
  • Netwrix StealthAudit (NETWRIX_STEALTHAUDIT)
  • Oomnitza (OOMNITZA)
  • Open CTI Platform (OPENCTI)
  • Oracle EBS (ORACLE_EBS)
  • Oracle Zero Data Loss Recovery Appliance (ORACLE_ZDLRA)
  • PhishAlarm (PHISHALARM)
  • Savvy Security (SAVVY_SECURITY)
  • Symantec Security Analytics (SYMANTEC_SA)
  • Venafi ZTPKI (VENAFI_ZTPKI)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Organization Policy

Custom organization policies are now generally available for Spanner. For more information, see Add a custom organization policy.

Custom organization policies are now generally available for Identity-Aware Proxy. For more information, see Use custom organization policies.

Custom organization policies are now generally available for Developer Connect. For more information, see Create custom organization policies.

Custom organization policies are now generally available for Dataproc Serverless. For more information, see Use custom constraints.

Custom organization policies are now generally available for Cloud DNS. For more information, see Create custom organization policy constraints.

Resource Manager

Custom organization policies are now generally available for Spanner. For more information, see Add a custom organization policy.

Custom organization policies are now generally available for Identity-Aware Proxy. For more information, see Use custom organization policies.

Custom organization policies are now generally available for Developer Connect. For more information, see Create custom organization policies.

Custom organization policies are now generally available for Dataproc Serverless. For more information, see Use custom constraints.

Custom organization policies are now generally available for Cloud DNS. For more information, see Create custom organization policy constraints.

Sensitive Data Protection

The JAPAN_CORPORATE_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

Managed autoscaler is Generally Available.

Managed autoscaler now also supports the ability to scale read-only replicas independently from read-write replicas. By setting the compute capacity limits and CPU utilization targets, you can configure the managed autoscaler for all replicas of an instance or independently scale read-only replicas. For more information, see Asymmetric read-only autoscaling.

February 10, 2025

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.66.2 (2025-02-04)

Bug Fixes
  • bigquery: Broken github.com/envoyproxy/go-control-plane/envoy dep (#11556) (e70d63b), refs #11542

1.66.1 (2025-02-03)

Bug Fixes
  • bigquery: Move MaxStaleness field to table level (#10066) (164492d)

BigQuery data preparation provides context-aware join operation recommendations from Gemini. Data preparation is available in Preview.

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.51.2 (2025-02-03)

Bug Fixes
Dependencies
Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies).

  • Essential Contacts API
    • essentialcontacts.googleapis.com/Contact
Cloud Monitoring

You can now use a variable to control the visibility of a dashboard widget. For more information, see the following documents:

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.48.1 (2025-02-03)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.52.0 (00754bc)
  • Update batch handling to ensure each operation has its own unique idempotency-token (#2905) (8d79b8d)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.42.0 (#2895) (145afb0)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#2904) (2a5242e)
Documentation
Cloud Translation

Translation LLM now supports translation between any of the supported source/target languages without English having to be either source or target.

Container Optimized OS

cos-117-18613-164-28

Kernel Docker Containerd GPU Drivers
COS-6.6.72 v24.0.9 v1.7.24 See List

Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.

Updated Konlet to v0.13.4.

Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.

Updated cos-gpu-installer to v2.4.7: 1.Added Support for NVIDIA B200 GPU. 2.Enabled --prepare-build-tools flag to preload GPU driver metadata for ARM64

Upgraded app-admin/fluent-bit to v3.1.10.

Upgraded sys-apps/hwdata to v0.391.

Fixed CVE-2025-0840 in binutils.

Fixed CVE-2025-21673 in the Linux kernel.

Fixed CVE-2025-21669 in the Linux kernel.

Fixed CVE-2025-21683 in the Linux kernel.

Fixed CVE-2024-50304 in the Linux kernel.

Fixed CVE-2025-21671 in the Linux kernel.

Fixed CVE-2025-21670 in the Linux kernel.

Fixed CVE-2024-50014 in the Linux kernel.

Fixed CVE-2024-49994 in the Linux kernel.

Fixed CVE-2025-21666 in the Linux kernel.

Fixed CVE-2025-21665 in the Linux kernel.

Fixed CVE-2025-21667 in the Linux kernel.

cos-109-17800-436-32

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

Updated the default tag of the GPU driver supporting the NVIDIA H200 GPU device to 570.86.15.

Updated Konlet to v0.13.4.

Support for NVIDIA B200 GPU – Added support for the R570 driver series, including version 570.86.15. This version has been assigned the latest, default, and R570 tags.

Updated cos-gpu-installer to v2.4.7: Added Support for NVIDIA B200 GPU.

Upgraded sys-apps/diffutils to v3.11.

Fixed CVE-2025-0840 in binutils.

Fixed CVE-2024-50304 in the Linux kernel.

Fixed CVE-2024-50047 in the Linux kernel.

Fixed CVE-2025-21669 in the Linux kernel.

Fixed CVE-2025-21683 in the Linux kernel.

Fixed CVE-2024-40945 in the Linux kernel.

Fixed CVE-2025-21671 in the Linux kernel.

Fixed CVE-2024-50014 in the Linux kernel.

Fixed CVE-2024-49994 in the Linux kernel.

Fixed CVE-2025-21666 in the Linux kernel.

Fixed CVE-2025-21631 in the Linux kernel.

Fixed CVE-2025-21665 in the Linux kernel.

Fixed CVE-2025-21667 in the Linux kernel.

cos-105-17412-535-55

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

Updated Konlet to v0.13.4.

Upgraded sys-apps/diffutils to v3.11.

Fixed CVE-2025-0840 in binutils.

Fixed CVE-2024-56672 in the Linux kernel.

Fixed CVE-2024-50304 in the Linux kernel.

Fixed CVE-2025-21669 in the Linux kernel.

Fixed CVE-2025-21683 in the Linux kernel.

Fixed CVE-2024-53217 in the Linux kernel.

Fixed CVE-2024-48881 in the Linux kernel.

Fixed CVE-2025-21666 in the Linux kernel.

Fixed CVE-2025-21631 in the Linux kernel.

Fixed CVE-2024-57874 in the Linux kernel.

Fixed CVE-2025-21665 in the Linux kernel.

Dataproc

Dataproc on Compute Engine: To help diagnose Dataproc clusters, you can set the following cluster properties to true when you create a cluster:

Note: starting May 10, 2025, these properties will be set to true by default.

Sensitive Data Protection

The RELIGIOUS_TERM infoType detector is now generally available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

Custom organization policies are now generally available for Spanner. For more information, see Add a custom organization policy.

Text-to-Speech

Journey voices have been rebranded as Chirp HD voices.

VPC Service Controls

VPC Service Controls feature: Support for using third-party identities (both single identities and groups) in the ingress and egress rules to allow access to resources protected by a service perimeter is generally available.

For more information, see Configure identity groups and third-party identities in ingress and egress rules.

Vertex AI Agent Builder

Vertex AI Search: gemini-2.0-flash-001 model for the answer method

The Gemini 2.0 Flash (gemini-2.0-flash-001) model is available for answer generation in Vertex AI Search. This model is tuned to address context-based question and answering tasks.

For more information, see Answer generation model versions and lifecycle.

February 09, 2025

Dataproc Google SecOps SOAR

Release 6.3.33 is now in General Availability.

February 08, 2025

Google SecOps SOAR

Release 6.3.34 is currently in Preview.

February 07, 2025

Cloud Composer

Starting March 2025, the default version for new Cloud Composer environments changes from Cloud Composer 2 to Cloud Composer 3.

New environments that are created without a specified version will use the default Airflow build of Cloud Composer 3, composer-3-airflow-2. Currently, the default version is composer-2-airflow-2.

Cloud Run

Cloud Run integrations are discontinued from the Google Cloud console and Google Cloud CLI. No action is required; your deployed services that use these integrations will continue to work. We recommend transitioning to use the individual product experiences for each integration you have deployed. For more information about configuring resources for your services to connect to other Google Cloud products, see Connect to Google Cloud services.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.131-debian10, 2.0.131-rocky8, 2.0.131-ubuntu18
  • 2.1.79-debian11, 2.1.79-rocky8, 2.1.79-ubuntu20, 2.1.79-ubuntu20-arm
  • 2.2.45-debian12, 2.2.45-rocky9, 2.2.45-ubuntu22

Spark UI for Dataproc Serverless Batches and Interactive sessions, which lets you to monitor and debug your serverless Spark workloads, is now available for CMEK (Customer-Managed Encryption Keys) and Assured Workloads. The Spark UI is available by default and free of cost.

Gemini Code Assist

Various bug fixes and minor product enhancements for VSCode Gemini Code Assist extension.

Generative AI on Vertex AI

The following advanced LLM inference optimization techniques are available in Model Garden in Preview:

  • Prefix caching reuses computations from previously generated text, eliminating redundant processing. It reduces time-to-first-token for requests with common prompt prefixes. Prefix caching is available for the following models:

    • vLLM: Llama 3.1 (8b, 70b), Llama 3.3 (70b)
    • Hex-LLM: Llama 2 (7b, 13b), Llama 3 (8b), Llama 3.1 (8b, 70b), Llama 3.2 (1b, 3b), Llama Guard (1b, 8b), CodeLlama (7b, 13b), Gemma (2b, 7b), CodeGemma (2b, 7b), Mistral-7B (v0.2, v0.3), Mixtral-8x7B (v0.1)

  • Speculative decoding is an effective optimization technique to reduce generation time-per-output-token latency. For more information, see the Model Garden advanced features notebook.

Google Cloud Architecture Center

Google Cloud Architecture Framework: Security, privacy, and compliance: Major update to align the recommendations with core principles of security.

Identity-Aware Proxy

Generally available: You can configure Workforce Identity Federation with IAP, and use an external identity provider (IdP) to authenticate and authorize a workforce—a group of users, such as employees, partners, and contractors—using Identity and Access Management (IAM), so that the users can securely access services deployed on Google Cloud or on-premises.

For more information, see Configure IAP with Workforce Identity Federation.

Generally available: Support for service account JWT authentication for Identity Platform and Workforce Identity Federation configured applications. For more information, see Authenticating with a service account JWT.

Memorystore for Redis Cluster

Multi-VPC support for Memorystore for Redis Cluster is now Generally Available (GA). This functionality enables you to create Private Service Connect endpoints in multiple VPCs to connect to the same Memorystore for Redis Cluster instance. This provides you with enhanced flexibility and resilience for your network architecture. For more information, see About multiple VPC networking.

VPC Service Controls

VPC Service Controls feature: Support for adding projects as a source in the egress rules of a service perimeter is generally available.

For more information, see Ingress and egress rules.

VPC Service Controls feature: Support for adding titles in the ingress and egress rules of a service perimeter is generally available.

For more information, see Ingress and egress rules.

Workflows

February 06, 2025

Apigee X

On February 6, 2025, we released an updated version of Apigee (1-14-0-apigee-6).

Bug ID Description
381553288 Fixed class initialization issue in JavaCallout policy.
390559772 Fixed issue with ResponseCache policy not appearing in debug sessions when added using Apigee APIM Operator for Kubernetes.
N/A Updates to security infrastructure and libraries.
BigQuery Cloud Composer

Cloud Composer 2 is no longer available in Mexico (northamerica-south1). It is not possible to select this region when creating a new Cloud Composer 2 environment. Existing Cloud Composer 2 environments and both new and existing Cloud Composer 3 environments are not affected by this change.

Cloud Logging

You can now create and manage your log views by using the Google Cloud console. For more information, see Configure log views on a log bucket.

Gemini Code Assist

IntelliJ Gemini Code Assist now has a setting to block suggestions that contain citations.

Fixed issues with Google Cloud project settings for VS Code Gemini Code Assist.

Google Kubernetes Engine

(2025-R05) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.5-gke.1068000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1612000
    • 1.29.12-gke.1270000
    • 1.30.9-gke.1027000
    • 1.31.4-gke.1372000
    • 1.32.0-gke.1538000
    • 1.32.1-gke.1200000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1641000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.5-gke.1023000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1641000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.5-gke.1023000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.1-gke.1200003 with this release.

Regular channel

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1143000
    • 1.29.12-gke.1143001
    • 1.30.8-gke.1162000
    • 1.30.8-gke.1162001
    • 1.31.4-gke.1256000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1261000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

Stable channel

  • Version 1.30.8-gke.1128001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.29.12-gke.1055001
    • 1.30.8-gke.1051000
    • 1.30.8-gke.1051001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1120001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1128001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1120001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1128001 with this release.

Extended channel

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2142000
    • 1.27.16-gke.2296000
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1143000
    • 1.29.12-gke.1143001
    • 1.30.8-gke.1162000
    • 1.30.8-gke.1162001
    • 1.31.4-gke.1256000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2246000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

No channel

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.29.12-gke.1055001
    • 1.29.12-gke.1143000
    • 1.30.5-gke.1713000
    • 1.30.8-gke.1051001
    • 1.30.9-gke.1027000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.8-gke.1128001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.8-gke.1128001 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

(2025-R05) Version updates

  • Version 1.31.5-gke.1068000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1612000
    • 1.29.12-gke.1270000
    • 1.30.9-gke.1027000
    • 1.31.4-gke.1372000
    • 1.32.0-gke.1538000
    • 1.32.1-gke.1200000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1641000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.5-gke.1023000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1641000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.13-gke.1006000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.5-gke.1023000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.1-gke.1200003 with this release.

(2025-R05) Version updates

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1143000
    • 1.29.12-gke.1143001
    • 1.30.8-gke.1162000
    • 1.30.8-gke.1162001
    • 1.31.4-gke.1256000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1261000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

(2025-R05) Version updates

  • Version 1.30.8-gke.1128001 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.29.12-gke.1055001
    • 1.30.8-gke.1051000
    • 1.30.8-gke.1051001
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1120001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1128001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1120001 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1128001 with this release.

(2025-R05) Version updates

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2142000
    • 1.27.16-gke.2296000
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1143000
    • 1.29.12-gke.1143001
    • 1.30.8-gke.1162000
    • 1.30.8-gke.1162001
    • 1.31.4-gke.1256000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2246000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

(2025-R05) Version updates

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation.
  • The following versions are now available:
  • The following node versions are now available:
  • The following versions are no longer available:
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.29.12-gke.1055001
    • 1.29.12-gke.1143000
    • 1.30.5-gke.1713000
    • 1.30.8-gke.1051001
    • 1.30.9-gke.1027000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.27 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.8-gke.1128001 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.8-gke.1128001 with this release.
    • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

Weighted load balancing for GKE External LoadBalancer Services is now generally available on GKE clusters running version 1.31.0-gke.1506000 or later. Weighted load balancing is a more efficient way to distribute traffic to nodes based on the number of serving Pods they have backing the Service.

To learn more, see Weighted load balancing.

Google SecOps

The collector ID representing Google Cloud direct ingestion in the Cloud Monitoring metrics and BigQuery has changed from dddddddd-dddd-dddd-dddd-dddddddddddd to aaaa3333-aaaa-3333-aaaa-3333aaaa3333.

For a complete list of updated collector IDs used for ingestion metrics, see Use Cloud Monitoring for ingestion notifications.

Google SecOps SIEM

The collector ID representing Google Cloud direct ingestion in the Cloud Monitoring metrics and BigQuery has changed from dddddddd-dddd-dddd-dddd-dddddddddddd to aaaa3333-aaaa-3333-aaaa-3333aaaa3333.

For a complete list of updated collector IDs used for ingestion metrics, see Use Cloud Monitoring for ingestion notifications.

Looker Studio

Looker Studio documentation has a new home

Looker Studio documentation has moved from Help Center to Google Cloud. Visit the new documentation site to learn more about the move.

Modern charts in public preview

The new Modern charts public preview offers new chart styling, new default chart configuration options, and new chart settings that give report creators greater control over how data is curated and presented to users.

Learn more about Modern charts.

Partner connection launch update

The following partner connectors have been added to the Looker Studio Connector Gallery:

Organization Policy

You can now create custom organization policies for Workflows. For more information, see Create custom organization policy constraints for Workflows.

Resource Manager

You can now create custom organization policies for Workflows. For more information, see Create custom organization policy constraints for Workflows.

Workflows

February 05, 2025

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies).

  • Backup and Disaster Recovery
    • backupdr.googleapis.com/BackupPlan
    • backupdr.googleapis.com/BackupPlanAssociation
Cloud SQL for MySQL

You can now configure customer-managed CA (CUSTOMER_MANAGED_CAS_CA) as the server certificate authority (CA) mode when you create a Cloud SQL instance. With customer-managed CA mode, you set up your own CA pool and CA in Certificate Authority Service. This option lets you establish your own CA hierarchy and manage the rotation of CA certificates for your Cloud SQL instances to help you meet your regulatory compliance needs.

To use the customer-managed CA option in Cloud SQL, see Use a customer-managed certificate authority (CA). For more information about server CA mode options, see Certificate authority (CA) hierarchies. The customer-managed CA feature is in Preview.

Cloud SQL for PostgreSQL

You can now migrate a subset of databases from an external server to a destination Cloud SQL instance. For more information, see Configure Cloud SQL and the external server for replication.

You can now configure customer-managed CA (CUSTOMER_MANAGED_CAS_CA) as the server certificate authority (CA) mode when you create a Cloud SQL instance. With customer-managed CA mode, you set up your own CA pool and CA in Certificate Authority Service. This option lets you establish your own CA hierarchy and manage the rotation of CA certificates for your Cloud SQL instances to help you meet your regulatory compliance needs.

To use the customer-managed CA option in Cloud SQL, see Use a customer-managed certificate authority (CA). For more information about server CA mode options, see Certificate authority (CA) hierarchies. The customer-managed CA feature is in Preview.

Cloud SQL for SQL Server

You can now configure customer-managed CA (CUSTOMER_MANAGED_CAS_CA) as the server certificate authority (CA) mode when you create a Cloud SQL instance. With customer-managed CA mode, you set up your own CA pool and CA in Certificate Authority Service. This option lets you establish your own CA hierarchy and manage the rotation of CA certificates for your Cloud SQL instances to help you meet your regulatory compliance needs.

To use the customer-managed CA option in Cloud SQL, see Use a customer-managed certificate authority (CA). For more information about server CA mode options, see Certificate authority (CA) hierarchies. The customer-managed CA feature is in Preview.

Cloud Storage

Announced billing changes for accessing Cloud Storage through BigQuery take effect Feb 21, 2025. These changes were originally set to take effect on February 01, 2025.

Confidential Space

A new Confidential Space image (250101) is now available.

Update go-sev-guest to v.0.12.1.

Update the verifier API version to include a new principal tag token type.

Generative AI on Vertex AI

Gemini 2.0 Flash general availability for text-only output

Gemini 2.0 Flash is now generally available for text-only outputs. Multimodal outputs are still available only as a private preview. For more information, see Gemini 2.0.

New Gemini 2.0 Pro and Gemini 2.0 Flash-Lite models available to users

Two new models in the Gemini 2.0 family are now available to users:

  • Gemini 2.0 Pro: Our strongest model for coding and world knowledge, featuring a 2M long context window. Gemini 2.0 Pro is available as an experimental model in Vertex AI.
  • Gemini 2.0 Flash-Lite: Our fastest and most cost efficient Flash model. Gemini 2.0 Flash-Lite is available as a Preview model in Vertex AI.

For more information, see Gemini 2.0

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.31.100-gke.136 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.31.100-gke.136 runs on Kubernetes v1.31.4-gke.900.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following functional change was made in 1.31.100-gke.136:

  • Removed support in the Konnectivity server (konnectivity-server) for the following weak cryptographic cipher suites: TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256

The following issues are fixed in 1.31.100-gke.136:

  • Fixed an issue to prevent checking for add-on node IP addresses for HA admin clusters with three control-plane nodes and no add-on nodes.

  • Fixed an issue where DNS and NTP servers weren't checked for HA admin clusters or for user clusters configured for Controlplane V2.

  • Fixed an issue where the VM template used for the HA admin control plane node repair isn't refreshed in vCenter after an upgrade.

  • Fixed an issue where a race condition during migration caused admin add-on nodes to get stuck at a NotReady status.

The 1.31.100-gke.136 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

Google Distributed Cloud (software only) for VMware 1.30.500-gke.126 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.30.500-gke.126 runs on Kubernetes v1.30.8-gke.200.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.30.500-gke.126:

  • Fixed an issue that caused non-HA cluster upgrades to get stuck creating or updating cluster control plane workloads.

  • Fixed an issue where DNS and NTP servers weren't checked for HA admin clusters or for user clusters configured for Controlplane V2.

  • Fixed an issue where a race condition during migration caused admin add-on nodes to get stuck at a NotReady status.

  • Fixed an issue where customer workloads with high resource requests triggered irrelevant resource validation warnings.

  • Fixed an issue where the VM template used for the HA admin control plane node repair isn't refreshed in vCenter after an upgrade.

The 1.30.500-gke.126 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

Google Distributed Cloud (software only) for bare metal

Release 1.31.100-gke.136

Google Distributed Cloud for bare metal 1.31.100-gke.136 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.31.100-gke.136 runs on Kubernetes 1.31.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following feature is available in 1.31.100-gke.136:

The following functional change was made in 1.31.100-gke.136:

  • Cluster deletion now deletes worker node pools prior to deleting any control plane node pools.

The following issues are fixed in 1.31.100-gke.136:

  • Fixed an issue where bmctl update clustercommand fails for user clusters that were created with thecloudOperationsServiceAccountKeyPath setting in the header section of the cluster configuration file.

  • Fixed an issue where prompting during bmctl update cluster prevented use of automation. You can now use the --quiet flag to skip prompting.

  • Fixed an issue where node machines didn't update when the registry mirror hosts field was updated.

The 1.31.100-gke.136 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.29.1000-gke.93

Google Distributed Cloud for bare metal 1.29.1000-gke.93 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.29.1000-gke.93 runs on Kubernetes 1.29.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following functional change was made in 1.29.1000-gke.93:

  • Cluster deletion now deletes worker node pools prior to deleting any control plane node pools.

The 1.29.1000-gke.93 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Release 1.30.500-gke.126

Google Distributed Cloud for bare metal 1.30.500-gke.126 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.30.500-gke.126 runs on Kubernetes 1.30.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

The following issues are fixed in 1.30.500-gke.126:

  • Fixed an issue where prompting during bmctl update cluster prevented use of automation. You can now use the --quiet flag to skip prompting.

  • Fixed an issue where node machines didn't update when the registry mirror hosts field was updated.

The 1.30.500-gke.126 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Google SecOps

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • A10 Load Balancer (A10_LOAD_BALANCER)
  • Akamai Enterprise Application Access (AKAMAI_EAA)
  • Akamai WAF (AKAMAI_WAF)
  • Apache (APACHE)
  • Apache Tomcat (TOMCAT)
  • AppOmni (APPOMNI)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Aruba (ARUBA_WIRELESS)
  • Aruba Airwave (ARUBA_AIRWAVE)
  • Atlassian Cloud Admin Audit (ATLASSIAN_AUDIT)
  • Attivo Networks (ATTIVO)
  • Auth0 (AUTH_ZERO)
  • Avigilon Access Logs (AVIGILON_ACCESS_LOGS)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS GuardDuty (GUARDDUTY)
  • AWS RDS (AWS_RDS)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Azure AD (AZURE_AD)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure Cosmos DB (AZURE_COSMOS_DB)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Front Door (AZURE_FRONT_DOOR)
  • Bindplane Agent (BINDPLANE_AGENT)
  • BloxOne Threat Defense (BLOXONE)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Cato Networks (CATO_NETWORKS)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Harmony (CHECKPOINT_HARMONY)
  • CircleCI (CIRCLECI)
  • Cisco AMP (CISCO_AMP)
  • Cisco Application Centric Infrastructure (CISCO_ACI)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco ISE (CISCO_ISE)
  • Cisco NX-OS (CISCO_NX_OS)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco vManage SD-WAN (CISCO_SDWAN)
  • Cisco VPN (CISCO_VPN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloudflare (CLOUDFLARE)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CrowdStrike Falcon (CS_EDR)
  • CrowdStrike Falcon Stream (CS_STREAM)
  • Crowdstrike Identity Protection Services (CS_IDP)
  • Dell CyberSense (DELL_CYBERSENSE)
  • Duo Administrator Logs (DUO_ADMIN)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • ExtraHop RevealX (EXTRAHOP)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 Distributed Cloud Services (F5_DCS)
  • Fastly CDN (FASTLY_CDN)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet FortiClient (FORTINET_FORTICLIENT)
  • Fortinet FortiDDoS (FORTINET_FORTIDDOS)
  • Fortinet FortiEDR (FORTINET_FORTIEDR)
  • Fortinet Proxy (FORTINET_WEBPROXY)
  • GitHub (GITHUB)
  • Gitlab (GITLAB)
  • HP Linux (HP_LINUX)
  • IBM Guardium (GUARDIUM)
  • Imperva (IMPERVA_WAF)
  • Juniper MX Router (JUNIPER_MX)
  • Kemp Load Balancer (KEMP_LOADBALANCER)
  • Linkshadow NDR (LINKSHADOW_NDR)
  • Linux Auditing System (AuditD) (AUDITD)
  • McAfee Web Gateway (MCAFEE_WEBPROXY)
  • McAfee Web Protection (MCAFEE_WEB_PROTECTION)
  • Micro Focus iManager (MICROFOCUS_IMANAGER)
  • Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Dynamics 365 User Activity (MICROSOFT_DYNAMICS_365)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft Netlogon (MICROSOFT_NETLOGON)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • Mimecast URL Logs (MIMECAST_URL_LOGS)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Open LDAP (OPENLDAP)
  • Open Policy Agent (OPA)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Guard (OCI_CLOUDGUARD)
  • Orca Cloud Security Platform (ORCA)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Networks IoT Security (PAN_IOT)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • ProFTPD (PROFTPD)
  • Proofpoint Observeit (OBSERVEIT)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • ProofPoint Secure Email Relay (PROOFPOINT_SER)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • RSA SecurID Access Identity Router (RSA_SECURID)
  • Rubrik (RUBRIK)
  • Salesforce (SALESFORCE)
  • Security Command Center Threat (N/A)
  • Sentry (SENTRY)
  • ServiceNow Audit (SERVICENOW_AUDIT)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • Smartsheet (SMARTSHEET)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snowflake (SNOWFLAKE)
  • Solaris system (SOLARIS_SYSTEM)
  • SonicWall (SONIC_FIREWALL)
  • Sophos Central (SOPHOS_CENTRAL)
  • Sophos UTM (SOPHOS_UTM)
  • Sourcefire (SOURCEFIRE_IDS)
  • Suricata EVE (SURICATA_EVE)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec Event export (SYMANTEC_EVENT_EXPORT)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Sysdig (SYSDIG)
  • Tableau (TABLEAU)
  • Tanium Asset (TANIUM_ASSET)
  • Tanium Threat Response (TANIUM_THREAT_RESPONSE)
  • tenable.io (TENABLE_IO)
  • Trend Micro (TIPPING_POINT)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
  • UberAgent (UBERAGENT)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Venafi ZTPKI (VENAFI_ZTPKI)
  • Vercel WAF (VERCEL_WAF)
  • Virtru Email Encryption (VIRTRU_EMAIL_ENCRYPTION)
  • WatchGuard (WATCHGUARD)
  • Wazuh (WAZUH)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Network Policy Server (WINDOWS_NET_POLICY_SERVER)
  • Zendesk CRM (ZENDESK_CRM)
  • ZeroFox Platform (ZEROFOX_PLATFORM)
  • Zimperium (ZIMPERIUM)
  • Zoom Operation Logs (ZOOM_OPERATION_LOGS)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Arcon PAM (ARCON_PAM)
  • Azure VNET Flow (AZURE_VNET_FLOW)
  • Cameyo Activity Logs (CAMEYO_ACTIVITY_LOGS)
  • ChromeOS XDR (CHROMEOS_XDR)
  • Cisco Vulnerability Management (CISCO_VULNERABILITY_MANAGEMENT)
  • Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
  • Draytek Router (DRAYTEK_ROUTER)
  • FA Solutions (FA_SOLUTIONS)
  • Files dot com (FILES_DOT_COM)
  • Fortinet ADC (FORTINET_ADC)
  • FoxPass Audit Logs (FOXPASS_AUDIT_LOGS)
  • Front (FRONT)
  • Ghangor DLP (GHANGOR_DLP)
  • Hillstone Firewall (HILLSTONE_NGFW)
  • Hoxhunt (HOXHUNT)
  • Huawei NextGen Firewall (HUAWEI_FIREWALL)
  • Huawei Fusion Sphere Hypervisor (HUAWEI_FUSIONSPHERE)
  • IBM Security Verify Access (IBM_SVA)
  • Indusface WAF (INDUSFACE_WAF)
  • Informatica (INFORMATICA)
  • Informatica Powercenter (INFORMATICA_POWERCENTER)
  • Intel Endpoint Management Assistant (INTEL_EMA)
  • Jamf Protect Telemetry V2 (JAMF_TELEMETRY_V2)
  • JiranSecurity MailScreen (JIRANSECURITY_MAILSCREEN)
  • Juniper SSR Conductor (JUNIPER_SSR_CONDUCTOR)
  • Metabase (METABASE)
  • Netlify Log Drains (NETLIFY_LOGDRAINS)
  • Pingcap TIDB (PINGCAP_TIDB)
  • PingOne Advanced Identity Cloud (PINGONE_AIC)
  • PingOne Protect (PINGONE_PROTECT)
  • Privacy-I (PRIVACY_I)
  • ReviveSec (REVIVESEC)
  • Sangfor Proxy (SANGFOR_PROXY)
  • SoftEther VPN (SOFTETHER_VPN)
  • Tehtris EDR (TEHTRIS_EDR)
  • TrendMicro Cloud Email Gateway Protection (TRENDMICRO_CLOUD_EMAIL_GATEWAY_PROTECTION)
  • VMware VeloCloud SD-WAN (VELOCLOUD_SDWAN)
  • Wing Security (WING_SECURITY)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps SIEM

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have changed. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

  • A10 Load Balancer (A10_LOAD_BALANCER)
  • Akamai Enterprise Application Access (AKAMAI_EAA)
  • Akamai WAF (AKAMAI_WAF)
  • Apache (APACHE)
  • Apache Tomcat (TOMCAT)
  • AppOmni (APPOMNI)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Aruba (ARUBA_WIRELESS)
  • Aruba Airwave (ARUBA_AIRWAVE)
  • Atlassian Cloud Admin Audit (ATLASSIAN_AUDIT)
  • Attivo Networks (ATTIVO)
  • Auth0 (AUTH_ZERO)
  • Avigilon Access Logs (AVIGILON_ACCESS_LOGS)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS GuardDuty (GUARDDUTY)
  • AWS RDS (AWS_RDS)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Azure AD (AZURE_AD)
  • Azure Application Gateway (AZURE_GATEWAY)
  • Azure Cosmos DB (AZURE_COSMOS_DB)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Front Door (AZURE_FRONT_DOOR)
  • Bindplane Agent (BINDPLANE_AGENT)
  • BloxOne Threat Defense (BLOXONE)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Cato Networks (CATO_NETWORKS)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Harmony (CHECKPOINT_HARMONY)
  • CircleCI (CIRCLECI)
  • Cisco AMP (CISCO_AMP)
  • Cisco Application Centric Infrastructure (CISCO_ACI)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco ISE (CISCO_ISE)
  • Cisco NX-OS (CISCO_NX_OS)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco vManage SD-WAN (CISCO_SDWAN)
  • Cisco VPN (CISCO_VPN)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Cloudflare (CLOUDFLARE)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • CrowdStrike Detection Monitoring (CS_DETECTS)
  • CrowdStrike Falcon (CS_EDR)
  • CrowdStrike Falcon Stream (CS_STREAM)
  • Crowdstrike Identity Protection Services (CS_IDP)
  • Dell CyberSense (DELL_CYBERSENSE)
  • Duo Administrator Logs (DUO_ADMIN)
  • Elastic Packet Beats (ELASTIC_PACKETBEATS)
  • Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT)
  • ExtraHop RevealX (EXTRAHOP)
  • F5 ASM (F5_ASM)
  • F5 BIGIP LTM (F5_BIGIP_LTM)
  • F5 Distributed Cloud Services (F5_DCS)
  • Fastly CDN (FASTLY_CDN)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet FortiClient (FORTINET_FORTICLIENT)
  • Fortinet FortiDDoS (FORTINET_FORTIDDOS)
  • Fortinet FortiEDR (FORTINET_FORTIEDR)
  • Fortinet Proxy (FORTINET_WEBPROXY)
  • GitHub (GITHUB)
  • Gitlab (GITLAB)
  • HP Linux (HP_LINUX)
  • IBM Guardium (GUARDIUM)
  • Imperva (IMPERVA_WAF)
  • Juniper MX Router (JUNIPER_MX)
  • Kemp Load Balancer (KEMP_LOADBALANCER)
  • Linkshadow NDR (LINKSHADOW_NDR)
  • Linux Auditing System (AuditD) (AUDITD)
  • McAfee Web Gateway (MCAFEE_WEBPROXY)
  • McAfee Web Protection (MCAFEE_WEB_PROTECTION)
  • Micro Focus iManager (MICROFOCUS_IMANAGER)
  • Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
  • Microsoft Azure Resource (AZURE_RESOURCE_LOGS)
  • Microsoft CyberX (CYBERX)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Dynamics 365 User Activity (MICROSOFT_DYNAMICS_365)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft Netlogon (MICROSOFT_NETLOGON)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • Mimecast URL Logs (MIMECAST_URL_LOGS)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Okta User Context (OKTA_USER_CONTEXT)
  • Open LDAP (OPENLDAP)
  • Open Policy Agent (OPA)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Guard (OCI_CLOUDGUARD)
  • Orca Cloud Security Platform (ORCA)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Networks IoT Security (PAN_IOT)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • ProFTPD (PROFTPD)
  • Proofpoint Observeit (OBSERVEIT)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • ProofPoint Secure Email Relay (PROOFPOINT_SER)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • RSA SecurID Access Identity Router (RSA_SECURID)
  • Rubrik (RUBRIK)
  • Salesforce (SALESFORCE)
  • Security Command Center Threat (N/A)
  • Sentry (SENTRY)
  • ServiceNow Audit (SERVICENOW_AUDIT)
  • ServiceNow CMDB (SERVICENOW_CMDB)
  • Smartsheet (SMARTSHEET)
  • Snare System Diagnostic Logs (SNARE_SOLUTIONS)
  • Snowflake (SNOWFLAKE)
  • Solaris system (SOLARIS_SYSTEM)
  • SonicWall (SONIC_FIREWALL)
  • Sophos Central (SOPHOS_CENTRAL)
  • Sophos UTM (SOPHOS_UTM)
  • Sourcefire (SOURCEFIRE_IDS)
  • Suricata EVE (SURICATA_EVE)
  • Symantec DLP (SYMANTEC_DLP)
  • Symantec Endpoint Protection (SEP)
  • Symantec Event export (SYMANTEC_EVENT_EXPORT)
  • Symantec Web Security Service (SYMANTEC_WSS)
  • Sysdig (SYSDIG)
  • Tableau (TABLEAU)
  • Tanium Asset (TANIUM_ASSET)
  • Tanium Threat Response (TANIUM_THREAT_RESPONSE)
  • tenable.io (TENABLE_IO)
  • Trend Micro (TIPPING_POINT)
  • Trend Micro Deep Security (TRENDMICRO_DEEP_SECURITY)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
  • UberAgent (UBERAGENT)
  • Unix system (NIX_SYSTEM)
  • Vectra Detect (VECTRA_DETECT)
  • Vectra Stream (VECTRA_STREAM)
  • Venafi ZTPKI (VENAFI_ZTPKI)
  • Vercel WAF (VERCEL_WAF)
  • Virtru Email Encryption (VIRTRU_EMAIL_ENCRYPTION)
  • WatchGuard (WATCHGUARD)
  • Wazuh (WAZUH)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Network Policy Server (WINDOWS_NET_POLICY_SERVER)
  • Zendesk CRM (ZENDESK_CRM)
  • ZeroFox Platform (ZEROFOX_PLATFORM)
  • Zimperium (ZIMPERIUM)
  • Zoom Operation Logs (ZOOM_OPERATION_LOGS)
  • Zscaler (ZSCALER_WEBPROXY)
  • Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

  • Arcon PAM (ARCON_PAM)
  • Azure VNET Flow (AZURE_VNET_FLOW)
  • Cameyo Activity Logs (CAMEYO_ACTIVITY_LOGS)
  • ChromeOS XDR (CHROMEOS_XDR)
  • Cisco Vulnerability Management (CISCO_VULNERABILITY_MANAGEMENT)
  • Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
  • Draytek Router (DRAYTEK_ROUTER)
  • FA Solutions (FA_SOLUTIONS)
  • Files dot com (FILES_DOT_COM)
  • Fortinet ADC (FORTINET_ADC)
  • FoxPass Audit Logs (FOXPASS_AUDIT_LOGS)
  • Front (FRONT)
  • Ghangor DLP (GHANGOR_DLP)
  • Hillstone Firewall (HILLSTONE_NGFW)
  • Hoxhunt (HOXHUNT)
  • Huawei NextGen Firewall (HUAWEI_FIREWALL)
  • Huawei Fusion Sphere Hypervisor (HUAWEI_FUSIONSPHERE)
  • IBM Security Verify Access (IBM_SVA)
  • Indusface WAF (INDUSFACE_WAF)
  • Informatica (INFORMATICA)
  • Informatica Powercenter (INFORMATICA_POWERCENTER)
  • Intel Endpoint Management Assistant (INTEL_EMA)
  • Jamf Protect Telemetry V2 (JAMF_TELEMETRY_V2)
  • JiranSecurity MailScreen (JIRANSECURITY_MAILSCREEN)
  • Juniper SSR Conductor (JUNIPER_SSR_CONDUCTOR)
  • Metabase (METABASE)
  • Netlify Log Drains (NETLIFY_LOGDRAINS)
  • Pingcap TIDB (PINGCAP_TIDB)
  • PingOne Advanced Identity Cloud (PINGONE_AIC)
  • PingOne Protect (PINGONE_PROTECT)
  • Privacy-I (PRIVACY_I)
  • ReviveSec (REVIVESEC)
  • Sangfor Proxy (SANGFOR_PROXY)
  • SoftEther VPN (SOFTETHER_VPN)
  • Tehtris EDR (TEHTRIS_EDR)
  • TrendMicro Cloud Email Gateway Protection (TRENDMICRO_CLOUD_EMAIL_GATEWAY_PROTECTION)
  • VMware VeloCloud SD-WAN (VELOCLOUD_SDWAN)
  • Wing Security (WING_SECURITY)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Organization Policy

You can now create custom organization policies for Cloud Monitoring alerting policies, notification channels, and snoozes. For more information, see Use custom organization policies.

Resource Manager

You can now create custom organization policies for Cloud Monitoring alerting policies, notification channels, and snoozes. For more information, see Use custom organization policies.

Sensitive Data Protection

The CREDIT_CARD_EXPIRATION_DATE infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

Spanner

Informational foreign keys are available in Spanner. Informational foreign keys don't enforce referential integrity and are used to declare the intended logical data model for query optimization. Enforced foreign keys, which enforce referential integrity, are also available.

Informational foreign keys are supported by GoogleSQL only. Enforced foreign keys are supported by GoogleSQL and PostgreSQL.

For more information, see the following:

February 04, 2025

Apigee Integrated Portal

On February 4, 2025 we released a new version of the Apigee integrated portal.

This release includes general improvements to performance and availability.

Backup and DR

The Backup and DR service has added support for activating the management console and for storing backup vault data in the following regions: us-east5, asia-northeast1, and asia-southeast2.

Cloud Asset Inventory

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Google Kubernetes Engine
    • admissionregistration.k8s.io/ValidatingWebhookConfiguration
  • BigQuery Data Transfer API
    • bigquerydatatransfer.googleapis.com/TransferConfig
Cloud Composer

All Cloud Composer environment's GKE clusters are set up with maintenance exclusions from January 21, 2025 to February 10, 2025. For more information, see Maintenance exclusions.

Cloud Monitoring

When you create a snooze from the Incident details page, you can now apply the snooze to other incidents that have one or more of the same resource labels. For more information, see Create a snooze.

Cloud Run

When deploying a function in Cloud Run, you can now specify an Artifact Registry image repository to store the container (Preview).

Config Connector

Config Connector version 1.128.0 is now available.

New Beta resources (direct reconciler)

New Fields

  • SpannerInstance

    • You need to use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on SpannerInstance resource to opt-in these features.

      • spec.autoscalingConfig
      • spec.edition

Reconciliation Improvements

  • We have added support for direct reconciliation to more resources, with opt-in behaviour. The API is unchanged. To use the direct reconciler, add the alpha.cnrm.cloud.google.com/reconciler: direct annotation to the corresponding Config Connector object. The following resources now have direct reconciliation support:

    • AlloyDBInstance
    • SpannerInstance

New Alpha resources (direct reconciler)

  • IAPSettings

  • SecureSourceManangerInstance

  • SecureSourceManangerRepository

DataformRepository fields validation error.

  • Fixed the incorrect format validation for the following fields:

    • spec.gitRemoteSettings.authenticationTokenSecretVersionRef
    • spec.gitRemoteSettings.sshAuthenticationConfig.userPrivateKeySecretVersionRef
    • spec.npmrcEnvironmentVariablesSecretVersionRef
Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.1000-gke.94 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.1000-gke.94 runs on Kubernetes v1.29.12-gke.800.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

The following issues are fixed in 1.29.1000-gke.94:

  • Fixed an issue to prevent checking for add-on node IP addresses for HA admin clusters with three control-plane nodes and no add-on nodes.

  • Fixed an issue where DNS and NTP servers weren't checked for HA admin clusters or for user clusters configured for Controlplane V2.

The 1.29.1000-gke.94 release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

Google Kubernetes Engine

A bug in the image streaming feature caused authentication-related failures in specific scenarios when the workload tried to access container image data. This bug has been fixed in the following GKE versions:

  • 1.32.0-gke.1448000 and above.
  • 1.31.4-gke.1183000 and above.
  • 1.30.8-gke.1261000 and above.

A security vulnerability was discovered in the Google Secret Manager Provider for Secret Store CSI Driver. This vulnerability could allow an attacker to gain access to the Kubernetes service account token of the CSI driver.

For more details, see GCP-2025-006 security bulletin.

GKE cluster notifications have the following new capabilities:

For more details about the different types of cluster notifications GKE sends and how you can receive them, see Cluster notifications.

Sensitive Data Protection

Regional endpoints for Sensitive Data Protection are available in the eu and us multi-regions. For more information, see Global and regional endpoints for Sensitive Data Protection.

Transcoder API

Standalone MP3 audio-only outputs are now supported.

February 03, 2025

AlloyDB for PostgreSQL

The AlloyDB Omni Kubernetes operator version 1.3.0 is generally available (GA). Version 1.3.0 includes the following new features and changes:

  • The Kubernetes operator 1.3.0 supports connection pooling (Preview).

  • You can put the database in maintenance mode to make a maintenance update or repair a pod.

  • You can create replication slots and users for logical replication via the Operator API from your database instance to subscribed applications.

  • This release of the Kubernetes operator adds support for kube-state-metrics so that you can use Prometheus or a Prometheus-compatible scraper to consume and display custom resource metrics like DBCluster Backup, and DBInstance. For more information, see Monitor AlloyDB Omni Kubernetes operator custom resources.

  • When you create a new database cluster, this version of the Kubernetes operator creates read-only (RO) and read-write (RW) load balancers concurrently, which reduces the time that it takes for the database cluster to be ready for connections and queries.

  • Configurable log rotation has a default retention time of seven days, and each archived file is individually compressed using Gzip. For more information, see Configure AlloyDB Omni log rotation.

  • Various bug fixes and performance improvements.

Apigee UI

On February 3, we released an updated version of the Apigee UI.

GA of Apigee analytics dashboards in Google Cloud console

You can now access these dashboards in the Apigee UI in Google Cloud console:

Apigee X

Public Preview of the Apigee APIM Operator for Kubernetes

The Apigee APIM Operator for Kubernetes (Preview) allows you to perform API management tasks using Kubernetes tools. It is designed to support cloud-native developers by providing a command-line interface that integrates with familiar Kubernetes tools like kubectl. The operator works by using various APIM resources to keep your Google Kubernetes Engine (GKE) cluster synchronized with the Apigee runtime.

For more information, see Apigee APIM Operator for Kubernetes overview.

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.47.0 (2025-01-29)

Features
  • bigquery: Support resource tags for datasets in java client (#3647) (01e0b74)
Bug Fixes
Dependencies
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20250112-2.0.0 (#3651) (fd06100)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.42.0 (#3653) (1a14342)
  • Update github/codeql-action action to v2.28.1 (#3637) (858e517)

The BigQuery ML ML.BUCKETIZE and ML.QUANTILE_BUCKETIZE functions now support formatting of the function output. You can use the output_format argument to format the function output as one of the following:

  • A string in the format bin_<bucket_index>
  • A string in interval notation
  • A JSON-formatted string

You can now use the BY NAME and CORRESPONDING modifiers with set operations to match columns by name instead of by position. This feature is generally available (GA).

Bigtable

Tags data for Bigtable instances is now included in Cloud Billing data, letting you use tagged Bigtable instances to gain visibility into your resource usage and spending. For more information, see Understand standard and detailed usage cost data.

Cloud Billing

Google Cloud Marketplace now uses the agency model for marketplace services for UK, FR, and DE customers.

As part of this change, customers will receive separate invoices for Google Cloud and third-party vendor transactions in the Cloud Marketplace.

For more information, see Split invoicing for agency model transactions and Marketplace Agency Account Migration FAQ.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.21.2 (2025-01-29)

Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.42.0 (#1755) (d404381)
  • Update dependency io.opentelemetry:opentelemetry-bom to v1.46.0 (#1747) (5ef2853)
  • Update googleapis/sdk-platform-java action to v2.52.0 (#1753) (3dcf86a)

Python

Changes for google-cloud-logging

3.11.4 (2025-01-22)

Bug Fixes
  • Made write_entries raise ValueError on ParseErrors (#958) (5309478)
  • Require proto-plus >= 1.25 for Python 3.13 (#955) (7baed8e)
  • Require proto-plus >= 1.25 for Python 3.13 (#955) (002b1fc)
Cloud Monitoring

You can now create custom organization policies on alerting policies, notification channels, and snoozes. For more information, see Use custom organization policies.

Cloud Service Mesh

A new version of the data plane for Gateway API is now generally available (GA) as a part of managed Cloud Service Mesh for clusters on GKE Rapid channel. The managed data plane helps you to trigger upgrades for data plane proxies. For more information see Data plan management considerations .

Managed Cloud Service Mesh starts using Envoy.1.33 for Gateway API on GKE clusters with rapid channel.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-storage

2.48.0 (2025-01-27)

Features
  • Add new Storage#moveBlob method to atomically rename an object (#2882) (c49fd08)
  • Next release from main branch is 2.48.0 (#2885) (34e5903)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.1 (09ed029)
  • Update Signed URL default scheme to resolve from storage options host (#2880) (7ae7e39), closes #2870
  • Update StorageException translation of an ApiException to include error details (#2872) (8ad5010)
Dependencies
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#2873) (39509d5)
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.52.0 (#2883) (a64a3d5)

Python

Changes for google-cloud-storage

3.0.0 (2025-01-28)

⚠ BREAKING CHANGES

Please consult the README for details on this major version release.

  • The default checksum strategy for uploads has changed from None to "auto" (#1383)
  • The default checksum strategy for downloads has changed from "md5" to "auto" (#1383)
  • Deprecated positional argument "num_retries" has been removed (#1377)
  • Deprecated argument "text_mode" has been removed (#1379)
  • Blob.download_to_filename() now deletes the empty destination file on a 404 (#1394)
  • Media operations now use the same retry backoff, timeout and custom predicate system as non-media operations, which may slightly impact default retry behavior (#1385)
  • Retries are now enabled by default for uploads, blob deletes and blob metadata updates (#1400)
Features
  • Add "auto" checksum option and make default (#1383) (5375fa0)
  • Blob.download_to_filename() deletes the empty destination file on a 404 (#1394) (066be2d)
  • Enable custom predicates for media operations (#1385) (f3517bf)
  • Integrate google-resumable-media (#1283) (bd917b4)
  • Retry by default for uploads, blob deletes, metadata updates (#1400) (0426005)
Bug Fixes
  • Cancel upload when BlobWriter exits with exception (#1243) (df107d2)
  • Changed name of methods Blob.from_string() and Bucket.from_string() to from_uri() (#1335) (58c1d03)
  • Correctly calculate starting offset for retries of ranged reads (#1376) (7b6c9a0)
  • Filter download_kwargs in BlobReader (#1411) (0c21210)
  • Remove deprecated num_retries argument (#1377) (58b5040)
  • Remove deprecated text_mode argument (#1379) (4d20a8e)
Documentation
  • Correct formatting and update README.rst (#1427) (2945853)
  • Fix issue with exceptions.py documentation (#1328) (22b8c30)
Container Optimized OS

cos-117-18613-164-13

Kernel Docker Containerd GPU Drivers
COS-6.6.72 v24.0.9 v1.7.24 See List

Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.

Backported Intel TDX (Trust Domain Extensions) and confidential computing patches from Linux kernel 6.7 upstream to enable TDX feature support.

Enabled Grace platform support: Enabled DMA-BUF shared memory support for the ARM64 kernel.

Enabled Grace platform support: Enabled ATS/PASID(PCI) for ARM64 kernel.

Enabled Grace platform support: Enabled SMMU (v3) for ARM64 kernel.

Enabled Grace platform support: Enabled memory_hotplug and device_private in the ARM64 kernel.

Enabled ECC kernel modules required for confidential GPU functionality.

Fixed KCTF-bc50835 in the Linux kernel.

Fixed CVE-2024-53170 in the Linux kernel.

Fixed CVE-2024-53124 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811776 -> 811757

cos-dev-121-18865-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.74 v25.0.7 v2.0.2 See List

Updated the Linux kernel to v6.6.74.

Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.

Backported Intel TDX (Trust Domain Extensions) and confidential computing patches from Linux kernel 6.7 upstream to enable TDX feature support.

Enabled Grace platform support: Enabled ATS/PASID(PCI) for ARM64 kernel.

Enabled Grace platform support: Enabled SMMU (v3) for ARM64 kernel.

Enabled Grace platform support: Enabled memory_hotplug and device_private in the ARM64 kernel.

Enabled Grace platform support: Enabled DMA-BUF shared memory support for the ARM64 kernel.

Enabled ECC kernel modules required for confidential GPU functionality.

Fixed KCTF-bc50835 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811821 -> 811771

cos-105-17412-535-42

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.

Fixed CVE-2024-40896 in libxml2.

Fixed KCTF-bc50835 in the Linux kernel.

Fixed CVE-2024-53124 in the Linux kernel.

Fixed CVE-2024-47707 in the Linux kernel.

Fixed CVE-2024-56688 in the Linux kernel.

Fixed KCTF-3d5ad2d in the Linux kernel.

Fixed CVE-2024-56756 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812681 -> 812686

cos-113-18244-291-24

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.

Fixed CVE-2024-53128 in the Linux kernel.

Fixed KCTF-bc50835 in the Linux kernel.

Fixed CVE-2024-53170 in the Linux kernel.

Fixed CVE-2024-53124 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812045 -> 812027

cos-109-17800-436-19

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

Added NVIDIA GPU driver's R570 branch. Updated the LATEST GPU driver label to version 570.86.15.

Fixed CVE-2024-40896 in libxml2.

Fixed KCTF-bc50835 in the Linux kernel.

Fixed CVE-2024-53170 in the Linux kernel.

Fixed CVE-2024-53124 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812276 -> 812300

Data Catalog

Data Catalog is deprecated and will be discontinued on January 30, 2026. For steps to transition your Data Catalog users, workloads, and content to Dataplex Catalog, see Transition from Data Catalog to Dataplex Catalog.

Document AI

Model pretrained-ocr-v2.1-2024-08-07 has General Availability (GA) in the US and EU.

For more information about available models, see Enterprise Document OCR and Regional and multi-regional support availability.

Model pretrained-ocr-v2.1.1-2025-01-31 is available as a Release Candidate in the regions asia-south1, australia-southeast1, europe-west2, europe-west3 and northamerica-northeast1.

For more information about available models, see Enterprise Document OCR.

Google Kubernetes Engine

Starting on February 3, 2025, GKE will create a new service agent named service-{PROJECT_ NUMBER}@gcp-sa-gkenode.iam.gserviceaccount.com that the GKE system workloads that run on your worker nodes can use. This service agent will only have the minimum permissions that GKE needs to operate these nodes by default, and will help to isolate the requirements of GKE-managed workloads from the requirements of your workloads. GKE-managed system workloads will begin using this service agent in an upcoming GKE version, which we'll announce in a separate release note.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for pubsub/apiv1

1.47.0 (2025-01-31)

Features
  • pubsub: Support new forms of topic ingestion (#11537) (46d6ed4)

1.46.0 (2025-01-24)

Features
  • pubsub: Add Kafka-based sources to IngestionDataSourceSettings proto and IngestionFailureEvent proto (e4e1a49)
Bug Fixes
  • pubsub: Fix defer call in for loop (#11175) (7aec711)
  • pubsub: Update golang.org/x/net to v0.33.0 (e9b0b69)

Java

Changes for google-cloud-pubsub

1.136.1 (2025-01-28)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.52.0 (0d8c8bf)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.46.0 (#2309) (97bd44e)
  • Update dependency com.google.cloud:google-cloud-core to v2.49.1 (#2300) (cf2822b)
  • Update dependency com.google.cloud:google-cloud-core to v2.50.0 (#2321) (5c40bcd)
  • Update dependency com.google.cloud:google-cloud-storage to v2.47.0 (#2303) (707f842)
  • Update dependency com.google.cloud:google-cloud-storage to v2.48.0 (#2322) (93b9419)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.42.0 (#2324) (84e8562)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.29.3 (#2302) (9e90e2c)
  • Update dependency org.assertj:assertj-core to v3.27.3 (#2313) (5e80b57)
  • Update googleapis/sdk-platform-java action to v2.52.0 (#2320) (01dd3de)
Documentation
  • Add samples and tests for ingestion from Kafka sources (#2315) (eea603b)

Python

Changes for google-cloud-pubsub

2.28.0 (2025-01-30)

Features
  • Add support for message transforms to Topic and Subscription (#1274) (e5e2f3f)
Bug Fixes
Retail API

Pinning is available for Vertex AI Search for commerce. Pinning is a serving control for that lets you specify an exact position in search results for a certain item to appear.

The pinning control is created by adding a rule to the search or browse condition, which is the action field pin_action in the Retail API. A pin value from 1 to 120 can be applied to determine the fixed position for results matching the defined conditions. This feature is not supported for recommendations.

For more about pinning, see Pinning controls.

Secret Manager

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for secretmanager/apiv1

1.14.4 (2025-01-30)

Documentation
  • secretmanager: Fix link in Markdown comments (aa54375)
  • secretmanager: Updated comment for customer_managed_encryption in message .google.cloud.secretmanager.v1.Secret (aa54375)
  • secretmanager: Updated comment for customer_managed_encryption in message .google.cloud.secretmanager.v1.SecretVersion (aa54375)
  • secretmanager: Updated comment for name in message .google.cloud.secretmanager.v1.Topic (aa54375)
  • secretmanager: Updated comment for Replication (aa54375)
  • secretmanager: Updated comment for scheduled_destroy_time in message .google.cloud.secretmanager.v1.SecretVersion (aa54375)
Security Command Center

Protect your AI applications using Model Armor

Model Armor is a Google Cloud service that enables you to apply content safety and content security controls to LLM prompts and responses to mitigate risks such as sensitive data leakage, prompt injection, and offensive content. For more information, see Model Armor overview.

Sensitive Data Protection

The CVV_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

February 02, 2025

Dataproc Google SecOps SOAR

Release 6.3.33 is currently in Preview. This release contains the following features.

Map IdP Groups to control access parameters

You can now create user groups in your SAML provider and map them to IdP groups, removing the need to manually add individual users to the platform. For more information, see IdP Group Mapping in the SOAR platform.

Environment groups

This feature lets you group environments into logical categories, making it easier to manage your company or your customers as an MSSP.

You can use environment groups when adding users, mapping IdP user groups, creating new playbooks, and applying case filters on the platform. For more information about how to create groups of environments, see Create environment groups.

February 01, 2025

Cloud SQL for MySQL

All Cloud SQL for MySQL 5.6 and 5.7 instances are running community end-of-life (EOL) major versions and are now enrolled in Cloud SQL extended support.

IMPORTANT: Extended support is a paid service and is an addition to the current cost of your instance. Charges for extended support are waived from February 1, 2025 through April 30, 2025. Starting on May 1, 2025, all instances enrolled in extended support will be charged. To learn more about the benefits of extended support and pricing, see Extended support for Cloud SQL.

Cloud SQL for PostgreSQL

All Cloud SQL for PostgreSQL 9.6, 10, 11, and 12 instances are running community end-of-life (EOL) major versions and are now enrolled in Cloud SQL extended support.

IMPORTANT: Extended support is a paid service and is an addition to the current cost of your instance. Charges for extended support are waived from February 1, 2025 through April 30, 2025. Starting on May 1, 2025, all instances enrolled in extended support will be charged. To learn more about the benefits of extended support and pricing, see Extended support for Cloud SQL.

Google SecOps SOAR

Release 6.3.32 is now in General Availability.

January 31, 2025

Assured Workloads

The following products are now supported by the following control packages. See supported products for more information:

  • Cloud Service Mesh, Connect, Generative AI on Vertex AI, Resource Manager, Secure Source Manager:
    • Australia Regions
    • Australia Regions with Assured Support
    • Brazil Regions
    • Canada Regions
    • Canada Regions and Support
    • Chile Regions
    • EU Regions
    • EU Regions and Support
    • Hong Kong Regions
    • India Regions
    • Indonesia Regions
    • Israel Regions
    • Israel Regions and Support
    • Japan Regions
    • Qatar Regions
    • Singapore Regions
    • South Africa Regions
    • South Korea Regions
    • Switzerland Regions
    • Taiwan Regions
    • UK Regions
    • US Regions
    • US Regions and Support
Cloud Composer

(Cloud Composer 3) The issue with upgrading Airflow builds is now resolved. You can now upgrade Airflow builds for Cloud Composer 3 in the asia-south1, asia-northeast2, europe-west1, europe-west3, and europe-north1 regions.

Cloud Monitoring

You can now monitor usage, throughput, and latency, and troubleshoot 429 errors on Vertex AI foundation models like Google Gemini and Anthropic Claude by using a new predefined dashboard. After querying a model from the Vertex AI Model Garden, you can find the models associated with your project from the Vertex AI Dashboard page under the "Model observability" heading.

To customize the dashboard and explore relevant metrics in Cloud Monitoring, click Show All Metrics. For information about using dashboards in Cloud Monitoring, see View and customize Google Cloud dashboards.

Cloud Storage

You can now enable client-side traces with OpenTelemetry when you use Cloud Storage client libraries. To learn more about how client-side traces work and how to configure tracing for your application, see Use client-side traces.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.130-debian10, 2.0.130-rocky8, 2.0.130-ubuntu18
  • 2.1.78-debian11, 2.1.78-rocky8, 2.1.78-ubuntu20, 2.1.78-ubuntu20-arm
  • 2.2.44-debian12, 2.2.44-rocky9, 2.2.44-ubuntu22
  • New Hyperdisk Balanced primary disk type available on Dataproc clusters.
  • New machine types available for Hyperdisk Balanced disk type on clusters: C4, C4A, and N4.
Generative AI on Vertex AI

You can now monitor usage, throughput, and latency and troubleshoot 429 errors on Vertex AI foundation models, like Google Gemini and Anthropic Claude, by using a predefined dashboard. After querying a model from the Vertex AI Model Garden, you can find the name of the model you queried in the Vertex AI Dashboard page under the "Model observability" heading.

To customize the dashboard and explore relevant metrics in Cloud Monitoring, click Show All Metrics. For information about using dashboards in Cloud Monitoring, see View and customize Google Cloud dashboards.

Google Cloud Architecture Center

Best practices and reference architectures for VPC design: Updates to the document to reflect feature releases over the past months.

Cross-Cloud Network for distributed applications: Updates to the document set to reflect feature releases over the past months.

Retail API

Vertex AI Search for commerce: Merchandising console

Vertex AI Search for commerce has released a new user-friendly Merchandising console for site merchants and business users. Cloud console admins can grant users access as a Creator or Approver to set or define rules, and create and manage controls. The Google Cloud Search for commerce console Controls section has a Merchandising console tab where admins can grant users access and manage user permissions for the Merchandising console.

For more information, see Console options for creating controls.

SAP on Google Cloud

New certification: Oracle Database with Oracle Linux for SAP NetWeaver

For SAP NetWeaver based applications running on Google Cloud, SAP and Oracle have certified the use of single-node instances of Oracle Database 19c or later with UEK-enabled Oracle Linux 8 or 9.

While using an Oracle Database, all components of your SAP system must use the same version of Oracle Linux. This includes the database, app servers, and any other closely coupled auxiliary system.

For more information, see the following:

Spanner

A monthly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-spanner

6.85.0 (2025-01-10)

Features
  • Add gcp client attributes in OpenTelemetry traces (#3595) (7893f24)
  • Add LockHint feature (#3588) (326442b)
  • spanner: MTLS setup for spanner external host clients (#3574) (f8dd152)
Dependencies
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.56.0 (#3563) (e4d0b0f)
  • Update dependency com.google.api.grpc:proto-google-cloud-monitoring-v3 to v3.57.0 (#3592) (a7542da)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#3589) (2cd4238)
  • Update dependency com.google.cloud.opentelemetry:exporter-trace to v0.33.0 (#3455) (70649dc)
  • Update dependency com.google.re2j:re2j to v1.8 (#3594) (0f2013d)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#3591) (3daa1a0)

Node.js

Changes for @google-cloud/spanner

7.17.0 (2024-12-27)

Known Issues

This release inadvertently introduced an issue where OpenTelemetry Trace context Global Propagators are default set to W3CTraceContextPropagator. For more details, refer to issue #2208

A fix for this issue has been included in version 7.17.1

Features
  • Add the last statement option to ExecuteSqlRequest and ExecuteBatchDmlRequest (#2196) (223f167)
  • Enable e2e tracing (#2202) (3cc257e)
Bug Fixes

7.17.1 (2025-01-03)

Bug Fixes
Vertex AI

Dedicated Public Endpoints and Private Service Connect Endpoints (PSC-E) for Vertex AI Prediction are generally available (GA).

January 30, 2025

Anthos Config Management

Fixed an issue that was causing Container Registry and Artifact Registry authentication tokens to expire before being refreshed. For more information, see known issue Unable to generate access token for OCI source.

Fixed an issue that incorrectly reported managed resources as "Not Found" when an API Service backend became unhealthy. For more information, see known issue API discovery errors can cause managed objects to incorrectly be marked as "Not Found".

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Cloud Asset Inventory
    • cloudasset.googleapis.com/Feed
  • Firebase
    • firebaserules.googleapis.com/Release
    • firebaserules.googleapis.com/Ruleset
  • Identity-Aware Proxy
    • iap.googleapis.com/TunnelDestGroup
Cloud Composer

At the beginning of February 2025, we will delete inactive environments that are non-recoverable in Cloud Composer 1, Cloud Composer 2, and Cloud Composer 3. After this change, non-recoverable environments that have listed problems will be deleted automatically.

Cloud Composer 1 and Cloud Composer 2 environments that have both of the following problems present at the same time will be deleted:

  • The environment's underlying GKE cluster is deleted.
  • The environment is in the ERROR state for at least 60 days because of a disabled billing account or because the Cloud Composer API service was deactivated in its project.

Cloud Composer 3 environments that have the following problem will be deleted:

  • The environment is in the ERROR state for at least 60 days because of a disabled billing account or because the Cloud Composer API service was deactivated in its project.

This change doesn't affect buckets of these environments. You can still recover your DAGs and other data from the environment's bucket and then delete the bucket manually. See Delete environments for information about data that is not deleted automatically together with the environment.

Cloud DNS

DNS64 is now available in Preview.

Dataproc

Dataproc on Compute Engine: Private Google Access is now automatically enabled in the configured subnetwork when creating clusters with internal IP addresses.

Dataproc Serverless for Spark: Private Google Access is now automatically enabled in the configured subnetwork when running batch workloads and interactive sessions.

Gemini Code Assist

For new customers with billing accounts that have never had a Gemini Code Assist subscription, we automatically apply up to 50 license credits for the first month, regardless of Gemini Code Assist edition. For more information, see Set up Gemini Code Assist.

Generative AI on Vertex AI

Mistral Large (24.07) and Codestral (24.05) that are offered as a Model as a Service (MaaS) models in Model Garden are deprecated. For details, see Generative AI on Vertex AI deprecations.

Google Cloud Architecture Center

(New guide) Cross-Cloud Network inter-VPC connectivity using Network Connectivity Center: Describes how to design the network segmentation structure and connectivity of Cross-Cloud Network with Network Connectivity Center.

Google Kubernetes Engine

Starting on January 28, 2025, the following Preview features are deprecated:

  • GKE threat detection
  • Supply chain concerns - Binary Authorization
  • GKE Compliance dashboard

For deprecation and removal dates, and for information about alternatives, see Posture management deprecations.

Network Connectivity Center

Route exchange with VPC spokes is generally available.

This feature lets you connect VPC spokes and hybrid spokes, such as Cloud Interconnect VLAN attachments, HA VPN tunnels, and Router appliance VMs on the same hub.

Note that you are billed for Advanced Data Networking (ADN) for traffic originating from Google Cloud Platform egressing through hybrid spokes.

See the following known issues for dynamic route exchange:

  • Routing VPC networks that are also VPC spokes: A routing VPC network should typically contain hybrid spokes. However, if you do configure a routing VPC network as a VPC spoke, the following limitations apply:
    • A routing VPC network can also be a VPC spoke only if there are no other routing VPC networks on the hub. A hub supports two or more routing VPC networks only when none of the routing VPC networks are VPC spokes.
    • The site-to-site data transfer setting is not honored for hybrid spokes in a routing VPC network that is also a VPC spoke.
  • Dynamic route interaction rules: Within a routing VPC network, for each unique dynamic route destination with a next hop in a hybrid spoke, you must ensure that all other dynamic routes, regardless of priority, whose destinations exactly match or fit within the unique dynamic route destination, have next hop Cloud VPN tunnels or VLAN attachments also in a hybrid spoke. Further, you must ensure that those hybrid spokes use the same site-to-site data transfer setting (either enabled or disabled).
    • If only some next hops for dynamic routes with a common destination are in hybrid spokes, Network Connectivity Center can't reliably exchange dynamic routes that use that destination with VPC spokes on the hub. Consequently, VPC spokes might not receive those dynamic routes.
    • Network Connectivity Center doesn't perform ECMP among all next hops of hybrid spoke dynamic routes if some hybrid spokes have site-to-site data transfer enabled but other hybrid spokes have site-to-site data transfer disabled. If dynamic routes with a common destination are in hybrid spokes without matching site-to-site data transfer settings, next hops for site-to-site data transfer or for connectivity between VPC spokes and on-premises networks might not be what you expect.
  • Dynamic route and static route interaction rules: Within a routing VPC network, for each unique dynamic route destination that has a next hop in a hybrid spoke, you must ensure that no local static routes exist, regardless of priority, whose destinations exactly match or fit within the dynamic route destination.
    • If a local static route in the routing VPC network has the same destination as a hybrid spoke dynamic route, VPC spokes might lose connectivity to the dynamic route destination.
    • If a local static route in a routing VPC network has a destination that fits within the destination of a hybrid spoke dynamic route, VPC spokes lose connectivity to the static route destination.
Spanner

The Spanner index advisor is Generally Available in both GoogleSQL and PostgreSQL-dialect databases. The index advisor analyzes your queries to recommend new indexes or changes to existing indexes to improve the performance of your queries. For more information, see Use the Spanner index advisor.

Spanner supports new SERIAL and AUTO_INCREMENT DDL syntax. SERIAL is available in PostgreSQL-dialect databases and AUTO_INCREMENT is available in GoogleSQL. They streamline the ability to generate IDENTITY columns as primary keys. For more information, see SERIAL and AUTO_INCREMENT.

January 29, 2025

Cloud Billing

Tags data for BigTable instances is available in both the Standard usage cost export and the Detailed usage cost export.

To learn more about Tags, see Tags overview. To learn about using Tags in your cost data exported to BigQuery, see more about tags and query examples with tags.

Cloud Data Fusion

The SAP OData plugin version 0.11.6 is available in Cloud Data Fusion version 6.8.0 and later. This release includes the following change:

Fixed an issue causing pipeline deployments to fail due to SAP memory dumps when processing large datasets with macro filters: ERROR Stage 'SAP OData' encountered : CDF_SAP_ODATA_01534 - Service validation failed. Root Cause:Invalid parametertype used at function.

Compute Engine

Preview: You can now modify which machine types are recommended, so that the generated recommendations only include your preferred machine series. You can also change the metrics used to generate memory recommendations to improve the accuracy of the recommendations. For more information, see Configure machine type recommendations.

Eventarc

To help ensure CMEK usage across an organization, Eventarc Advanced and Eventarc Standard are integrated with two organization policy constraints.

Generative AI on Vertex AI

New Imagen 3 image generation model available to users

A newer improved Imagen 3 image generation model is now available to all users:

  • imagen-3.0-generate-002

This image generation model supports the following additional features:

  • Prompt enhancement - The LLM-based prompt rewriter tool adds additional details and descriptive language to the prompt you provide, generally resulting in higher quality generated images. This feature is configurable and is enabled by default.

For more information, see Imagen on Vertex AI model versions and lifecycle and Generate images using text prompts.

Google Kubernetes Engine

(2025-R04) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.5-gke.1023000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1143000
    • 1.30.8-gke.1261000
    • 1.30.8-gke.1282000
    • 1.31.4-gke.1256000
    • 1.32.1-gke.1002000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1372000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

Regular channel

  • Version 1.31.4-gke.1256000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1128000
    • 1.31.4-gke.1183000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1162000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

Stable channel

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1342000
    • 1.29.10-gke.1280000
    • 1.30.5-gke.1713000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1051000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

Extended channel

  • Version 1.31.4-gke.1256000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2122000
    • 1.27.16-gke.2270000
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1128000
    • 1.31.4-gke.1183000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2142000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

No channel

(2025-R04) Version updates

  • Version 1.31.5-gke.1023000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1503000
    • 1.29.12-gke.1143000
    • 1.30.8-gke.1261000
    • 1.30.8-gke.1282000
    • 1.31.4-gke.1256000
    • 1.32.1-gke.1002000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1372000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1612000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1270000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.9-gke.1009000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1372000 with this release.

(2025-R04) Version updates

  • Version 1.31.4-gke.1256000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1128000
    • 1.31.4-gke.1183000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1162000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

(2025-R04) Version updates

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Stable channel.
  • The following versions are now available in the Stable channel:
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1342000
    • 1.29.10-gke.1280000
    • 1.30.5-gke.1713000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.8-gke.1051000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

(2025-R04) Version updates

  • Version 1.31.4-gke.1256000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2122000
    • 1.27.16-gke.2270000
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1128000
    • 1.31.4-gke.1183000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2142000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

(2025-R04) Version updates

reCAPTCHA

reCAPTCHA Mobile SDK v18.7.0 is now available for Android.

This version contains a dependency on com.google.android.gms:play-services-recaptchabase for enhanced detection.

January 28, 2025

BigQuery

You can now view stored column usage information for a query job that performs vector search using stored columns. This feature is generally available (GA).

Cloud Composer

Java Runtime in Airflow workers and schedulers is updated from version 17 to version 21.

Fixed a problem where synchronization between the environment's bucket and Airflow components failed because incorrect objects in the bucket were not ignored.

(Cloud Composer 3) Fixed an issue with KubernetesPodOperator failing to run properly when do_xcom_push was set to True.

(Available without upgrading) Starting from Cloud Composer version 2.11.0 with Airflow 2.10.2 and 2.9.3, the enable_task_context_logger Airflow configuration option is no longer blocked.

Terminating Airflow workers now generate log messages with information about still running tasks.

Fixed an issue where log messages were incorrectly formatted for non-string content, such as dictionaries and numbers.

(Available without upgrading) In Cloud Composer 2 and Cloud Composer 1, a more meaningful error message is produced when the Composer Service Agent account doesn't have necessary permissions to access the network during the environment creation.

(Available without upgrading) In Cloud Composer 3, fixed an issue where deleting an environment with an attached VPC network failed if the project accept list of the network attachment was cleared manually.

(Cloud Composer 3) The zone in the Environment.config.node_config.location field is no longer populated in the Cloud Composer API.

(Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 10.1.0 in Cloud Composer 2 images and Cloud Composer 3 builds. For more information about changes, see the apache-airflow-providers-cncf-kubernetes changelog from version 10.0.1 to version 10.1.0.

(Airflow 2.10.2 and 2.9.3) The following preinstalled provider packages were upgraded to new major versions:

  • apache-airflow-providers-apache-beam upgraded from 5.9.1 to 6.0.0
  • apache-airflow-providers-dbt-cloud upgraded from 3.11.2 to 4.0.0
  • apache-airflow-providers-hashicorp upgraded from 3.8.0 to 4.0.0
  • apache-airflow-providers-http upgraded from 4.13.3 to 5.0.0
  • apache-airflow-providers-mysql upgraded from 5.7.4 to 6.0.0
  • apache-airflow-providers-sendgrid upgraded from 3.6.0 to 4.0.0
  • apache-airflow-providers-sqlite upgraded from 3.9.1 to 4.0.0
  • apache-airflow-providers-ssh upgraded from 3.14.0 to 4.0.0

(Airflow 2.10.2 and 2.9.3) The following preinstalled packages were downgraded:

  • certifi downgraded from 2024.12.14 to 2024.8.30.
  • charset-normalizer downgraded from 3.4.1 to 3.4.0.
  • cryptography downgraded from 44.0.0 to 43.0.3.
  • filelock downgraded from 3.16.1 to 3.15.4.
  • google-auth downgraded from 2.37.0 to 2.35.0.
  • keyring downgraded from 25.6.0 to 25.5.0.
  • urllib3 downgraded from 2.3.0 to 2.2.3.
  • zipp downgraded from 3.21.0 to 3.20.2.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.7 (default)
  • composer-3-airflow-2.9.3-build.14

New images are available in Cloud Composer 2:

  • composer-2.11.1-airflow-2.10.2 (default)
  • composer-2.11.1-airflow-2.9.3

Cloud Composer version 2.5.5 has reached its end of support period.

Cortex Framework

Updated the Cortex libraries for Meta to use v21.0 of the Meta Marketing API.

Dataplex

Aspect-only metadata import for Dataplex Catalog metadata is generally available (GA). Use an aspect-only metadata job to incrementally modify aspects, without modifying other metadata that belongs to entries in the job's scope. For more information, see Import metadata using a custom pipeline.

Google SecOps

Environment groups

This feature lets you group environments into logical categories, making it easier to manage your company or your customers as an MSSP.

You can use environment groups for adding users, mapping IdP user groups, creating new playbooks, and applying case filters on the platform.
For more information about how to create groups of environments, see Create environment groups.

Adding individual emails to IdP group mapping page

Customers who use Cloud Identity Provider can map individual user emails on the IdP group mapping page.

Added instructions on how to add SIEM-only or SOAR-only users to Google SecOps

For details about how to grant permission to specific users to use only the SIEM features in Google SecOps or only the SOAR features of Google SecOps, see Add SIEM or SOAR users.

Google SecOps SIEM

Environment groups

This feature lets you group environments into logical categories, making it easier to manage your company or your customers as an MSSP.

You can use environment groups for adding users, mapping IdP user groups, creating new playbooks, and applying case filters on the platform.
For more information about how to create groups of environments, see Create environment groups.

Adding individual emails to IdP group mapping page

Customers who use Cloud Identity Provider can map individual user emails on the IdP group mapping page.

Added instructions on how to add SIEM-only or SOAR-only users to Google SecOps

For details about how to grant permission to specific users to use only the SIEM features in Google SecOps or only the SOAR features of Google SecOps, see Add SIEM or SOAR users.

NetApp Volumes

Google Cloud NetApp Volumes now supports Managed Service for Microsoft Active Directory. For more information, see Connect to Managed Service for Microsoft Active Directory.

Google Cloud NetApp Volumes now supports user and group quotas. For more information, see Volume user and group quotas.

Spanner

You can now downgrade your Spanner instance to a lower-tier edition. For more information, see Downgrade the edition.

Workflows

Workflows doesn't support HTTP requests to the IP-based endpoints of Google Kubernetes Engine cluster control planes. To ensure that your workflow functions as expected, you must access the DNS-based endpoints. For more information about the scope and impact, see the service announcement.

January 27, 2025

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Go

Changes for bigquery/storage/apiv1beta1

1.66.0 (2025-01-20)

Features
  • bigquery/storage/managedwriter: Graceful connection drains (#11463) (b29912f)
Bug Fixes
  • bigquery: Update golang.org/x/net to v0.33.0 (e9b0b69)

Python

Changes for google-cloud-bigquery

3.29.0 (2025-01-21)

Features
  • Add ExternalCatalogTableOptions class and tests (#2116) (cdc1a6e)
Bug Fixes
  • Add default value in SchemaField.from_api_repr() (#2115) (7de6822)

The following BigQuery ML generative AI features are now available:

Try these features with the Generate text by using the ML.GENERATE_TEXT function how-to topic and the
Generate text by using a Gemma open model and the ML.GENERATE_TEXT function tutorial.

These features are generally available (GA).

We previously communicated that after January 27, 2025, a purchase would be required to use Gemini in BigQuery features. We are temporarily delaying enforcement of these procurement methods, and no purchase is required at this time. For more information, see Gemini for Google Cloud pricing.

You can now set conditional IAM access on BigQuery datasets with access control lists (ACLs). This feature is generally available (GA).

Cloud Composer

January 31, 2025 update: The issue is resolved.

(Cloud Composer 3 only) We are currently experiencing an issue with upgrading Airflow builds for Cloud Composer 3 in asia-south1, asia-northeast2, europe-west1, europe-west3, europe-north1 regions.

The upgrades are temporarily disabled as we continue our work to restore the listed functionalities. We will release an additional announcement after the issue is resolved.

Cloud SQL for SQL Server

Transaction logs associated with point-in-time-recovery (PITR) operations for all Cloud SQL for SQL Server instances are now stored in Cloud Storage. On May 31, 2024, Google Cloud launched support for PITR transaction log storage in Cloud Storage. Since then, Google Cloud has run a transparent migration of these transaction logs to Cloud Storage for all instances created prior to the launch date. This migration is now complete.

Note: If your Cloud SQL for SQL Server instance is on the old network architecture, the transaction logs for PITR may still remain on disk until migrated to the new network architecture. To verify the storage of your instance's transaction logs for PITR, see Check the storage location of transaction logs used for PITR.

Container Optimized OS

cos-105-17412-535-34

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.

Upgraded sys-apps/file to v5.46-r2.

Update NVIDIA GPU drivers to v535.230.02 for R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Fixed CVE-2024-49996 in the Linux kernel.

Fixed CVE-2024-50055 in the Linux kernel.

Fixed CVE-2024-57841 in the Linux kernel.

Fixed CVE-2024-57890 in the Linux kernel.

Fixed CVE-2024-55916 in the Linux kernel.

Fixed CVE-2024-56779 in the Linux kernel.

Fixed CVE-2024-56615 in the Linux kernel.

Fixed KCTF-5eb7de8 in the Linux kernel.

Fixed KCTF-f8d4bc4 in the Linux kernel.

Fixed CVE-2024-53206 in the Linux kernel.

Fixed CVE-2024-50121 in the Linux kernel.

Fixed CVE-2024-56601 in the Linux kernel.

Fixed CVE-2024-56600 in the Linux kernel.

Fixed CVE-2024-53173 in the Linux kernel.

Fixed CVE-2024-53140 in the Linux kernel.

Fixed CVE-2024-53136 in the Linux kernel.

Fixed CVE-2024-53113 in the Linux kernel.

Fixed CVE-2024-53119 in the Linux kernel.

Fixed CVE-2024-53121 in the Linux kernel.

Fixed CVE-2024-53142 in the Linux kernel.

Fixed CVE-2024-50275 in the Linux kernel.

Fixed CVE-2024-56763 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812682 -> 812681

cos-117-18613-164-4

Kernel Docker Containerd GPU Drivers
COS-6.6.72 v24.0.9 v1.7.24 See List

This is an LTS Refresh release.

Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.

Upgraded app-containers/docker-credential-gcr to v2.1.25.

Upgraded app-admin/google-osconfig-agent to v20240927.00.

Upgraded app-emulation/cloud-init to v23.4.4.

Upgraded sys-apps/file to v5.46-r2.

Upgraded dev-python/configobj to v5.0.9.

Upgraded dev-libs/nss to v3.105.

Upgraded dev-db/sqlite to v3.46.1.

Upgraded app-arch/lz4 to v1.10.0-r1.

Upgraded sys-apps/gentoo-functions to v1.7.2.

Upgraded net-libs/libtirpc to v1.3.5.

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Fixed CVE-2024-53166 in the Linux kernel.

Fixed CVE-2024-54683 in the Linux kernel.

Fixed CVE-2024-57841 in the Linux kernel.

Fixed CVE-2024-57890 in the Linux kernel.

Fixed CVE-2024-56369 in the Linux kernel.

Fixed CVE-2024-56617 in the Linux kernel.

Fixed CVE-2024-55916 in the Linux kernel.

Fixed CVE-2024-56615 in the Linux kernel.

Fixed CVE-2024-56779 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811796 -> 811776

cos-dev-121-18849-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.72 v25.0.7 v2.0.2 See List

Updated google-osconfig-agent to v20250121.00.

Updated app-containers/containerd to v2.0.2.

Updated app-admin/oslogin to v20241216.00.

Updated app-containers/runc to v1.2.4.

Upgraded dev-lang/go to v1.23.5.

Upgraded net-misc/openssh to v9.9.

Added support for nftables flow offload and the flowtable infrastructure.

Upgraded app-admin/google-guest-agent to v20250117.00.

Upgraded app-admin/google-guest-configs to v20250116.00.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r656.

Upgraded chromeos-base/debugd-client to v0.0.1-r2725.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2816.

Upgraded chromeos-base/shill-client to v0.0.1-r4812.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2960.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2469.

Upgraded net-dns/c-ares to v1.34.4.

Upgraded sys-apps/file to v5.46-r2.

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded net-misc/curl to version 8.11.1-r2. This fixes CVE-2024-11053.

Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Runtime sysctl changes:

  • Changed: fs.file-max: 811767 -> 811821

cos-113-18244-291-20

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.

Upgraded sys-apps/file to v5.46-r2.

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Upgraded net-misc/curl to version 8.11.1-r2. Fixes CVE-2024-11053.

Upgraded dev-libs/libxml2 to version 2.12.9. This fixes CVE-2024-40896.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Fixed KCTF-8ea6073 and CVE-2024-50164 in the Linux kernel.

Fixed CVE-2024-49926 in the Linux kernel.

Fixed CVE-2024-57841 in the Linux kernel.

Fixed CVE-2024-57890 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812035 -> 812045

cos-109-17800-436-14

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

Added NVIDIA GPU drivers R565 branch - Update R565, latest driver to v565.57.01.

Upgraded sys-apps/file to v5.46-r2.

Update NVIDIA GPU drivers to v535.230.02 for default/R535 and v550.144.03 for R550 for all GPUs. This resolves CVE-2024-53869, CVE-2024-0150, CVE-2024-0149, CVE-2024-0147 and CVE-2024-0131.

Upgraded dev-go/crypto to v0.31.0. This fixes CVE-2024-45337.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim.

Fixed CVE-2024-45306 and CVE-2024-47814 in vim-core.

Fixed KCTF-8ea6073 and CVE-2024-50164 in the Linux kernel.

Fixed CVE-2024-49926 in the Linux kernel.

Fixed CVE-2024-53128 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812258 -> 812276

Document AI

For processor versions pretrained-foundation-model-v1.2-2024-05-10 and pretrained-foundation-model-v1.3-2024-08-31 custom extractors, customer-managed encryption keys (CMEK) is now supported when importing fine-tuned processor versions.

For more information, see Import processor versions.

NetApp Volumes

Flex service level now supports Backups feature in Preview. For more information, see About NetApp Volumes.

Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/pubsub

4.10.0 (2025-01-13)

Features
  • Add Kafka-based sources to IngestionDataSourceSettings proto and IngestionFailureEvent proto (#2007) (08d00a1)
Bug Fixes
  • deps: Update dependency @opentelemetry/semantic-conventions to ~1.28.0 (#2001) (c8e5811)

Python

Changes for google-cloud-pubsub

2.27.3 (2025-01-24)

Bug Fixes
  • Stop using api_core default timeouts in publish since they are broken (#1326) (ba2c2ee)
SAP on Google Cloud

ABAP SDK for Google Cloud version 1.9 (On-premises or any cloud edition)

Version 1.9 of the on-premises or any cloud edition of the ABAP SDK for Google Cloud is generally available (GA). In addition to supporting more Google Cloud APIs and few other enhancements, this version introduces the BigQuery Toolkit for SAP – a dedicated tool to replicate data to BigQuery from within your SAP environment using ABAP.

For more information, see What's new with the on-premises or any cloud edition of the ABAP SDK for Google Cloud.

Spanner

Spanner supports the SELECT…FOR UPDATE query syntax in GoogleSQL and PostgreSQL-dialect databases. When you use the SELECT query to scan a table, add a FOR UPDATE clause to enable exclusive locks on the scanned data in order to reduce aborts for workloads that operate on the same data concurrently. This is similar to the LOCK_SCANNED_RANGES hint (GoogleSQL and PostgreSQL). For more information, see Use SELECT… FOR UPDATE.

Speech-to-Text

Speech-to-Text is generally available (GA) in the Chirp 2 model in asia-southeast1, us-central1, and europe-west4.

For more information about the Chirp 2 model, see Chirp 2: Enhanced multilingual accuracy. For code samples, see Get started with Chirp 2 using Speech-to-Text V2 SDK in GitHub.

Virtual Private Cloud

VPC Flow Logs metadata annotations include InstanceGroupDetails. This feature is available in General Availability.

There is a known issue with global access endpoints that access services that are published by using internal passthrough Network Load Balancers or internal protocol forwarding (target instances). Private Service Connect doesn't validate that the global access setting on the endpoint matches the setting on the producer's load balancer. We recommend the following:

  • If you're a service consumer, only enable global access on an endpoint if you know that the producer's load balancer is configured for global access. For more information, see endpoint Known issues.

  • If you're a service producer whose services are hosted on internal passthrough Network Load Balancers or internal protocol forwarding (target instances), and those services are accessed through global access endpoints, ensure that global access is enabled on your services' load balancers. For more information, see published services Known issues.

January 26, 2025

Google SecOps

Security Enhancement
As of February 10, 2025, concurrent logins to Google SecOps with multiple user accounts using the same browser profile will no longer be supported. Use separate browser profiles or an incognito/private window for each account.

Google SecOps SIEM

Security Enhancement
As of February 10, 2025, concurrent logins to Google SecOps with multiple user accounts using the same browser profile will no longer be supported. Use separate browser profiles or an incognito/private window for each account.

Google SecOps SOAR

Release 6.3.31 is now in General Availability.

SAP on Google Cloud

SAP HANA: support for deploying HA clusters with the SAPHanaSR-angi package

To enable you to use the SAPHanaSR Advanced Next Generation Interface (SAPHanaSR-angi) package with your SAP HANA HA clusters on SLES 15 SP6 for SAP, or later, we've done the following:

January 25, 2025

Google SecOps SOAR

Release 6.3.32 is currently in Preview. This release contains internal and customer bug fixes.

January 24, 2025

Apigee X

On January 24, 2025, we released an updated version of Apigee (1-14-0-apigee-4).

Bug ID Description
372248577 Fixed issue causing system.pod.name flow variable to return null.
N/A Updates to security infrastructure and libraries.
App Hub

App Hub support is available in the europe-southwest1 (Madrid, Spain) region.

Backup and DR

For updates to the backup appliance, a default window now exists to schedule non disruptive patch updates. (Disruptive updates do not get the default window.) You will now receive notifications 2 weeks , 1 week and 24 hours before the scheduled update after which the appliance will be automatically updated. An option to reschedule non disruptive patch updates is also available.

Fixes for SAP HANA Persistent Disk Snapshots

  • Enhancing imports of log images: Log images can now be imported correctly with the right recovery range. Enabled importing log images without having to take the ownership of the images. Fixed the workflow for importing on the source management server instance and another new management server instance.

  • UI fixes for point-in-time recovery from imported images: Imported images appear in the remote snapshot lane in access view, populating correct recovery range for imported images, populating recovery time in restore operation request, adding archive log mount point location in restore page, disabling Replace Original Application Identity for remote images, mount page waiting indefinitely for imported image, adding import PD snapshot option in application page, enabling host selection drop-downs for replication cluster etc.

  • BA fixes: Issues with uploading metadata for replication clusters and with point-in-time recovery from imported images were fixed.

Fixes for Oracle databases backed up to OnVault and backup vault

  • Hosts from both source and remote backup appliances are now listed in the restore page. For cases when no host is reachable or the primary backup appliance is down, the UI was improved by showing a spinning wheel to avoid waiting for longer than necessary while attempting to restore from an imported image.

  • A Replace Original Application Identity option has been added for Oracle traditional restore functionality.

The following CVEs have been addressed in this release: CVE-2024-38286, CVE-2019-9636, CVE-2023-5178, CVE-2020-14343, CVE-2021-29921, CVE-2019-7164, CVE-2020-27619, CVE-2018-20060, CVE-2019-20477, CVE-2019-9948, CVE-2020-1747, CVE-2021-3177, CVE-2022-42919, CVE-2024-0565, CVE-2015-20107, CVE-2023-51042, CVE-2020-10878, CVE-2023-6546, CVE-2022-0391, CVE-2022-45884, CVE-2021-33631, CVE-2020-10543, CVE-2019-20907, CVE-2023-3812, CVE-2019-11324, CVE-2022-45919, CVE-2023-6931, CVE-2024-1086, CVE-2021-43818, CVE-2021-33503, CVE-2020-26116, CVE-2019-20916, CVE-2023-2163, CVE-2021-42771, CVE-2022-45886, CVE-2021-3737, CVE-2023-52425, CVE-2018-18074, CVE-2021-27291, CVE-2021-20270, CVE-2023-24329, CVE-2019-18874, CVE-2019-16056, CVE-2019-7548, CVE-2021-3572, CVE-2019-9740, CVE-2021-23336, CVE-2020-14422, CVE-2021-3426, CVE-2023-1192, CVE-2022-38096, CVE-2023-6135, CVE-2020-8492, CVE-2020-27783, CVE-2020-28493, CVE-2023-46218, CVE-2021-4189, CVE-2020-26137, CVE-2021-3733, CVE-2019-16935, CVE-2021-28957, CVE-2018-20852, CVE-2019-11236, CVE-2019-9947, CVE-2020-28241, CVE-2023-5388, CVE-2023-28322 CVE-2022-48624, CVE-2023-38546, CVE-2021-20095

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, Search (SearchAllResources, SearchAllIamPolicies), and analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Cloud Storage
    • storageinsights.googleapis.com/ReportConfig
    • storageinsights.googleapis.com/ReportDetail
Cloud Composer

The following recently released Cloud Composer 3 Airflow builds and Cloud Composer 2 versions are rolled back and aren't available for creating and upgrading existing environments. We will roll out new builds in the next release.

  • composer-2.11.0-airflow-2.10.2
  • composer-2.11.0-airflow-2.9.3
  • composer-3-airflow-2.10.2-build.6
  • composer-3-airflow-2.9.3-build.13
Cloud Load Balancing

Changes to RSA certificate requirements coming April 28, 2025

We're changing how Application Load Balancers establish TLS connections to backends. This change fixes a problem where the keyUsage extension of RSA certificates is not being validated consistently and might allow a certificate that should have been rejected based on the keyUsage configuration.

What you need to do

Starting April 28, 2025, RSA certificates that don't meet the keyUsage configuration requirements will no longer be considered valid for establishing TLS connections. We recommend that you check whether your backends' RSA certificates are invalid, and replace them with valid certificates if needed.

A valid RSA certificate is one that has the X509v3 Key Usage extension and includes both the Digital Signature and Key Encipherment parameters.

To identify an invalid RSA certificate, perform the following steps:

  1. First confirm that the certificate type is RSA by running the following command.

    openssl x509 -text -in cert.crt | grep "Public Key Algorithm".

    For RSA certificates, this should output rsaEncryption. If it is a non-RSA certificate (for example, EC), you don't need to take any more action at this time.

  2. If it is an RSA certificate, examine the Key Usage configuration by running the following command:

    openssl x509 -text -in cert.crt | grep -A1 "X509v3 Key Usage"

    For a valid RSA certificate, the correct value is Digital Signature, Key Encipherment. If either of these values is not present, the RSA certificate is invalid.

For more information about the X.509 certificate format, see RFC 5280 Key Usage.

Cloud Run

You can now use dual-stack subnets with internal IPv6 to let your Cloud Run services and jobs send IPv4 and internal IPv6 traffic to a VPC network with Direct VPC egress. (Preview)

Cloud Trace

The Trace Explorer page in the Google Cloud console has been refreshed. The new page aggregates and displays information about spans using visualizations like heatmaps. You can use menus to apply filters and to group traces by span and service name. You can also explore individual traces and share traces. For more information, see the following documents:

Introducing trace scopes. Trace scopes are persistent, project-level resources that the Trace Explorer page uses to determine which projects to search for trace data. You can create, edit, and delete trace scopes. You can also set one trace scope as the default trace scope, which determines the projects that the Trace Explorer searches when the page is opened.

For more information, see the following documents:

Compute Engine

Preview: To prevent data loss or corruption when a compute instance is stopped, you can enable graceful shutdown in the instance. This setting gives the guest OS up to one hour to finish running tasks. Gracefully shutting down an instance is helpful when, for example, your database needs time to complete active transactions, your multiplayer session needs time to end properly, or you want to cleanly shutdown a high performance computing (HPC) job.

For more information, see the following pages:

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.129-debian10, 2.0.129-rocky8, 2.0.129-ubuntu18
  • 2.1.77-debian11, 2.1.77-rocky8, 2.1.77-ubuntu20, 2.1.77-ubuntu20-arm
  • 2.2.43-debian12, 2.2.43-rocky9, 2.2.43-ubuntu22

Dataproc cluster caching now supports ARM images.

Zeppelin component added to 2.1-Ubuntu20-arm images.

Google Distributed Cloud (software only) for bare metal

Release 1.28.1400-gke.79

Google Distributed Cloud for bare metal 1.28.1400-gke.79 is now available for download. To upgrade, see Upgrade clusters. Google Distributed Cloud for bare metal 1.28.1400-gke.79 runs on Kubernetes 1.28. This is the final patch for the 1.28 minor release.

After a release, it takes approximately 7 to 14 days for the version to become available for installations or upgrades with the GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

If you use a third-party storage vendor, check the Ready storage partners document to make sure the storage vendor has already passed the qualification for this release of Google Distributed Cloud for bare metal.

This release includes many vulnerability fixes. For a list of all vulnerabilities fixed in this release, see Vulnerability fixes.

For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

Security Command Center

Risk Engine, which generates attack exposure scores and attack paths for your high-value resources, now supports the spanner.googleapis.com/Instance resource type.

For more information, see Resource types supported in high-value resource sets.

Service Health

Incident reports are available in Personalized Service Health.

Vertex AI Agent Builder

Vertex AI Search: Identity mapping store (GA)

You can map your identity provider (IDP) to external identities from third-party applications that aren't managed by your identity provider. This information allows Google to enforce access control correctly by syncing users from your IDP and third-party applications. For more information, see the IdentityMappingStore resource in the API docs.

January 23, 2025

App Hub Application Integration

Deprecation of Rhino engine for JavaScript Task

Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. All existing published JavaScript tasks will continue to use Rhino and can be migrated to V8 manually. Newly created JavaScript tasks will exclusively use V8.

For more information, see JavaScript execution engine. This deprecation is related with CVE-2025-0982.

You will not be able to use the Send email task in your integrations if you have enabled VPC service perimeter for the Application Integration service.

Dataproc Dialogflow

The Conversational Agents console has launched for preview to create agents that can use a combination of generative and deterministic features. See how we intend on migrating to this new console.

Document AI

Effective January 27, 2025, new and existing processors require explicit storage.objects.get permissions to access Google Cloud Storage buckets for training dataset imports and offline/batch processing.

You will need to review your use of training dataset imports and offline/batch processing to verify that the users of these APIs have appropriate permissions to access Google Cloud Storage buckets.

Ensure that users of these APIs have been granted one of the predefined or legacy Cloud Storage roles that includes the storage.objects.get permission (such as Storage Object Viewer). You can assign these roles in the Permissions tab of the relevant Cloud Storage bucket.

We understand that this update requires planning, but we're here to support you during this process. If you have questions or need assistance, contact Google Cloud support.

Google Cloud VMware Engine

Google Cloud VMware Engine Committed use discounts (CUD) are now managed exclusively in the VMware Engine section of the Google Cloud console. For more details, see VMware Engine CUDs documentation.

Google Kubernetes Engine

(2025-R03) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1162000
    • 1.30.8-gke.1224000
    • 1.31.4-gke.1183000
    • 1.32.0-gke.1709000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1256000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

Regular channel

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1162000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1128000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

Stable channel

Extended channel

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2081000
    • 1.27.16-gke.2246000
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1162000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2122000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

No channel

Starting with GKE version 1.32.1-gke.1002000, the default OS image for Ubuntu is updated from Ubuntu 22.04 to Ubuntu 24.04.

User-managed firewall rules for GKE LoadBalancer Services is now generally available on GKE clusters running version 1.31.3-gke.1056000 or later. By allowing user-managed firewall rules for GKE LoadBalancer Services, advanced firewall policies can now be configured to control ingress traffic to your GKE Services exposed with passthrough network load balancers. To learn more, see User-managed firewall rules for GKE LoadBalancer Services.

You can now customize a node system configuration with the following new kubelet and sysctl configuration options:

  • Kubelet

    • containerLogMaxSize
    • containerLogMaxFiles
    • imageGcLowThresholdPercent
    • imageGcHighThresholdPercent
    • imageMinimumGcAge
    • imageMaximumGcAge (1.30.7-gke.1076000 and later, 1.31.3-gke.1023000 and later)
    • allowedUnsafeSysctls (1.32.0-gke.1448000 and later)

  • Sysctl

    • kernel.shmmni
    • kernel.shmmax
    • kernel.shmall
    • net.netfilter.nf_conntrack_acct (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_max (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_buckets (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_tcp_timeout_close_wait (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_tcp_timeout_established (1.32.0-gke.1448000 and later)
    • net.netfilter.nf_conntrack_tcp_timeout_time_wait (1.32.0-gke.1448000 and later)

To learn more, see Kubelet configuration options and Sysctl configuration options.

(2025-R03) Version updates

  • Version 1.31.4-gke.1372000 is now the default version for cluster creation in the Rapid channel.
  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1480000
    • 1.29.12-gke.1120000
    • 1.30.8-gke.1162000
    • 1.30.8-gke.1224000
    • 1.31.4-gke.1183000
    • 1.32.0-gke.1709000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.27 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.4-gke.1256000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.28 to version 1.28.15-gke.1503000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.29.12-gke.1143000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1261000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.4-gke.1256000 with this release.

(2025-R03) Version updates

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1162000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1128000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

(2025-R03) Version updates

(2025-R03) Version updates

  • Version 1.31.4-gke.1183000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2081000
    • 1.27.16-gke.2246000
    • 1.28.15-gke.1435000
    • 1.29.12-gke.1055000
    • 1.30.8-gke.1051000
    • 1.31.3-gke.1162000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2122000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1480000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1120000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1128000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.4-gke.1183000 with this release.

(2025-R03) Version updates

Google SecOps

The Google SecOps team identified that a cloud threat detection rule pack (azure-defender-for-cloud-vm-extensions) was inadvertently made available to all customers. The licensing requirements restrict the availability of this rule pack to only Enterprise and Enterprise+ customers and this has been corrected.

This change should not remove any prior detections for customers who have enabled this rule pack and do not meet the licensing requirements but the rules themselves will now be unavailable and no new detections will generate.

The following new YARA-L 2.0 functions are available in Rules and Search:

  • arrays.concat
  • arrays.join_string
  • arrays.max
  • arrays.min
  • arrays.size
  • arrays.index_to_int
  • cast.as_bool
  • cast.as_float
  • math.ceil
  • math.floor
  • math.geo_distance
  • math.is_increasing
  • math.pow
  • math.random
  • strings.contains
  • strings.count_substrings
  • strings.extract_domain
  • strings.extract_hostname
  • strings.from_hex
  • strings.ltrim
  • strings.reverse
  • strings.rtrim
  • strings.trim
  • strings.url_decode
  • timestamp.as_unix_seconds
  • timestamp.now

The following new YARA-L 2.0 functions are available in Rules:

  • hash.sha256
  • window.avg
  • window.first
  • window.last
  • window.median
  • window.mode
  • window.stddev
  • window.variance

Details on function signatures and behavior can be found in YARA-L2.0 Function Syntax Reference Documentation

The prioritization logic of Applied Threat Intelligence (ATI) rule set has been improved to remove alerts from events that have a specified security result action of BLOCKED or QUARANTINED. This change only impacts the IP address indicator types for both High and Active Breach priority. For more information, see View details about rule sets.

After July 2025, the Enterprise Insights page and the CBN alerts will no longer be available. Use the Alerts and IOCs page to view the alerts. We recommend that you migrate the existing CBN alerts to the YARA-L detection engine.

Looker Studio

Correction

The Modern charts in preview feature description was removed from release notes on January 29, 2025.

Pivot sort by any

Users can sort a pivot table by any metric or calculated field in a data source.

Is Any filter condition option for Looker data sources

Previously, when the value of some filter parameters was left blank in a Looker data source's underlying LookML, Looker Studio would interpret the blank value incorrectly. With the addition of the Is Any filter condition option, Looker Studio treats blank LookML filter values as expected by assigning those filters a default condition that allows any value.

Learn more about how Looker Studio interprets LookML filters.

NetApp Volumes

Google Cloud NetApp Volumes now supports Customer Managed Encryption Keys (CMEK) for large capacity volumes. For more information, see About CMEK.

January 22, 2025

BigQuery

BigQuery metastore lets you access and manage metadata from a variety of processing engines, including BigQuery and Apache Spark. BigQuery metastore supports BigQuery tables and open formats such as Apache Iceberg. This feature is in preview.

Cloud Interconnect

Dedicated Interconnect and Cross-Cloud Interconnect VLAN attachments support maximum bandwidths up to 100 Gbps. For more information, see Limits.

Cloud Run

The Cloud Run Builder (roles/run.builder) IAM role is now available in preview. When deploying a service or function from source, grant this role to the Compute Engine default service account that builds your Cloud Run resource.

Gemini Code Assist

IntelliJ Gemini Code Assist now provides citations in Gemini Chat. When you insert code from the Gemini Code Assist chat pane, and the code has citations, those citations are displayed in the editor.

Admins can now block all suggestions containing citations during code completion, generation, and chat conversation for VS Code Gemini Code Assist. If the admin level citations block is enabled, the local citations size limit is set to 0.

Generative AI on Vertex AI

LangChain on Vertex AI

Billing for LangChain on Vertex AI will start on March 4, 2025.

The pricing structure is based on vCPU hours and GiB hours used. This means that you will be charged for both the compute (vCPU) and memory resources consumed by your LangChain on Vertex AI workloads.

You can review the pricing details in the table below.

Product SKU ID Price
ReasoningEngine vCPU 8A55-0B95-B7DC $0.0994/vCPU-Hr
ReasoningEngine Memory 0B45-6103-6EC1 $0.0105/GiB-Hr
Google Cloud Architecture Center

(New guide) Optimize AI and ML workloads with Parallelstore: Learn how to optimize performance for artificial intelligence (AI) or machine learning (ML) workloads with parallel file system storage by using Parallelstore.

Memorystore for Redis Cluster

Added support for on-demand and automated backups.

January 21, 2025

BigQuery

In BigQuery ML, you can now evaluate Anthropic Claude models by using the ML.EVALUATE function. The quotas for use of Anthropic Claude models in BigQuery ML have also been brought into parity with Vertex AI quotas.

This feature is in preview.

You can use natural language to prepare data with Gemini in BigQuery.

Data preparation in BigQuery lets you test data preparations you're developing before you deploy and schedule runs in production. For more information, see Develop a data preparation.

Cloud Build

You can now map specific build log fields to log entry fields when the build log is sent to Cloud Logging. For more information, see Map build log fields to log entry fields.

Cloud Data Fusion

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Data Fusion resources. For more information, see Create custom organization policy constraints.

Cloud Healthcare API

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

Cloud Logging

On April 22, 2025, Cloud Logging will replace the single, global quota for the number of calls to write log entries with a set of volume-based regional quotas. For more information, see Logging API quotas and limits.

Dataflow

Managed I/O now supports automatic upgrades for supported I/O connectors. Using this feature, Dataflow pipelines automatically use the latest reliable version of the connector. This feature is generally available (GA). For more information, see Dataflow managed I/O.

Generative AI on Vertex AI

Anthropic's Claude 3 Sonnet that is offered as a Model as a Service (MaaS) model in Model Garden is deprecated. For details, see Generative AI on Vertex AI deprecations.

Google Kubernetes Engine

You can now use A3 Ultra VM powered by NVIDIA H200 Tensor Core GPUs with our new Titanium ML network adapter, which delivers non-blocking 3.2 Tbps of GPU-to-GPU traffic with RDMA over Converged Ethernet (RoCE).

A3 Ultra VMs are generally available in the a3-ultragpu-8g machine type and can be used through both the modes of operation in Google Kubernetes Engine (GKE):

Google SecOps

The following rules have been moved from "Precise" to "Broad" in their associated rule packs due to high alert volume across the Google SecOps customer base.

  • GCP Workspace Data Exfil Drive:
    • Suspicious Workspace Actions Observed after a Successful Suspicious Login
  • GCP Suspicious Infrastructure Change:
    • Replacement of Existing Compute Machine Image
    • Replacement of Existing Compute Disk
  • GCP Cloud SQL Ransom:
    • Base64 Encoded Cloud SQL Command
  • CIDR SCC Persistence:
    • SCC: Persistence: New API Method
    • SCC: Persistence: IAM Anomalous Grant
    • SCC: Persistence: GCE Admin Added SSH Key
  • CIDR SCC Malware:
    • SCC: Added Library Loaded
    • SCC: Added Binary Executed
  • CIDR SCC Cloud IDS Low:
    • SCC: Cloud IDS: Low Threat Finding
  • CIDR SCC Cloud Armor Medium:
    • SCC: Cloud Armor: Medium - Increasing Deny Ratio
    • SCC: Cloud Armor: Medium - Allowed Traffic Spike
  • Azure Identity:
    • Azure External User Invitation
  • Azure Defender for Cloud Windows and Linux VM:
    • Azure Defender for Cloud: Anonymous IP access
  • AWS GuardDuty Discovery:
    • AWS GuardDuty: Recon:EC2/PortProbeUnprotectedPort
Google SecOps SIEM

The following rules have been moved from "Precise" to "Broad" in their associated rule packs due to high alert volume across the Google SecOps customer base.

  • GCP Workspace Data Exfil Drive:
    • Suspicious Workspace Actions Observed after a Successful Suspicious Login
  • GCP Suspicious Infrastructure Change:
    • Replacement of Existing Compute Machine Image
    • Replacement of Existing Compute Disk
  • GCP Cloud SQL Ransom:
    • Base64 Encoded Cloud SQL Command
  • CIDR SCC Persistence:
    • SCC: Persistence: New API Method
    • SCC: Persistence: IAM Anomalous Grant
    • SCC: Persistence: GCE Admin Added SSH Key
  • CIDR SCC Malware:
    • SCC: Added Library Loaded
    • SCC: Added Binary Executed
  • CIDR SCC Cloud IDS Low:
    • SCC: Cloud IDS: Low Threat Finding
  • CIDR SCC Cloud Armor Medium:
    • SCC: Cloud Armor: Medium - Increasing Deny Ratio
    • SCC: Cloud Armor: Medium - Allowed Traffic Spike
  • Azure Identity:
    • Azure External User Invitation
  • Azure Defender for Cloud Windows and Linux VM:
    • Azure Defender for Cloud: Anonymous IP access
  • AWS GuardDuty Discovery:
    • AWS GuardDuty: Recon:EC2/PortProbeUnprotectedPort
Organization Policy

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Data Fusion resources. For more information, see Create custom organization policy constraints.

Resource Manager

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Data Fusion resources. For more information, see Create custom organization policy constraints.

Workload Manager

Generally available: You can define organizational best practices for your workloads using custom rules written in the Rego policy language. Workload Manager evaluates your workloads against these rules and creates reports for any violation and helps you prioritize remediation. This helps you continuously improve the quality, reliability, and performance of your workloads. For more information, see Implementing best practices using custom rules.

January 20, 2025

BigQuery

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigquery

2.46.0 (2025-01-11)

Features
  • bigquery: Support IAM conditions in datasets in Java client. (#3602) (6696a9c)
Bug Fixes
Dependencies
  • Update actions/upload-artifact action to v4.5.0 (#3620) (cc25099)
  • Update actions/upload-artifact action to v4.6.0 (#3633) (ca20aa4)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.57.0 (#3617) (51370a9)
  • Update dependency com.google.api.grpc:proto-google-cloud-bigqueryconnection-v1 to v2.58.0 (#3631) (b0ea0d5)
  • Update dependency com.google.apis:google-api-services-bigquery to v2-rev20241222-2.0.0 (#3623) (4061922)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.61.0 (#3618) (6cba626)
  • Update dependency com.google.cloud:google-cloud-datacatalog-bom to v1.62.0 (#3632) (e9ff265)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#3628) (442d217)
  • Update dependency com.google.oauth-client:google-oauth-client-java6 to v1.37.0 (#3614) (f5faa69)
  • Update dependency com.google.oauth-client:google-oauth-client-jetty to v1.37.0 (#3615) (a6c7944)
  • Update github/codeql-action action to v2.27.9 (#3608) (567ce01)
  • Update github/codeql-action action to v2.28.0 (#3621) (e0e09ec)

Python

Changes for google-cloud-bigquery

3.28.0 (2025-01-15) - YANKED

Reason this release was yanked:

This turned out to be incompatible with pandas-gbq. For more details, see issue.

Features
  • Add property for allowNonIncrementalDefinition for materialized view (#2084) (3359ef3)
  • Add property for maxStaleness in table definitions (#2087) (729322c)
  • Add type hints to Client (#2044) (40529de)
  • Adds ExternalCatalogDatasetOptions and tests (#2111) (b929a90)
  • Adds ForeignTypeInfo class and tests (#2110) (55ca63c)
  • Adds new input validation function similar to isinstance. (#2107) (a2bebb9)
  • Adds StorageDescriptor and tests (#2109) (6be0272)
  • Adds the SerDeInfo class and tests (#2108) (62960f2)
  • Migrate to pyproject.toml (#2041) (1061611)
  • Preserve unknown fields from the REST API representation in SchemaField (#2097) (aaf1eb8)
  • Resource tags in dataset (#2090) (3e13016)
  • Support setting max_stream_count when fetching query result (#2051) (d461297)
Bug Fixes
Documentation
  • Render fields correctly for update calls (#2055) (a4d9534)
Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Python

Changes for google-cloud-bigtable

2.28.1 (2025-01-17)

Bug Fixes
Cloud Logging

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-logging

3.21.1 (2025-01-13)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.1 (705dba2)
Dependencies
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#1745) (6a7280d)
  • Update dependency org.easymock:easymock to v5.5.0 (#1639) (f559d89)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#1742) (3c7a2c7)
Compute Engine

Generally available: Managed instance groups (MIGs) let you create pools of suspended and stopped virtual machine (VM) instances. You can manually suspend and stop VMs in a MIG to save on costs, or use suspended and stopped pools to speed up scale out operations of your MIG. For more information, see About suspending and stopping VMs in a MIG.

Dataplex

Data lineage path visualization is available in preview. Lineage path visualizations help you to understand the lineage links between two selected resources. For more information, see Lineage path visualization.

Google SecOps

Python 3.7 is being deprecated and will be fully removed on June 1, 2025.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

Google SecOps SOAR

Python 3.7 is being deprecated and will be fully removed on June 1, 2025.

For information on how to update Marketplace integrations to Python 3.11, refer to Upgrade the Python versions.

January 19, 2025

Google SecOps

The individual parser documents have been put into one page with an easy-to-use search bar. This reorganization helps you find all the information you need in one place.

Google SecOps SIEM

The individual parser documents have been put into one page with an easy-to-use search bar. This reorganization helps you find all the information you need in one place.

Google SecOps SOAR

Release 6.3.31 is currently in Preview. This release contains internal and customer bug fixes.

January 18, 2025

Google SecOps SOAR

Release 6.3.30 is still in Preview.

January 17, 2025

BigQuery

The BigQuery Data Transfer Service can now transfer data from the following data sources:

Transfers from these data sources are supported in Preview.

In the navigation menu, you can now go to the Settings page to set default settings that are applied when you start a session in BigQuery Studio. This feature is in preview.

Cloud Build

You can now use Cloud Build to push Go modules to Artifact Registry. For more information, see Build and test Go applications.

Cloud SQL for PostgreSQL

Cloud SQL for PostgreSQL version 17 adds support for the following extensions and plugins:

Extensions and plugins

  • ip4r
  • oracle_fdw
  • orafce
  • pg_background
  • pg_bigm
  • pgfincore
  • pg_hint_plan
  • pg_partman
  • pg_proctab
  • pgrouting
  • pg_similarity
  • pgtap
  • pgtt
  • pg_wait_sampling
  • PL/Proxy
  • plv8
  • postgresql_anonymizer
  • postgresql_hll
  • prefix
  • temporal_tables

Cloud SQL for PostgreSQL version 17 doesn't support:

  • rdkit
  • pg_squeeze

To use these extensions and plugins in your PostgreSQL 17 instance, update your instance to the POSTGRES_17_2.R20241011.00_11 maintenance version.

To learn how to check your maintenance version, see Self service maintenance. To find your maintenance window or to manage maintenance updates, see Find and set maintenance windows.

To start using PostgreSQL 17, see Create instances.

Cloud SQL for SQL Server

Control the file size of the tempdb database. For more information, see Manage a tempdb database.

Compute Engine

Compute Engine is enabled for use with Cloud KMS Autokey.

Using keys generated by Autokey can help you consistently align with industry standards and recommended practices for data security, including the HSM protection level, separation of duties, key rotation, location, and key specificity. Keys requested using Autokey function identically to other Cloud HSM keys with the same settings.

For more information, see About disk encryption. To learn more about Cloud KMS Autokey, see Autokey overview.

Container Optimized OS

cos-117-18613-75-114

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Fixed CVE-2024-53173 in the Linux kernel.

Fixed CVE-2024-56600 in the Linux kernel.

Fixed CVE-2024-56601 in the Linux kernel.

Fixed CVE-2024-53202 in the Linux kernel.

Fixed CVE-2024-53206 in the Linux kernel.

Fixed CVE-2024-56786 in the Linux kernel.

Fixed CVE-2024-56780 in the Linux kernel.

Fixed CVE-2024-56720 in the Linux kernel.

Fixed CVE-2024-56783 in the Linux kernel.

Fixed CVE-2024-56672 in the Linux kernel.

Fixed CVE-2024-56675 in the Linux kernel.

Fixed CVE-2024-53185 in the Linux kernel.

Fixed CVE-2024-56664 in the Linux kernel.

Fixed CVE-2024-56755 in the Linux kernel.

Fixed CVE-2024-56756 in the Linux kernel.

Fixed CVE-2024-56658 in the Linux kernel.

Fixed CVE-2024-53128 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811744 -> 811796

cos-109-17800-436-4

Kernel Docker Containerd GPU Drivers
COS-6.1.124 v24.0.9 v1.7.24 See List

This is an LTS Refresh release.

Added NVIDIA GPU drivers R560 branch. Updates both the the LATEST and R560 GPU driver label to v560.35.03.

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Fixed KCTF-35f56c5 in the Linux kernel.

Fixed CVE-2024-56720 in the Linux kernel.

Fixed CVE-2024-56783 in the Linux kernel.

Fixed CVE-2024-50146 in the Linux kernel.

Fixed CVE-2024-56756 in the Linux kernel.

Fixed CVE-2024-56675 in the Linux kernel.

Fixed CVE-2024-56755 in the Linux kernel.

Fixed CVE-2024-56672 in the Linux kernel.

Fixed CVE-2024-56658 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812257 -> 812258

cos-105-17412-535-16

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Fixed KCTF-35f56c5 in the Linux kernel.

Fixed CVE-2024-56745 in the Linux kernel.

Fixed CVE-2024-56720 in the Linux kernel.

Fixed CVE-2024-56780 in the Linux kernel.

Fixed CVE-2024-56694 in the Linux kernel.

Fixed CVE-2024-56739 in the Linux kernel.

Fixed CVE-2024-53151 in the Linux kernel.

Fixed CVE-2024-53146 in the Linux kernel.

Fixed CVE-2024-56606 in the Linux kernel.

Fixed CVE-2024-56614 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812690 -> 812682

cos-dev-121-18828-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.71 v25.0.7 v2.0.0 See List

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Runtime sysctl changes:

  • Changed: fs.file-max: 811795 -> 811767

cos-113-18244-291-9

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

Upgraded rsync to version 3.3.0-r2. This fixes CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747.

Runtime sysctl changes:

  • Changed: fs.file-max: 812027 -> 812035

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.128-debian10, 2.0.128-rocky8, 2.0.128-ubuntu18
  • 2.1.76-debian11, 2.1.76-rocky8, 2.1.76-ubuntu20, 2.1.76-ubuntu20-arm
  • 2.2.42-debian12, 2.2.42-rocky9, 2.2.42-ubuntu22

Dataproc Serverless for Spark:

  • Added support for XGBoost 2.1 in 2.2 runtime.
  • Change spark.sql.maxMetadataStringLength default value to 5000 for 1.2 and 2.2 runtimes
Generative AI on Vertex AI Google Cloud Architecture Center

Cross-Cloud Network for distributed applications: Updates to the document set to reflect feature releases over the past months.

Memorystore for Redis Cluster

You can now create a Memorystore for Redis Cluster instance that uses customer-managed encryption keys (CMEK). You can also manage instances that use CMEK.

For more information about CMEK for Memorystore for Redis Cluster, see About customer-managed encryption keys (CMEK).

Security Command Center

Security Command Center now displays the number of resources scanned for a specific security compliance standard. This information appears as a column in the table on the Compliance detail page of the Google Cloud console for a given compliance standard.

To view the number of resources scanned against a security compliance standard, see Assess compliance against a specific standard.

January 16, 2025

BigQuery

The BigQuery migration assessment for Oracle now includes a total cost of ownership (TCO) calculator that provides an estimation of compute and storage costs for migrating your Oracle data warehouse to BigQuery. This feature is in preview.

We have rearranged the navigation menu into new categories. This feature is generally available (GA).

Cloud Asset Inventory

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Identity Platform
    • identitytoolkit.googleapis.com/Config
  • KRM API Hosting
    • krmapihosting.googleapis.com/KrmApiHost
Cloud Service Mesh

1.24.2-asm.1 is now available for in-cluster Cloud Service Mesh.

You can now download 1.24.2-asm.1 for in-cluster Cloud Service Mesh. It includes the features of Istio 1.24.2 subject to the list of supported features.

  • Istio's dual-stack is not supported
  • Istio's experimental feature to enable lazy subset creation of envoy statistics is not supported.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh. Cloud Service Mesh version 1.24.2-asm.1 uses Envoy v1.32.3.

Compute Engine

Generally available: Google Axion Processor-based C4A VMs with Titanium SSD are now generally available. Part of our general-purpose machine family, these instances come with up to 6 TiB of Titanium SSD disks. Titanium SSD is our latest generation of Local SSD. It uses Titanium I/O offload processing and offers enhanced SSD security, performance, and management.

Container Optimized OS

cos-dev-121-18827-0-0

Kernel Docker Containerd GPU Drivers
COS-6.6.71 v25.0.7 v2.0.0 See List

Upgraded nvidia-container-toolkit to v1.17.3.

Updated the Linux kernel to v6.6.71.

Added NVIDIA GPU drivers R565 branch - Updated R565 latest driver to v565.57.01.

Upgraded app-containers/docker to v25.0.7, Upgraded app-containers/docker-test to v25.0.7, Upgraded app-containers/docker-cli to v25.0.7.

Upgraded app-containers/cni-plugins to v1.6.2.

Upgraded app-admin/fluent-bit to v3.2.4.

Upgraded app-admin/google-guest-configs to v20250107.00.

Upgraded chromeos-base/update_engine-client to v0.0.1-r2467.

Upgraded chromeos-base/power_manager-client to v0.0.1-r2958.

Upgraded chromeos-base/shill-client to v0.0.1-r4804.

Upgraded chromeos-base/session_manager-client to v0.0.1-r2814.

Upgraded chromeos-base/debugd-client to v0.0.1-r2723.

Upgraded chromeos-base/chromeos-common-script to v0.0.1-r654.

Upgraded dev-db/sqlite to v3.47.2.

Upgraded sys-apps/pv to v1.9.25.

Upgraded sys-apps/file to v5.46-r1.

Upgraded net-misc/socat to v1.8.0.2.

Runtime sysctl changes:

  • Changed: fs.file-max: 811786 -> 811795

cos-109-17800-372-99

Kernel Docker Containerd GPU Drivers
COS-6.1.112 v24.0.9 v1.7.24 See List

Upgraded nvidia-container-toolkit to v1.17.3.

Upgraded sys-apps/file to v5.46-r1.

Fixed CVE-2024-56780 in the Linux kernel.

Fixed CVE-2024-56763 in the Linux kernel.

Fixed CVE-2024-53146 in the Linux kernel.

Fixed CVE-2024-56694 in the Linux kernel.

Fixed CVE-2024-53151 in the Linux kernel.

Fixed CVE-2024-56688 in the Linux kernel.

Fixed CVE-2024-56745 in the Linux kernel.

Fixed CVE-2024-56739 in the Linux kernel.

Fixed CVE-2024-56606 in the Linux kernel.

Fixed CVE-2024-56614 in the Linux kernel.

Fixed CVE-2024-53096 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Fixed CVE-2024-53093 in the Linux kernel.

Deep Learning Containers

M127 release

  • The following framework versions have reached their end of patch and support dates:

    • Tensorflow versions 2.15 and earlier
    • PyTorch versions 2.1 and earlier
    • Base versions with CUDA 12.1 and earlier

    To view the end of patch and support dates, see Supported framework versions. Framework versions remain available for use until their end of availability date, but recent versions are strongly recommended.

Deep Learning VM Images

M127 release

  • Fixed an issue related to ownership of the home directory when using authorized ssh keys.

  • The following framework versions have reached their end of patch and support dates:

    • Tensorflow versions 2.15 and earlier
    • PyTorch versions 2.1 and earlier
    • Base versions with CUDA 12.2 and earlier

    To view the end of patch and support dates, see Supported framework versions. To create a VM instance using an image family that has reached its end of patch and support date, you must specify an image from the image family when you create the VM instance. To list images from an image family name after its end of patch and support date, include the --show-deprecated flag in your gcloud compute images list command, or select Show deprecated images when creating an instance in the Google Cloud console.

Google Cloud Architecture Center

(New guide) Implement two-tower retrieval for large-scale candidate generation: Describes how to implement an end-to-end two-tower candidate generation workflow with Vertex AI.

Google Kubernetes Engine

With minor version 1.33, GKE nodes use containerd 2.0, which removes support for Docker Schema 1 images and the CRI v1alpha2 API. GKE pauses automatic upgrades to 1.33 when it detects that a cluster uses the deprecated features. To prepare for this change, see Migrate nodes to containerd 2.

Looker

You can now provision, configure, and manage non-production instances of the Standard, Enterprise, and Embed Looker (Google Cloud core) editions for staging and testing. The functionalities that are available for each non-production edition are the same as the functionalities that are available for the production editions. Non-production Looker instances also can have the same network connection types as production instances.

Security Command Center

A new Risk Overview page is the default view for Security Command Center Enterprise customers. It serves as your first contact security dashboard for the highest priority risks in your cloud environments. From here you can quickly assess toxic combinations, threats, compliance issues, and high impact vulnerabilities.

The Postures section in the SecOps console has been renamed to Risk, and moved to the top of the navigation for Security Command Center Enterprise customers. You can find the Vulnerabilities and Data Security dashboards here, along with the Findings and Resources pages.

Vertex AI Workbench

M127 release

The M127 release of Vertex AI Workbench user-managed notebooks includes the following:

  • Fixed an issue related to ownership of the home directory when using authorized ssh keys.

The M127 release of Vertex AI Workbench managed notebooks includes the following:

  • Fixed an issue related to ownership of the home directory when using authorized ssh keys.

M127 release

The M127 release of Vertex AI Workbench instances includes the following:

  • Fixed an issue related to ownership of the home directory when using authorized ssh keys.
Virtual Private Cloud

Private Service Connect endpoints for regional Google APIs can be configured with IPv6 addresses to support access from IPv6 clients. This feature is available in General Availability.

January 15, 2025

Apigee API hub

Resource filtering with user-Defined attributes

You can now filter API hub resources based on user-defined attributes using a REST API call. For more information, see Filter resources based on user attributes.

Validation for user-defined attributes

API hub now supports JSON schema validation for user-defined attributes. This enhancement ensures data integrity and consistency for JSON data type inputs, improving the quality and reliability of API specifications.

Cloud Composer

Starting April 13, 2025, we are removing the default environment's service account setting. This change enhances security and provides greater control over your Cloud Composer environments.

  • Previously, the default Compute Engine service account was used by default when a user didn't specify a service account during Cloud Composer creation.
  • After the change, you'll need to explicitly specify a service account when you create a new Cloud Composer environment.
  • Existing Cloud Composer environments will not be affected by this change.

To address this change:

  • We recommend to create one or more user-managed service accounts for Cloud Composer environments in your project and grant them the minimum of required permissions. For more information and instructions, see Grant roles to an environment's service account.
  • If you use Terraform, scripts or other automation and configuration management tools, then make sure to update them, so that an environment's service account is specified when you create an environment.

In April 2025, Cloud Composer 2 environments will always use the environment's service account for performing PyPI packages installations:

  • The environment's service account will be used instead.
  • Existing Cloud Composer 2 environments that previously used the default Cloud Build service account will change to using the environment's service account instead.
  • Cloud Composer 2 environments created in versions 2.10.2 and later already have this change.
  • Cloud Composer 3 environments already use the environment's service account, and are not impacted by this change.
Cloud Service Mesh

1.21.5-asm.21 is now available for in-cluster Cloud Service Mesh.

This patch release contains a fix for a bug where mixed case hosts in Gateway and TLS redirect results in stale RDS.

This patch release also contains the fix for a security vulnerability where an attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing.

For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.21.5-asm.21 uses Envoy v1.29.12.

1.22.7-asm.4 is now available for in-cluster Cloud Service Mesh.

This patch release contains the fix for a security vulnerability where an attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing.

For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh.Cloud Service Mesh version 1.22.7-asm.4 uses envoy v1.30.9.

1.23.4-asm.7 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for a bug in envoy config where opencensus.proto.trace.v1.TraceConfig has been disabled by default and an issue causing VirtualService header name validation to reject valid header names.

This patch release also contains the fix for a security vulnerability where an attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing.

For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.23.4-asm.7 uses Envoy v1.31.5.

Compute Engine

The metadata server might display old physicalHost metadata if a VM experiences a host error. For more information, see known issues.

Organization Policy

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some reCAPTCHA resources. For more information, see Use custom organization policies for reCAPTCHA keys and firewall policies.

Resource Manager

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some reCAPTCHA resources. For more information, see Use custom organization policies for reCAPTCHA keys and firewall policies.

SAP on Google Cloud

Terraform support for deploying sole-tenant nodes for SAP HANA

You can use Terraform to deploy the following systems with sole-tenant nodes:

  • SAP HANA scale-up
  • SAP HANA scale-up high availability
  • SAP HANA multi-host scale-out without node anti-affinity
  • SAP HANA scale-out high availability without node anti-affinity

For more information, see Sole tenancy.

Spanner

Spanner now supports query statistics for previously executed partitioned data manipulation language (partitioned DML) statements. For more information, see Query statistics.

Virtual Private Cloud

The network profile resource and an RDMA network profile are available in General Availability. You can create a VPC network with the RDMA network profile, which lets you run AI workloads on VM instances that have RDMA network interfaces (NICs). For more information, see the following:

If you're a service producer that makes a service available through VPC Network Peering, you can migrate your service to Private Service Connect without changing the IP address that consumers use to access the service. This feature is available in Preview.

You can create an internal range with the usage type FOR_MIGRATION to migrate a CIDR range from one subnet to another. For more information, see Migrating subnet ranges. This feature is available in General Availability.

If you create a Private Service Connect backend to connect to a published service, and the producer has let you know which port the service is available on, you can include the producer port in the backend configuration.

For more information about the producer's configuration, see Producer port configuration.

Specifying the producer port in a Private Service Connect backend is available in General Availability.

reCAPTCHA

You can use custom constraints with Organization Policy to provide more granular control over specific fields for some reCAPTCHA resources. For more information, see Use custom organization policies for reCAPTCHA keys and firewall policies.

January 14, 2025

Cloud Asset Inventory

The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

  • Resource Manager
    • cloudresourcemanager.googleapis.com/Lien

The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

  • Cloud Next Generation Firewall Enterprise
    • networksecurity.googleapis.com/AddressGroup
Cloud Run

You can now deploy multiple containers (sidecars) to a Cloud Run job. (In Preview)

Cloud SQL for MySQL

You can now migrate data from Microsoft Azure to Cloud SQL. For more information, see Configure Cloud SQL and the external server for replication.

Cloud SQL for PostgreSQL

You can now migrate data from Microsoft Azure to Cloud SQL. For more information, see Configure Cloud SQL and the external server for replication.

Confidential Space

A new Confidential Space image (250100) is now available.

Updated default TPM Dictionary Lockout parameters. This change should significantly reduce the chance for users to get into the TPM lockout state.

Changed the default OOM score for the workload container.

Added retry logic when pulling the workload image and calling the Confidential Computing API.

Improved the logging and monitoring experience. Added CPU metric monitoring to the image.

Google Kubernetes Engine

(2025-R02) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Rapid channel

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1488000
    • 1.29.12-gke.1126000
    • 1.30.8-gke.1128000
    • 1.30.8-gke.1133000
    • 1.31.4-gke.1249000
    • 1.32.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1162000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.

Regular channel

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.29.10-gke.1280000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.31.1-gke.2105000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1051000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.3-gke.1162000 with this release.

Stable channel

  • Version 1.30.5-gke.1713000 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1020000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1713000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1713000 with this release.

Extended channel

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2142000
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.29.10-gke.1280000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.31.1-gke.2105000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.3-gke.1162000 with this release.

No channel

(2025-R02) Version updates

  • The following versions are now available in the Rapid channel:
  • The following versions are no longer available in the Rapid channel:
    • 1.28.15-gke.1488000
    • 1.29.12-gke.1126000
    • 1.30.8-gke.1128000
    • 1.30.8-gke.1133000
    • 1.31.4-gke.1249000
    • 1.32.0-gke.1577000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.8-gke.1162000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.8-gke.1162000 with this release.

(2025-R02) Version updates

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Regular channel.
  • The following versions are now available in the Regular channel:
  • The following versions are no longer available in the Regular channel:
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.29.10-gke.1280000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.31.1-gke.2105000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.27 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.8-gke.1051000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.3-gke.1162000 with this release.

(2025-R02) Version updates

  • Version 1.30.5-gke.1713000 is now the default version for cluster creation in the Stable channel.
  • The following versions are no longer available in the Stable channel:
    • 1.28.15-gke.1020000
    • 1.29.10-gke.1054000
    • 1.29.10-gke.1155000
    • 1.30.5-gke.1699000
  • Auto-upgrade targets are now available for the following minor versions:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.27 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.30.5-gke.1713000 with this release.
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.28 to version 1.28.15-gke.1342000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.29 to version 1.29.10-gke.1280000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.30.5-gke.1713000 with this release.

(2025-R02) Version updates

  • Version 1.30.8-gke.1051000 is now the default version for cluster creation in the Extended channel.
  • The following versions are now available in the Extended channel:
  • The following versions are no longer available in the Extended channel:
    • 1.27.16-gke.2142000
    • 1.28.15-gke.1342000
    • 1.28.15-gke.1362000
    • 1.29.10-gke.1280000
    • 1.30.6-gke.1596000
    • 1.30.7-gke.1084000
    • 1.31.1-gke.2105000
  • The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.1435000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.12-gke.1055000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.8-gke.1051000 with this release.
    • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.3-gke.1162000 with this release.

(2025-R02) Version updates

Google SecOps

The following rules have been removed from their associated rule packs in Curated Detections due to high alert volume across the Google SecOps customer base:

  • Cloud Threats - CDIR SCC Enhanced Defense Evasion Alerts:
    • SCC: Modify VPC Service Control with GCE Activity from the Restricted Resource
    • SCC: Modify VPC Service Control with Activity from the Restricted Service
  • Linux Threats - OS Privilege Escalation Tools:
    • Sensitive File Discovery
    • Last Login Users
    • Whoami Commands
  • Windows Threats - Initial Access:
    • NetLogon AD System Event
  • Risk Analytics for UEBA - Login to an Application Never Before Seen for a User Group:
    • First Time User Login Activity to Application for Manager Peer Group
  • Risk Analytics for UEBA - Login from Country Never Before Seen for a User Group:
    • First Time User Login Activity from Country for Manager Peer Group

The rule "SCC: Unexpected Child Shell" has been moved from the rule pack "Cloud Threats - CDIR SCC Enhanced Malware Alerts" to "Cloud Threats - CDIR SCC Enhanced Execution Alerts"

Google SecOps SIEM

The following rules have been removed from their associated rule packs in Curated Detections due to high alert volume across the Google SecOps customer base:

  • Cloud Threats - CDIR SCC Enhanced Defense Evasion Alerts:
    • SCC: Modify VPC Service Control with GCE Activity from the Restricted Resource
    • SCC: Modify VPC Service Control with Activity from the Restricted Service
  • Linux Threats - OS Privilege Escalation Tools:
    • Sensitive File Discovery
    • Last Login Users
    • Whoami Commands
  • Windows Threats - Initial Access:
    • NetLogon AD System Event
  • Risk Analytics for UEBA - Login to an Application Never Before Seen for a User Group:
    • First Time User Login Activity to Application for Manager Peer Group
  • Risk Analytics for UEBA - Login from Country Never Before Seen for a User Group:
    • First Time User Login Activity from Country for Manager Peer Group

The rule "SCC: Unexpected Child Shell" has been moved from the rule pack "Cloud Threats - CDIR SCC Enhanced Malware Alerts" to "Cloud Threats - CDIR SCC Enhanced Execution Alerts"

Looker

We're excited to announce a new series of quickstarts in the official Looker (Google Cloud core) documentation. This set of quickstarts walks users through all the procedures they need to get up and running with Looker. The quickstarts use the sample LookML project that is automatically configured on Looker (Google Cloud core) instances so that users can use Looker immediately.
Here are the links to the new quickstarts (and overview):

These quickstarts were inspired by the Looker Basics for New Customers webinar, which is free and available to all.

Vertex AI Agent Builder

Vertex AI Search: gemini-1.5-flash-001/answer_gen/v2 for healthcare

The gemini-1.5-flash-001/answer_gen/v2 model is available for answer generation in healthcare search apps.

For more information, see Available models.

Virtual Private Cloud

VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. This feature is available in General Availability. To enable VPC Flow Logs for VLAN attachments and Cloud VPN tunnels, see Configure VPC Flow Logs.

January 13, 2025

Apigee Advanced API Security

On January 13, 2025 we released an updated version of Apigee's Shadow API Discovery.

Shadow API Discovery latency improvements

This release improves Shadow API Discovery and removes the latency impact on load balancers previously documented as part of Shadow API Discovery enablement.

For more information on Shadow API Discovery, see the Shadow API Discovery customer documentation.

Application Integration

Config variables pane (Preview)

You can now view and edit all the config variables defined within your integration using the new Config Variables pane. For more information, See View and edit config variables.

BigQuery

In BigQuery ML, you can now forecast multiple time series at once by using the new TIME_SERIES_ID_COL option that is available in ARIMA_PLUS_XREG multivariate time series models. Try this feature with the Forecast multiple time series with a multivariate model tutorial.

This feature is in preview.

You can now use BigQuery Omni Virtual Private Cloud (VPC) allowlists to restrict access to AWS S3 buckets and Azure Blob Storage from specific BigQuery Omni VPCs. This feature is generally available (GA).

Bigtable

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-bigtable

2.51.1 (2025-01-10)

Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.50.0 (#2464) (d63dd43)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#2461) (ed24b4c)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#2460) (35c979f)

Python

Changes for google-cloud-bigtable

2.28.0 (2025-01-08)

Features
Cloud Data Fusion

The SAP SuccessFactors plugin version 1.2.4 is available in Cloud Data Fusion version 6.8.0 and later. This release lets you use OAuth 2.0 for ODATA API authentication (PLUGIN-1741).

Cloud Database Migration Service

Database Migration Service now supports Microsoft Azure sources for MySQL and PostgreSQL homogeneous migrations to Cloud SQL.

For more information, see Supported source and destination databases.

Cloud Deploy

You can now connect to your GKE cluster's DNS-based endpoint, simplifying networking configuration when talking to private clusters from Cloud Deploy. Learn more.

Cloud Logging

You can now create analytics views, which let you transform your log data into a custom format. You can then use SQL to query your analytics views. This feature is in Public Preview. For more information, see the following documents:

Cloud Run

The principal (user or service account) creating or updating a Cloud Run resource now needs explicit permission to access the container image(s). When using Artifact Registry, ensure the principal has the Artifact Registry Reader (roles/artifactregistry.reader) IAM role on the project or repository containing the container image(s) to deploy.

Cloud SQL for MySQL

As of January 13, 2025, the legacy configuration for high availability (HA) is deprecated for all Cloud SQL for MySQL instances. You can no longer create instances with the legacy HA configuration, and you can no longer enable the legacy HA configuration on existing instances. In addition, after January 13, 2025, legacy HA instances are no longer covered by the Cloud SQL SLA.

We recommend that you update your remaining legacy HA instances as soon as possible to the current HA configuration. You can do so by following the instructions in Update an instance from legacy to current high availability.

Starting on May 1, 2025, Cloud SQL will begin updating any instances that use the legacy high availability configuration to use the current regional persistent disk-based high availability configuration automatically.

Cloud Storage

A weekly digest of client library updates from across the Cloud SDK.

Node.js

Changes for @google-cloud/storage

7.15.0 (2024-12-20)

Features
  • Add ability to configure and utilize soft-delete and restore buckets (#2566) (25cdbb9)

Go

Changes for storage/internal/apiv2

1.50.0 (2025-01-09)

Features
  • storage/internal: Add new appendable Object to BidiWrite API (2e4feb9)
  • storage/internal: Add new preview BidiReadObject API (2e4feb9)
  • storage: Add support for gRPC bi-directional multi-range reads. This API is in private preview and not generally and is not yet available for general use. (#11377) (b4d86a5)
  • storage: Add support for ReadHandle, a gRPC feature that allows for accelerated resumption of streams when one is interrupted. ReadHandle requires the bi-directional read API, which is in private preview and is not yet available for general use. (#11377) (b4d86a5)
  • storage: Support appendable semantics for writes in gRPC. This API is in preview. (#11377) (b4d86a5)
  • storage: Refactor gRPC writer flow (#11377) (b4d86a5)
Bug Fixes
  • storage: Add mutex around uses of mrd variables (#11405) (54bfc32)
  • storage: Return the appropriate error for method not supported (#11416) (56d704e)
Documentation
  • storage/internal: Add IAM information to RPC comments for reference documentation (2e4feb9)
  • storage: Add preview comment to NewMultiRangeDownloader (#11420) (4ec1d66)

Java

Changes for google-cloud-storage

2.47.0 (2025-01-08)

Features
  • Add MoveObject RPC (34b8ac4)
  • Introductory beta level support for OpenTelemetry tracing on c.g.c.storage.Storage methods (#2837) (dd889ea)
Bug Fixes
  • De-beta storage-v2 artifacts (#2852) (77a2e8a)
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.0 (34b8ac4)
  • Fix interrupt spiral in grpc ReadObject drainQueue (#2850) (c1dac83)
  • Update request handling of gRPC based CopyWriter (#2858) (093cb87)
Dependencies
  • Update gcr.io/cloud-devrel-public-resources/storage-testbench docker tag to v0.51.0 (#2860) (980ac4e)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#2864) (b731c06)
  • Update sdk-platform-java dependencies (#2866) (562df7f)
Container Optimized OS

cos-117-18613-75-102

Kernel Docker Containerd GPU Drivers
COS-6.6.56 v24.0.9 v1.7.24 See List

Upgraded nvidia-container-toolkit to v1.17.3.

Upgraded sys-apps/file to v5.46-r1.

Upgraded net-misc/socat to v1.8.0.2.

Fixed CVE-2024-56688 in the Linux kernel.

Fixed CVE-2024-56745 in the Linux kernel.

Fixed CVE-2024-53146 in the Linux kernel.

Fixed CVE-2024-56760 in the Linux kernel.

Fixed CVE-2024-53151 in the Linux kernel.

Fixed CVE-2024-56729 in the Linux kernel.

Fixed CVE-2024-56763 in the Linux kernel.

Fixed CVE-2024-56614 in the Linux kernel.

Fixed CVE-2024-56694 in the Linux kernel.

Fixed CVE-2024-56739 in the Linux kernel.

Fixed CVE-2024-56606 in the Linux kernel.

Fixed CVE-2024-53096 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 811756 -> 811744

cos-113-18244-291-3

Kernel Docker Containerd GPU Drivers
COS-6.1.123 v24.0.9 v1.7.24 See List

This is an LTS refresh release.

Upgraded nvidia-container-toolkit to v1.17.3.

Upgraded app-admin/google-osconfig-agent to v20240927.00.

Upgraded sys-apps/file to v5.46-r1.

Upgraded net-misc/socat to v1.8.0.2.

Upgraded dev-python/configobj to v5.0.9.

Upgraded dev-libs/nss to v3.105.

Fixed CVE-2024-53096 in the Linux kernel.

Fixed CVE-2024-53052 in the Linux kernel.

Runtime sysctl changes:

  • Changed: fs.file-max: 812045 -> 812027

cos-105-17412-535-6

Kernel Docker Containerd GPU Drivers
COS-5.15.173 v23.0.3 v1.7.23 See List

This is an LTS Refresh release.

Added NVIDIA GPU drivers R560 branch - Update R560, latest driver to v560.35.03.

Upgraded sys-apps/file to v5.46-r1.

Fixed a kernel crash that occurred when running some BPF programs.

Runtime sysctl changes:

  • Changed: fs.file-max: 812681 -> 812690

Dataproc

Dataproc Serverless for Spark: On March 10, 2025, the Dataproc Resource Manager API will be enabled as part of General Availability (GA) for Dataproc Serverless 3.0+ versions.

User action will not be required in response to this API enablement change.

The Dataproc Resource Manager will be implemented as a stand-alone Google Cloud API, dataprocrm.googleapis.com. It will allow Dataproc distributions of open source software, ,particularly Apache Spark, to directly communicate resource requirements.

Firestore in Datastore mode

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-datastore

2.25.2 (2025-01-09)

Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.1 (90d8b30)
  • Fix emulator command arg data-dir (#1695) (9d53195)
Dependencies
  • Update dependency com.google.cloud:gapic-libraries-bom to v1.49.0 (#1693) (8160c28)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#1703) (bf9537f)
  • Update dependency com.google.guava:guava-testlib to v33.4.0-jre (#1694) (b91a2af)
Google Cloud VMware Engine

VMware Engine ve1 nodes are now available in the following additional region:

  • Paris, France (europe-west9-b)
Pub/Sub

A weekly digest of client library updates from across the Cloud SDK.

Java

Changes for google-cloud-pubsub

1.136.0 (2025-01-10)

Features
  • Add Kafka-based sources to IngestionDataSourceSettings proto and IngestionFailureEvent proto (2947169)
Bug Fixes
  • deps: Update the Java code generator (gapic-generator-java) to 2.51.1 (9c166f7)
Dependencies
  • Update dependency com.google.cloud:google-cloud-bigquery to v2.45.0 (#2292) (79a8982)
  • Update dependency com.google.cloud:google-cloud-storage to v2.46.0 (#2291) (7b60884)
  • Update dependency com.google.cloud:sdk-platform-java-config to v3.41.1 (#2301) (53c1a8a)
  • Update dependency com.google.protobuf:protobuf-java-util to v4.29.2 (#2294) (48d4ac1)
  • Update dependency org.assertj:assertj-core to v3.27.2 (#2296) (e5b68a5)
  • Update googleapis/sdk-platform-java action to v2.51.1 (#2298) (16e0144)

Python

Changes for google-cloud-pubsub

2.27.2 (2025-01-06)

Bug Fixes
  • Handle TransportError Exceptions thrown from gapic_publish (#1318) (0e058c7)
Security Command Center

A new error code, AWS_ACTIVE_COLLECTOR_ACCOUNTS_NOT_FOUND, is available in the AWS connector in Security Command Center. Additional guidance is available to help troubleshoot the 'AWS_FAILED_TO_ASSUME_DELEGATED_ROLE' error.

Sensitive Data Protection

The FRANCE_DRIVERS_LICENSE_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

The TAIWAN_ID_NUMBER infoType detector is available in all regions. For more information about all built-in infoTypes, see InfoType detector reference.

January 12, 2025

Cloud Composer

Starting after April 13, 2025, Cloud Composer 3 will unify its billing with BigQuery. The Cloud Composer 3 standard milli DCU-hours SKU will be replaced with the new BigQuery Engine for Apache Airflow SKU, which will be calculated based on the number of BigQuery slot hours that your Cloud Composer 3 environments consume. Other SKUs will be renamed and moved under the BigQuery hierarchy. The change will be rolled out gradually to all regions supported by Cloud Composer 3. For more information about the change, see Transition to BigQuery slot-hour-based pricing.

Google SecOps SOAR

Release 6.3.29 is now in General Availability.

January 11, 2025

Google SecOps

Playbook names must now be unique across all SOAR environments, as part of updates to support future features. For customers with existing playbooks in different environments that have the same name, there is no need to manually change names. However, the next time you edit one of these playbooks, you will be asked to change the name before you save.

The user must log in to the Google SecOps platform with the exact same IdP group name as entered in the Settings screen.

Google SecOps SOAR

Release 6.3.30 is currently in Preview.

Playbook names must now be unique across all SOAR environments, as part of updates to support future features. For customers with existing playbooks in different environments that have the same name, there is no need to manually change names. However, the next time you edit one of these playbooks, you will be asked to change the name before you save.

January 10, 2025

Cloud Composer

(Cloud Composer 3) New metrics are available for Cloud Composer 3 environments:

  • CPU quota limit for Cloud Composer workloads
  • CPU quota usage for Cloud Composer workloads

(Cloud Composer 3) You can now use custom certificates when installing packages from your private repository. This change is gradually rolled out to all Cloud Composer 3 environments. To obtain this change earlier, upgrade the Airflow build of your environment.

The issue with automatic environment upgrades and upgrading Airflow builds in Cloud Composer 3 is resolved and these operations are working. If you think that your environment is still impacted by this issue, please reach out to the Cloud Support team.

(New Cloud Composer 2 environments only) Cloud Composer 2 environments in versions 2.10.2 and later always use the environment's service account for performing PyPI packages installations. This change applies only to newly created environments, existing environments that are upgraded to 2.10.2 and later versions will not get this change.

(Cloud Composer 3 only) The /data folder is now synchronized with Airflow triggerers.

(Available without upgrading) Improved the error message generated when the Cloud Composer Service Agent service account is missing permissions on the project or on the environment's service account.

(Cloud Composer 2) Cloud Composer 2 environments that use PSC interfaces will no longer try to allocate IP ranges for VPC peerings in the tenant project. Environments that use PSC instead of VPC peerings do not use these ranges. This fixes a problem where these ranges overlapped with ranges used for the PSC subnetwork.

The Redis persistent disk is now automatically deleted together with the environment. This persistent disk is used by the Redis queue and stores only technical data.

Fixed an issue where the user-defined Cloud DNS configuration for Google API domains would break Cloud Composer 3 environment creation and attachment of VPC networks.

The worker_autoscale Airflow configuration option is blocked in Cloud Composer 2. Previously, it was blocked only in Cloud Composer 3.

Fixed a problem with the interpolation of pip.conf file. Now the pip.conf file is not interpolated and can contain unescaped % characters.

Removed the warning log message about in-memory storage because it doesn't apply to Cloud Composer.

The importlib-resources package was removed from preinstalled packages.

New Airflow builds are available in Cloud Composer 3:

  • composer-3-airflow-2.10.2-build.5 (default)
  • composer-3-airflow-2.9.3-build.12

New images are available in Cloud Composer 2:

  • composer-2.10.2-airflow-2.10.2 (default)
  • composer-2.10.2-airflow-2.9.3

Cloud Composer 2.10.1 is a version with an extended upgrade timeline.

Cloud Composer version 2.5.4 has reached its end of support period.

Cloud Service Mesh

The CVE fix for GCP-2024-065 has rolled out to all channels.

Dataproc

New Dataproc on Compute Engine subminor image versions:

  • 2.0.127-debian10, 2.0.127-rocky8, 2.0.127-ubuntu18
  • 2.1.75-debian11, 2.1.75-rocky8, 2.1.75-ubuntu20, 2.1.75-ubuntu20-arm
  • 2.2.41-debian12, 2.2.41-rocky9, 2.2.41-ubuntu22
Retail API

Vertex AI Search for commerce: Renamed in the console and documentation

Vertex AI Search for retail is renamed as Vertex AI Search for commerce. The Google Cloud console and the documentation at cloud.google.com have been updated to reflect the rename. In the console, look for Search for Commerce.

Spanner

Monitor and troubleshoot queries that are running in your Spanner instance. Active queries are long-running queries that might affect the performance of your instance. Monitoring these queries can help you identify causes of instance latency and high CPU usage. For more information, see Monitor active queries.

VPC Service Controls

Preview stage support for the following integration:

January 09, 2025

Apigee X

On January 9, 2025, we released an updated version of Apigee (1-14-0-apigee-3).

Bug ID Description
365406457 Implemented fix to optimize CPU usage and close sockets when needed.
382967738, 383113773 Fixed security vulnerability in PythonScript policy.
382883585 Fixed security vulnerability in JavaCallout policy.
N/A Updates to security infrastructure and libraries.
Apigee hybrid

hybrid 1.14.0-hotfix.1

On January 9, 2025 we released an updated version of the Apigee hybrid software, 1.14.0-hotfix.1.

Instructions:

To install 1.14.0-hotfix.1:

  1. In your overrides.yaml file update the value of metrics.sdSidecar.image.tag to 0.10.0. Add the following stanza:

    metrics:
  sdSidecar:
    image:
      url: "gcr.io/apigee-release/hybrid/apigee-stackdriver-prometheus-sidecar"
      tag: "0.10.0"

  2. Apply the changes to the apigee-telemetry chart:

    1. Dry run:

      helm upgrade telemetry apigee-telemetry/ \
  --install \
  --namespace APIGEE_NAMESPACE \
  --atomic \
  -f overrides.yaml \
  --dry-run=server

    2. Install the chart:

      helm upgrade telemetry apigee-telemetry/ \
  --install \
  --namespace APIGEE_NAMESPACE \
  --atomic \
  -f overrides.yaml

    3. Verify the change by checking its state:

      kubectl -n APIGEE_NAMESPACE get apigeetelemetry apigee-telemetry
Bug ID Description
367681534 Tagging apigee-stackdriver-prometheus-sidecar to prevent removal from customer repos after 2 years due to infrequent updates.
Cloud Composer

January 10, 2025 update: The issue is resolved.

(Cloud Composer 3 only) We are currently experiencing an issue with automatic environment upgrades and upgrading Airflow builds for Cloud Composer 3 in asia-south1, europe-west1, and asia-northeast2 regions.

The upgrades are temporarily disabled as we continue our work to restore the listed functionalities. We will release an additional announcement after the issue is resolved.

In January 2025, we will delete inactive Cloud Composer 1 environments that are non-recoverable. Environments that have both of the following problems present at the same time will be deleted:

  • The environment's underlying GKE cluster is deleted.
  • The environment is in the ERROR state for at least 60 days because of a disabled billing account or because the Cloud Composer API service was deactivated in its project.

This change doesn't affect buckets of these environments. You can still recover your DAGs and other data from the environment's bucket and then delete the bucket manually. See Delete environments for information about data that is not deleted automatically together with the environment.

Cloud Database Migration Service

Database Migration Service now supports public IP allowlist network connectivity for all homogeneous and heterogeneous migrations to AlloyDB for PostgreSQL. For more information, see:

Cloud Workstations

Cloud Workstations support for cloning of persistent directories is generally available (GA). For more information, see Clone a workstation. For reference information, see REST workstations and RPC google.cloud.workstations.v1.

Dialogflow

Dialogflow CX (Conversational Agents): Dialogflow CX has launched a new feature that allows you to auto-generate and auto-translate Intent training phrases, Entity synonyms, and Fulfillment phrases in the language of your choice. See the documentation for details.

Dialogflow CX (Conversational Agents): You can now require a full match for banned phrases in addition to a partial match. If enabled, a full match requires the input to be matched exactly in order to trigger a ban. For more information about setting banned phrases, see the documentation.

Dialogflow CX (Conversational Agents): Service directory support is now enabled for flexible webhooks. See the webhooks documentation for details.

Gemini Code Assist

Various bug fixes and minor product enhancements for VSCode and IntelliJ Gemini Code Assist extension.

Google Distributed Cloud (software only) for VMware

Google Distributed Cloud (software only) for VMware 1.29.900-gke.181 is now available for download. To upgrade, see Upgrade a cluster or a node pool. Google Distributed Cloud 1.29.900-gke.181 runs on Kubernetes v1.29.11-gke.300.

If you are using a third-party storage vendor, check the GDC Ready storage partners document to make sure the storage vendor has already passed the qualification for this release.

After a release, it takes approximately 7 to 14 days for the version to become available for use with GKE On-Prem API clients: the Google Cloud console, the gcloud CLI, and Terraform.

Added support for configuring the GKE Identity Service to enforce a minimum transport layer security (TLS) version of 1.2 for HTTPS connections. By default, the GKE Identity Service allows TLS 1.1 and higher connections. If you require enforcement for a minimum of TLS 1.2, reach out to Cloud Customer Care for assistance.

  • Fixed an issue where customer workloads with high resource requests triggered irrelevant resource validation warnings.

  • Fixed an issue where a race condition during migration caused admin add-on nodes to get stuck at a NotReady status.

  • Fixed an issue where the VM template used for the HA admin control plane node repair isn't refreshed in vCenter after an upgrade.

The following high-severity container vulnerabilities are fixed in 1.29.900-gke.181:

Google Kubernetes Engine

A security issue impacted resources in VPCs with GKE Multi-Cluster Gateway (MCG) configured. MCG is an optional feature that is used by a small subset of GKE customers. We are individually notifying customers who had the feature enabled during that time period.

For more details, see the GCP-2025-001 security bulletin.

Looker Studio

Increased field count limits for Looker

You can now include up to 100 dimensions and up to 100 metrics in table charts that are connected to a Looker data source.

Warnings for external links

When users click an external link, Looker Studio displays a redirect notice.

Vertex AI Agent Builder

Vertex AI Search: View widget metrics on the Analytics page (GA with allowlist)

You can view metrics from the widget on the Analytics page.

This feature is available to select Google Cloud customers (GA with allowlist). For more information, see View search analytics.

January 08, 2025

Google Cloud Contact Center as a Service

Version 3.29 Patch 1

This Patch 1 of version 3.29.

Fixed an issue with the Zendesk CRM where the queue name field was not populated for chats.

Fixed the Twilio webhook order for multi-region instances.

Fixed an issue with Alvaria Workforce integration where the Alvaria Agent Productivity file was showing incorrect dates.

Looker

Looker 25.0 is expected to include the following changes, features, and fixes:

  • Expected Looker (original) deployment start: Monday, January 20, 2025

  • Expected Looker (original) final deployment and download available: Thursday, January 30, 2025

  • Expected Looker (Google Cloud core) deployment start: Tuesday, January 21, 2025

  • Expected Looker (Google Cloud core) final deployment: Tuesday, February 4, 2025

Note: All dates were updated on January 16, 2025. The introductory sentence was updated on January 29, 2025.

The LookML Validator no longer supports the Liquid variables base_view, explore, model, and view without an underscore in the prefix. The variables _base_view, _explore, _model, and _view are supported.

An issue has been fixed where Looker failed to include some required fields in queries. Queries that use fields with Liquid references to other fields may now include additional fields.

Extensions can no longer be accessed outside of the sandboxed iframe.

Custom visualizations can no longer be accessed outside of the sandboxed iframe.

The Liquid divided_by filter now performs floating point number division instead of integer division when the inputs are integers. For example, 1 | divided_by: 2 will now return 0.5 instead of 0.

The Redshift driver now configures TCP keep-alives to make long-running queries more reliable.

The Open SQL Interface feature now supports Explores that use the conditionally_filters parameter. Previously disabled Explores are now enabled.

The Chart Config Editor now supports conditional data formatters, which let you compare data values to other measure values.

The manage_spaces permission can now be granted to embed users. Note: This item was updated on January 15, 2025.

The Chart Config Editor now supports comparing data values to the mean value for a series.

The Looker–Power BI Connector now provides the option to show or display hidden fields when connecting to a Looker Explore.

Local Project Import is now removed from Looker Labs and is now a generally available feature on both Looker (Google Cloud core) and Looker (original). Note: This item was updated on January 27, 2025.

An issue has been fixed where date filters could switch to is in the past when selected.

An issue has been fixed where the file explorer search bar could be cut off when a tile was saved to a dashboard.

An issue has been fixed where the LookML Validator could fail to catch circular references in Liquid.

An issue has been fixed where the search bar in the embed navigation sidebar could be cut off.

An issue has been fixed where a user could sudo as another user and use their OAuth token to connect to a database.

An issue has been fixed where the Chart Config Editor could incorrectly match strings with spaces.

An issue has been fixed where using the Update Project API endpoint could return a 500 error.

An issue has been fixed where rendered jobs could become indefinitely queued if they were created while a cluster node was starting up.

An issue has been fixed where incorrect dashboard LookML could cause the IDE to fail to display the project.

An issue has been fixed where deleting a board opened a possibility for HTML injection.

An issue has been fixed where unnecessary data was included in the dashboard:tile:explore event for embedded dashboards.

The ability to kill BigQuery queries from Looker has been reintroduced.

An issue has been fixed where incremental PDT builds with multiple SQL statements could partially succeed. Now, if one statement fails, the build fails.

An issue has been fixed where URL parameters could be lost on page load for dashboards with merge query tiles.

An issue has been fixed where the Reset All Column Widths button didn't work as expected in drill windows.

An issue has been fixed where the LookML Validator would return a 500 error if a dimension referenced a measure in the required_fields parameter.

An issue has been fixed where a dashboard filter could get truncated if its location was set to right in a LookML dashboard.

An issue has been fixed where an exact date filter could prevent Looker from optimizing an aggregate table.

An issue has been fixed where the Get LookML endpoint could fail to return the list of Explores if certain localization settings were enabled.

An issue has been fixed where setting the dashboard auto-refresh interval to 0 seconds could cause the dashboard to disappear from folders.

When you're setting up a project in Looker using GitLab, the links to GitLab's SSH key settings will be updated.

LookML dashboards that use a static layout now render a PDF with the correct height.

An issue has been fixed where dashboard element IDs for dashboard elements on LookML dashboards were not consistently displayed in System Activity queries.

An issue has been fixed where non-ASCII characters in filenames could cause Git errors.

An issue has been fixed where item charts were unable to recognize custom measures as measures.

The list of Persistent Derived Tables shown under Databases is now filtered to include only PDTs for connections where the viewer has the see_pdts permissions on an associated model.

An issue has been fixed where queries would fail after a dashboard was edited and rerun with different filter values without the page being refreshed.

An issue has been fixed where certain errors in the Chart Config Editor would not be displayed until query runtime.

Overwriting an existing user-defined dashboard using the import_dashboard_from_lookml endpoint no longer removes the existing dashboard from boards or favorites.

An issue has been fixed where malformed legends or titles could cause an entire PDF download to fail.

An issue has been fixed where the Git Actions and Advanced Deploy tabs could be displayed on projects where they were not enabled.

An issue has been fixed where disabling an action might not have disabled all schedules that used the action.

The unstyled, transparent, and gray table themes now correctly apply in PDF downloads when the Expand tables to show all rows option is selected.

An issue has been fixed where toggling between settings on the Edit Actions page would not save user input.

The links to the API Explorer installation guides on the Admin API page have been fixed.

An issue has been fixed where the collapse icon in dashboard tile notes could be displayed in rendered PDFs.

An issue has been fixed where the Chart Config Editor could render stale query data after changes were made to an Explore.

An issue has been fixed where a locale value of fr would resolve to fr-CA instead of fr-FR, leading to incorrectly translated text.

Invalid hex codes now resolve to a default black color when data from a dashboard tile is downloaded as an Excel spreadsheet with visualization options applied.

When the Labs feature New Explore & Look Saving is enabled, an embed user who does not have permissions to see the Shared folder will no longer be able to see the Shared folder. (Note: This information was updated on January 10, 2025.)

Embed theme colors now correctly apply to drop-down menus in Explores.

An issue has been fixed where date filters and map visualizations did not reflect the locale setting.

An issue has been fixed where some scheduled jobs could fail without sending a failure email to the schedule owner.

An issue has been fixed where merge queries could not be added when totals were enabled.

The Looker–Power BI Connector is now deployed in the Microsoft PowerBI Service. This means that the Power BI Service can now connect to data from a Looker Explore without setting up an on-premises gateway and without having to configure folder permissions. (For Power BI Desktop, you still need to perform a custom installation, as described in the Looker–Power BI Connector documentation.) Note: This item was added on January 16, 2025.

Google Cloud Core instances now support the Looker Mobile app. To get started, enable the mobile app on your Looker instance.

An issue has been fixed where Google Cloud MySQL and PostgreSQL dialects incorrectly reported that they did not support Application Default Credentials.

An issue has been fixed where users could not log in to Google Cloud Core instances using private embed when Google Auth was enabled.

A new Labs feature, Content Validator Scoping, allows developers to scope a Content Validator job to a specific content folder and specific LookML projects. Note: This Labs feature will be available on Looker instances on February 4, 2025. This item was updated on January 27, 2025.

reCAPTCHA

reCAPTCHA express is now available in GA. For more information, see Set up reCAPTCHA express.